[white paper] Purely P2P Crypto-Currency With Finite Mini-Blockchain

[bitfreak!]

I've been working on this idea for a few months now but I couldn't get past the problem of making the scheme satisfactorily secure. I finally solved that part of the puzzle about a week ago and immediately decided that I needed to write a white paper and formalize the concept some what.

I also want to give an acknowledgment to member aaaxn for helping me fine tune some of the concepts in the paper, his knowledge was very helpful. Until now no one else has read this white paper so I'm hoping for a lot more great feedback from other members.

NOTE: the white paper is now fairly out-dated. Check the project wiki for more up-to-date information concerning the mini-blockchain proposal.

Purely P2P Crypto-Currency With Finite Mini-Blockchain (PDF)

ABSTRACT

Almost all P2P crypto-currencies prevent double spending and similar such attacks
with a bulky “blockchain” scheme, and the ones which do not typically use some sort
of pseudo-centralized solution to manage the transactions. Here I propose a purely
P2P crypto-currency scheme with a finite blockchain, dubbed the “mini-blockchain”.
Each time a new block is solved the oldest block is trimmed from the end of the mini-
blockchain so that it always has the same number of blocks. It is argued that the loss
of security this trimming process incurs can be solved with a small “proof chain” and
the loss of coin ownership data is solved with a database which holds the balance of
all non-empty addresses, dubbed the “account tree”. The proof chain secures the mini-
blockchain and the mini-blockchain secures the account tree. This paper will describe
the way in which these three mechanisms can work together to form a system which
provides a high level of integrity and security, yet is much slimmer than all other purely
P2P currencies. It also offers other potential benefits such as faster transactions and
lower fees, quicker network synchronization, support for high levels of traffic, more
block space for custom messages, and increased anonymity.

Project development thread: https://bitcointalk.org/index.php?topic=215936.0

[1714117314]

1714117314

[1714117314]

1714117314

[1714117314]

1714117314

[1714117314]

1714117314

[digitalindustry]

reading right now, mostly becasue its such a great idea !

[bitfreak!]

reading right now, mostly becasue its such a great idea !

Well it's not that hard to come up with a great idea.
The hard part is making the idea work.
Thanks for taking a look.

[digitalindustry]

reading right now, mostly becasue its such a great idea !

Well it's not that hard to come up with a great idea.
The hard part is making the idea work.
Thanks for taking a look.

yeah agreed, I just read it , truly i'm also no coder, but i see the design of the proof chain as very ingenious, would this not also lead to much faster trans times?

but obviously a larger and more complex client,  my head hurts at how much work would go into coding that , but its the first time i've seen this problem addressed in a way that makes sense, and seems to provide security.

I guess my question would be in relation to the Proof chain stamp (i see it like the stamp of a film sprocket, the film runs but the stamp records what happened) having only two #'s does that provide a security flaw early in the life of the currency?

awesome work, lets see what the hard core guys say.

[bitfreak!]

but obviously a larger and more complex client,  my head hurts at how much work would go into coding that

I don't see why the client would be larger or more complex. Nothing described in the paper should really be too difficult to implement, it's really just taking the bitcoin scheme and modifying certain aspects of it to remove the need for a full blockchain.

having only two #'s does that provide a security flaw early in the life of the currency?

I don't believe so. If it did we could just use the block headers instead of a proof chain... I mean there's really no need to create a whole new proof chain system when we can use the block headers. But the proof chain mechanism probably would have certain advantages assuming it provided the same level of security as the block header system.

[Come-from-Beyond]

U should publish an address for donation. It's very unlikely someone will code the implementation for free.

[mr_random]

U should publish an address for donation. It's very unlikely someone will code the implementation for free.

This. Look at all the hard work Sunny has done for PPCoin for free and yet he gets constant trolling for it. It's a thankless task!

[bitfreak!]

[removed]

[bitfreak!]

By the way CFB, what did you did think of the proof chain concept? Can you see any flaws in that idea? Honestly though it may be better to just start by using the block header system and then maybe try creating a proof chain system to see how it works at a later stage.

[digitalindustry]

U should publish an address for donation. It's very unlikely someone will code the implementation for free.

This. Look at all the hard work Sunny has done for PPCoin for free and yet he gets constant trolling for it. It's a thankless task!

Ive never seen that, but again i'm not lurking around many PPC topics, PPC principal has be incorporated into other designs , i wouldn't say that is thankless, he has stamped his self in history.

**edit - didn't really know what i was talking about re code related to PPC *** removed this line -

[digitalindustry]

come on FFS coders have a look at this, i want to know if this is viable myself.

(picturing them hard at work making LTC copies to pump and dump lol jks)

 

[Caesar V]

My body is ready! (for making money).. 

[xorxor]

-----deleted-----

judged to quickly.

[Come-from-Beyond]

By the way CFB, what did you did think of the proof chain concept? Can you see any flaws in that idea? Honestly though it may be better to just start by using the block header system and then maybe try creating a proof chain system to see how it works at a later stage.

The very 1st impression was "Hm, looks like proof chain is just block headers chain". Then I started to apply different theorems trying to find contradictions. Here is a short list:

1. CAP theorem
2. Space-time tradeoff
3. Shannon's source coding theorem

Unfortunatelly, I didn't get ur idea completely even after 2 readings. If u tried to apply mentioned theorems to ur approach, it would be easier to comprehend the whitepaper. The main thing I'm daunted with is that ur approach lets to validate the whole transaction history without trusting to 3rd parties. I can't prove that but I believe that it's impossible without trusting to some "outer" source of information.

[aaaxn]

The main thing I'm daunted with is that ur approach lets to validate the whole transaction history without trusting to 3rd parties. I can't prove that but I believe that it's impossible without trusting to some "outer" source of information.

I think idea is that you don't need to have whole transaction history. Having information about current balances of all accounts is sufficient.

[Come-from-Beyond]

The main thing I'm daunted with is that ur approach lets to validate the whole transaction history without trusting to 3rd parties. I can't prove that but I believe that it's impossible without trusting to some "outer" source of information.

I think idea is that you don't need to have whole transaction history. Having information about current balances of all accounts is sufficient.

U have to trust a 3rd party in this case, don't u? If I'm wrong then Shannon's source coding theorem should be wrong too.

[bitdwarf]

Forgive my ignorance, but wouldn't it be enough to ask a bunch of peers for a hash of the older transactions? Some peers would keep the full chain, others would keep chains with partly hashed chunks, they can keep validating these hashed chunks against their peers all the time to purge anyone that managed to create a chunk with the same hash.

[aaaxn]

I was suspicious from the beginning about idea of creating proof chain from just two hashes and it looks I was right. Proof chain is useless if you do not include block header with it.
First indirect proof. Suppose we have original blockchain of length N and there is a fork and nodes split up in half and start generating their own independent chains from block N+1. After both network generate sufficient amount of blocks to cause blockN header to be discarded you would have two different blockchains claiming to be secured by the same proofchain. Of course it means neither is really secured.

Now attack scenario. Suppose there is attacker with more than 50% of hashing power. He takes hash of current best block N and tries generating a next one but instead of using real account database he just create new one in which he holds all coins. If he is able to keep this chain in front of original one for as long as original network looses block N contents he can reveal his chain and it would look perfectly valid for all nodes because they lost track of how account database looked on block N.

[Come-from-Beyond]

Forgive my ignorance, but wouldn't it be enough to ask a bunch of peers for a hash of the older transactions? Some peers would keep the full chain, others would keep chains with partly hashed chunks, they can keep validating these hashed chunks against their peers all the time to purge anyone that managed to create a chunk with the same hash.

Imagine that u have only some data and there are no other peers in the whole universe. I doubt it's possible to compress HUGE transaction history into a couple of GB. U must have HUGE data volume or HUGE computing power to check validity of the data.

[aaaxn]

Imagine that u have only some data and there are no other peers in the whole universe. I doubt it's possible to compress HUGE transaction history into a couple of GB. U must have HUGE data volume or HUGE computing power to check validity of the data.

I don't understand your point. Whole point of idea in this paper is that you do not keep track of old transactions. It is not loosless compression. You don'0t have access to old transactions and you cannot recreate account balances at any point in time. All yo get is current account balances and a little history that lead to it. I don't see how lossy compression would violate Shannon's theorem.

[aaaxn]

Now attack scenario. Suppose there is attacker with more than 50% of hashing power. He takes hash of current best block N and tries generating a next one but instead of using real account database he just create new one in which he holds all coins. If he is able to keep this chain in front of original one for as long as original network looses block N contents he can reveal his chain and it would look perfectly valid for all nodes because they lost track of how account database looked on block N.

It looks like algorithm presented in this paper is only as secure as mini blockchain is secure and if attacker could sustain 51% hashing power for as long as mini blockchain cycle completes it could cause much more severe problems than in bitcoin, because attacker could rewrite entire account balances database and not just make some double spends.

[Nite69]

+1

[Nite69]

hmm.. keep the balances on other chain.. would we get the same result, if the protocol forces that all inputs of a certain address is used if any of them is used? This way, the latest output is *allways* the balance of that address.

Edit; of course not. If a payment comes to that address later.. but maybe the new transaction might include the destination address as an input to that payment, even without sercet key?

[bitfreak!]

Now attack scenario. Suppose there is attacker with more than 50% of hashing power. He takes hash of current best block N and tries generating a next one but instead of using real account database he just create new one in which he holds all coins. If he is able to keep this chain in front of original one for as long as original network looses block N contents he can reveal his chain and it would look perfectly valid for all nodes because they lost track of how account database looked on block N.

It looks like algorithm presented in this paper is only as secure as mini blockchain is secure and if attacker could sustain 51% hashing power for as long as mini blockchain cycle completes it could cause much more severe problems than in bitcoin, because attacker could rewrite entire account balances database and not just make some double spends.

Hmmm... I think I see what you are getting at here. The attacker generates a fake chain in the background using the real proof chain but a fake account tree. He outpaces the real mini-blockchain for a full cycle until there's no evidence left to indicate his account tree is fake and releases the fake chain.

That would be one hell of an attack to pull off and even after pulling it off there's a low chance the fake account tree would propagate enough to become the main account tree. But this just goes to show the mini-blockchain does need to hold at least maybe a week or more worth of transaction history.

Although I think one possible way to dramatically minimize the threat of this attack is to make it so a node who has been connected to the network for a while will only accept a different chain with more power if they know where the chain came from, that it didn't just pop out of thin air.

For example a node who has been validating blocks longer than the cycle of the mini-blockchain can simply ignore a new chain if it appears to that node as if the chain popped out of no where. This will still allow the normal process of block orphaning to occur because the chains do not pop out of no where in that case.

[bitfreak!]

With the solution I described in my last post, the attacker would only succeed if he convinced enough new nodes to accept his fake chain and together they could supply more hashing power to the fake chain than the older nodes to the real chain. While that seems virtually impossible it may be some what possible if the attacker continues to contribute hashing power even after tricking new nodes to accept the chain. Because obviously this attacker must have an ungodly amount of hashing power to outpace the real mini-blockchain for a full cycle.

One way to really drill the final nail into the coffin of this attack might be this: if a new node detects two full mini-blockchain's which both originate from the same proof chain it can simply resort to a peer vote system by asking older nodes which chain is the valid one. Legitimate older nodes who noticed the fake chain appear out of thin air would reply to the new node telling them not to trust the one which appeared to come out of no where. Now the attacker would have an extremely hard time getting enough slaves in on his little scheme.

Even if the attacker had a huge botnet at his disposal at least 80 to 90 percent of existing and new nodes would reject the fake chain and continue working on the real chain. Soon enough the attacker wouldn't be able to afford continuing the attack and he would give up. The real mini-blockchain would quickly overtake the fake chain once the attacker stopped contributing his hashing power to it. With these mechanisms in place the attacker has no hope of convincing more than half the network to use his fake chain.

[aaaxn]

That would be one hell of an attack to pull off and even after pulling it off there's a low chance the fake account tree would propagate enough to become the main account tree. But this just goes to show the mini-blockchain does need to hold at least maybe a week or more worth of transaction history.

If it would be longer than main chain nodes would switch to it and start extending it so it would definitely propagate.

Although I think one possible way to dramatically minimize the threat of this attack is to make it so a node who has been connected to the network for a while will only accept a different chain with more power if they know where the chain came from, that it didn't just pop out of thin air.

For example a node who has been validating blocks longer than the cycle of the mini-blockchain can simply ignore a new chain if it appears to that node as if the chain popped out of no where. This will still allow the normal process of block orphaning to occur because the chains do not pop out of no where in that case.

I think simplest solution is to forbid nodes to switch to other chain if its divergence from current chain happened before range of mini blockchain. How many previous blocks node stores could be customizable parameter. Professional machines could keep longer history if they wish while client nodes could store just default length ( month or so ).

One way to really drill the final nail into the coffin of this attack might be this: if a new node detects two full mini-blockchain's which both originate from the same proof chain it can simply resort to a peer vote system by asking older nodes which chain is the valid one. Legitimate older nodes who noticed the fake chain appear out of thin air would reply to the new node telling them not to trust the one which appeared to come out of no where. Now the attacker would have an extremely hard time getting enough slaves in on his little scheme.

I think new nodes in this situation (it should be extremely rare or never) should just query nodes for blockchain all the way to block in which competing chains diverged and if no one around has this long history node should just refuse to operate and wait until thing settle. Or it can be advised to download updated client which should in this situation contain hardcoded checkpoint provided by community pointing to right chain.

[aaaxn]

I would advise to update address structure proposed in this paper. I think binary hash tree would be better. Your proposal would require to constantly make hashes over vast amounts of data (all sector hashes) so this data would need to be kept in memory. Moreover with accounts packed in 1000 blocks there is also a lot of data to hash and as transactions would be randomly distributed to all sectors large portions of tree would need to be recalculated in every block. With binary tree you would always need to update just 2 * LOG(N) hashes per transaction and all hashes would be made over fixed length strings. N is number of accounts in tree. This way only small subset of tree would need to be kept in memory.

[Come-from-Beyond]

If I recall correctly maximum information density is achievable at numeral system based on number e (2.718). So triple hash tree could be better than binary one.

[aaaxn]

If I recall correctly maximum information density is achievable at numeral system based on number e (2.718). So triple hash tree could be better than binary one.

Maybe in theory but from practical point o view binary trees fit nicely in binary world
First thing which comes to my mind is that transaction would probably operate on account offsets to save space. When you have offset all you have to do is read its binary representation bit by bit and you get exact path you need to follow in binary tree to reach this node. It would require more work on ternary tree.

I found that binary trees have already been discussed ( with nice diagrams ) in context we are talking about. Its was for unspent txouts, but we would just use account balances.
https://en.bitcoin.it/wiki/User:DiThi/MTUT
https://bitcointalk.org/index.php?topic=88208.0

[Impaler]

How dose this solution compare to Ripple, your ledger system looks similar to what I hear it uses but the mini block chain gives a bit 'memory' then I think Ripple has, you seem to have elegantly combined both concepts here and gotten the strengths of both, I'm going to tell the other FRC developers about it, our lead has expressed interest in doing block-chain trimming.

[bitfreak!]

I haven't really looked into it but Ripple appears to use some sort of pseudo-centralized solution. I don't think the coins were created in a decentralized way. And there was just a thread about a Ripple account being hacked because of a weak password or something. So the accounts even appear to be centrally managed.

[GCInc.]

I admire the ingenuity of this idea.

Now, projecting the potential timelines this opportunity casts, how feasible would it be for Bitcoin to adopt such a mini-chain at a future point in time? Technically and theoretically I mean, casting the massive political obstacles out of the way. Rather simple to convert the full blockchain to mini and proof when the open source framework (from this new crypto) is available, no?

[bitfreak!]

how feasible would it be for Bitcoin to adopt such a mini-chain at a future point in time?

Probably pretty unfeasible. Even something like the "rolling chain" idea mentioned in the paper would be extremely tricky to implement with Bitcoin. I spent a lot of time thinking about ways the Bitcoin blockchain could be made much smaller but the only thing I could really come up with was to create a whole new crypto-currency.

[Etlase2]

One way to really drill the final nail into the coffin of this attack might be this: if a new node detects two full mini-blockchain's which both originate from the same proof chain it can simply resort to a peer vote system by asking older nodes which chain is the valid one. Legitimate older nodes who noticed the fake chain appear out of thin air would reply to the new node telling them not to trust the one which appeared to come out of no where. Now the attacker would have an extremely hard time getting enough slaves in on his little scheme.

What you are trying to accomplish to fix your problem here is an uninformed, relatively untrustworthy consensus (how does a new node know which nodes are legitimate?). The two part amazing solution is to use a proof of consensus system that does not rely on proof of work. Much more secure, much more energy efficient. I wasn't lying when I said I've already solved the problems of doing this.

Even if the attacker had a huge botnet at his disposal at least 80 to 90 percent of existing and new nodes would reject the fake chain and continue working on the real chain. Soon enough the attacker wouldn't be able to afford continuing the attack and he would give up. The real mini-blockchain would quickly overtake the fake chain once the attacker stopped contributing his hashing power to it. With these mechanisms in place the attacker has no hope of convincing more than half the network to use his fake chain.

He can still repeatedly get away with double spending.

[bitfreak!]

What you are trying to accomplish to fix your problem here is an uninformed, relatively untrustworthy consensus (how does a new node know which nodes are legitimate?).

It doesn't know. That's why it's a vote system. The node assumes that the majority of votes will be from legitimate nodes. Of course that wont always be the case but it will be the case at least 80% of the time.

He can still repeatedly get away with double spending.

An attacker with enough power to outpace the blockchain for a day or more is obviously going to get away with something. Even in Bitcoin an attacker with that much power over such a long period of time could do a bit of damage. But it's still not a true form of double spending, it's a temporary illusion, and if the attacker had a hard time getting any other node to accept his fake chain wouldn't it be virtually impossible for him to achieve a double spend?

[Etlase2]

It doesn't know. That's why it's a vote system. The node assumes that the majority of votes will be from legitimate nodes. Of course that wont always be the case but it will be the case at least 80% of the time.

But the basic rule of defending against a sybil attack is that the majority cannot be trusted.

An attacker with enough power to outpace the blockchain for a day or more is obviously going to get away with something. Even in Bitcoin an attacker with that much power over such a long period of time could do a bit of damage. But it's still not a true form of double spending, and if the attacker had a hard time getting any other node to accept his fake chain wouldn't it be virtually impossible for him to achieve a double spend?

I actually should have said, he can get away with almost anything against a node that hasn't been around recently. And yes, the same is true of bitcoin. Lots of bad things can be accomplished when you rely on hashing power to determine who is right. Hell, new nodes won't have any idea of whom to trust. Grabbing thousands or millions of IPs is easy; will be drastically easier when IPv6 is the standard.

There IS a way to return to the at-worst bitcoin 51% attack while reducing storage, and that is keeping a historic record for at least a year. Keep the hash of the account ledger rolling through each block, have each tx spend from the ledger not previous txouts, and work from there. If a node was suspicious at the validity of someone's block, they could request its history and hashing power proof over that year or whatever seems reasonable. At least then it's not all time. Compressed account ledger and 1 year of tx history+hashing power is pretty solid proof that it's the real chain.

It still requires proof of work though which means it can be 51% attacked and it wastes a boatload of energy for nothing useful when it can be done a better way.

[bitfreak!]

But the basic rule of defending against a sybil attack is that the majority cannot be trusted.

Yes that is a valid point but all the older legit nodes can still be trusted, there's no way the attacker can trick them. Not only would the attacker need a boatload of hashing power but also a boatload of IP's and bandwidth to out number the legit nodes. Of course that is still possible so perhaps the best method to solve this problem would not be a voting system but the solution aaxon suggested:

I think new nodes in this situation (it should be extremely rare or never) should just query nodes for blockchain all the way to block in which competing chains diverged and if no one around has this long history node should just refuse to operate and wait until thing settle. Or it can be advised to download updated client which should in this situation contain hardcoded checkpoint provided by community pointing to right chain.

That pretty much seems like the best solution because it would cut new nodes out of the picture and leave the legit nodes to wear down the attacker until he gives up.

[Etlase2]

Yes that is a valid point but all the older legit nodes can still be trusted, there's no way the attacker can trick them. Not only would the attacker need a boatload of hashing power but also a boatload of IP's and bandwidth to out number the legit nodes.

IPs and bandwidth are hardly issues. Many theoretical attacks should propose "what kind of defense do you have if you're surrounded by bad nodes?" It doesn't necessarily mean the system is weak if it fails to pass these tests, but it does mean it has weaknesses.

That pretty much seems like the best solution because it would cut new nodes out of the picture and leave the legit nodes to wear down the attacker until he gives up.

It's also effectively DDoSing the network for lite clients. I'm just sayin'...

[bitfreak!]

It's also effectively DDoSing the network for lite clients. I'm just sayin'...

You'll need to elaborate, I don't understand what you mean.

[Etlase2]

If lite clients shut down in the face of competing chains, commerce cannot continue. aaaxn states that it should rarely be a problem, but the problem exists when someone is making a coordinated attack against the network. These are issues with bitcoin as well, there is nothing particularly wrong with your idea, it just allows for completely forking networks. SPV clients (lite clients) AFAIK can work because hash trees can be used to prove the existence of txouts deep in the chain. That can't be done here because the hash tree disappears after a short period of time, being replaced by a ledger. You have to hope that someone does not perform a sustained attack where they ruin other miner's profitability in an effort to get them to leave, then unleash a devastating attack where they *could* rewrite balances. Some full nodes would complain (full nodes only being run as altruistic measures, yay), but they'd have no chain to champion. Very dire situation.

