Bitcoin Forum
June 24, 2017, 09:06:56 PM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 »  All
  Print  
Author Topic: [ANN] Bitcoin PoW Upgrade Initiative  (Read 30570 times)
tenletters
Jr. Member
*
Offline Offline

Activity: 31


View Profile
March 26, 2017, 11:45:17 PM
 #201

Have you guys looked at Cuckoo cycle?

FWIW we evaluated Cuckoo as well for Zcash, and it was a strong second-place contender. There wasn't really anything wrong with it — it just didn't seem to have quite as much of a rigorous scientific analysis as Equihash. However, that is a very subjective thing for me to say. You could argue (and Cuckoo's author, John Tromp, does argue persuasively) that Cuckoo's history of analysis and refinement is better than Equihash's.

What about cycling through 10 unique PoWs every 10 blocks?

I'm not the best at discrete analysis and understand this multiplies attack surface 10-fold, but could we splinter miners into small, specialized, and de-fanged factions using 10 different well-chosen hash algorithms, then scatter them among CPUs/GPUs/FPGAs/ASICs?

Block 1 JH
Block 2 Skein
Block 3 Groestl
Block 4 Cuckoo
Block 5 Keccak
Block 6 Equihash
Block 7 BLAKE2
Block 8 SCrypt
Block 9 CryptoNight
Block 10 Ethash



DeSantis has started some work (he wants to do some testing before posting his source code for peer review though).
He's creating a Keccak fork and a Cuckoo fork, and has created a beautiful automated testing utility that I hope he gives me permission to link to you guys.

The testing utility (I've viewed the source, it's not vaporware) allows you to spin up multiple Docker containers, each containing a different Bitcoin node; some of the nodes can be Bitcoin 0.14.0, some of them can be Bitcoin Unlimited, and some of them can be Keccak, Cuckoo, etc.

With these containerized Bitcoin nodes, you can then simulate various forking scenarios, and actually observe in real-time how it plays out. With my limited bitcoin programming knowledge, I am waiting for him to document the config file that controls the node counts & types, and to create some python installation script (which are easier to debug for me at least).

tl;dr - DeSantis is testing Keccak & Cuckoo using a Bitcoin Network Simulator.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
tenletters
Jr. Member
*
Offline Offline

Activity: 31


View Profile
March 27, 2017, 12:21:42 AM
 #202

There are several developers working on PoW changes already , but what we need is proper peer review testing and a big bounty for this work. I am willing to donate btc and help fund raise for this , but we need 3 trustworthy an public people to handle the funds. Who is interested or who should we ask to get this started?

The "public" stipulation may be difficult to satisfy. Irrespective of how much support we can build, whoever accepts an escrow role is sticking their head above the parapets rather significantly (Bitfury have already threatened legal action against PoW changes, although against who is undetermined I believe)

Can the several developers not present their designs, rates and also addresses to donate to?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi devs, can you all send your nominations for who the most credible individuals are for managing an m-of-n account (for holding the PoW bounty's reward funds)?

1) Please send PGP-signed emails to jecooper@alum.mit.edu (you may encrypt if you wish to remain anonymous, my PGP key ID is 331B6406 (pgp.mit.edu)).

2) Once all the nominations are received, I will make one big post containing all of the signed emails (unless the sender wishes to remain anonymous due to fear of BitfuryGeorge).

3) We reach out to the agreed upon individuals, inviting them to become custodians of the multisig address and requesting a public BTC address (for which they control the private key) from each of them.

4) Create the multisig address, notify the new custodians of the account.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJY2FrYAAoJECXDNTkzG2QGrvwH/0CjwKRgSmHmMPFXKA8F1YWa
CMcrWx0KN2ykhqxclxEAlMIs8Zb4u3KO89nejza/Guh0f2sNWSCW6NvrEhRzHodf
TSn8VpCcjpeYc1Iu5wSMBTVk6h/dqZy0eJJRukN4M8qTstnwvU2B48I7Q24x9zLe
B2lOxqhm3fIauaXCTgey4YLgvMfo058jg7+x9DrYKtmP8jht49AmvBv+XI69YfHq
XHvTpbipeNsoTR7qQUXnsnGtbMW7Sl0jywFjRUe1Gq7xGBf6ICH6WkCBLgRDCPCA
z+7gqv6zqjZaAqmbaZej/+4JShnhX2wgj1LKvtW65TdJuyxy4KG6sS231wgAp/4=
=yOSx
-----END PGP SIGNATURE-----
mmgen-py
Member
**
Offline Offline