[bitfreak!]

If lite clients shut down in the face of competing chains, commerce cannot continue.

What do "lite clients" have to do with anything here? I'm not sure you understand the concept properly or that you've read the white paper properly.

The new nodes (not lite nodes) would be cut out of the picture. In no way would that shut down commerce, the legitimate older nodes would keep chugging along with the real chain and they wouldn't even pay attention to the fake chain. The fake chain wouldn't even affect anything unless you relied upon a node which was using the fake chain, which cannot happen if new nodes are cut out if the picture until the situation is resolved.

EDIT: or do you mean it may hinder commerce for a business who attempts to start up a new node at the time of this attack? Worse case scenario they have to wait until the attack is over to start their node, or wait until a new client is released with the updated checkpoint. It's not like the businesses already running a node would be affected.

[Etlase2]

What do "lite clients" have to do with anything here? I'm not sure you understand the concept properly or that you've read the white paper properly.

I haven't read the whitepaper at all, because I already know how this process works. And I was responding directly to aaaxn's solution which you said should work. He was talking about new nodes, you must think that the majority of new nodes are going to be "client" nodes rather than full peers (at least in the future when the network is large), because being a full peer costs a lot of bandwidth. Storage is only one aspect. Plus if you intend to earn market share with mobile devices, many clients are simply going to have to rely on what other nodes tell them.

The new nodes (not lite nodes) would be cut out of the picture. In no way would that shut down commerce, the legitimate older nodes would keep chugging along with the real chain and they wouldn't even pay attention to the fake chain. The fake chain wouldn't even affect anything unless you relied upon a node which was using the fake chain, which cannot happen if new nodes are cut out if the picture until the situation is resolved.

That's great and all for those who can be sure which network is the correct one. For those who can't, they are DDoS'd. Only a stupid attacker is going to start by breaking the chain. He is going to be smart and he is going to play along for some time before making a move. It is again a similar problem to bitcoin's, but you have introduced a vulnerability where the original chain is potentially lost. And the only solutions you have come up with are sybil-poor ones. Right, it's unlikely, it's really hard to do, but it only needs to happen once. Proof-of-work is bad, mmmk?

You still pretty much solve this vulnerability by keeping the chain history for a year. Storage is still bound, and that is a big win. It still suffers from centralization and 51% attacks and wasted energy and all the rest though.

Edit: I have skimmed your proposal now and yes you have addressed the new vulnerability well enough. I'm not sure what vulnerability aaaxn is referring to then. I'll have to redigest. I don't know where this voting crap is coming from. Kudos for putting this into a whitepaper, but this is not enough of an idea to start yet another altcoin imo.

[bitfreak!]

Edit: I have skimmed your proposal now and yes you have addressed the new vulnerability well enough. I'm not sure what vulnerability aaaxn is referring to then.

He is referring to a new vulnerability which is some what similar to the old issue but much more difficult to pull off and easy to prevent with the mechanism I've been talking about for the last 2 pages.

[Etlase2]

Ah yes, the secret chain. I missed that along the way and presumed it was a different attack. I just couldn't imagine how you resort to a consensus of untrusted peers as a decision-making process though. Holding the true chain for a year fixes this problem unless the attacker intends to spend an entire year along with the network. You really can not resort to peer consensus. Remember, mining is a pretty centralized activity, and nodes don't get paid to be nodes. It is fairly easy in theory for EvilCorp to work their way through the hierarchy and control a large view of the network. You are *hoping* altruism wins out. Still inheriting a lot of bitcoin's flaws... and as far as I can tell, SPV is still not possible in the way that bitcoin can do it. Lite nodes are going to need a lot more data than SPV nodes in bitcoin--but perhaps not, I'd have to waste some time thinking on it. But if true, this is not good for bandwidth-unfriendly nodes like mobile devices.

[bitfreak!]

I just couldn't imagine how you resort to a consensus of untrusted peers as a decision-making process though. Holding the true chain for a year fixes this problem unless the attacker intends to spend an entire year along with the network.

Yes I agree you cannot really resort to consensus, that's why I said aaaxn's solution is probably the best. Simply don't give new nodes a chance to be tricked by the fake chain. This resolves the problem in a fairly neat way. Holding an entire year worth of transactions is still way too much when there's no real point. So far this is the only attack we've thought of which might provide incentive to increase the length of the mini-blockchain, but if we can eliminate the threat of this attack without having to do that then that's the way it should be solved. And we can with aaaxn's solution.

[aaaxn]

Ah yes, the secret chain. I missed that along the way and presumed it was a different attack. I just couldn't imagine how you resort to a consensus of untrusted peers as a decision-making process though. Holding the true chain for a year fixes this problem unless the attacker intends to spend an entire year along with the network.

As you see this kind of attack is extremely unlikely so this precautions I proposed are not really meant to be ever triggered. It's good to include them because it further discourages making secret chain attack because it hurts its potential profitability.

as far as I can tell, SPV is still not possible in the way that bitcoin can do it. Lite nodes are going to need a lot more data than SPV nodes in bitcoin--but perhaps not, I'd have to waste some time thinking on it. But if true, this is not good for bandwidth-unfriendly nodes like mobile devices.

Lite client would need to download block headers from their last known checkpoint or genesis block (few MB) and download few paths in account tree which correspond to addresses client controls/is interested in (few KB). I think he could even download only few most recent blocks and his accounts info. Even if he would get forged data all he risks is that network will reject his transactions.

[Etlase2]

Yes I agree you cannot really resort to consensus, that's why I said aaxon's solution is probably the best. Simply don't give new nodes a chance to be tricked by the fake chain. This resolves the problem in a fairly neat way. Holding an entire year worth of transactions is still way too much when there's no real point.

There is a point though, you have a "lock block" far enough in the past that the odds of overcoming it are unbelievably overwhelming--and it's a cut-off point where you can have nodes decide unanimously that they can't be fooled or user intervention would *then* be required. Then you don't have to resort to shenanigans.

Lite client would need to download block headers from their last known checkpoint or genesis block (few MB) and download few paths in account tree which correspond to addresses client controls/is interested in (few KB). I think he could even download only few most recent blocks and his accounts info. Even if he would get forged data all he risks is that network will reject his transactions.

This can verify balances of addresses, but it does not verify payments.

[aaaxn]

This can verify balances of addresses, but it does not verify payments.

To verify payment you only need 2 tree paths. To sender account and to receiver account. Should not require much data. Apart from that lite clients would mostly be used for making payments and rarely for receiving and even if you gets funds to your lite wallet you probably get it from someone whose identity is known to you (exchange, friend, etc.) so they really have nothing to gain from fooling you temporarily. If you are merchant and sell things to strangers you should probably run full node.

[aaaxn]

Let's consider some new awesome possibilities that arises when we get rid of bitcoin scripts and adopt account tree, so this thread won't die off.

Transactions

1) Smaller transactions - transactions could use just account tree offsets instead of addresses / public keys. We can address more accounts than we will probably ever need with 5 bytes. Addresses takes 25 bytes and public keys 65 bytes.
2) Including messages in transactions. We don't need to store transactions indefinitely so we can permit short messages attached to payments (eg. order id). This would improve user experience a lot.
3) We can get rid of sending change back to ourselfs because we can spend any amount of bitcoin from our account.

Accounts
We will store accounts in nice separate cells in db, so we can make different types of accounts as needed.
Fore example:

1) Accounts with descriptions. We can allow attaching custom names to account eg. 'Payment address for shop.example.com'. This description could be presented to users paying to this address. Huge user experience boost.
2) Multi signature accounts. We can make accounts with multiple pubkeys attached and require M of N signatures to spend from this address.
3) Limited accounts. We can define maximum withdrawal limits per time period for accounts.
4) We can extend account types if needed. This system is actually more powerful than bitcoin scripts (we can always make accounts with scripts).

Feel free to extend this list.

[RustyShackleford1950]

Interesting idea, implementation may be difficult though. Also, what happens far, far into the future, let's imagine this is adopted, won't a large number of transactions mean that previous records are being overwritten at an ever increasing pace, eventually leading to a serious security problem?

[achillez]

interesting

[aaaxn]

Interesting idea, implementation may be difficult though. Also, what happens far, far into the future, let's imagine this is adopted, won't a large number of transactions mean that previous records are being overwritten at an ever increasing pace, eventually leading to a serious security problem?

Idea is to keep constant number of recent blocks (for example 5000) so if transaction volume increases mini blockchain will grow in size but it won't hurt security.

[aaaxn]

Secure 0-confirmation small transactions

Concept of accounts with withdrawal limit go me thinking and I think it enables implementation of secure 0-confirmation small payments. By small I mean small relative to your account balance which can make it applicable in even big transactions in absolute terms.
First let me outline how limited accounts could work.

1) Send to network special transaction to modify withdrawal limit for your account. You specify limit as number of coins per no of blocks. Such change will take effect in eg. 100 blocks (delay is important for my idea)
2) Network accepts transaction and after 100 blocks it will reject any transaction that would cause specified limit to be exceeded. Miner node will accept first transaction for withdraw and when he receives another which would cause limit to be exceed he queues it until first one is included in block and limit is available again.

How could limits prevent double spending? Double spending is possible because you can send one transaction to merchant while simultaneously send another one to miners which moves all your coins to other address. But with limits you cannot send all your coins at once and this can help secure merchant transaction.

Suppose you have 100 coins in your account with withdrawal limit of 1 coin per block. If you want to send secure 0-confirmation transaction for 1 coin you sign a transaction to send 1 coin to merchant valid if included in one of next 10 blocks (or whatever amount of confirmations is deemed secure).
Now even if attacker tries to double spend his coins in alternative blockchain he would only be able to move 1 coin from his accounts per block, so event if his network branch is accepted as longest merchant transaction will still be valid and included in some of later block. To successfully make doublespend attacker would need to make 10 blocks alternative branch in secret which is infeasible.
If my reasoning is valid merchant can ensure he will receive funds by:
1) Checking that there is no pending withdraw limit change on sending account
2) Check that sending account balance is high enough so it can't be emptied to fast.
3) Ensure transaction that pays to him has propagated enough in network and that it is on top of queue (checking few respected mining pools is enough)
That should complete in seconds.

Do you see any problems with this idea?

[Etlase2]

1) Smaller transactions - transactions could use just account tree offsets instead of addresses / public keys. We can address more accounts than we will probably ever need with 5 bytes. Addresses takes 25 bytes and public keys 65 bytes.

In addition to this, 32-byte hashes are not necessary to verify receipt of previous transactions. Peers who have not even communicated with each other before can reference transactions like so:

[timestamp - 4 bytes for each second]
[2-4 bytes of account offset, depending on what is most useful based on transaction activity - 2-4 bytes once for each tx that shares this offset]
[remaining 1-3 bytes for account offset]+[1 byte pseudo-hash]

The 1 byte pseudo-hash could be bigger, but it limits one account to 256 transactions per second, although the client will have to be aware of pseudo-hash collisions. When Visa is only like 4,000 transactions per second, this can't be that big of an issue. So the maximum one transaction could cost in wasted bandwidth is 10 bytes, but on a busy network, most transactions will only cost around 3 bytes to verify receipt or reference it with another peer. This is presuming my initial idea of using timestamps to identify specific transactions. It also allows for an easy way to locate transactions in the transaction block chain, though this is going into my design, but it's the one I know. *shrug*

Although bitcoin could use some protocol tweaking, it still *at best* has to send 32 bytes, but right now just goes ahead and wastes the full 300 bytes or whatever a typical tx is. 32 bytes->3 bytes on a busy network is gigabytes saved daily per node.

2) Including messages in transactions. We don't need to store transactions indefinitely so we can permit short messages attached to payments (eg. order id). This would improve user experience a lot.

8 bytes I think is an ideal number that allows for setting up a receipt/order system/identity proof. I think bank-like intermediaries (preferably anonymous ones, but that is technology that has to be proposed and advanced outside the network) will be commonly used to preserve anonymity. Account ledgers have some caveats that they are slightly less anonymous than pseudotransactions a la bitcoin. Reusing account numbers needs to be encouraged by lower transaction fees, because it is in the interest of the health of the network. If there are intermediaries that provide you with 8-byte mini-addresses, you can preserve that anonymity completely from everyone except the bank, unless there are ways to provide this anonymously in the future. Those who want bitcoin's pseudonymity can still do it, but tx fees will be higher.

3) We can get rid of sending change back to ourselfs because we can spend any amount of bitcoin from our account.

This is considered part of bitcoin's pseudonymity as only you and the receiver know which part of the tx is the payment and which is the change. But we all know that bitcoin isn't all that anonymous, and with an account ledger making things even trickier, the idea of pseudonymity needs to be redressed.

1) Accounts with descriptions. We can allow attaching custom names to account eg. 'Payment address for shop.example.com'. This description could be presented to users paying to this address. Huge user experience boost.

I had this idea for early encoin proposals, but I don't like it because it will create a rush of custom address stealing. If businesses are public on the chain, users can associate the addresses manually. If they use intermediaries, this could still be addressed with using business->user account numbers in the tx message.

2) Multi signature accounts. We can make accounts with multiple pubkeys attached and require M of N signatures to spend from this address.
3) Limited accounts. We can define maximum withdrawal limits per time period for accounts.

Easy peasy stuff with a ledger. Gotta make sure to have "master" keys that can change those account options, not the accounts themselves. Keep the master key cold and let the hot wallet do its work without fear of a total catastrophe if there is an incident.

4) We can extend account types if needed. This system is actually more powerful than bitcoin scripts (we can always make accounts with scripts).

Yes, but there needs to be a process of acceptance for this. Say, a voting system. Even if account types are just complex uses of the scripting system, to save the data required to store these simply (and to make sure everyone has the exact same ledger), the account "types" need to be defined and everyone needs to agree on it.

Feel free to extend this list.

Anyone who plans on reusing a custom transaction could set a custom transaction type up themselves, basically a script-hash storage system. Then it could reference the custom type in a tx and only supply the variables needed to suit the script-hash, saving data. Of course there have to be fees to store this stuff, but people who use the same script-hash a lot could save money on a fee-per-function type tx fee.

A somewhat out-there possibility is to have a proof-of-work storage function. Small networks could use the ledger's proof-of-work (or proof-of-consensus) as a timestamping service and have the final say on the order of that network's events.

I have some other ideas somewhere, but it would require digging up really old notes.

[Etlase2]

Do you see any problems with this idea?

It's a big imposition on the user, it's also a transaction which is going to have to have a tx fee. Whenever they have to make a payment for more than the amount, they will have to wait for multiple blocks to have the full tx approved. If they want to change it, it's another tx. Etc. It's also not necessary in a good proof-of-consensus system.

[aaaxn]

In addition to this, 32-byte hashes are not necessary to verify receipt of previous transactions. Peers who have not even communicated with each other before can reference transactions like so:

[timestamp - 4 bytes for each second]
[2-4 bytes of account offset, depending on what is most useful based on transaction activity - 2-4 bytes once for each tx that shares this offset]
[remaining 1-3 bytes for account offset]+[1 byte pseudo-hash]

The 1 byte pseudo-hash could be bigger, but it limits one account to 256 transactions per second, although the client will have to be aware of pseudo-hash collisions. When Visa is only like 4,000 transactions per second, this can't be that big of an issue. So the maximum one transaction could cost in wasted bandwidth is 10 bytes, but on a busy network, most transactions will only cost around 3 bytes to verify receipt or reference it with another peer. This is presuming my initial idea of using timestamps to identify specific transactions. It also allows for an easy way to locate transactions in the transaction block chain, though this is going into my design, but it's the one I know. *shrug*

Although bitcoin could use some protocol tweaking, it still *at best* has to send 32 bytes, but right now just goes ahead and wastes the full 300 bytes or whatever a typical tx is. 32 bytes->3 bytes on a busy network is gigabytes saved daily per node.

I don't understand. In account tree transaction don't have to reference any other transactions. It only reference accounts with version. Transaction in this system should look something like
(trx_version, offsetSender, offsetReceiver, senderVersion, amount, signature)
(1 + 5 + 5 + 5 + 8 ) ~ 24 bytes + signature don't know how long it needs to be.

8 bytes I think is an ideal number that allows for setting up a receipt/order system/identity proof. I think bank-like intermediaries (preferably anonymous ones, but that is technology that has to be proposed and advanced outside the network) will be commonly used to preserve anonymity. Account ledgers have some caveats that they are slightly less anonymous than pseudotransactions a la bitcoin. Reusing account numbers needs to be encouraged by lower transaction fees, because it is in the interest of the health of the network. If there are intermediaries that provide you with 8-byte mini-addresses, you can preserve that anonymity completely from everyone except the bank, unless there are ways to provide this anonymously in the future. Those who want bitcoin's pseudonymity can still do it, but tx fees will be higher.

I think it should be longer to allow some meaningful descriptions for end users like 'for yesterday dinner', etc..
In proposed system nothing stops you from generating new address for every transaction like in bitcoin and I really don't think goal of system should be that every transaction is anonymous. Making anonymous transactions available is enough.

I had this idea for early encoin proposals, but I don't like it because it will create a rush of custom address stealing. If businesses are public on the chain, users can associate the addresses manually. If they use intermediaries, this could still be addressed with using business->user account numbers in the tx message.

What I meant is attaching name to account. Not making this name unique and allowing users to send funds to it.

Yes, but there needs to be a process of acceptance for this. Say, a voting system. Even if account types are just complex uses of the scripting system, to save the data required to store these simply (and to make sure everyone has the exact same ledger), the account "types" need to be defined and everyone needs to agree on it.

I am aware of that. Changes need to be included along with new software revisions. Bitcoin proves consensus can be reached and such changes can be made painless. No need to in network voting system for that.

It's a big imposition on the user, it's also a transaction which is going to have to have a tx fee. Whenever they have to make a payment for more than the amount, they will have to wait for multiple blocks to have the full tx approved. If they want to change it, it's another tx. Etc. It's also not necessary in a good proof-of-consensus system.

Not really. It can be automated in client. You just setup your fast payments account. Specify maximum fast payment size you need and software automatically keep this account balance on required level. If you deplete this sub account to much it is automatically refilled. No user attention is required after setup.
If you need to cancel this account you can always do full account withdrawal which would take something like 2x time of normal confirmation (this is sufficient delay for limit change operation).

[digitalindustry]

Let's consider some new awesome possibilities that arises when we get rid of bitcoin scripts and adopt account tree, so this thread won't die off.

Transactions

1) Smaller transactions - transactions could use just account tree offsets instead of addresses / public keys. We can address more accounts than we will probably ever need with 5 bytes. Addresses takes 25 bytes and public keys 65 bytes.
2) Including messages in transactions. We don't need to store transactions indefinitely so we can permit short messages attached to payments (eg. order id). This would improve user experience a lot.
3) We can get rid of sending change back to ourselfs because we can spend any amount of bitcoin from our account.

Accounts
We will store accounts in nice separate cells in db, so we can make different types of accounts as needed.
Fore example:

1) Accounts with descriptions. We can allow attaching custom names to account eg. 'Payment address for shop.example.com'. This description could be presented to users paying to this address. Huge user experience boost.
2) Multi signature accounts. We can make accounts with multiple pubkeys attached and require M of N signatures to spend from this address.
3) Limited accounts. We can define maximum withdrawal limits per time period for accounts.
4) We can extend account types if needed. This system is actually more powerful than bitcoin scripts (we can always make accounts with scripts).

Feel free to extend this list.

why don't you announce a Topic for the feasibility of another new design based around this principal, -

in the end this whole market is coder rich with the shittiest understanding of economics i have ever seen i my life, and that's doesn't even start to touch on socioeconomic principals,  but in the end that's completley to be expected.

Im here to make a good code "available" to Joe on the street -

The problem is someone like myself thinks so radically different to a coder, but a Coder feels like they "own" the product and for good reason, they essentially do.

But where i can step back and say , i will not even attempt to get involved in Coding , for some reason Coders have a bit of a breakdown where they can't step back and say "i'm a fucking useless at communicating these ideas to thew general public" 

so it's all for nothing, as i said its not just good enough to have THE BEST design, that gets you 50% there.

lucky but for coders I'm waiting to see which is the best then I'll promptly get any coder that will agree with my market design to copy paste it and we can release something.

when my design leaves this forum, no one will say "that was a copy of bla bla" - but full credit will of course go to them.

so why not make a topic about a new "coin" based on this , i'll try to get some coders on board. i'll make it if you like ! ?

[aaaxn]

why don't you announce a Topic for the feasibility of another new design based around this principal, -

in the end this whole market is coder rich with the shittiest understanding of economics i have ever seen i my life, and that's doesn't even start to touch on socioeconomic principals,  but in the end that's completley to be expected.

Im here to make a good code "available" to Joe on the street -

The problem is someone like myself thinks so radically different to a coder, but a Coder feels like they "own" the product and for good reason, they essentially do.

But where i can step back and say , i will not even attempt to get involved in Coding , for some reason Coders have a bit of a breakdown where they can't step back and say "i'm a fucking useless at communicating these ideas to thew general public" 

so it's all for nothing, as i said its not just good enough to have THE BEST design, that gets you 50% there.

lucky but for coders I'm waiting to see which is the best then I'll promptly get any coder that will agree with my market design to copy paste it and we can release something.

when my design leaves this forum, no one will say "that was a copy of bla bla" - but full credit will of course go to them.

so why not make a topic about a new "coin" based on this , i'll try to get some coders on board. i'll make it if you like ! ?

I am a coder but not good enough in C++ to implement my idea with sufficient quality (at least not fast), but I could efficiently communicate with developers. I am good at design and have good understanding of economics and business so I keep in my mind that my design need to have some strong selling points to be success. It's true I am not good at selling things to public, making hype etc

Coin design can be separated in 3 parts:
1) Designing db protocol (account balances, transaction etc)
2) Design efficient network security algorithm (Current bitcoin PoW scheme is too expensive )
3) Make sure proper economic incentives are present during bootstraping and when coin matures.

These can be discussed independently, so I don't see a point in publishing new coin design until all 3 parts are ready. Now I have good ideas for 1) and 3) but my idea for 2) needs some discussion. I don't see a point in publishing new coin idea before all 3 parts are sufficiently polished.

[Etlase2]

I don't understand. In account tree transaction don't have to reference any other transactions. It only reference accounts with version. Transaction in this system should look something like
(trx_version, offsetSender, offsetReceiver, senderVersion, amount, signature)
(1 + 5 + 5 + 5 + 8 ) ~ 24 bytes + signature don't know how long it needs to be.

I'm referring to the duplication of data and/or hash required to verify if you already have a tx that a peer is offering. When a connected peer says "hey do u have this tx?" he must send a 32-byte hash in bitcoin. When whichever type of block comes through, intra-peers must send at least a 32-byte hash (again, bitcoin doesn't even do this, it sends the full tx, but it could be a hash). Using what I suggested, only 3-6 bytes need to be sent to know if you have the tx or not. Multiply this by tens or hundreds of txes per second times the number of connected peers, and it is a huge data savings that is not available to bitcoin.

What I meant is attaching name to account. Not making this name unique and allowing users to send funds to it.

Ah, an interesting proposal.

I am aware of that. Changes need to be included along with new software revisions. Bitcoin proves consensus can be reached and such changes can be made painless.

Uhh, you need to do more studying on how bitcoin changes have been proposed and adopted then. It is in the hands of 3 or 4 people. Sure it's painless when you only need to get a cartel of miners on board.

Not really. It can be automated in client. You just setup your fast payments account. Specify maximum fast payment size you need and software automatically keep this account balance on required level. If you deplete this sub account to much it is automatically refilled. No user attention is required after setup.

:shrug: You are rationalizing a whole lot of stuff to provide for fast transactions when it can already be accomplished a better way. And all of this rests on the users being required to do something to help merchants. Merchants can't really force them or expect them to do it. "Advanced" features should be a power-user only thing, otherwise you have millions of people with accounts that have special features that is costing time and bandwidth for everyone to keep track of.

[aaaxn]

:shrug: You are rationalizing a whole lot of stuff to provide for fast transactions when it can already be accomplished a better way.

And that is? [Decrits doesn't count. It is so complicated that is even hard to grasp not to mention implementing]

[Etlase2]

And that is? [Decrits doesn't count. It is so complicated that is even hard to grasp not to mention implementing]

Funny how people keep coming up with ideas that are in decrits though and believe each individual idea deserves its own coin. Also funny how convoluted ideas are coming up to fix the problems that are already resolved or don't exist in decrits. I guess some people just need their hands held? Which is better for cryptocurrency in general: 400 different and flawed currencies that each solve 1 problem, or 1 currency that solves them all? I guess it just depends on your pov.

[aaaxn]

Funny how people keep coming up with ideas that are in decrits though and believe each individual idea deserves its own coin. Also funny how convoluted ideas are coming up to fix the problems that are already resolved or don't exist in decrits. I guess some people just need their hands held? Which is better for cryptocurrency in general: 400 different and flawed currencies that each solve 1 problem, or 1 currency that solves them all? I guess it just depends on your pov.

I guess it's theory vs reality. Making a coin with proven bitcoin design and only change in database structure is doable and with limited risk. Making your complicated design from scratch requires a much more work and is far more risky. That is why it will probably remain just in theory while other currencies will improve one step a time with real world success.

[Etlase2]

Real world success defined as "market cap of 100 dollars"! What happened to the whole risk vs. reward that bitcoin proponents champion as the reason why early adopters deserve billions of potential dollars for their "smart, early investing"? Seems like most people in reality are scared little girls.

[aaaxn]

Real world success defined as "market cap of 100 dollars"! What happened to the whole risk vs. reward that bitcoin proponents champion as the reason why early adopters deserve billions of potential dollars for their "smart, early investing"? Seems like most people in reality are scared little girls.

No, most people are just not convinced to your design. Guess you just have to take this risk and become billionaire then.

[digitalindustry]

Real world success defined as "market cap of 100 dollars"! What happened to the whole risk vs. reward that bitcoin proponents champion as the reason why early adopters deserve billions of potential dollars for their "smart, early investing"? Seems like most people in reality are scared little girls.

No, most people are just not convinced to your design. Guess you just have to take this risk and become billionaire then.

lol

+1

have opened a topic based on this BC idea and making a design from it with the NVC core code Balthazar is on board :

https://bitcointalk.org/index.php?topic=199952.0

feel free to contribute !  I can make this big.

[Etlase2]

lol

+1

The guy whose idea is to take others' ideas and have someone else code them is lol'ing?

[aaaxn]

The guy whose idea is to take others' ideas and have someone else code them is lol'ing?

I guess you call such people managers

[digitalindustry]

The guy whose idea is to take others' ideas and have someone else code them is lol'ing?

I guess you call such people managers

that's right friend and as a result we all benefit - we can't all code , but coders can't EVER make marketable ideas either , so i wouldn't call it management so much as a Handshake.

and to Poor Etlase2 (nervous ASIC investor )  i'm actually being up front and trying to give the coders the credit, and more stake than myself (more likely)  otherwise i'd just wait until its made , find an average C++ coder to copy paste it and release it , and the sad thing would be,  that it would be more successful than the original product , but with no credit.

so i see that as nefarious that's why i opened the topic.  

what you need to see is that IF i have a successful design its at least AS valuable as the code.

because as i said, go write some super code and release it on usenet.  :- \

: )  

best way to look at it,  is that its going to happen, i'm going to do it anyhow , so why not try to get the coders in on it , that actually wrote it ?

that way we all benefit - if i'm a good designer they benefit if they are a good coder I benefit - but look around , do i really NEED good code? lol

i'd prefer it but !  

[aaaxn]

Awesome features with account ledger continues:

Secure coin laundry
We create new account type for coin laundry operators. Account include required fee and amount of coin deposited as collateral. Collateral is needed to make sure operator is honest. Coins in collateral can only be withdrawed with delay, so operator cannot disappear with users funds.

Algorithm of operation is:
1. Users sends transaction to laundry. To transaction a message is attached which describe amounts and addresses where laundry should send coins. Message encrypted with mixer public key, so only he can read it's contents.
2. Operator must execute specified transactions in N next blocks.
3. I mixer fails to execute transactions user reveals unencrypted message. Anyone can check if it matches encrypted version . User has N blocks to do it and if mixer indeed failed to execute instructions then sent coins are returned to sender from operator collateral (maybe with penalty).

Laundry operator gathers user inputs and when he receive enough of different inputs he starts to execute received instructions. He gets fee for that and he does not have incentive to be dishonest because he risks loosing collateral.

With careful calculation of good values for N and making sure there is never more outstanding user transactions than collateral this system can be made totally safe.

[Etlase2]

re: coin laundry, the system I described here could be safely used for any amount of money. If the SH attempts to be devious, all money will simply be returned and he will lose his deposit. And no correlation can be made between the from and the to accounts (other than it is one of the initiators, so 1/x). It seems as if you have given the laundry this information, so you have not protected anyone from the laundry keeping records. This is the same privacy offered by sending your coins to any site that will keep a balance for you and then cash out at a later time.

However, I did not bring up that it could be used for any amount of money in that thread. I am on the fence about including an all-you-can-use coin mixer as part of the protocol. But it can be very versatile. As part of the transaction, you have the amount required and the number of initiators you require. Say you want to clean 50 coins, and you want 99 other people to clean 50 coins with you, then you initiate it and wait. If you are paranoid that someone will send 99 txes to oust you, you only need to send a tx that fits the criteria of another group and join that one's pool.

[aaaxn]

It seems as if you have given the laundry this information, so you have not protected anyone from the laundry keeping records.

Someone need to know how to pair inputs to outputs so he can update account ledger. I don't see a way to avoid that.

[Etlase2]

Blind signature schemes have existed prior to the advent of the internet, and they solve the problem. And in my solution's case (though it has some minor caveats), there is no danger of ever losing your money or having to reveal where you intended to send money if the mixer does something bad. Yours requires that the operator has collateral to cover all transactions, where mine does not. There is also the problem that if not enough transactions are being processed through a mixing account but it is forced to release your transaction, there may be few transactions inbetween that provide reduced linkability. And if the mixer does not release the transaction, your solution completely deanonymizes the transaction if they want to get their money. These are all very significant caveats. And the result is no better than sending your coins to a gambling site or whatever and cashing them out to another account. You could argue the gambling site is more likely to keep records, but coin mixer accounts as part of the protocol is ripe for the honeypotting.

[aaaxn]

Yes, I thought it over and your solution can work indeed and has many advantages over mine.

[flipperfish]

Could you maybe summarize how your proposal is different from "Ultimate Blockchain Compression" (https://bitcointalk.org/index.php?topic=88208.0. Ref [4] in your paper.)?

As far as I can see, the Account-Tree is more or less equivalent to the UTXO-Set and the Proof-Chain is equivalent to the merge-mined block-header.

[aaaxn]

Could you maybe summarize how your proposal is different from "Ultimate Blockchain Compression" (https://bitcointalk.org/index.php?topic=88208.0. Ref [4] in your paper.)?

As far as I can see, the Account-Tree is more or less equivalent to the UTXO-Set and the Proof-Chain is equivalent to the merge-mined block-header.

I think it is similar, but is better because it drops unnecessary UXTO concept.

[aaaxn]

Another approach to secure laundry using Eltase's ideas.

First let's define Mixing Set.
Mixing Set consists of header and list of inputs to mix. Header includes:
- mixing denomination (1 coin, 100 coin, etc)
- mixing size (how many inputs)
- mixing public key
- time available for ticket redeeming
- input coins used as collateral

Mixing parameters should be standardized so it would be easier to find matching inputs.

Users sends to network intentions to mix which include
- sufficient amount of coins (denomination + fee)
- requested denomination
- requested minimum mixing size
- requested ticket redeeming window
- blinded mixing ticket = blind(random string + payout address). We need random string so every ticket is unique.

Miners monitor received mixing intentions and if miner find set which can be used for creating Mixing Set he can create one.
Miner generates new key pair just for single Mixing Set and includes this key in header. With this key he make blind signatures of all mixing tickets and include such transaction in block.
When Mixing Set is included coins are taken from all participants but are not deposited anywhere.

All mixing participants can now see that their mixing intentions were included in blockchain. They unblind their tickets and with it create output transactions against Mixing Set (their tickets are signed with blocks private key).
Redeem transactions can be included in any next block until redeeming time is up.
When redeeming is over we can have 3 outcomes
- there was less redeemed tickets than input. In this case outputs are credited normally and creator of Mixing Set gets free money.
- all tickets was redeemed. Outputs are credited normally.
- there was more redeemed tickets than inputs. This mean creator of Mixing Set cheated so he looses his collateral (miner who mined block containing first extra ticket gets it) and money is returned to senders. Users can't ever loose their money.

[ondratra]

great idea! realize it if you can

[stellarman]

I am very interested in this mini-blockchain idea, and the other ideas in the thread. This could be a very major step forward for crypto-currency.

What steps are being taken to put this into code? What help or resources are needed? Is there any other thread I should be following to keep abreast of this?

[bitfreak!]

Could you maybe summarize how your proposal is different from "Ultimate Blockchain Compression" (https://bitcointalk.org/index.php?topic=88208.0. Ref [4] in your paper.)?

As far as I can see, the Account-Tree is more or less equivalent to the UTXO-Set and the Proof-Chain is equivalent to the merge-mined block-header.

I think it is similar, but is better because it drops unnecessary UXTO concept.

Yes, basically, that is the answer. It is quite similar in many ways but because we're not trying to apply a change on top of an existing blockchain scheme we can leave out many unnecessary features and make it more efficient, and much easier to build.

[bitfreak!]

I am very interested in this mini-blockchain idea, and the other ideas in the thread. This could be a very major step forward for crypto-currency.

What steps are being taken to put this into code? What help or resources are needed? Is there any other thread I should be following to keep abreast of this?

Project implementation thread can be found at link below. As of yet no developers have come forward to help so if you can help in any way or know anyone who can, that would be helpful.

https://bitcointalk.org/index.php?topic=215936.0

[aaaxn]

I am very interested in this mini-blockchain idea, and the other ideas in the thread. This could be a very major step forward for crypto-currency.

What steps are being taken to put this into code? What help or resources are needed? Is there any other thread I should be following to keep abreast of this?

Project implementation thread can be found at link below. As of yet no developers have come forward to help so if you can help in any way or know anyone who can, that would be helpful.

https://bitcointalk.org/index.php?topic=215936.0

Post this link in this thread first post. I'd like to contribute but didn't even know new thread was started.

[bitfreak!]

I am very interested in this mini-blockchain idea, and the other ideas in the thread. This could be a very major step forward for crypto-currency.

What steps are being taken to put this into code? What help or resources are needed? Is there any other thread I should be following to keep abreast of this?

Project implementation thread can be found at link below. As of yet no developers have come forward to help so if you can help in any way or know anyone who can, that would be helpful.

https://bitcointalk.org/index.php?topic=215936.0

Post this link in this thread first post. I'd like to contribute but didn't even know new thread was started.

Good idea, I will do that now. I meant to send you a message with a link to that thread but I must have forgotten about it. At least you know now.

[stellarman]

I am very interested in this mini-blockchain idea, and the other ideas in the thread. This could be a very major step forward for crypto-currency.

What steps are being taken to put this into code? What help or resources are needed? Is there any other thread I should be following to keep abreast of this?

Project implementation thread can be found at link below. As of yet no developers have come forward to help so if you can help in any way or know anyone who can, that would be helpful.

https://bitcointalk.org/index.php?topic=215936.0

Thanks. I am now following that thread as well.

I am not a coder myself, but am the software Product Manager at the company where I work. So, I might be able to help coordinate. And I am willing to contribute at least some to the funding. But, that still leaves a pressing need for some strong coders to help move this forward. I will be talking to a couple of programmers I know, who may not be strong in crypto (yet), but who may be interested. That's the best I can do at the moment.

[Meni Rosenfeld]

The paper says each bitcoin is 10M satoshis, the correct number is 100M.

Let's consider some new awesome possibilities that arises when we get rid of bitcoin scripts and adopt account tree, so this thread won't die off.

Cryptocurrencies are almost useless without scripts.

This idea will obviously need to make use of P2SH; the account addresses will be hashes of scripts rather than public keys, and the defining script will be given in the spending transaction.

[aaaxn]

Cryptocurrencies are almost useless without scripts.

Any specifics? How many percent of current bitcoin transactions are something OTHER than simple pay to address? Is bitcoin useless because of it?

[Meni Rosenfeld]

Cryptocurrencies are almost useless without scripts.

Any specifics? How many percent of current bitcoin transactions are something OTHER than simple pay to address? Is bitcoin useless because of it?

Close to 0%, but currently securing bitcoins is very hard and the system isn't very scalable. You need multisig and more sophisticated scripts to keep bitcoins secure, you need payment channels to allow trustless off-chain payments, etc.

And, yes, I currently enjoy very little utility from Bitcoin in its intended purpose. It will be more useful when it is more widespread, but that will happen only if it's scalable and easy to secure.

[aaaxn]

Close to 0%, but currently securing bitcoins is very hard and the system isn't very scalable. You need multisig and more sophisticated scripts to keep bitcoins secure, you need payment channels to allow trustless off-chain payments, etc.

And, yes, I currently enjoy very little utility from Bitcoin in its intended purpose. It will be more useful when it is more widespread, but that will happen only if it's scalable and easy to secure.

You don't need scripts to do multi-sig accounts. You can just define such account type. And defining account types in code is more powerful than scripts because you have access to full blockchain state. You can example make accounts with withdraw limits per day. And please do not say anything about scripts flexibility because in reality every use case of script needs to be enabled by developers and accepted by miners. They could as well just write code handling new account type.

[Meni Rosenfeld]

Close to 0%, but currently securing bitcoins is very hard and the system isn't very scalable. You need multisig and more sophisticated scripts to keep bitcoins secure, you need payment channels to allow trustless off-chain payments, etc.

And, yes, I currently enjoy very little utility from Bitcoin in its intended purpose. It will be more useful when it is more widespread, but that will happen only if it's scalable and easy to secure.

You don't need scripts to do multi-sig accounts. You can just define such account type. And defining account types in code is more powerful than scripts because you have access to current network state. You can example make accounts with withdraw limits per day. And please do not say anything about scripts flexibility because in reality every use case of script needs to be enabled by developers and accepted by miners. They could as well just write code handling new account type.

Ok, I have a better idea now of what it is you are suggesting, you could hard-code the more commonly needed functionality. However, I will say that scripts are more flexible, and furthermore that we should move away from having to approve each script individually.

[aaaxn]

Ok, I have a better idea now of what it is you are suggesting, you could hard-code the more commonly needed functionality. However, I will say that scripts are more flexible, and furthermore that we should move away from having to approve each script individually.

I don't think scripting will be enabled ever. It is too risky and would probably bloat blockchain too much. If however it can be done and will prove to be useful nothing stops us from creating new account type with spending script attached (or its hash). It's a win-win.

[AnonyMint]

Now attack scenario. Suppose there is attacker with more than 50% of hashing power. He takes hash of current best block N and tries generating a next one but instead of using real account database he just create new one in which he holds all coins. If he is able to keep this chain in front of original one for as long as original network looses block N contents he can reveal his chain and it would look perfectly valid for all nodes because they lost track of how account database looked on block N.

It looks like algorithm presented in this paper is only as secure as mini blockchain is secure and if attacker could sustain 51% hashing power for as long as mini blockchain cycle completes it could cause much more severe problems than in bitcoin, because attacker could rewrite entire account balances database and not just make some double spends.

Essentially Bitcoin has the same risk for clients that don't download the entire transaction history, and the solution is the same which is to ask the peers that have the relevant transaction history to prove which chain is not valid.

[AnonyMint]

The following is helpful discussion, but appears to me to be somewhat wrong:

http://bitfreak.info/mbc-wiki/index.php?title=Secure_0-confirmation_transactions

Here is what I have written thus far on this:

1-Confirmation Transactions

To successful double-spend or unspend, the theft transaction needs to be placed in a block that will become orphaned and the winning chain must be obscured from the merchant accepting the 1-confirmation transaction. There is no reliable way to accomplish this attack on every attempt without 50+% of the PoW resources. So for small ticket items where rare theft is tolerable, the merchant can accept 1-confirmation transactions. An improvement would be to punish any transaction which overdraws the sender's balance, by charging a percentage fine of the balance that is not given to anyone (don't want to reward miners for this beyond the transaction fee which must be less than the fine, since the attacker may be the miner). When the attack succeeds, there won't be any balance to punish. However, since the attack doesn't succeed every time, then the punishment would further discourage the attack.

[AnonyMint]

Note there is some new discussion in the implementation thread for this proposed coin:

https://bitcointalk.org/index.php?topic=286536.msg3342106#msg3342106

Bitfreak!, aaaxn, bytemaster et. al have convinced me that the community can design better than I can alone. Although I independently realized most of the things they also realized, there are nuances and details which the group has hashed out better than one person could alone. Thus I would like to open the design to the community of my altcoin, if we can agree.

There is another thread:

https://bitcointalk.org/index.php?topic=215936.0

I would like to see if we can discuss now which additional features are desirable and the design of such features we agree on beyond what has already been agreed upon and designed for this proposed altcoin.

I do agree that we should not overly complicate the initial design. Yet I disagree that we should only do a proof-of-concept of only one feature improvement over Bitcoin, because the effort required really demands going all the way to marketing a new coin and hard forks are very difficult so we only get one chance to put the features that we want into the coin. We should choose very judiciously the features which are extremely important.

We will need to nail down whether the ideas presented by aaaxn on how to do scripting-like features (multisig, etc) have to be incorporated from launch or if they can be added later without requiring a hard fork.

I did two polls which you can find from the following post:

https://bitcointalk.org/index.php?topic=279340.msg3346774#msg3346774

Block chain scaling is the #2 most requested feature, yet anonymity is #1 by far.

So let me start by jumping into my current thoughts on anonymity.

First of all, I have just recently abandoned mixers entirely as an anonymity solution (which was a shocking, unexpected realization for me too):

https://bitcointalk.org/index.php?topic=279249.msg3343568#msg3343568

I quote below what I have written down thus far in a whitepaper I was composing.

Anonymity

All known existing solutions for anonymizing the IP address, e.g. Tor, I2P darknet, anoncoin, etc., are not secure against timing attacks.[13] Assuming that problem is solved, then a remaining problem is how to delink spends from other spends. Paradigms which mix coins from numerous identities only provide plausible deniability since the hashes of the addresses of all the input coins are in the public record, and the probability of deniability is reduced by the percentage of inputs provided by an attacker or participants who leak their identity to their outputs. Decentralized mixers are difficult to design to be resistant to DoS attackers, although Zerocoin might be a solution.[14] It is possible that some vendors might not accept coins that originated from mixers due to "know your customer" anti-money laundering concerns.[15] Thus the most robust solution is to obtain coins anonymously with small values. This can be done by mining coins, or anonymously receiving payment in coins. Unless the attacker has a list of all the customers, by giving a unique destination address to each customer then it is impossible to correlate that these coins belong to the same vendor. If coins can be anonymously converted into cash or mining hardware, they can be anonymized.