Activity: 68


View Profile WWW
March 27, 2017, 07:34:00 AM
 #203

What's the rationale for making the mini-blocks 10 per legacy block? I'm thinking of the orphan rate.
In order to keep the two chains in sync and ensure that the new PoW hash power is always working, the new PoW miners can assemble the next proto-block from mini-blocks and mine it only after legacy miners have mined and broadcast the current block. The period while the new PoW miners are mining the proto-block is downtime for the legacy miners; their hash power is going to waste. In order to minimize this downtime, we need a fast confirmation time for the new PoW. One minute isn't too extreme, actually, if we consider Ethereum's 20-second confirmation time.

I'm also unconvinced about a "years" timeframe. I would propose 1 year, where the interval between the 5% steps starts at close to infinity increase for the 5-10% part, and gradually increases the interval between steps (like an exponential curve inverted about x=y, is that the cosine curve?)

Going faster to begin with should help to attract hashing power to newPoW, and in turn dissuade the BU miners from even attempting the various attacks they have no doubt developed. The "long tail" will gradually contribute to calming what would inevitably be a very febrile atmosphere surrounding the initial 5% change (the accompanying FUD would no doubt be typically disproportionate)
It's a tradeoff. Yes, transitioning faster would attract more new PoW miners. So would giving them a larger share of the block reward at the beginning, say 10%.

On the other hand, since this is "non-hostile" fork proposal that seeks to gain broad community consensus, we don't want to alienate legacy miners by turning their hardware into scrap metal too quickly. This is why I would prefer to err on the side of an overly long phase-out period rather than an overly short one. A linear phase-out is preferable to an exponential one for the same reason.

As for attacks, non-upgraded miners may attempt to attack the chain to fool non-upgraded nodes, but this is a risk for any SF. We just have to rely on having most economic nodes upgraded by flag day.
pinkflower
Sr. Member
****
Offline Offline

Activity: 252



View Profile
March 27, 2017, 07:37:41 AM
 #204

Wont this make difficulty rise and fall like a wave?

Each algorithm would have its own difficulty I would imagine.

Thats what I think. My next question for that would be, wont it make the network open to attacks if the difficulty suddenly drops low? The idea might be good on paper but its really only complicating matters. Best to come with a new POW algorithm that uses less energy.
Frogolocalypse
Newbie
*
Offline Offline

Activity: 8


View Profile
March 27, 2017, 09:48:38 AM
 #205

wont it make the network open to attacks if the difficulty suddenly drops low?

Not really.  Until it stabilizes, my expectation would be that you would just need to wait for more confirms before you can be assured that the chain you've put a transaction in hasn't been orphaned.  Now 6, perhaps as high as 20.  When lightning is available, I don't think that's really that much of an issue.
muyuu
Donator
Legendary
*
Offline Offline

Activity: 952



View Profile
March 27, 2017, 10:54:50 AM
 #206

There is collateral damage.

But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

Right now the mining cartel protects us from any other potential attackers in terms of hashing. Still, not an acceptable situation.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
mmgen-py
Member
**
Offline Offline

Activity: 68


View Profile WWW
March 27, 2017, 11:18:45 AM
 #207

But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

This is why a gradual phase-in of the new PoW via PoWA is the best option.
muyuu
Donator
Legendary
*
Offline Offline

Activity: 952



View Profile
March 27, 2017, 11:22:20 AM
 #208

But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

This is why a gradual phase-in of the new PoW via PoWA is the best option.

Yeah, I was talking about changing the PoW generally. Not championing my personal favourite as I'm still reading what others think.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
jornaldobitcoin
Newbie
*
Offline Offline

Activity: 6


View Profile
March 28, 2017, 02:05:55 AM
 #209

I would like to share an hypothesis.

With enough asics a group of miners could offer/sell an alternative to SWIFT for banks?