[13] https://bitcointalk.org/index.php?topic=279249.msg3109291#msg3109291
[14] https://bitcointalk.org/index.php?topic=279249.0
[15] https://bitcointalk.org/index.php?topic=175156.msg2318052#msg2318052

So it appears to me that in order to have anonymity of IP addresses, every peer on the network has to be forced to communicate via a mix-net otherwise those miners who anonymize their IP are at a disadvantage timing-wise and all peers who anonymize their IP are tainted by those who don't. And that mix-net can't be low-latency so that timing attacks can be prevented. And unlike Tor and more like I2P darknet, the number of hops must be more than 3 and all nodes must participate in the routing (not just dedicated nodes). Preventing DoS is an open issue.

Timing attacks are possible when nodes route anonymized (i.e. encrypted) onion layers in the order and near-time they receive them, thus making it possible to detect the flow not based on content, but based on the relative timing that packets are routed.

It seems to me that we will need to build this into the coin if we want any hope of strong (trustable) anonymity.

Note privacy and anonymity are not always inseparable. For example, if Satoshi spent all his coins today, we would know with high probability it is him (i.e. he lost his privacy), but we wouldn't necessarily know who he is (he didn't lose his anonymity). Yet spending that many coins without revealing identity is nearly impossible, thus often the two concepts are inseparable.

Society demands privacy, but it often frowns on anonymity, i.e. our bank doesn't tell the world our purchases of pornography (privacy), but the authorities have access to this data via warrant (not perfect anonymity).

Perhaps we can construct a sound argument that we don't have privacy at all without the anonymity of IP address. Can anyone help me with that logic?

P.S. note that mining on PCs could become realistic again with the mini-blockchain and a high DRAM requirement for the PoW which can't be defeated by GPUs (I have a rough sketch already).

[AnonyMint]

Let's talk about debasement. It ends in Bitcoin 2033 and my deep understanding of money indicates that will doom Bitcoin long-term.

I want to try to educate and convince you that perpetual debasement is good and we really need it. This is a difficult shift in mindset for many people, because they've adopted some concepts which are not correct. I explained this more exhaustively but spread out across dozens of  past posts and will have to go dig up all my prior points and condense at some point. I have studied this issue for several years, and I am somewhat mathematical. If you spend enough time on it and are rational, you will come to the same conclusion; it is not a subjective conclusion.

Let me take a stab now at summarizing although I am likely to miss some key points without a more exhaustive review of all my past posts on this issue.

1. The debasement of mined (above ground) gold never stops, i.e. it is roughly 1 - 3% per year throughout history.

2. Debasement funds mining, and mining is essential to a coin's PoW security. Transaction fees can also fund, but debasement consistently funds on every block.

3. The most reliable way to obtain coins anonymously is mining. Debasement provides it in small chunks and my realization on anonymity (see my prior post) is we need small chunks to delink spends. Transactions fees destroy the small chunks if they are too large, thus I would prefer they are scaled and set by the protocol.

4. I found data since the 1800s for the USA that showed that wages and money supply both increased nominally roughly 5.6% per year compounded. The point is that monetary inflation is not bad because it feeds back to workers. What is bad is when a central authority controls the timing and amount of debasement, because they can structure so that certain opaque (hidden) entities gain more. With a transparent (open and known a priori) protocol based schedule for debasement, no one can benefit in an opaque manner by manipulating the timing and rate.

5. Perpetual debasement continually diminishes the premine, and realistically you don't get dedicated serious developers without a premine. I know bytemaster's organization is attempting to profit without a premine, but before we can cite that as an exception they must prove it, and Litecoin isn't a significant deviation from Bitcoin.

6. Without debasement, capital has less incentive to invest, as it can gain value via deflation by being held unproductively. Note if everyone holds their capital unproductive, then deflation spirals into a dark age which is very difficult (as in an average of 600 years with several historic cases) to get out of, because those with capital invest in armies to protect their capital not in production, e.g. feudalism. This is why gold is never a sustainable money throughout history, because society fights against capitalists who want to hoard capital instead of risk investment in production. Without debasement, the value of your house can't go up, if wages don't go up, and the investor can't get return on his investment, nor can the interest rate for loans be paid. How can you pay an increase if there is not an increase in the money supply. I realize that capital from losers can end up with the winners, yet one issue is consistent winners aggregate too much capital and can't maintain growth without doing Olsen capture[2]  of the system (because smaller things grow faster, e.g. saplings grow to mature trees, but not to the moon or the guy selling cold mineral water on a hot day can double or triple his investment in a day, but Warren Buffett could never do that with his $billions in a day). And then note that it is impossible to eliminate the desire of humans to use debt, yet debt can't be serviced without debasement since the losers are always backstopped by insurance and thus society as a whole. So the huge-scale capitalists always move into usury finance to maintain portfolio value growth. If instead we take away that option with deflation, then they either defeat us or turn to protecting their capital into a dark age, because their size is too large to always win with investment. So we've got to issue money that is compatible with human nature, and thus there must be perpetual debasement. There is no panacea that can come from ending debasement.

[2] Eric S. Raymond, "Some Iron Laws of Political Economics", Armed and Dangerous blog

So pleeeeassssseeee throw away that "goldbug" nonsense. The economy can't be a constant. It has to have a business cycle wave function of expansion and contraction, because of the fact that nothing in this world is perfectly frictionless and inertia is required else we wouldn't exist. I suggest reading my blog to gain some insights on this on a more abstract level especially The Universe:

http://unheresy.com/

7. Absence of debasement steals from those who produce and gives to those who sit on their capital unproductively. The increased production along with deflation rewards the miser with increased goods and services for hoarding and not investing. Yet we shouldn't entirely diminish idle savings overnight, because of the lesson of saving during the 7 productive years to sustain during the 7 lean years (Biblical story that reflects the reality of the wave function of The Universe). So we need a balance between no debasement and infinite debasement. Gold appears to be a bit too low, as even the natural human population growth rate is probably more than 2% (at the peak of the western debt bubble birth rates have collapsed with 40 million abortions per year and contraception from age 15, but historically the long skirts come back, marriage comes back, and reproduction returns when the debt bubbles collapse):

http://armstrongeconomics.com/2013/10/01/what-socialism-destroyed-govt-shutdown/

What must be stated openly is that the “New Deal” of Roosevelt has actually destroyed the very fabric that formed society that nobody wants to look at no less discuss.

For centuries, people had children to provide for their own retirement. Family units were the social structure. The sad part of socialism is how this family unit was fundamentally destroyed by socialism. Once social security was created, children were relieved of the burden of taking care of their parents – that became government’s job. People were told to save conservatively. They salted away money often in government bonds. Now government has been so fiscally irresponsible, they have to keep interest rates low not to stimulate the economy, but to control their own perpetual deficits.

The retired can no longer live off of their savings. Their home has proven to be anything other than the savings for retirement as annual property taxes alone approach the cost of the house in the 1950s. Pensions are insolvent and taxes only rise perpetually. It now takes two incomes for a family to survive. The New Deal has failed on every level.

P.S. The following is wild conjecture (not scientific enough) and shouldn't be taken very seriously. 2033 is the target year for the current global financial crisis to bottom and a renewal to begin, i.e. it would correlate with roughly the 1950s and the end of the world wars (on the 78 year repeating crisis cycle that can be traced back throughout all of history, i.e. 3 x 26 reproductive maturity generations). Is it just a coincidence that Satoshi chose that year to end debasement. We will probably never know. I am not encouraging extended discussion on this speculative conjecture (the P.S.). I just wanted to note the (somewhat unscientific) correlation. Correlation is not always meaningful.

Here is a link to some conjecture about what may happen between now and 2033:

https://bitcointalk.org/index.php?topic=279771.msg3340053#msg3340053

[AnonyMint]

Incomplete, rough draft of whitepaper I was composing...

Bitcoin Proof-of-work and Block Chain

In the seminal Bitcoin whitepaper[1] Satoshi somewhat obscured the essential weakness of financial institutions that they are captured by the asymmetrical vested interests of society described by Olsen[2] which is to the detriment of individual empowerment. Ultimately it is the lack of anonymity of the institutions and transactions which allows society to identify them and thus the asymmetrical vested interests to capture them. Instead Satoshi emphasized transaction reversibility as the problem, but which is rather a sometimes desireable feature that is not necessarily incompatible with anonymity in all cases.

Financial transactions must be recorded in a public or private ledger trusted by both the spender and the recipient, otherwise funds could be unspent or double-spent to a plurality of recipients. To provide a ledger that can't be captured, Satoshi described a proof-of-work (PoW) scheme where transaction peers communicating over the network compete to be the first to solve a computational puzzle which is unique for each block of transactions added to a public ledger. The security of this ledger against double-spends has three (3) essential requirements.

1. The computational puzzle can't be preimaged, i.e. nothing can be known about solving the puzzle until the prior block's puzzle is solved.

2. Without at least 50% of the aggregate computational power of all transaction peers, it is not possible to create a modified chain of blocks starting from any present or past block, which would contain more blocks than the block chain controlled by the remaining cooperating peers. Thus the longer chain is trusted.

3. The block chain is cryptographically linked in forward order, such that the historical proof-of-work and transactions can be independently verified at any time in the future. Thus the transaction peers may leave and rejoin the network at will without need for a trusted centralized storage.

Note security point #1 eliminates from consideration PoW schemes in which the puzzle is some real-world computational work because the puzzles are known a priori and are thus pre-imageable. Non-PoW voting and membership schemes disqualify because the ordering of designation of authority (to decide which transactions are in each block) to transaction peers is pre-imageable, or requires peers trusted by reputation which is centralizing on a slippery slope towards Olsen capture.

Bitcoin's blockchain stores sender(s) signed hashes of the transaction data, which includes the nonce transaction id and hash(es) of the destination public key(s). The monetary value of each hash of the public key is computed from the transactions history. Satoshi suggested pruning historical transactions from the blockchain which are no longer relevant to computation and security of the set of unspent coins (a.k.a. Unspent Transaction Output Set or UTXO).[3] Note hashes of destination public keys[4] obscure the asymmetric public key cryptography from attempted attacks until a spend transaction is sent from the public key. However, this is not sufficient to assure with the same confidence as for symmetric key cryptography that an attack can't occur once the spend transaction is sent.[5]

Mini-Block Chain

The pruned Merkel transaction tree is not the most compact data structure possible, because an additional hash must be stored for each branch of the tree to each unpruned transaction[3], sender signature(s) are stored for each unspent coin, and transactions can't be pruned until all outputs are spent.[6] Note these transaction peers resource requirements only apply to startup download bandwidth, startup verification DRAM, and ongoing disk space, because the UXTO balances and hashes of each unspent coin address can be kept ongoing in DRAM without the signatures.

However if the public key account balances are separately stored, then the signatures only need to be kept for N blocks, where N is high enough to guarantee with sufficient probability that the peer's current chain won't be orphaned by a competing fork that gains more than N blocks x difficulty to become the accepted chain. For example in Bitcoin miner coinbase transactions can't be spent for 100 blocks[7].

A separate "proof chain"[8] linked since the genesis block is necessary, otherwise an attacker could utilize unlimited time to construct a fake chain with more than N blocks x difficulty. Note each PoW puzzle solution difficulty (i.e. the number of zero bits in the block's hash) is independent of the transaction data in the block, thus constructing a fake proof chain requires the same historical resources as the legitimate proof chain. Including a hash of the account balances in the corresponding block links their veracity to the longest chain. If an attacker creates fake account balances that have a hash that agrees with some block, and is able to outpace the difficulty of the rest of the legitimate peers, it could erase preexisting and create new account balances.[9] Thus the 50+% attack would be more dangerous. However this can be mitigated to the same extent that Bitcoin does with community resources to store the entire block chain transaction history linked from the genesis block. These super peers with sufficient resources would be entrusted to detect and show the proof of a 50+% attack.

To help insure that transaction signatures are not replayed, transaction inputs could be entirely spent to outputs which include a new address for the change. Signing a hash of the transaction which included a nonce (e.g. the transaction id in Bitcoin) would not be secure for the transaction peers which don't download the entire community transaction block chain history. Note the replay could still occur if the fully spent input address was ever sent a sufficient balance again. Signing a hash of the transaction which included the block id and allowed the transaction to appear once in any one of the M (where M <= N) blocks that followed, is probably a superior solution.

The transactions would not need to be stored in a Merkel tree since the only reason for doing so is to be able to verify remaining transactions against the block header after pruning and to support simplified payment verification[10] which is unnecessary because fully verifying peers would have optimized resource requirements. The data structure for the account balances has to meet certain requirements.[11]

The DRAM and download footprint would be dominated by the account balances data structure.[12] To eliminate the useless proliferation of public keys, the block chain would not accept transactions that create non-zero balances less than some quantity of coin (e.g. 0.01 BTC).

Since transaction sender signature size becomes an insignificant factor (except for the super peers), the relatively insecure ECDSA of Bitcoin can be replaced with Lamport signatures with extraordinary long key lengths, e.g. 4096 bit.[5]

Anonymity

All known existing solutions for anonymizing the IP address, e.g. Tor, I2P darknet, anoncoin, etc., are not secure against timing attacks.[13] Assuming that problem is solved, then a remaining problem is how to delink spends from other spends. Paradigms which mix coins from numerous identities only provide plausible deniability since the hashes of the addresses of all the input coins are in the public record, and the probability of deniability is reduced by the percentage of inputs provided by an attacker or participants who leak their identity to their outputs. Decentralized mixers are difficult to design to be resistant to DoS attackers, although Zerocoin might be a solution.[14] It is possible that some vendors might not accept coins that originated from mixers due to "know your customer" anti-money laundering concerns.[15] Thus the most robust solution is to obtain coins anonymously with small values. This can be done by mining coins, or anonymously receiving payment in coins. Unless the attacker has a list of all the customers, by giving a unique destination address to each customer then it is impossible to correlate that these coins belong to the same vendor. If coins can be anonymously converted into cash or mining hardware, they can be anonymized.

1-Confirmation Transactions

To successful double-spend or unspend, the theft transaction needs to be placed in a block that will become orphaned and the winning chain must be obscured from the merchant accepting the 1-confirmation transaction. There is no reliable way to accomplish this attack on every attempt without 50+% of the PoW resources. So for small ticket items where rare theft is tolerable, the merchant can accept 1-confirmation transactions. An improvement would be to punish any transaction which overdraws the sender's balance, by charging a percentage fine of the balance that is not given to anyone (don't want to reward miners for this beyond the transaction fee which must be less than the fine, since the attacker may be the miner). When the attack succeeds, there won't be any balance to punish. However, since the attack doesn't succeed every time, then the punishment would further discourage the attack.

[1] Satoshi Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System", 1. Introduction
[2] Eric S. Raymond, "Some Iron Laws of Political Economics", Armed and Dangerous blog
[3] Satoshi Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System", 7. Reclaiming Disk Space
[4] https://en.bitcoin.it/wiki/Protocol_specification#Addresses
[5] AnonyMint, "How is same signed transaction not reusable, also quantum security of ECDSA?", https://bitcointalk.org/index.php?topic=309594.0
[6] https://bitcointalk.org/index.php?topic=215936.msg2268831#msg2268831
[7] https://bitcointalk.org/index.php?topic=145666.msg1546809#msg1546809
[8] J.D. Bruce, "Mini-Blockchain Project wiki, Proof Chain", http://bitfreak.info/mbc-wiki/index.php?title=Proof_chain
[9] http://bitfreak.info/mbc-wiki/index.php?title=Weaknesses_and_attack_vectors#The_Secret_Chain_Attack
[10] Satoshi Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System", 8. Simplified Payment Verification
[11] J.D. Bruce, "Mini-Blockchain Project wiki, Account Tree Structure", http://bitfreak.info/mbc-wiki/index.php?title=Account_tree#Requirements_of_Account_Tree_Structure
[12] https://bitcointalk.org/index.php?topic=215936.msg2556839#msg2556839
[13] https://bitcointalk.org/index.php?topic=279249.msg3109291#msg3109291
[14] https://bitcointalk.org/index.php?topic=279249.0
[15] https://bitcointalk.org/index.php?topic=175156.msg2318052#msg2318052

[Etlase2]

Any scheme providing a private and public key is asymmetric cryptography. Note the use of two keys.

Signing a hash of the transaction which included a nonce (e.g. the transaction id in Bitcoin)

You still misunderstand bitcoin transactions.

The transactions would not need to be stored in a Merkel tree since the only reason for doing so is to be able to verify remaining transactions against the block header after pruning and to support simplified payment verification[10] which is unnecessary because fully verifying peers would have optimized resource requirements.

Your argument assumes that all peers will be fully verifying just because it is easier than bitcoin. It is still not easy.

Since transaction sender signature size becomes an insignificant factor (except for the super peers), the relatively insecure ECDSA of Bitcoin can be replaced with Lamport signatures with extraordinary long key lengths, e.g. 4096 bit.

And bandwidth constraints are completely disacknowledged for the cherry on top. Replace storage unscalability with bandwidth unscalability and pretend no one notices? Right.

[bitfreak!]

1. The debasement of mined (above ground) gold never stops, i.e. it is roughly 1 - 3% per year throughout history.

It will eventually stop though, there is only so much gold in the Earth. Personally I don't think perpetual debasement is a desirable thing but this is really a debate for another thread. Like I've said many times, I want to avoid any controversial changes, and perpetual debasement is certainly one of the most controversial changes possible.

[AnonyMint]

Any scheme providing a private and public key is asymmetric cryptography. Note the use of two keys.

Yes. What are you replying to? Are you thinking of where I wrote in another thread that Bruce Schneier recommends using symmetric key when ever possible, and I am mentioning Lamport signatures in that context because even though they are asymmetric, my understanding is they avoid the factoring math that drives Bruce's concern about public-key cryptography.

Signing a hash of the transaction which included a nonce (e.g. the transaction id in Bitcoin)

You still misunderstand bitcoin transactions.

I am simplifying the generative essence for the conceptual purpose of the context, not describing exactly the Bitcoin protocol in great detail (as that would obfuscate the point I am making for the new protocol).

The transactions would not need to be stored in a Merkel tree since the only reason for doing so is to be able to verify remaining transactions against the block header after pruning and to support simplified payment verification[10] which is unnecessary because fully verifying peers would have optimized resource requirements.

Your argument assumes that all peers will be fully verifying just because it is easier than bitcoin. It is still not easy.

Let's talk specifics.

Since transaction sender signature size becomes an insignificant factor (except for the super peers), the relatively insecure ECDSA of Bitcoin can be replaced with Lamport signatures with extraordinary long key lengths, e.g. 4096 bit.

And bandwidth constraints are completely disacknowledged for the cherry on top. Replace storage unscalability with bandwidth unscalability and pretend no one notices? Right.

We only keep N blocks of signatures so what is your point? The super peers (which keep all history) are super

[Etlase2]

We only keep N blocks of signatures so what is your point? The super peers (which keep all history) are super

Sounds like centralization to me.

[AnonyMint]

We only keep N blocks of signatures so what is your point? The super peers (which keep all history) are super

Sounds like centralization to me.

Then you are arguing against the Mini-blockchain design, and also against Bitcoin's design. And we know you hate PoW and the Bitcoin blockchain. But that is what we are implementing.

Yes it is centralization but it enables decentralization of most of the peers and we only need to trust the super peers when there is a 50+% attack. And we assume they will be watched by the community. We don't trust them on real-time matters where they can sneak it past us.

If PoS is better at reducing risks from centralization, then one can argue that. I think the designers of this have stated they want to go with PoW for now. The PoS version would be another thread I assume?

[Etlase2]

Powerful argumentation, as always.

[AnonyMint]

Powerful argumentation, as always.

I added a nod to PoS, because I am not omniscient. Let others try to show it is less centralizing if they can. But perhaps not in this thread?

[bitfreak!]

Then you are arguing against the Mini-blockchain design, and also against Bitcoin's design.

What is centralized about Bitcoin or the mini-blockchain design? The mini-blockchain design is sort of centralized in the sense that new nodes can rely on older nodes who have stored a lot of history, but there is no absolute requirement for any node to store anything more than the few days of history that the mini-blockchain requires and there are ways for the network to defend its self against attacks even if none of the nodes choose to store long term history.

[AnonyMint]

Then you are arguing against the Mini-blockchain design, and also against Bitcoin's design.

What is centralized about Bitcoin or the mini-blockchain design? The mini-blockchain design is sort of centralized in the sense that new nodes can rely on older nodes who have stored a lot of history, but there is no absolute requirement for any node to store anything more than the few days of history that the mini-blockchain requires and there are ways for the network to defend its self against attacks even if none of the nodes choose to store long term history.

I am not sure if you were addressing this to me or Etlase2. You quoted me so I will reply.

Isn't the applicable discussion the specifics of 50+% attack and how we resolve it?

http://bitfreak.info/mbc-wiki/index.php?title=Weaknesses_and_attack_vectors#The_Secret_Chain_Attack

I need to do some more thinking about the proposals for resolving it. In any case, lightweight peers are relying on "super" peers which have been online longer or otherwise have more history saved. Ditto for Bitcoin.

[AnonyMint]

I want to be very careful how I word my reply to this (which is why I didn't reply immediately because I am often not as careful in my forum posts as I am with programming code), because I really want to convince you to be as objective as possible without being condescending or otherwise using force. My goal should be to try to explain to you what I think is objective and why. Also to try to catch myself where I am not balancing objectivity of money against objectivity of realities of attaining consensus. And let's see where it takes us.

My long-winded way of saying let's both take a deep breath and try our best to discuss this objectively.

1. The debasement of mined (above ground) gold never stops, i.e. it is roughly 1 - 3% per year throughout history.

It will eventually stop though, there is only so much gold in the Earth.

Can I be very matter-of-fact without sounding like a jerk or unfriendly?

Richard Branson is already talking about mining asteroids. Malthusians have always been wrong since the dawn of civilization. I explained why in this blog:

http://unheresy.com/Information%20Is%20Alive.html#2nd_Law_of_Thermo

Do you remember the peak oil lunatics (apologies to any who haven't read the latest news)? We are now finding more oil and natural gas than we can consume in Australia and other places. Cars already run on natural gas (Honda has one for sale in the USA). When I was ridiculing them years ago, I did it by showing the entire world uses as much oil as would be produced by a medium size river flowing in oil. It is insane to think we are any where near tapping out the resources on earth. People will believe anything they read in the mass media even when it is complete nonsense from any scientific calculation.

Even if that was a true statement, it is objectively irrelevant because gold mining will continue on earth until long after we are dead.

And so if the point was to say Bitcoin won't be stricter than gold, it is objectively false.

Personally I don't think perpetual debasement is a desirable thing but this is really a debate for another thread.

But inherent in your subjectivity is that you deeply believe it is better have a strictly limited money supply. And this sort of belief is irrational but it seems very difficult to get believers to study it objectively. Note I used to think the way you do back in 2006, just drill down the link in the following quote and you will find my writings promoting silver and gold (luckily I wised up and never sent that email to Cool Page users):

I started getting into P2P around the time of Bittorrent:

http://web.archive.org/web/20130401040049/http://forum.bittorrent.org/viewtopic.php?id=28

Thus having suffered from that delusion       (and lost a lot of money and time away from programming too!) and now having emerged from it and seen the rational truth, I don't want to go backwards. I'd rather try to educate others, or let them explain to me why my logic is not objective (then I could go backwards, but they won't be able to, because I've thought about this for years).

I still own silver, but this is because I expect a wipeout and reset of the global financial system, not because I expect a strict monetary system to ever have any practical use. It has never been the case throughout all of history that there is existed a strict money. Never! Some people try to cite the 1800s in the USA, but they forget the private banks were printing fractional reserve gold receipts, because society can't run without debasement. Either you get it officially or you get it by cheating and bank runs every few years as we had in the tumultuous 1800s which is why we eventually ended up with a central bank system. Others cite Byzantine Empire of Eastern Rome but they don't realize that gold was being imported continuously, thus the money supply was always expanding. As that reversed, the empire collapsed.

If we do a coin where debasement ends, then it will not live long.

Like I've said many times, I want to avoid any controversial changes, and perpetual debasement is certainly one of the most controversial changes possible.

We can surely create two coins, one with and one without. That is like a one line change in the source code.

Moldbug's point is that there can only be one blockchain that wins. This is the nature of money.

We have very low chance of winning against Bitcoin (you underestimated how many developers would want to develop this and you are underestimating how much power the mini-blockchain has by itself against Bitcoin, because first-to-market is nearly everything in cases where there can only be one, e.g. MS Windoze). We will need to be different to have any chance.

And not just a little bit different. We need to be different in every critical way.

And this is critical not just because of the monetary theory and PROVEN HISTORY, but also because we need debasement to make certain things work correctly as we are discussing in the other thread for the implementation.

A few percent per year debasement isn't going to hurt any savers in the coin as it is exploding in value 1000%, and it bringing more into mining economy means the coin has more users and thus will grow adoption faster.

[bitfreak!]

Isn't the applicable discussion the specifics of 50+% attack and how we resolve it?

Like I said, it is helpful in resolving a secret chain attack (which is different to a 51% attack) but not absolutely necessary. In the worste case scenario (where new nodes are unable to find any old node with a sufficient amount of history) the client will simply refuse to participate in the network until the conflict is resolved or until it receives an updated checkpoint from the user which points to the correct chain. In this way we exclude any possibility of the attacker tricking and "recruiting" new nodes, vastly lowering the chances that it could ever succeed in overwhelming the rest of the network.

[bitfreak!]

Richard Branson is already talking about mining asteroids. Malthusians have always been wrong since the dawn of civilization. I explained why in this blog:

While I don't want to get into a debate about monetary policies, I want to post a link to this article I wrote because it explains exactly why I think the way I think when it comes to economics: True Money. But I also want to point out that there is a limit to how much gold can be mined from other planets or asteroids, and that is because if we increase the mass of the Earth too much it will cause our orbit to become unstable. The people who inevitably always prove to be wrong are the ones who believe in perpetual anything. Everything has its limits and if you don't respect those natural limits the whole thing will come crashing down.

Even if that was a true statement, it is objectively irrelevant because gold mining will continue on earth until long after we are dead.

Yeah well the last of the bitcoins probably wont be mined until after we are dead so I don't quite see your point.

[AnonyMint]

Richard Branson is already talking about mining asteroids. Malthusians have always been wrong since the dawn of civilization. I explained why in this blog:

While I don't want to get into a debate about monetary policies, I want to post a link to this article I wrote because it explains exactly why I think the way I think when it comes to economics: True Money.

From your link:

As we can see, the single most important property of any currency is the ability of the currency to hold value over time

That statement has never been true even once in the history of the world.

Every single currency has died. The evidently most important property of a currency is that society can debase it.

I believe in science, which means we must measure our theories against measured reality.

Where has your reality ever existed in the history of the world since Mesopotamia? Can you give me even one example where that statement has been true? If your basis statement is false, then what do you have objectively remaining?

Any way, you take the coin with no debasement and I will take the coin with it, and let's see what the market chooses.

As I said, it is only a small change in the source code.

So no problem? But will you FEEL you don't want me to be involved because you know I will create a version with small, perpetual debasement? Subjectivity stinks. Much better when everyone involved is rational, so emotions don't mess us up.

Also two coins dilutes our energies somewhat doesn't it.

But I also want to point out that there is a limit to how much gold can be mined from other planets or asteroids, and that is because if we increase the mass of the Earth too much it will cause our orbit to become unstable.

Scientifically false.

6,000,000,000,000,000,000,000 tonnes versus
170,000 tonnes.

The people who inevitably always prove to be wrong are the ones who believe in perpetual anything. Everything has its limits and if you don't respect those natural limits the whole thing will come crashing down.

Calculations are more important than irrational beliefs.

Somethings run in effect perpetually, at least on our relevant timescale.

Even if that was a true statement, it is objectively irrelevant because gold mining will continue on earth until long after we are dead.

Yeah well the last of the bitcoins probably wont be mined until after we are dead so I don't quite see your point.

I will be 68 in 2033. The rate of debasement will be miniscule a decade before that.

The point is you were implying gold would one day stop debasing, yet that couldn't possibly be in the next 1000 years, so Bitcoin ending in 2033 is much stricter than gold. And even gold has never been a currency without being debased.

[AnonyMint]

What will happen as it does after every debt crisis and reset is interest rates will be skyhigh.

So investors will want to buy bonds. But Bitcoin won't be able to back bonds, because it doesn't debase. So fractional reserves will be built on top of Bitcoin or more likely it will be forsaken (cartels will likely control it by then, we can see it already headed that way now) and the new digital fiat currencies will be preferred by investors.

Actually it doesn't really matter. If end the debasement just to appease goldbugs (assuming that is the main audience now), then who cares when we end up with the NWO digital fiat currency.

Just make our money now and we will be old then any way. Maybe I can consider to hold my nose and just nevermind what is long-term correct.

Are we sure we want to be exactly the same as Bitcoin? The survey says there is a market for perpetual debasement. We will give that market away while reducing our differences from Bitcoin. Wise?

[AnonyMint]

Remember that coins are perpetually lost (ditto in Bitcoin) so without creating new coins forever, the system will eventually have 0 coins.

While I don't want to get into a debate about monetary policies

Okay then how about we look at this from the objectivity of making the coin work correctly?

One potential attack vector is that as debasement ends, then miners must depend on transaction fees. But a cartel could offer to process transactions for 0 tx fees (or even negative tx fees...by sending a refund tx), thus bankrupting the other miners (users would see they can send 0 tx fee txs), thus allowing them to own the coin. This is another reason I think we should set tx fees with the protocol (see my other reason upthread). Setting a tx fee could replace debasement, but it is not consistently the same for each block and cartels might not relay all transactions (and they might be able to siphon them to them with their marketing, e.g. Amazon offering a Bitcoin client). So potentially independent miners could still be driven bankrupt. This was debated exhaustively in my Bitcoin : The Digital Kill Switch thread, and no one was able to refute it.

Without debasement, there is no way to get non-tainted virgin coins (every coin will have a history possibly all passing through illegal activity at some point). Taint is a real-world issue:

http://www.nestmann.com/civil-forfeiture-of-cash-it-could-happen-to-you

Proving that your cash is connected to a crime is surprisingly easy to demonstrate. That's because 97% or more of cash circulating today contains tiny concentrations of narcotics residues—primarily cocaine. All police need to do is to bring in a drug-sniffing dog to inspect the cash.  If the dog alerts, police seize the cash. And, under civil forfeiture rules, it's up to you to prove that the cash has a legitimate origin.

Consider the case of Emiliano Gomez Gonzolez. During a traffic stop, Nebraska state troopers asked Gonzolez for permission to search his vehicle. During the search, the troopers found bundles of currency totaling $124,700. Based on a dog sniff, police seized all the money.

Gonzolez contested the forfeiture in court. Prosecutors neither convicted nor accused Gomez or any of the other owners of the seized cash of any crime. Nor did police find any drugs, drug paraphernalia, or drug records connected to the cash. Despite these facts, a federal appeals court upheld the confiscation of every dollar found in the vehicle.

With a cartel above, then no way to get coins anonymously from mining any more.

So what is wrong with a 3 or 5% per year debasement?

What you really want to avoid is the following, i.e. 50 - 100% per year:

http://armstrongeconomics.com/2013/10/16/fed-balance-sheet-lack-of-oversight/

[AnonyMint]

Readers please make your opinions known by at least voting on the polls at following links:

Features:
https://bitcointalk.org/index.php?topic=279340.0

Rate of debasement:
https://bitcointalk.org/index.php?topic=311668.0

[klee]

AnonyMint try to make a thorium coin instead of a gold or silver one (Bitcoin/Litecoin).
Probably it would do the trick (debasement, scarcity etc).

Just my out of the box thought..

[AnonyMint]

Isn't the applicable discussion the specifics of 50+% attack and how we resolve it?

Like I said, it is helpful in resolving a secret chain attack (which is different to a 51% attack) but not absolutely necessary. In the worste case scenario (where new nodes are unable to find any old node with a sufficient amount of history) the client will simply refuse to participate in the network until the conflict is resolved or until it receives an updated checkpoint from the user which points to the correct chain. In this way we exclude any possibility of the attacker tricking and "recruiting" new nodes, vastly lowering the chances that it could ever succeed in overwhelming the rest of the network.

To be pedantic, technically the term "51%" is incorrect. From Satoshi's whitepaper, it only takes infinitesimally more than 50%, which is why I write 50+%.

If I am not mistaken this secret chain attack is still a 50+% attack, because the attacker must be able to generate new PoW solutions (at same or greater difficulty) faster than the cooperating, honest peers.

The centralizing aspect is we depend on those super nodes (peers) to provide the historical evidence to help resolve the attack, or we wait for checkpoint to come from community. Both are not perfectly decentralized methods of resolution, but I don't think this presents a major problem, as I argued to Etlase2.  As far as I can see, Bitcoin has the analogous centralized resolution to a 50+% attack, because light clients can't resolve these issues without trusting the full nodes. Bitcoin must trust the full nodes for mining, verifying transactions, etc, so it is much more centralizing in real-time in normal scenarios. Thus conceptually the mini-blockchain is superior (we have to prove it in real world though).

P.S. my argumentative style is intended to make sure the effort succeeds in the market place. I am not disrespecting you. I appreciate of course what you have designed.

[bitfreak!]

Every single currency has died. The evidently most important property of a currency is that society can debase it.

I believe in science, which means we must measure our theories against measured reality.

Every single unlimited fiat currency in history has died, so your science isn't exactly based on an unbiased set of observations. The simple fact is that most people who believe in Bitcoin-type technology also believe in Austrian principles. If you want to put so much stock into surveys then you must accept the fact that most of us prefer a limited money supply.

Any way, you take the coin with no debasement and I will take the coin with it, and let's see what the market chooses.

That's like asking me and other members of this forum whether we would prefer Bitcoin or Federal Reserve notes. The answer is plainly obvious.

6,000,000,000,000,000,000,000 tonnes versus
170,000 tonnes.

What is that even supposed to mean? How can you deny the fact that the mass of the Earth can only be increased to a certain degree?

I will be 68 in 2033. The rate of debasement will be miniscule a decade before that.

The last Bitcoin block will be mined in 2140.

The last block that will generate coins will be block #6,929,999 which should be generated at or near the year 2140

https://en.bitcoin.it/wiki/FAQ

The survey says there is a market for perpetual debasement.

The survey says people want anonymity, not perpetual debasement. I think they have experienced enough of that as it is.

One potential attack vector is that as debasement ends, then miners must depend on transaction fees.

That is the point of re-mining lost coins, it ensures that miners will always have something to mine other than transaction fees and also ensures that the money supply will remain stable, instead of increasing or decreasing perpetually, which I personally think is the most logical and rational option.

[bitfreak!]

To be pedantic, technically the term "51%" is incorrect. From Satoshi's whitepaper, it only takes infinitesimally more than 50%, which is why I write 50+%.

That is true, yes.

If I am not mistaken this secret chain attack is still a 50+% attack, because the attacker must be able to generate new PoW solutions (at same or greater difficulty) faster than the cooperating, honest peers.

It's very similar to a 50+% attack but a little bit different because it can only be pulled off by generating the fake chain in secret. A 50+% attack is not as drastic, it would only allow the attacker to alter recent transactions, and the older a block was, the harder it would be to alter. Pretty much like a 50+% attack with Bitcoin, which has yet to happen btw. But the main point is that historic "super nodes" are not absolutely necessary, even without any such super nodes there is still a very minute chance that a secret chain attack could be pulled off successfully if the attacker is unable to recruit new nodes.

P.S. my argumentative style is intended to make sure the effort succeeds in the market place. I am not disrespecting you. I appreciate of course what you have designed.

No need to worry, I am a very thick skinned person and I can appreciate a bit of healthy criticism and debate. Life would be boring if we all agreed with each other. I can also respect your desire for increased anonymity, I'm just saying that it's a very complicated thing to do and perhaps best left to future efforts. I just really want to see some of these concepts implemented and if we wait around trying to develop the perfect system we might not ever get anything done.

[AnonyMint]

Every single currency has died. The evidently most important property of a currency is that society can debase it.

I believe in science, which means we must measure our theories against measured reality.

Every single unlimited fiat currency in history has died, so your science isn't exactly based on an unbiased set of observations.

Every single currency has died, including gold currencies. We had gold currency in the 1800s. We don't now.

In fact, everything in the universe dies, and other things are born. This is the process of LIFE.

The simple fact is that most people who believe in Bitcoin-type technology also believe in Austrian principles.

What you believe has no relevance in science. In science we trust what we measure. Making things up out of thin air is for fairy tales.

Mises's crack up boom is occurring now, so I am not saying all Austrian economics is out-of-touch with reality. I am saying you are misinterpreting it. It never said money supplies must be constant. Mises wasn't into telling fairy tales.

http://en.wikipedia.org/wiki/Austrian_School#Inflation

He therefore used the term "inflation" to mean an excessive increase of the money supply

You are throwing the baby (normalcy) out with the bath water (Federal Reserve control) and you end up with a worse Frankenstein dark age or society kills the coin.

If you want to put so much stock into surveys then you must accept the fact that most of us prefer a limited money supply.

The two surveys say that "create coins forever" is popular and 5% is the most popular rate thus far in the poll.

I am pleasantly surprised to the see members here are astute about this issue.

Any way, you take the coin with no debasement and I will take the coin with it, and let's see what the market chooses.

That's like asking me and other members of this forum whether we would prefer Bitcoin or Federal Reserve notes. The answer is plainly obvious.

Apparently not. See the graph of the 50 - 100% increases lately from Fed. Apparently people here are reasonable and understand that we need to prevent cartels, and a small rate is normal and natural. We prevent it from rising to 50% because there is no Fed to control it.

It would be much better to protect that with a natural rate, then to lose it because we are selfish deflationists who want to steal from producers by sitting on idle savings for 600 years and create dark ages.

6,000,000,000,000,000,000,000 tonnes versus
170,000 tonnes.

What is that even supposed to mean? How can you deny the fact that the mass of the Earth can only be increased to a certain degree?

You must compare the relative mass of the earth to the total supply of gold to see that your fear is unfounded. As in several orders-of-magnitude beyond impossible. If you were a scientist, you would be ashamed of making that assertion, but I am not trying to embarrass you because I know you are not a scientist. You are just trying to help create a better coin and I appreciate that. I hope you will respect those who are more mathematical and knowledgeable than you are and try to learn rather than irrationally resist. That is not to say that I won't learn from you too. I already did from your excellent design of the mini-blockchain.

I will be 68 in 2033. The rate of debasement will be miniscule a decade before that.

The last Bitcoin block will be mined in 2140.

The last block that will generate coins will be block #6,929,999 which should be generated at or near the year 2140

https://en.bitcoin.it/wiki/FAQ

I had made a rough table of the planned Bitcoin debasement in the past. Let me reconstruct it, since I can't find it quickly.


2009 - 2012 0  10,500,000
2013 - 2016 5,250,000 15,750,000 11%
2017 - 2020 2,625,000 18,375,000 4%
2021 - 2024 1,312,500 19,687,500 1.7%
2025 - 2028   656,250 20,343,750 0.8%
2029 - 2032   328,125 20,671,875 0.4%
2033 - 2036   164,065 20,835,940 0.2%
2037 - 2040    82,033 20,917,973 0.1%


As of 2033, there isn't much debasement. Even a decade before that it has dropped below 1%. So my original statement was correct.

Bitcoin stops working for obtaining anonymous coins from mining, right when we will really need at the world goes into the SHTF mode and capital controls will be every where. That is highly suspicious to me.

The survey says there is a market for perpetual debasement.

The survey says people want anonymity, not perpetual debasement. I think they have experienced enough of that as it is.

See the surveys I mentioned above.

One potential attack vector is that as debasement ends, then miners must depend on transaction fees.

That is the point of re-mining lost coins, it ensures that miners will always have something to mine other than transaction fees and also ensures that the money supply will remain stable, instead of increasing or decreasing perpetually, which I personally think is the most logical and rational option.

I added that as an write-in option to the poll.

Yet that is only miniscule. The lost coins only gradually take the money supply towards 0 over decades. It can't substitute for a reasonable level of debasement.

Thus you have not addressed my point that cartels can take over mining otherwise.

[Come-from-Beyond]

To be pedantic, technically the term "51%" is incorrect. From Satoshi's whitepaper, it only takes infinitesimally more than 50%, which is why I write 50+%.

That is true, yes.

To be very pedantic, u can do the attack even with 42%. Depends on luck.

[AnonyMint]

To be pedantic, technically the term "51%" is incorrect. From Satoshi's whitepaper, it only takes infinitesimally more than 50%, which is why I write 50+%.

That is true, yes.

To be very pedantic, u can do the attack even with 42%. Depends on luck.

And the probability becomes astronomically unlikely to sustain that for 6 blocks with less than 50%, based on the random walk calculation in Satoshi's whitepaper. I know you knew that.

[bitfreak!]

Every single currency has died, including gold currencies. We had gold currency in the 1800s. We don't now.

That is some what true, but I would argue that gold is still used a currency in some places even to this day and the only reason we got rid of the gold standard in the past was to replace it with a fiat system, not necessarily because a gold standard wasn't working.

He therefore used the term "inflation" to mean an excessive increase of the money supply

Even if you are correct it's still an impossibly difficult task to algorithmically implement the correct level of debasement over long periods of time. The only logical reason for perpetual debasement is to keep the value of the coins stable, but it is extremely difficult to achieve this because the value of the coin isn't just a function of the total money supply.

It would be much better to protect that with a natural rate, then to lose it because we are selfish deflationists who want to steal from producers by sitting on idle savings for 600 years and create dark ages.

I would like to know who has 600 years to sit on idle savings for a start. There is nothing selfish about deflation, it is the natural consequence of a currency which experiences increased demand and no one should have the ability to steal that extra value from the currency. What you are basically saying is that people shouldn't be allowed to save their money and hope it goes up in value, which is obviously not the spirit of cryptocurrency.

You must compare the relative mass of the earth to the total supply of gold to see that your fear is unfounded. As in several orders-of-magnitude beyond impossible.

Just because the limit is large doesn't change the fact there is a limit. Plus if you calculate the cost of recovering gold even from the nearest planet in our solar system, it works out the the cost of the transportation is more than the value of the gold.

As of 2033, there isn't much debasement. Even a decade before that it has dropped below 1%. So my original statement was correct.

Yes, but by 2033 when it becomes extremely hard to mine even small amounts of bitcoin, the value of each bitcoin will be much higher. The creation of new bitcoins drops off exponentially for a reason, Satoshi wasn't an idiot. He designed it that way for a reason and it seems to be working well thus far.

Yet that is only miniscule. The lost coins only gradually take the money supply towards 0 over decades. It can't substitute for a reasonable level of debasement.

The whole concept of a "reasonable level of debasement" is completely subjective in the first place, thus impossible to implement algorithmically in a fair and consistent manner. Being able to re-mine lost coins doesn't offer any level of debasement, it simply ensures that the money supply wont get perpetually smaller and cause perpetual inflation in that way. If the value of the coin goes up it will be purely due to an increase in demand and other natural economic forces.