The group could settle a secret agreement with some banks to raise a few billion US$ for their hash capacity (they would have to leave bitcoin).
They would need something like 40% to 50% of bitcoin hash rate to avoid attacks (Bitcoin unlimited is in almost 40%?).
 They would have to keep building asics to keep hash capacity in bitcoin level. Or build even more.
Them we would live in a world with 2 major coins. Both only vulnerable to each other hash capacity.
The miner (banks backed) would have lot of budget to keep pumping asics until bitcoin is forced to change POW or other mitigation strategy.
The group would guarantee its future in asics manufacturing and operations and would ´t care if bitcoin fails. Quick $ with low risk. As it would have a signed contract with major banks to back them.
Actually this group of miners would gain with bitcoin suffering.
Banks could have a chance to have its own SWIFT and damage bitcoin considerably, gaining more time for their fiat party, with very low costs for them(comparing to acquisitions we are seeing today and the SWIFT value) .

Frogolocalypse
Newbie
*
Offline Offline

Activity: 8


View Profile
March 28, 2017, 04:09:52 AM
 #210

A change of PoW as a quickfix (to fool currently manufactured ASICS) without too much risk of bugs can be as follows:

Instead of checking for n zero bits, implement checking for n one bits instead.

If you are bold, you can have the sequence of leading bits to check to be dependant on the trailing bits of the previous block.
 
I love this one.  

Like you said, but an extension of what you suggest, have the check-bits being searched for as a function of the previous mined block.  Instead of searching for 00000000000 starting at nth 0, search for 76436753432 at nth 7.  Or that at 21, going backwards.  21/20/19/18/etc.  Or pick the Xth prime, and skip the Yth prime of each element, where the primes used is a function of the hash of the previous block.

Introduce them as a randomized instantiation.  ~10/1000 is this new 'format'.  Then, after 1000, it's ~20/1000.   Have a new difficulty setting for these new elements.  Who cares if you get a virtually instantaneous block reward for 10/1000.  No different than chance happening for that normally.  By the time that it got to 100/1000 there would be an entirely new set of miners, on an entirely new set of difficulty settings.

It doesn't punish the miners that are currently mining in an untoward manner.  It gives them an acceptable return on their existing hardware.  That would account for a two year rollover.

Then, let the miners know that the same thing is going to happen again in two years.

It de-incentivizes hardware solutions, but doesn't kill them.  I'm not sure this solve the long-term problem of centralization though.  While the prime thing is good, you want all of that calculation to be done by the miner, with the least amount effort you can come up with so that it can be validated.  This just means that you could have relatively minor modification to the hash validation that current hardware wouldn't be designed for.  I don't actually know how the ASIC's verify that a specific hash meets the requirements of validation.  It might be as simple as updating a single variable within their hardware or software implementation.  Instead of looking for "000000" look for "123456".
pinkflower
Sr. Member
****
Offline Offline

Activity: 252



View Profile
March 28, 2017, 07:47:54 AM
 #211

There is collateral damage.

But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

Right now the mining cartel protects us from any other potential attackers in terms of hashing. Still, not an acceptable situation.

If theres a POW upgrade what will happen to the Chinese miners? Will it be possible for them to continue to mine using the old SHA256 and fork away from the upgraded POW algorithm? I think that would be a losing move for the current developers and the ones behind them.
muyuu
Donator
Legendary
*
Offline Offline

Activity: 952



View Profile
March 28, 2017, 12:29:42 PM
 #212

There is collateral damage.

But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

Right now the mining cartel protects us from any other potential attackers in terms of hashing. Still, not an acceptable situation.

If theres a POW upgrade what will happen to the Chinese miners? Will it be possible for them to continue to mine using the old SHA256 and fork away from the upgraded POW algorithm? I think that would be a losing move for the current developers and the ones behind them.

They can try to keep their fork alive but who wants to use a crypto completely dominated by 4 odd dudes from China? Maybe Roger and a few other lunatics? Win-win.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
jornaldobitcoin
Newbie
*
Offline Offline

Activity: 6


View Profile
March 28, 2017, 02:08:10 PM
 #213

There is collateral damage.

But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

Right now the mining cartel protects us from any other potential attackers in terms of hashing. Still, not an acceptable situation.

If theres a POW upgrade what will happen to the Chinese miners? Will it be possible for them to continue to mine using the old SHA256 and fork away from the upgraded POW algorithm? I think that would be a losing move for the current developers and the ones behind them.