[AnonyMint]

If I am not mistaken this secret chain attack is still a 50+% attack, because the attacker must be able to generate new PoW solutions (at same or greater difficulty) faster than the cooperating, honest peers.

It's very similar to a 50+% attack but a little bit different because it can only be pulled off by generating the fake chain in secret. A 50+% attack is not as drastic, it would only allow the attacker to alter recent transactions, and the older a block was, the harder it would be to alter. Pretty much like a 50+% attack with Bitcoin, which has yet to happen btw.

You are equating "50+% attack" with what it means in Bitcoin. The secret chain attack doesn't exist in Bitcoin. Whereas I am saying any attack that requires possessing 50+% of the PoW resources, is a 50+% attack. The secret chain attack requires being able to outpace the creation of PoW solutions, thus it is a 50+% attack.

But the main point is that historic "super nodes" are not absolutely necessary, even without any such super nodes there is still a very minute chance that a secret chain attack could be pulled off successfully if the attacker is unable to recruit new nodes.

I am thinking it depends how far back in the history the attacker can go, i.e. what percent of the PoW difficulty they have.

If the nodes online only have a year of transaction history, but the attacker can go back further and create transaction history that matches the proof chain, then we need evidence from before that to decide which is the valid chain. You might want to add this to the wiki if I am correct.

P.S. my argumentative style is intended to make sure the effort succeeds in the market place. I am not disrespecting you. I appreciate of course what you have designed.

No need to worry, I am a very thick skinned person and I can appreciate a bit of healthy criticism and debate. Life would be boring if we all agreed with each other. I can also respect your desire for increased anonymity, I'm just saying that it's a very complicated thing to do and perhaps best left to future efforts. I just really want to see some of these concepts implemented and if we wait around trying to develop the perfect system we might not ever get anything done.

I am also concerned about time-to-implement, and I won't take on something I can't implement in reasonable time. If I am correct that we can't add the mix-net later (as we discussed in the implementation thread), then what choice do we have but to implement now?

If I could convince you to argue for a 3 - 5% debasement, I would gain an important ally. And it would show that it is possible to convince goldbugs. And you would know what point actually made it click in your mind.

Hope you saw this, I added it after posting:

He therefore used the term "inflation" to mean an excessive increase of the money supply

You are throwing the baby (normalcy) out with the bath water (Federal Reserve control) and you end up with a worse Frankenstein dark age or society kills the coin.

[AnonyMint]

You still haven't addressed how to stop cartelization of mining if you remove debasement?

You want a cartelized coin?

Every single currency has died, including gold currencies. We had gold currency in the 1800s. We don't now.

That is some what true, but I would argue that gold is still used a currency in some places even to this day and the only reason we got rid of the gold standard in the past was to replace it with a fiat system, not necessarily because a gold standard wasn't working.

Currency is what you can trade for goods & services in society. Don't conflate with assets which are what you can trade to investors.

No where in any normally functioning country can gold be directly traded for goods & services.

Gold standard failed in the USA due to very frequent bank runs and depressions due to private banks running fractional reserves of loans in gold receipts. Strict money systems fail because society will not agree to not use loans. And mathematically loans require more money supply every year due to the interest rate. So if you only have gold, then you have no choice but to cheat and debase it with fractional reserves.

How was it working?

Goldbugs have elaborate illusions that sustain their delusion. Breaking them out of the dream-like state is not easy. I was quite ashamed with myself (having thought I was rational) when I fell out of it finally and returned to rationality. It caused me to doubt whether I will always be rational. My excuse is I was going through some severe personal issues at the time (e.g. sister was murder by her husband, loss of my marriage, got influenced by a guy named Jason Hommel, etc). I also went off on a God delusion during that period too   All of that caused me to change from a worldclass productive entrepreneur and programmer into a loser. But I should blame it on myself only (take responsibility).

He therefore used the term "inflation" to mean an excessive increase of the money supply

Even if you are correct it's still an impossibly difficult task to algorithmically implement the correct level of debasement over long periods of time. The only logical reason for perpetual debasement is to keep the value of the coins stable, but it is extremely difficult to achieve this because the value of the coin isn't just a function of the total money supply.

One reason (see bold text below for other reason) perpetual debasement exists is because society will always use loans and loans pay an interest rate, thus the demand for money increases compounded every year. If you don't have the money to pay the interest rates, then society will create it somehow which means for example creating fractional receipts (IOUs) for Bitcoins.

There is no such thing as a stable value of anything in the universe. Everything is measured relative to everything else. Please study my The Universe blog article. Do you realize that even measurements change depending on relative speeds?

http://unheresy.com/The%20Universe.html

Nothing the in universe is at a fixed position. You have a layman's incorrect comprehension of what it means "to exist".

It would be much better to protect that with a natural rate, then to lose it because we are selfish deflationists who want to steal from producers by sitting on idle savings for 600 years and create dark ages.

I would like to know who has 600 years to sit on idle savings for a start.

Rothschild family for example.

There is nothing selfish about deflation, it is the natural consequence of a currency which experiences increased demand and no one should have the ability to steal that extra value from the currency.

Currencies don't have exchange price demand, you are talking about an asset, e.g. Bitcoin is not primarily a currency.

Currencies have a demand based on the velocity of trade (money) in the economy but since they are the unit-of-account for all gooods and services, they don't have an exchange demand. In other words, most Americans don't care what the fluctuations in the exchange value of the dollar to other currencies or gold is, because everything they spend on it is priced in dollars. Now the relatively large influence of foreign exchange ingress and egress is why small countries are beholden to the dollar, they don't really have independent currencies.

Persistent monetary deflation in a true currency (not an asset) only occurs either in a dark age where hoarders thus destroy all the production (by failing to invest in production due to hoarding currency or assets) or in situation where the gold standard is being fractionally debased but hasn't defaulted yet, so there is an illusion that gold's value is rising persistently. Yet as we saw in the 1800s, the fractional reserves of gold certificates by the private banks in the 1800s eventually lead to total collapse where JP Morgan had to bailout the USA and in turn probably obtained the control to implement the Federal Reserve system in 1913, as documented in The creature from Jekyll Island and Bill Still's video The Money Masters.

So you can have an illusion about asset being a currency and pretend to yourself that persistent deflation is a demand for a currency (which is actually demand for that asset not a true currency), but that is not reality.

What you are basically saying is that people shouldn't be allowed to save their money and hope it goes up in value, which is obviously not the spirit of cryptocurrency.

No I specifically said the debasement rate should not be too high (sometimes not higher than the prevailing bond rates), because saving for lean times is important, as is the concept of delaying gratification to save. Yet we want that savings to be invested in productive activities. What is savings? It is society saying that you generated excess production in the past and it now trusts you to continue to do that, thus it allows you to decide which investments to do.

It is not a license to sit on that talent, and expect to leech off the others who are increasing production. Society won't tolerate that. The Bible (taken as a book of knowledge about realities of life) specifically talks about this in the Parable of the Talents.

Debasement also exists to force you to invest, and not allow you to cheat the implicit contract society has made with you.

You must compare the relative mass of the earth to the total supply of gold to see that your fear is unfounded. As in several orders-of-magnitude beyond impossible.

Just because the limit is large doesn't change the fact there is a limit.

Please if you are not going to admit when you are wrong, then that is disingenuous. I always do when I am wrong. A 20 foot basketball rim is a limit too, yet you will never dunk on it.

Plus if you calculate the cost of recovering gold even from the nearest planet in our solar system, it works out the the cost of the transportation is more than the value of the gold.

Moving the goal posts in a soccer game is not allowed. Many people have said things were impossible, that later become very possible. Seems to happen regularly. That is what technology is all about.

I said Branson was talking about mining asteroids as they pass nearby earth.

As of 2033, there isn't much debasement. Even a decade before that it has dropped below 1%. So my original statement was correct.

Yes, but by 2033 when it becomes extremely hard to mine even small amounts of bitcoin, the value of each bitcoin will be much higher. The creation of new bitcoins drops off exponentially for a reason, Satoshi wasn't an idiot. He designed it that way for a reason and it seems to be working well thus far.

Wow the greed. Getting something for nothing. Great virtues of every boom and bust.

And yeah he made sure he got most of the coins in the first years. Yet you are concerned about a small premine for this coin.

Yet that is only miniscule. The lost coins only gradually take the money supply towards 0 over decades. It can't substitute for a reasonable level of debasement.

The whole concept of a "reasonable level of debasement" is completely subjective in the first place, thus impossible to implement algorithmically in a fair and consistent manner. Being able to re-mine lost coins doesn't offer any level of debasement, it simply ensures that the money supply wont get perpetually smaller and cause perpetual inflation in that way. If the value of the coin goes up it will be purely due to an increase in demand and other natural economic forces.

The data I have (it is buried on one of my threads), is the average debasement for society is consistently about 5% for normalcy. This goes back to the 1800s in the USA.

You can't change what is normal, just because you think it would be neat. Society will route around you as if you are parasite that needs to be eradicated.

[AnonyMint]

I had written much about this already in No Money Exists Without The Majority:

https://bitcointalk.org/index.php?topic=226033.0

What I want to know now, is what the Bitcoiners here really think about debasement, gold, and the lack of debasement in Bitcoin after 2024, especially 2033.

So I will start another thread to ask for them to express their opinions, while I will try to shut up and listen to what all have to say.

https://bitcointalk.org/index.php?topic=312649.0 (that thread)

Because I don't want to get very excited about doing something good for the world, only to find out later that the market doesn't understand and is caught up in a gold delusion. If the market just wants to be fooled by their delusion into allowing mining cartels as Satoshi appears to have done to manipulate their psychology, then I need to know that, because it impacts how I should approach this. Generally speaking I am most excited to work when I feel I am doing something good for society and making money at the same time. I am sure it is the same for most of you all. Yet if you all think that gold as a strict currency is good for society, then we are doomed.

Not everyone has to agree, I just need to determine what is the real mindset of the majority of Bitcoiners. So I will start another thread to try to find out.

P.S. The probability that Satoshi was one person is slim and none:

http://ianso.blogspot.be/2013/10/bitcoin-as-law-enforcementnatsec.html

[Etlase2]

I would like to know who has 600 years to sit on idle savings for a start. There is nothing selfish about deflation, it is the natural consequence of a currency which experiences increased demand and no one should have the ability to steal that extra value from the currency. What you are basically saying is that people shouldn't be allowed to save their money and hope it goes up in value, which is obviously not the spirit of cryptocurrency.

Not in the spirit of bitcoin. Your argument about stealing is pretty funny, considering you are talking about being entitled to an increase in your wealth by the mere virtue of other people demanding to use the currency that you happen to use. Wealth is not created this way, wealth is redistributed. Wealth is created by the trading lubricant provided by money in lieu of barter. I've argued in the past that I think FRB was a key part in creating the merchant/middle class. Do I think FRB would have been the best way? Of course not, it created other types of empires and enslavement, but coincidentally or not, it does have a correlation with humanity moving away from feudalism and into a much more free society.

With a fairly objective perspective, one could argue that the US sees a much higher standard of living than it deserves, merely because of the property that its currency is the world reserve currency. The US government/fed/banking system triumvirate thoroughly enrich themselves by "printing" valueless bills in return for real goods and services and real power in the world. This, if not precisely, closely parallels how value is absorbed into the bitcoin ecosystem--by funneling it through the top. It is much more difficult to objectively see that when you (the general you) might be close to the top that this is a problem.

And mathematically loans require more money supply every year due to the interest rate. So if you only have gold, then you have no choice but to cheat and debase it with fractional reserves.

This is mathematically false. Interest does not require an ever-increasing money supply, it only requires that those who earn the interest spend it. However, there is very little incentive to actually consume wealth when it very easily buys power, and power tends to beget more power and wealth. The problem, my dear AnonyMint, with perpetual fixed debasement in a bitcoin-like blockchain design, is that competition to waste resources in pursuit of some-percentage-inflation means that little to no power will actually ever be distributed in that design. It is also a square peg in a round hole treatment that tries to address the fact that "something must be done" but "I really have no idea what." Comparing it to "this is sort of how it works today" is not particularly convincing, considering that it is the system that is trying to be fixed.

[AnonyMint]

Edit: I had written about all of this in more detail in August:

https://bitcointalk.org/index.php?topic=279771.msg3014282#msg3014282

I would like to know who has 600 years to sit on idle savings for a start. There is nothing selfish about deflation, it is the natural consequence of a currency which experiences increased demand and no one should have the ability to steal that extra value from the currency. What you are basically saying is that people shouldn't be allowed to save their money and hope it goes up in value, which is obviously not the spirit of cryptocurrency.

Not in the spirit of bitcoin. Your argument about stealing is pretty funny, considering you are talking about being entitled to an increase in your wealth by the mere virtue of other people demanding to use the currency that you happen to use. Wealth is not created this way, wealth is redistributed. Wealth is created by the trading lubricant provided by money in lieu of barter.

Happy to see someone understands why currency exists (in terms of unit-of-exchange, not just store-of-value). This is essentially what I wrote upthread about "velocity of trade (money)" and society entrusting savings because it expects you to generate more trade and excess production, as well what I wrote in the following linked No Money Exists Without the Majority, where I mentioned the purpose of currency (unit-of-exchange) is to obtain the maximum division-of-labor.

https://bitcointalk.org/index.php?topic=226033.0

I've argued in the past that I think FRB was a key part in creating the merchant/middle class.

Velocity of money is what brought us out of the last Dark Age. Unbanning usury was one factor, as well as the creation of the world's first central bank in Europe.

If goldbugs had their way, we would sink into another Dark Age. (I was a goldbug before sigh)

Do I think FRB would have been the best way? Of course not, it created other types of empires and enslavement, but coincidentally or not, it does have a correlation with humanity moving away from feudalism and into a much more free society.

I am again happy to see someone besides me understands this on the Bitcointalk forum.

With a fairly objective perspective, one could argue that the US sees a much higher standard of living than it deserves, merely because of the property that its currency is the world reserve currency. The US government/fed/banking system triumvirate thoroughly enrich themselves by "printing" valueless bills in return for real goods and services and real power in the world. This, if not precisely, closely parallels how value is absorbed into the bitcoin ecosystem--by funneling it through the top. It is much more difficult to objectively see that when you (the general you) might be close to the top that this is a problem.

Sadly I agree with you. And "Satoshi" (which is probably the same triumvirate, disagree?) has the psychology of these naive goldbugs wrapped around his million BTC finger.

And mathematically loans require more money supply every year due to the interest rate. So if you only have gold, then you have no choice but to cheat and debase it with fractional reserves.

This is mathematically false. Interest does not require an ever-increasing money supply, it only requires that those who earn the interest spend it.

Pedantically correct yet also incorrect as you admit. But as you say below and as I had noted also, interest flows to those who have amassed so much capital that they can no longer spend it nor invest it well. Thus my statement was correct in reality. Thus they turn to Olsen capture and parasitism. Controlling credit is a way to suck blood from a turnip. The controllers of the triumvirate don't even need to issue the loans, they control those who do.

However, there is very little incentive to actually consume wealth when it very easily buys power, and power tends to beget more power and wealth.

Exactly.

Perpetual debasement is one method of decaying that misdirected power. But not really effective, yet what other alternative do we have? And perpetual debasement at least helps us to keep mining more decentralized away from complete control of cartels.

The problem, my dear AnonyMint, with perpetual fixed debasement in a bitcoin-like blockchain design, is that competition to waste resources in pursuit of some-percentage-inflation means that little to no power will actually ever be distributed in that design.

I thought of one way it will:

https://bitcointalk.org/index.php?topic=285701.msg3090924#msg3090924

The large wealth can't seek out those little hydropower streams all over the world, because the economy-of-scale is too small for them.

This is analogous to my point upthread about how a guy selling mineral water on a hot day can double or triple his investment, but Warren Buffett can't do that in a day with $billions.

So redistribution can occur,and not just in mining but in general that "smaller things grow faster, seedlings grow to saplings in months, saplings grow to oak trees in years, but oaks trees never grow to the moon". This is why central banks are so evil, because it enables the bastards to reset the system and destroy all the gains the little guys have accumulated since the last reset. Central banking is the way the bastards kill everything periodically in order to maintain their percentage of power. Grotesque!

So the solution is we need a coin that can't be centralized, then human ingenuity will take care of the rest. This is why the mini-blockchain and perpetual debasement are a natural fit. But unfortunately the mini-blockchain designer can't see it (yet) due to some delusion he learned when becoming a goldbug. (sorry for the personal attack, but how else can I say I am frustrated that the designer of something so good can't see the big picture)

Do you have a better solution that is tied to the effort and ingenuity of humans and not just a Marxist redistribution scheme?

It is also a square peg in a round hole treatment that tries to address the fact that "something must be done" but "I really have no idea what." Comparing it to "this is sort of how it works today" is not particularly convincing, considering that it is the system that is trying to be fixed.

I think you missed that revelation I had on hydropower since the last time we were debating.

You are a smart guy and I wish we could get on the same page.

[Etlase2]

Pedantically correct.

Mathematically correct. It is an often misunderstood concept and conflating the reasons for the necessity of an expanding supply is not helpful to your line of argument.

The large wealth can't seek out those little hydropower streams all over the world, because the economy-of-scale is too small for them.

This presumes that hydropower streams are somehow the end-all be-all for efficient energy production. It also ignores the very significant hardware aspect of the equation. Square peg, round hole.

Do you have a better solution that is tied to the effort and ingenuity of humans and not just a Marxist redistribution scheme?

Yes.

[AnonyMint]

Btw, I am considering quitting and exiting Bitcointalk.org. I have been thinking lately, it is time for me to make a decision and stop wasting time. Either I do the project, or I move on to other software projects that are less thankless and dangerous. The following link has my logic on why:

https://bitcointalk.org/index.php?topic=286536.msg3354194#msg3354194

Pedantically correct.

Mathematically correct. It is an often misunderstood concept and conflating the reasons for the necessity of an expanding supply is not helpful to your line of argument.

Disagree, because the math also applies to the fact that larger capital can't do what smaller capital can. Any way, we agree on the point and we are arguing only semantics.

The large wealth can't seek out those little hydropower streams all over the world, because the economy-of-scale is too small for them.

This presumes that hydropower streams are somehow the end-all be-all for efficient energy production. It also ignores the very significant hardware aspect of the equation. Square peg, round hole.

I trust human ingenuity and the fact that smaller capital can do things which larger capital can't.

I think the main problem is the central bank (actually the triumvirate) which erases the gains smaller capital make against larger capital. Right now, the G20 is collecting data on all the millionaires so it can destroy them. Bitcoin is probably a honeypot helping them to do this.

Do you have a better solution that is tied to the effort and ingenuity of humans and not just a Marxist redistribution scheme?

Yes.

I know how to implement what was proposed in this thread within probably 3 to 6 months. You would be well served to implement, and not talk.

And I am about done with talking. Decision time.

[AnonyMint]

The simple fact is that most people who believe in Bitcoin-type technology also believe in Austrian principles. If you want to put so much stock into surveys then you must accept the fact that most of us prefer a limited money supply.

The only logical reason for perpetual debasement is to keep the value of the coins stable, but it is extremely difficult to achieve this because the value of the coin isn't just a function of the total money supply.

...

What you are basically saying is that people shouldn't be allowed to save their money and hope it goes up in value, which is obviously not the spirit of cryptocurrency.

No money has a constant value unless everyone uses it as their unit-of-account and thus no exchange-value needs to be considered:

http://armstrongeconomics.com/2013/08/24/14007/

Thus maintaining a constant money supply doesn't guarantee deflation, unless it is everyone's unit-of-account, but in that case deflation leads to repulsion to investment, because why should I risk my capital when it is always increasing in value if I just bury it in a hole. But then production declines due to lack of investment and you get stagflation with deflation of production. Then why should I invest if the economy is declining. Sound familiar? (it is happening right now) It is a downward spiral that can lead to a Dark Age, if society doesn't confiscate the gold and create inflation (by devaluing gold) as FDR did to save us from a Dark Age. That is not to say I like the outcome of the New Deal socialism, but I am saying that if rational (Arlyn Rand self-interested) capitalists have their way, we end up in Dark Age.

It is really the high tech sector that always saves society from ruin. We always invest our brains, because we are bored otherwise.

(note wrote the above very sleepy, so may not make complete sense)

[AnonyMint]

bitfreak! I want to apologize for crashing in on your thread. I think the Mini-blockchain is absolutely required for a Bitcoin future that isn't dominated by cartels doing the mining (but it is not alone sufficient to prevent the cartels).

Let me summarize where this ended up for me.

1. Mini-blockchain by itself is not sufficient to drive adoption a new altcoin. Users get more excited about features that put coins in their pocket, than solving future scaling problems.

2. Economics of debasement (i.e. money supply inflation) is not well understood. However, without perpetual debasement, the mining of PoW will end up with cartels. However, many will disagree on these points, so it is very difficult to get any sort of consensus agreement.

The key to understanding the economics of debasement is that money supply inflation always goes to workers salaries[1], so it is not a problem. The theft that occurs with fractional reserve banking is mainly by periodically confiscating the capital of the population with an economic implosion and a reset of the currency, e.g. bank failures in a fractional reserve system or the coming bail-ins and retirement account nationalizations for G7 nations. And without perpetual debasement, you must have fractional reserve banking, because of the logic Etlase2 and I discussed upthread.

An economy can't run properly without perpetual debasement because then capital never has to move (because it never rots), it can just sit in a hole forever. Nothing in the universe is forever, so to structure capital to be forever introduces abnormality that can't be.

[1] A more direct link to the math, https://bitcointalk.org/index.php?topic=160612.msg2895021#msg2895021

[digitalindustry]

Anonymint.

First I agree in degrees there is nothing wrong with an expansion of the money supply , to fit the normal balance of trade and production of the citizens therein. 

Where I think you misunderstand is the relationship between "interest" and debt.

You make a blanket assumption that all currency must expand because of the principal of interest ?

This is not the case , and its important that we dont confuse this basic principle , interest can be a justification for risk on an investment , this is just a transfer mechanism , nothing to do with net currency expansion .

The reason all economic activity is grinding to a halt is of course because all currency is  issued as debt , then by extension expanded with " credit creation" .

There is more debt than currency , understand ?

This by extension and purpose filters , energy productive capacity back towards the top of that pyramid friend .

If citizens humans for examples,  stopped getting into debt , and stopped borrowing further into debt , nearly all currency velocity would freeze and the world would grind to a halt .

This would be called a deflationary spiral.  This is what everyone fears .

Of course BTC is fantastically centralized , they are relying in that very thin principal of paying off the right people , I dont think its a viable economic infrastructural design.

But roll with it while its working .

The reason the fed balance sheet is tbe number it is , is due to the fear that people individual and businesses are at thier debt limit.

Thus all currency velocity can freeze .

[digitalindustry]

Id like to add that there is nothing inside the human dna that is compelling them towards rising prices , or away from dropping prices .

This is purely a market mechanism .

Having said that im not a proponent of the "gold standard" simply because of its manny other flaws .

Furthermore having said that , though,  I dont personally own 1 to 2000+ nuclear weapons so I wont be in the decision making process for this in the future .

Id say the Nations that do will be .

Still a srict gold type standard would net net be more equitable for most people across the world including by extension "westerners" than the present situation , so when you stand back and think about it , what are we doing ?

The trend is not on an improvement slope , I think everyone agrees. 

[digitalindustry]

"Thus maintaining a constant money supply doesn't guarantee deflation, unless it is everyone's unit-of-account, but in that case deflation leads to repulsion to investment, because why should I risk my capital when it is always increasing in value if I just bury it in a hole. But then production declines due to lack of investment and you get stagflation with deflation of production. Then why should I invest if the economy is declining. Sound familiar? (it is happening right now) It is a downward spiral that can lead to a Dark Age, if society doesn't confiscate the gold and create inflation (by devaluing gold) as FDR did to save us from a Dark Age. That is not to say I like the outcome of the New Deal socialism, but I am saying that if rational (Arlyn Rand self-interested) capitalists have their way, we end up in Dark Age"

You said you were tired when you wrote this ?

Then that is understandable,  be careful not to fall into someone elses narrative , humans are by extention :

1. Sociable
2. Productive

If capital was in a hole gaining money , some human would be in the hole throwing the extra out the sides , in fact they would invent a way to throw it out .

The point is as long as there are enough units to meet and exceed production and trade , largely the market will balance .

The division of units inherent in the crypto principal needs to be looked at in respect to actually points you yourself brought up and i will credit you with in regards to the fee structure centralization. 

So there are things to look at in this regard .

[AnonyMint]

...

The key to understanding the economics of debasement is that money supply inflation always goes to workers salaries[1], so it is not a problem. The theft that occurs with fractional reserve banking is mainly by periodically confiscating the capital of the population with an economic implosion and a reset of the currency, e.g. bank failures in a fractional reserve system or the coming bail-ins and retirement account nationalizations for G7 nations. And without perpetual debasement, you must have fractional reserve banking, because of the logic Etlase2 and I discussed upthread.

An economy can't run properly without perpetual debasement because then capital never has to move (because it never rots), it can just sit in a hole forever. Nothing in the universe is forever, so to structure capital to be forever introduces abnormality that can't be.

[1] A more direct link to the math, https://bitcointalk.org/index.php?topic=160612.msg2895021#msg2895021

Where I think you misunderstand is the relationship between "interest" and debt.

You make a blanket assumption that all currency must expand because of the principal of interest ?

We are getting off-topic of this thread, and I don't have any strong disagreements with the rest of what you wrote. However, let me clarify this one point. I agreed with Etlase2 that in theory interest could simply be transferred, if not everyone is in debt, but mathematically it can't occur. I provided two orthogonal (to each other) reasons for the mathematical certainty that interest requires an expanding money supply:

1. If all base money is earning an interest, then the base money supply must expand, otherwise there doesn't exist enough base money to pay the interest.

2. Those who earn the interest are wealthy, and only spend a fraction of their passive income, thus they don't transfer it back to those who are paying interest. Thus, it is a mathematical certainty that eventually all of the money supply will be transferred to them, if we don't debase the money supply.


Note that with central bank control, the most wealthy and powerful debase the money supply sufficiently to destroy those earning interest (current ZIRP), and pass the debasement to themselves. These periodic resets are how they take all the interest that was aggregated by moderately wealthy who are less powerful including the disposable banking corporations. A grotesque racket.

[AnonyMint]

...

The key to understanding the economics of debasement is that money supply inflation always goes to workers salaries[1], so it is not a problem. The theft that occurs with fractional reserve banking is mainly by periodically confiscating the capital of the population with an economic implosion and a reset of the currency, e.g. bank failures in a fractional reserve system or the coming bail-ins and retirement account nationalizations for G7 nations. And without perpetual debasement, you must have fractional reserve banking, because of the logic Etlase2 and I discussed upthread.

An economy can't run properly without perpetual debasement because then capital never has to move (because it never rots), it can just sit in a hole forever. Nothing in the universe is forever, so to structure capital to be forever introduces abnormality that can't be.

[1] A more direct link to the math, https://bitcointalk.org/index.php?topic=160612.msg2895021#msg2895021

Where I think you misunderstand is the relationship between "interest" and debt.

You make a blanket assumption that all currency must expand because of the principal of interest ?

We are getting off-topic of this thread, and I don't have any strong disagreements with the rest of what you wrote. However, let me clarify this one point. I agreed with Etlase2 that in theory interest could simply be transferred, if not everyone is in debt, but mathematically it can't occur. I provided two orthogonal (to each other) reasons for the mathematical certainty that interest requires an expanding money supply:

1. If all base money is earning an interest, then the base money supply must expand, otherwise there doesn't exist enough base money to pay the interest.

2. Those who earn the interest are wealthy, and only spend a fraction of their passive income, thus they don't transfer it back to those who are paying interest. Thus, it is a mathematical certainty that eventually all of the money supply will be transferred to them, if we don't debase the money supply.


Note that with central bank control, the most wealthy and powerful debase the money supply sufficiently to destroy those earning interest (current ZIRP), and pass the debasement to themselves. These periodic resets are how they take all the interest that was aggregated by moderately wealthy who are less powerful including the disposable banking corporations. A grotesque racket.

This is why they are going after the millionaires now, to confiscate (via their control of the government) what was aggregated since the last reset 1929 - 1955. This reset is 2007 - 2033. Every 78 years (3 x 26 reproductive maturity generations).

You have to Think Like a Bankster to understand how the globalists play the game:

http://www.silverbearcafe.com/private/01.10/thinklikeabanker.html

You see what Merkel did as soon as she was re-elected to her lame duck term, she cooperates to supra-nationalize the German banks to transfer control to the EU (Brussels), where the most wealthy and powerful have even more control:

http://armstrongeconomics.com/2013/09/26/one-day-after-german-elections-truth-comes-out/

http://armstrongeconomics.com/2013/10/20/growing-concern-about-the-federalization-of-europe/

http://armstrongeconomics.com/2013/10/14/european-banking-crisis-seizing-10-of-everyones-accounts-hello-cyprus/

[digitalindustry]

We are getting off-topic of this thread, and I don't have any strong disagreements with the rest of what you wrote. However, let me clarify this one point. I agreed with Etlase2 that in theory interest could simply be transferred, if not everyone is in debt, but mathematically it can't occur. I provided two orthogonal (to each other) reasons for the mathematical certainty that interest requires an expanding money supply:

1. If all base money is earning an interest, then the base money supply must expand, otherwise there doesn't exist enough base money to pay the interest.

2. Those who earn the interest are wealthy, and only spend a fraction of their passive income, thus they don't transfer it back to those who are paying interest. Thus, it is a mathematical certainty that eventually all of the money supply will be transferred to them, if we don't debase the money supply.


Note that with central bank control, the most wealthy and powerful debase the money supply sufficiently to destroy those earning interest (current ZIRP), and pass the debasement to themselves. These periodic resets are how they take all the interest that was aggregated by moderately wealthy who are less powerful. A grotesque racket.

Hmmmm.

Ok , well simply do this as an exercise , seperate the production and the currency .

If one does this , you will note that point 1 is redundant as there is no need for most of the people or even many of the people to be paying interest , interest is a payment for risked capital used for productive expansion.

Correctly viewed , it bears no relation to monetary expansion .

The rest I cant comment on except to say , the current scam we have operating of course all relates to issuance .

In case im not being clear issuance issuance issuance issuance issuance .

Did I mention the issue is with the manner of the issuance of the monetary supply ?

Once this is understood everything becomes much clearer. 

[digitalindustry]

Hey I want to stay on topic as much as the next freedom loving debt ridden  wage slave ...

[Etlase2]

1. If all base money is earning an interest, then the base money supply must expand, otherwise there doesn't exist enough base money to pay the interest.

Along the same lines as I mentioned earlier, this is not accurate. One base unit of currency on average can be used to pay off more than one debt unit if the velocity of money is high enough. The problem is that it is only a matter of when the velocity will drop from previous levels and necessitate a slew of bankruptcies as lots of credit/debt money disappears, and a cycle of economic recession starts. This doesn't only affect FRB, it affects a rigid gold standard (lol) too because then instead of not lending debt digits, you're hiding gold under the mattress. If you're rich and want to stay that way, you play scared. The Fed nowadays tries to fix this by offering cheap money, etc. it always ends up being a handout to the people who got us into this to get them out of it unscathed while everyone else suffers.

Bitcoin would work even worse because you can't dig up more bitcoins than allotted, so there is nothing coming from anywhere to spur new economic activity. It won't work this way in practice though (the "deflationary spiral") because people will just switch to a clone or back to fiat. The bitcoin wiki probably still says something along the lines of "it won't happen because the rich will buy stuff".

2. Those who earn the interest are wealthy, and only spend a fraction of their passive income, thus they don't transfer it back to those who are paying interest. Thus, it is a mathematical certainty that eventually all of the money supply will be transferred to them, if we don't debase the money supply.

It's only a certainty under certain conditions. The wealthy play the game that has been passed down to them over the generations. But with a couple simple variable tweaks, you could totally change that game. For example, the idea behind demurrage and Freicoin, where money has a carrying cost, ergo not durable. I don't think it has a shot of working considering that it will (probably) never be legal tender, but if it were, the game would be played much differently.

Regardless, if all base money is earning interest and there is a fixed supply in a real world scenario, it can still work, it just involves a lot of bankruptcies in lieu of an expanding supply. Banks would find some equilibrium between bankruptcies and interest rates to be where the most profitable position is. Of course, when they fuck up, as they always will, the bankruptcies will increase significantly for some time. Bankruptcies in general are not good for anyone including the rich, so the tightly controlled system of inflation we use today is preferable. Without government spending of bitcoin to put money into motion and with more than half in the hands of the tiniest of percentage of the world's population, the trail to bitcoin adoption (or any deflationary money similar to it) can only be littered with bankruptcy.

[AnonyMint]

1. If all base money is earning an interest, then the base money supply must expand, otherwise there doesn't exist enough base money to pay the interest.

Along the same lines as I mentioned earlier, this is not accurate.

My statement is accurate because velocity can't continue to increase forever.

People can only transact so fast, because it is assumed there must be some service or good provided.

This spiral demand is why at debt bubble peaks (probably circa end of 2015, with a possible extension to 2017 or so), everyone is running around like a chicken with head cut off, trying to move faster and faster, and there is massive misallocation of resources because of the race to transact faster thus sacrificing quality of (or rational necessity) of services and goods. (This is the Mises Crackup Boom)

You will see this race in the developing countries now. They are literally not sleeping, they are moving so fast to spend all the debt being pumped in.

Foreign Policy described this as "globalization":

http://www.foreignpolicy.com/articles/2001/09/01/will_globalization_go_bankrupt

Real Estate bubble is now spreading to where ever it wasn't already:

http://armstrongeconomics.com/2013/10/04/real-estate-boom-in-switzerland-singapore-elsewhere/

One base unit of currency on average can be used to pay off more than one debt unit if the velocity of money is high enough. The problem is that it is only a matter of when the velocity will drop from previous levels and necessitate a slew of bankruptcies as lots of credit/debt money disappears, and a cycle of economic recession starts.

You are referring to the Quantity Theory of Money and the summary equation:

M x V = P x Q ≈ GDP

Correct. Velocity can't increase perpetually, thus eventually base money supply has to increase or bankruptcies must ensue, which is where the world is now (final peak inflection point is 2015 - 2016 probably).

This doesn't only affect FRB, it affects a rigid gold standard (lol) too because then instead of not lending debt digits, you're hiding gold under the mattress. If you're rich and want to stay that way, you play scared.

You are saying that hoarding gold collapses the velocity, and yes velocity is down -50% since 2007:

http://armstrongeconomics.com/2013/10/20/they-are-calling-it-a-collapse-in-capitaism/

http://armstrongeconomics.com/2013/10/10/deflation-inflation-stagflation/

Note we didn't have a rigid gold standard ever. These were always fractional reserve systems, e.g. the private banks in the USA in 1800s. The rigid gold system occurs as the people run from the debt collapse into gold and bury it which can end up in a Dark Age:

http://armstrongeconomics.com/2013/10/21/what-about-gold-hoarding-the-reserve-dollar-status/

http://armstrongeconomics.com/2013/10/16/destroying-the-world-economy/

http://armstrongeconomics.com/2013/10/10/g20-meeting-to-raise-taxes/

http://armstrongeconomics.com/2013/10/10/obamacare-another-nsa-spying-on-citizens/

http://armstrongeconomics.com/2013/10/07/how-empires-nations-city-states-die-we-seem-to-be-right-on-schedule/

http://armstrongeconomics.com/2013/09/27/so-what-does-the-future-hold/

http://armstrongeconomics.com/2013/09/26/one-day-after-german-elections-truth-comes-out/

The Fed nowadays tries to fix this by offering cheap money, etc. it always ends up being a handout to the people who got us into this to get them out of it unscathed while everyone else suffers.

Agreed as I wrote upthread, the central banks debase in ways that aid the controllers of the goverment, i.e. the most rich and powerful:

http://armstrongeconomics.com/2013/10/16/fed-balance-sheet-lack-of-oversight/

Bitcoin would work even worse because you can't dig up more bitcoins than allotted, so there is nothing coming from anywhere to spur new economic activity. It won't work this way in practice though (the "deflationary spiral") because people will just switch to a clone or back to fiat. The bitcoin wiki probably still says something along the lines of "it won't happen because the rich will buy stuff".

Very much agreed, except the switch may be to the new official digital currency offered by the powers-that-be after this current crisis ends 2033. Investors will want to buy government bonds then to recapitalized the destroyed global economy, since they will be paying say 18% or so. The official money will be the only way to do that,...

...unless we create a better decentralized currency before that, which a significant portion of society adopts and which wrecks havok on the plans of the powers-that-be.

2. Those who earn the interest are wealthy, and only spend a fraction of their passive income, thus they don't transfer it back to those who are paying interest. Thus, it is a mathematical certainty that eventually all of the money supply will be transferred to them, if we don't debase the money supply.

It's only a certainty under certain conditions. The wealthy play the game that has been passed down to them over the generations. But with a couple simple variable tweaks, you could totally change that game. For example, the idea behind demurrage and Freicoin, where money has a carrying cost, ergo not durable. I don't think it has a shot of working considering that it will (probably) never be legal tender, but if it were, the game would be played much differently.

Regardless, if all base money is earning interest and there is a fixed supply in a real world scenario, it can still work, it just involves a lot of bankruptcies in lieu of an expanding supply.

And bankruptcies mean increased government as a share of GDP, because everyone wants the government to protect them from every bad outcome. And this is precisely what has happened:

http://grandfather-economic-report.com/#govt (see charts at first sublink comparing 1910 to today)

http://armstrongeconomics.com/2013/10/01/what-socialism-destroyed-govt-shutdown

http://armstrongeconomics.com/2013/09/30/debt-pension-crisis-fuel-behind-a-stock-rally/

Banks would find some equilibrium between bankruptcies and interest rates to be where the most profitable position is.

Nothing in the universe operates as a flat-line equilibrium. Nature is always oscillating (wave-like) in nature.

Refer to the relevant linked sections of my two blog articles to better understand the physics of the universe and why it MUST BE THAT WAY else nothing at all would exist. A flat-line is no-contrast, no-knowledge creation, not-alive:

http://unheresy.com/Information%20Is%20Alive.html#Knowledge_Anneals

http://unheresy.com/The%20Universe.html#Matter_as_a_continuum

See also explanation of waves in markets:

http://armstrongeconomics.com/2013/10/13/defeating-the-business-cycle-a-goal-for-thousands-of-years/

http://armstrongeconomics.com/2013/10/16/from-ireland-the-key-to-everything/

http://armstrongeconomics.com/models/7219-2/

http://armstrongeconomics.com/2013/10/04/manipulations-exceptions-one-dimensional-thinking/

Of course, when they fuck up, as they always will, the bankruptcies will increase significantly for some time. Bankruptcies in general are not good for anyone including the rich,

Bankrupties are bad for the middle rich, but wonderful for the most rich and powerful who control the government, because the control of the government and the central bank manipulations increase during every debt crisis:

http://armstrongeconomics.com/2013/10/16/ghost-companies-on-the-radar/

http://armstrongeconomics.com/2013/10/14/european-banking-crisis-seizing-10-of-everyones-accounts-hello-cyprus/

http://armstrongeconomics.com/2013/10/10/g20-meeting-to-raise-taxes/

http://armstrongeconomics.com/2013/09/30/they-are-officially-eyeing-up-pensions/

"Never waste a good crisis" - various politicians and treasury officials

so the tightly controlled system of inflation we use today is preferable. Without government spending of bitcoin to put money into motion and with more than half in the hands of the tiniest of percentage of the world's population, the trail to bitcoin adoption (or any deflationary money similar to it) can only be littered with bankruptcy.

Eventually Bitcoin has to fail. Agreed. For numerous reasons. And that failure might be the opportunity for the governments to morph it in the next fiat digital currency which they control. That the Bitcoin mining can be so easily cartelized and is designed (whether intentional or not) to go that direction, is very relevant to this thread. As I have explained upthread.

[Etlase2]

Correct. Velocity can't increase perpetually, thus eventually base money supply has to increase or bankruptcies must ensue, which is where the world is now (final peak inflection point is 2015 - 2016 probably).

It's all about the change in velocity compared to the change in debt. Obviously we can't eliminate bankruptcy unless we eliminate debt, and that is a problem I do not think is trying to be solved yet. So the issue is how to minimize the eventual bad result of a velocity/debt change. A fixed supply of currency is probably the worst case scenario anyone could come up with (mayyybe second worst to modern government fiat), but it can function without an expanding supply.

Nothing in the universe operates as a flat-line equilibrium. Nature is always oscillating (wave-like) in nature.

Of course, the finer points are the amplitude and the duration, as I was getting at with that post.

[AnonyMint]

So you are thinking (in the mathematical abstract, although you may not have specifically modeled as a differential equation) in terms of a differential equation model (e.g. for your Decrits altcoin design) where you control the Q (damping factor) to optimize oscillation resonance (i.e. outcomes)?

We can't stop velocity and debt overshoot and the downwave bankruptcies, but we can accomplish three improvements with the improvements I suggest for Mini-blockchain + perpetual debasement PoW:

1. Remove the most obvious design flaw(s, both reducing blockchain overhead and 0% transaction fee, c.f. upthread for detailed explanations) that makes it easy for cartels to control mining.

2. Remove centralized control over the perpetual creation of money, thus reduce the ability to use crisises to reward those who control the government.

3. Make it very difficult for those who lend to be backstopped by insurance (and thus implicitly by the government) and thus they have to go bankrupt more frequently thus keeping bubbles small and more frequent, also preventing them from aggregating too much capital (they then have to deal with the economy-of-scale of small risk differences for each loan). One way this happens is if the coin eliminates the ability to tax. So there isn't any funding for collective insurance. Because realize that private insurance MUST always fail (another math to discuss) so public bailouts are inevitable. There are other points I could make on this...

Readers (I know Etlase2 knows this), please realize I am not talking about eliminating investors-at-risk from aggregating capital, i.e. I am not anti-capitalism. Rather I am saying that loaning money to anyone with a heartbeat is a low-knowledge activity that should not be backstopped by the public (government + insurance).