They can try to keep their fork alive but who wants to use a crypto completely dominated by 4 odd dudes from China? Maybe Roger and a few other lunatics? Win-win.

exactly!, who wants?
i say Banks or SWIFT
!!imagine a new SWIFT based in sha256. As secure as bitcoins(because it would have a considerable hash capacity!), at least for now. 250millions usd$? its a bargain for a startup that aims to detrone SWIFT! People need to prepare , investigate this hyphotesis. we must be negotiating with people(BU miners) that are already out of bitcoin.
Read my post , few posts below, for more info.
pinkflower
Sr. Member
****
Offline Offline

Activity: 252



View Profile
March 29, 2017, 07:48:41 AM
 #214

There is collateral damage.

But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

Right now the mining cartel protects us from any other potential attackers in terms of hashing. Still, not an acceptable situation.

If theres a POW upgrade what will happen to the Chinese miners? Will it be possible for them to continue to mine using the old SHA256 and fork away from the upgraded POW algorithm? I think that would be a losing move for the current developers and the ones behind them.

They can try to keep their fork alive but who wants to use a crypto completely dominated by 4 odd dudes from China? Maybe Roger and a few other lunatics? Win-win.

That is your point of view yes, but what about the rest? Will they follow the people who can secure the network or will they follow the new POW upgrade and take the road less traveled? It will be a hard decision but I think the majority will follow the safer road.
muyuu
Donator
Legendary
*
Offline Offline

Activity: 952



View Profile
March 29, 2017, 11:05:46 AM
 #215

That is your point of view yes, but what about the rest? Will they follow the people who can secure the network or will they follow the new POW upgrade and take the road less traveled? It will be a hard decision but I think the majority will follow the safer road.

If these people believe in security by being under a racket with full control over their currency, let them have their coin. I didn't need BTC for that.

AFAIC their presence is a liability, if they get to influence the decision process.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
pinkflower
Sr. Member
****
Offline Offline

Activity: 252



View Profile
March 30, 2017, 07:10:33 AM
 #216

That is your point of view yes, but what about the rest? Will they follow the people who can secure the network or will they follow the new POW upgrade and take the road less traveled? It will be a hard decision but I think the majority will follow the safer road.

If these people believe in security by being under a racket with full control over their currency, let them have their coin. I didn't need BTC for that.

AFAIC their presence is a liability, if they get to influence the decision process.

By that I assume you mean the big Chinese miners. Wasnt the specialization of mining a part of the natural evolution of Bitcoin? There are some people who argue against the POW upgrade because they say they would preferably go with the ASIC miners than the botnet that hackers are known to be using. 
Carlton Banks
Legendary
*
Offline Offline

Activity: 1666



View Profile
March 30, 2017, 12:10:33 PM
 #217

There are some people who argue against the POW upgrade because they say they would preferably go with the ASIC miners than the botnet that hackers are known to be using. 

Does that argument not favour a hashing algo that does work with GPUs/FPGAs? Is that even possible without the risk of an ASIC being developed?

Vires in numeris
muyuu
Donator
Legendary
*
Offline Offline

Activity: 952



View Profile
March 30, 2017, 08:00:59 PM
 #218

By that I assume you mean the big Chinese miners. Wasnt the specialization of mining a part of the natural evolution of Bitcoin? There are some people who argue against the POW upgrade because they say they would preferably go with the ASIC miners than the botnet that hackers are known to be using. 

No, I mean the "coffees in the chain" brigade.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
RGBKey
Sr. Member
****
Offline Offline

Activity: 434



View Profile
March 31, 2017, 02:22:50 AM
 #219

I can understand the thought behind wanting to make this change and call me sentimental, but I don't think Satoshi would have wanted this for Bitcoin. Bitcoin still functions as it's supposed to as long as there's not a 51% attack and changing something for people's benefit is still just that.

pinkflower
Sr. Member
****
Offline Offline

Activity: 252



View Profile
March 31, 2017, 08:14:45 AM
 #220

There are some people who argue against the POW upgrade because they say they would preferably go with the ASIC miners than the botnet that hackers are known to be using. 

Does that argument not favour a hashing algo that does work with GPUs/FPGAs? Is that even possible without the risk of an ASIC being developed?

The argument is about the developers who are proposing the POW upgrade shaking the cage too much. Its either theyre an opposition controlled by the miners or just your ordinary Bitcoiners who hate to change the status quo.
Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!