You can see that taxes (government) and insurance (along with inflated real estate prices by giving everyone with a heartbeat a 30 year mortgage which pulls 30 years of future demand into the present radically raising prices) are the major reason western countries are more expensive than developing countries which don't have high government as a percent of GDP, don't have well developed insurance industry, and don't have high debt levels as of percent of GDP:

http://www.thaivisa.com/forum/topic/677362-whats-your-monthly-cost-to-live-in-thailand/

http://grandfather-economic-report.com/#govt

http://www.heritage.org/index/explore (sort by "Govt Spending")

http://www.gfmag.com/tools/global-database/economic-data/11855-total-debt-to-gdp.html
(Total Debt, which is more accurate)

http://en.wikipedia.org/wiki/List_of_countries_by_public_debt
(Public Debt, which misses much of the debt in countries such as China)

http://en.wikipedia.org/wiki/List_of_countries_by_future_gross_government_debt
(Future Public Debt, captures some of the rises in debt coming, yet misses many of classes of debt and contagion effects coming)

[Etlase2]

3. Make it very difficult for those who lend to be backstopped by government

I would say that this is a property offered by almost any decentralized currency. Though there is the issue of mining cartels potentially replacing the government's role here, but I think the likelihood will be significantly reduced simply because cryptocurrency is open source, and the proletariat is now capable of fighting back with another currency which will be many magnitudes easier to adopt once one is already in place. This is a drastic option though. And if outside (hashing) power is used to control security and all money entering the system, it will be difficult to start a fledgling currency. If you separated security and mining, and made mining profitable for only short periods of time, you might be really on to a solution to this problem. *cough*

One way this happens is if the coin eliminates the ability to tax.

I don't think that this is as necessary as you think. Without being able to print money at will, the governments of the world will have to tell the world that they intend to take your productivity from you, not take it like a thief in the night with no one noticing via inflation. Imagine if Americans started seeing their salaries cut by half or more to fund wars for oil or to bail out wall street.

[AnonyMint]

3. Make it very difficult for those who lend to be backstopped by government

I would say that this is a property offered by almost any decentralized currency. Though there is the issue of mining cartels potentially replacing the government's role here, but I think the likelihood will be significantly reduced simply because cryptocurrency is open source, and the proletariat is now capable of fighting back with another currency which will be many magnitudes easier to adopt once one is already in place.

I disagree. Bitcoin appears to me to be very taxable because it is not anonymous the way most non-experts apparently transact with it (judging from cursory summaries from published research of actual blockchain). All those (non-experts, who are not well studied on how to anonymize every aspect) who have transacted in Bitcoin may have a nasty surprise coming from the G20 after some years the government will present proof obtained from the NSA (and respective agencies in other countries), of their transactions and a huge tax bill with penalties and interest for not reporting capital gains (and required wealth report for Europeans, including expats). One can posit that the powers-that-be are letting Bitcoin honeypot go on for now to lay the entrapment.

And the data mining intelligence agencies also likely know who has gold and silver too. Most readers don't realize how data from their phone calls, SMS text messages, emails and internet usage, driving patterns, mailing patterns, credit card and banking records, etc. can be cross-correlated. Here is the expert:

https://www.schneier.com/essays-privacy.html

Also they can make it very difficult to sell your gold and silver later without revealing identity. People say there are always black markets, but that was before automated face recognition algorithms (Facebook uses one to identify you in your friend's photos), putting a camera on every light post, a tracking device in every smart phone and car's computer. Hitler and Stalin only dreamed they had the tracking capabilities that exist now.

Of course the bankrupt government will track down all the money they can that they think is owed to the government, and tack on criminal penalties to teach others not to try to circumvent the monopoly power of the government.


---------Definition of Government---------------
http://esr.ibiblio.org/?p=5044&cpage=1#comment-411923

Well, yes. I would say that. Governments are based on the threat and use of force, up to and including the killing and inevitable murder of the people they claim to be the governing.

This isn’t merely a contingent property of government, it’s the essential one. Read your Max Weber: a government is, definitionally, an organization which claims a monopoly on the legitimate use of physical force (thus, a monopoly on legal murder). Political science has failed to improve on this definition since it was proposed in 1919.

------------------------------------------------

And replacing a well established currency is impossible, because the masses are not enlightened AND NEVER WILL BE (is a few 1000s years of history not enough proof of human nature?). Ask all those who have tried to compete with fiat.

You get one chance to make a popular decentralized currency that can't be co-opted by the powers-that-be. After they institute the new fiat digital currency (or currencies) after this crisis, there is NO MORE CHANCE. That is the end game for current human civilization.

666 (i.e. we go into another 600 year Dark Age)

This is a drastic option though. And if outside (hashing) power is used to control security and all money entering the system, it will be difficult to start a fledgling currency.

Yup. And as about as probable as the moon hitting the earth.

If you separated security and mining, and made mining profitable for only short periods of time, you might be really on to a solution to this problem. *cough*

When that solution is available in comprehensible open source code and eloquently explained, that might be a preferred alternative to my proposal to at least perpetually fund PoW with debasement and to make the PoW not run faster on GPUs and ASICs (many doubt this is possible due to Litecoin's and Yacoin's Scrypt failures (update), but what if someone shows it is possible?).

One way this happens is if the coin eliminates the ability to tax.

I don't think that this is as necessary as you think. Without being able to print money at will, the governments of the world will have to tell the world that they intend to take your productivity from you, not take it like a thief in the night with no one noticing via inflation. Imagine if Americans started seeing their salaries cut by half or more to fund wars for oil or to bail out wall street.

Obama is saying now he will raise taxes, and the majority are cheering him on "to tax the rich" and give them free everything from the government. Ditto Europe, which taxes at double the Laffer limit. Spain even taxes sunlight, and France forces you to continue to run your company at a loss to pay for workers and health insurance, against your wishes to shut down the company before you deplete all your capital. Next logical step of the progression is they may force citizens to increase your (personal or corporate) debt to sustain operation of your loss making company.

There is an Iron Law of Political Economics (from Rancur Olsen's research):

http://esr.ibiblio.org/?p=984

Basic problem is that everyone has an incentive to just suck from the collective and as this gains momentum it becomes impossible to keep any prosperity without the collective destroying it, thus at the end game everyone is sucking everyone, which often means genocide.

This is why this is a such an intractable problem, because eliminating taxes basically means war, because it will dismantle most of what people currently think society should be.

That is why I posit that any long-term successful decentralized coin effort is going to have to first win a war against society.

[kalon]

This is a very interesting thread and quite in depth. I have been keenly following Bitfreak's mini block chain proposal since it seems to solve one of Bitcoin's impending problems. I can see that there are other's in this thread that would agree there are other problems with Bitcoin and ideally a new cryptocurrency would address as many of those problems as possible, particularly the economic ones.

The deflationary model that Bitcoin follows is all well and good if you want a commodity and enthusiast  see no problem with the value increasing for eternity. However, posters here seem to recognize problems with this. Both a reluctance to spend (I have a few Bitcoins and I'm not spending them now if I don't have too.) and the inevitable concentration of wealth as super rich hoarders spend smaller and smaller fractions of their money to the poor masses for goods and services.

Thinking about these problems I looked at Freicoin the idea of demurrage would be a hard sell for most and one which make me uninterested in holding any. I also looked at Peercoin and I was quite enthusiastic about it's improvements, I think there are lessons which could be learned from it. My main problem with it is it's lack of professional marketing. Sunny King seems like a good guy but perhaps easily distracted. POS sounds like a good idea and the slight inflation which it involves seems like it would address some of the problem of Bitcoin, however, I do wonder if there could be an even better way.

Initially I disliked the idea of Bitcoin's fixed supply but I think with a slight tweak it could be the best solution. We want to have something which will act as a solid currency, encouraging people to spend their wealth but without penalizing them for saving as seems to be the case with Freicoin. We also want to avoid the problem of deflation from lost coins (government seizers, death of hoarders without wills, lost keys and mistaken transfers). Bitfreak suggested somewhere that coins in unused accounts should be removed and remind after some lengthy period of time (something like 100 years) just to avoid long term deflation but I see doing this on a smaller time scale as being beneficial in other ways.

I'd propose that transactions should have a set fee based on percentage; what exactly I think is debatable but I'd say 1%. Perhaps it's not important but I tend to think following Peercoin's model that tx fees are burned is a good one, so that they have to be re-mined. Having a percentage based tx fee might be more costly than Bitcoin for large transactions but could be cheaper for small transactions than the limit which is likely in Bitcoin once new coins are finished being mined. This would encourage greater adoption in developing markets.

Now, if unused coins are burned at an arbitrary time but smaller than one hundred years; I'd say 5 years. not only ensure that lost coins are not gone forever but also encourage spending without being punitive and without debasing the currency. People who use the currency on a daily basis would never be affected and people with large untouched saving could simply move the money, albeit at a lose of the tx fee. Obviously the client would need to use coins in a first in first out method and indications for coin age would need to be clear. Perhaps clients could automatically move coins if approaching the end of cycle. This would still be okay since the dead and people with lost keys are unlikely to keep a client going for 5 years.

Since you would know the maximum number of coins to be produced and you'd know roughly how many are in circulation you'd have a much better understanding of the health and value of the network and would be far less likely to have wild value swings due to uncertainty. Peercoin's per-block re-targeting system could be implemented in such way as to taking into account dynamics of the money supply.

I can imagine that the proposal of a set tx percentage and the necessity to move unused assets might be less preferential to some but it would strengthen the network and ensure that miners always have incentive to mine. Additionally, I think there are other small things which could be done to ensure ease of use which could allow for the easy adoption of what I believe would be a much better currency.

Sorry for being long winded. I was saving some of that up for awhile. I'd love to know some of your thoughts.  

[AnonyMint]

Demurrage from the perspective of the saver is sometimes not different than debasement. They are both a % per year of value taken from you. The former is explicit as you see your balance decrease, and the latter is obfuscated because the value of your money may drop as the money supply increases.

However, you don't sell your Bitcoin now even though the debasement is 11% per year, because the value of your BTC is increasing because demand for BTC is increasing.

So while a cryptocurrency is starting, the debasement can be very high and no one will protest because the value is rising.

When a cryptocurrency ever becomes mature and a significant portion of the global economy uses it, then no one will protest if the debasement is 3% and the GDP growth rate is 5%, because the value of their money will likely be increasing (by more than 2% due to rise in monetary velocity also).

You won't get a sustainably SECURE cryptocurrency without debasement.

Transaction fees don't insure sustained mining and protection against cartels, because even if you make them mandatory, a cartel can refund them, "spend your Bitcoins here at Amazon.com and we will refund the transaction fees".

They can offer to refund debasement too, but that won't prevent others from earning from mining. Whereas with tx fees, if they can get most customers to send their transactions to them, they can hold back all income from other miners.

HOW MANY TIMES HAVE I WRITTEN THIS!!! I think 50 times now. And still some readers never remember. (I wrote it upthread 2 or 3 times)

[kalon]

AnonyMint, in some ways I cannot tell if you are responding to my post. You touched on a couple key words but then revert to your own talking points without much consideration of the ideas I've put forward. I have read all of your up thread posts and have forgotten nothing. I've read some of your posts in other threads but to be frank, there are a lot of intelligent people in the forum and to hang on just your words alone would detract from other interests and necessities in my life.

Regarding debasement, I tend to agree with you and I wonder why you do not speak more of a POS system. Essentially Peercoin and derivatives such as Novacoin and the like debase the currency by offering savers interest, though I believe it's closer to 1%. I really don't have a problem with this. It seems quite logical from a standpoint of how saving accounts appear for users with fiat and of course POS has other benefits as well.

However, I don't think that POS interest addresses the issue of spending and demurrage addresses it in a way which I think people find too punitive. However, simply paying a small percentage in tax on spending which affects all people equally and supports the network is something which I think all people are quite comfortable with. Having a coinage limit which forces people to either spend or move money after some years will encourage use of the coins as currency but will in no way affect people of few means like demurrage would and would not inflate the economy like interest producing POS would.

AnonyMint, we cannot count on ever growing GDPs and I assume that you are suggesting a method of debasement beyond the control of any governing body. An eternally inflating money supply only sounds marginally better than a deflating one. A system like Bitcoin's set maximum along with incentives to spend and recycle coins would keep the system in near perfect equilibrium.

As far as mining pools centralizing coin minting, this is a different problem which I'd like to see addressed in such way as to make it more egalitarian. I'm unsure of how this can be done but it would surely be beneficial both in terms of fairness and avoiding a 50%+ attack.

[AnonyMint]

Two new thoughts since I last posted:

1. The more anonymous the cryptocurrency, the more likely that the corrupt in the captured political systems of the world today are going to be hiding their money in the anonymous system as the hunt for wealth spreads as the socialism's bankruptcy reaches the end game. USA, Europe, China, India, etc are all run by powerful groups who are hiding money offshore. For example, it is well known (e.g. Michael Pettis wrote about this) that the Chinese taipans move their exports through tax havens such as Singapore (at least on paper) to hide profits offshore, which they then keep hidden offshore. Also Chinese politicians move their ill-gotten wealth offshore, e.g. their wife (or wives) and kid(s) live in the Western countries in expensive homes and attend private schools, etc..

So while an anonymous crytocurrency can help defeat the power government has over the individual, it can also enable the corrupt in the system to escape oversight from the government. I imagine that as this global debt crisis comes to an end game, the populace is going to prosecute ill-gotten wealth. We see pronouncements from the G20 headed this direction. This will cause the nations to cooperate to hunt down all wealth. It will be indiscriminate (because of the irrationality of socialism) and all wealth will suffer, ill-gotten or otherwise.

Thus, it is desirable to have an anonymous cryptocurrency, because if it makes nations impotent, then they won't be able to come together to form a world government to hunt down all wealth. And the ill-gotten wealth will be transferred to those who are early into that anonymous cryptocurrency (if someone creates it).


2. If someone creates a cryptocurrency where only CPUs can mine effectively (or at least ASICs and FPGAs have no significant advantage), then the return on mining investment will likely be negative. Meaning many people will mine at small economies-of-scale with their PC and not notice they are consuming more resources than they are generating in coin rewards for mining. The implication is that it will be that much more difficult for a cartel to take over mining, when they have to do it basically for free and compete against the billions of computers of the populace.

Regarding debasement, I tend to agree with you and I wonder why you do not speak more of a POS system. Essentially Peercoin and derivatives such as Novacoin and the like debase the currency by offering savers interest, though I believe it's closer to 1%. I really don't have a problem with this. It seems quite logical from a standpoint of how saving accounts appear for users with fiat and of course POS has other benefits as well.

I don't believe PoS systems are secure because my understanding is that the input entropy can be preimaged which selects which peer can decide which transactions are valid. Someone may eventually prove me wrong, yet for now I am operating under the expectation instead that PoS systems will be hacked if they ever become significantly valuable.

Also I believe the economics are collectivism, which rewards failure (laziness, lack of initiative, lack of ingenuity, etc). Paying someone just for letting money sit there. I prefer that miners must proactively manage their resources to help secure the network, e.g. PoW.

In short, I believe competition, not socialism, is the correct economic paradigm.

However, I don't think that POS interest addresses the issue of spending and demurrage addresses it in a way which I think people find too punitive. However, simply paying a small percentage in tax on spending which affects all people equally and supports the network is something which I think all people are quite comfortable with. Having a coinage limit which forces people to either spend or move money after some years will encourage use of the coins as currency but will in no way affect people of few means like demurrage would and would not inflate the economy like interest producing POS would.

I don't believe this will secure the network.

AnonyMint, we cannot count on ever growing GDPs

If we couldn't count it, we would still live at the very low standard of the Kings of yore, with high mortality from bacterial infections, slow transportation, communication by courier instead of by wireless, etc..

Sorry but the illogic of Malthusians annoys me. How can some people be so out-of-touch with reality and history? And they repeat incessantly the same (what I believe to be) nonsense.

If the GDP stops growing for decades, that means humans are on a trajectory to end their existence (or at least tempt existential threat into a 600 year Dark Age), i.e. declining populations and/or stopping the development of new technology.

and I assume that you are suggesting a method of debasement beyond the control of any governing body. An eternally inflating money supply only sounds marginally better than a deflating one.

It is essential. I believe the network can't be secured without. I provided all my logic.

A system like Bitcoin's set maximum along with incentives to spend and recycle coins would keep the system in near perfect equilibrium.

There is no such thing in our world as perfect equilibrium. I assume you are thinking of some state of non-change. There are dynamic oscillations around a median, but never you will find flatlines in the real world. And if you want to understand the math and physics for this, then you can read my blog. Flatline means a uniform distribution, which means no change, which means no competition, no contrast (black is only visible if you have gradations of white), no knowledge creation, and no life at all.

http://unheresy.com/The%20Universe.html#Matter_as_a_continuum

http://unheresy.com/Information%20Is%20Alive.html

As far as mining pools centralizing coin minting, this is a different problem which I'd like to see addressed in such way as to make it more egalitarian. I'm unsure of how this can be done but it would surely be beneficial both in terms of fairness and avoiding a 50%+ attack.

Simple. Make so mining computers don't need to have the resources to deal with a multiple-GB blockchain (i.e. implement the Mini-blockchain), and eliminate the advantage of non-CPUs.

Competition can still reign, yet amongst computers with CPUs and reasonable resources, e.g. typical amount of DRAM.

[digitalindustry]

Initially I disliked the idea of Bitcoin's fixed supply but I think with a slight tweak it could be the best solution. We want to have something which will act as a solid currency, encouraging people to spend their wealth but without penalizing them for saving as seems to be the case with Freicoin. We also want to avoid the problem of deflation from lost coins (government seizers, death of hoarders without wills, lost keys and mistaken transfers). Bitfreak suggested somewhere that coins in unused accounts should be removed and remind after some lengthy period of time (something like 100 years) just to avoid long term deflation but I see doing this on a smaller time scale as being beneficial in other ways.

I'd propose that transactions should have a set fee based on percentage; what exactly I think is debatable but I'd say 1%. Perhaps it's not important but I tend to think following Peercoin's model that tx fees are burned is a good one, so that they have to be re-mined. Having a percentage based tx fee might be more costly than Bitcoin for large transactions but could be cheaper for small transactions than the limit which is likely in Bitcoin once new coins are finished being mined. This would encourage greater adoption in developing markets.

Now, if unused coins are burned at an arbitrary time but smaller than one hundred years; I'd say 5 years. not only ensure that lost coins are not gone forever but also encourage spending without being punitive and without debasing the currency. People who use the currency on a daily basis would never be affected and people with large untouched saving could simply move the money, albeit at a lose of the tx fee. Obviously the client would need to use coins in a first in first out method and indications for coin age would need to be clear. Perhaps clients could automatically move coins if approaching the end of cycle. This would still be okay since the dead and people with lost keys are unlikely to keep a client going for 5 years.

~~~~

Sorry for being long winded. I was saving some of that up for awhile. I'd love to know some of your thoughts.  

This is an interesting idea ....

And as say an inbetween , lets call it a "negative interest rate" , what about instead of large savers paying the ultimate price for a saving on a 5 year limit , instead have say a phased system :

1 to 5 years , upon stagnant savings , fee is charged , saving is not threatened. 

5 to 10 years , larger fee .

Above 10 years recycled or tagged with a large warning on the client that thecsavings have been tagged .

11 th year recycled. Remined.

I would advocate the 0 to 5 year fee could be adjustable .

People wouls yell control perhaps , but in the end its a cryptocurrency , people miss a lot of political issues , just probably though ignorance on these matters .

For  example the ACP or ACCP checkpoints in general , people seem to have a hard time distinguishing between a forced system and a choice system .

[AnonyMint]

---------Definition of Government---------------
http://esr.ibiblio.org/?p=5044&cpage=1#comment-411923

Well, yes. I would say that. Governments are based on the threat and use of force, up to and including the killing and inevitable murder of the people they claim to be the governing.

This isn’t merely a contingent property of government, it’s the essential one. Read your Max Weber: a government is, definitionally, an organization which claims a monopoly on the legitimate use of physical force (thus, a monopoly on legal murder). Political science has failed to improve on this definition since it was proposed in 1919.

------------------------------------------------

And replacing a well established currency is [nearly] impossible, because the masses are not enlightened AND NEVER WILL BE (is a few 1000s years of history not enough proof of human nature?). Ask all those who have tried to compete with fiat.

Note a jury convicted a hero who tried:

http://en.wikipedia.org/wiki/G._Edward_Griffin#The_Creature_from_Jekyll_Island

Griffin's advocation of a free-market, private-money system superior to the Fed caused Bernard von NotHaus to deploy such a system in 1998.

http://en.wikipedia.org/wiki/Bernard_von_NotHaus#Arrest_and_conviction

In connection with the Liberty Dollar business, a federal grand jury brought an indictment against von NotHaus and three others in May 2009, and von NotHaus was arrested on June 6, 2009

On March 18, 2011, after a 90 minute jury deliberation, von NotHaus was found guilty on various counts, including the making of "counterfeit coins" (resembling legal tender coins). Attorney for the Western District of North Carolina, Anne M. Tompkins, described Bernard von NotHaus and the Liberty dollar as "a unique form of domestic terrorism” that is trying “to undermine the legitimate currency of this country.” The Justice Department press release quotes her as saying: “While these forms of anti-government activities do not involve violence, they are every bit as insidious and represent a clear and present danger to the economic stability of this country".

Interestingly a recent article related Bitcoin as the successor to the Liberty Dollar:

http://lfb.org/today/the-domestic-terrorist-you-can-call-a-hero/

The feds raided him in in 2006. In 2007, the government outright stole 2 tons of coins from him, many of them featuring an image of Ron Paul, plus 500 silver coins and 50 gold coins. They threw him in jail and dragged his name through the mud many times.

He was later convicted of making counterfeit coins — an ironic conviction given that he was making silver coins to compete with official coins made out of scrap metal. That conviction was in March 2011, fully 2½ years ago. The government labeled him a “domestic terrorist.”

After all, the feds threw every conceivable charge at him. The jury didn’t buy it, but finally did have to admit the he seemed to be producing and distributing what claimed to be dollars, but differed rather substantially from U.S. government dollars. That was the basis of the counterfeiting claim. The claim alone implies that somehow he was tricking people, which is ridiculous, since the whole reason his coins were marketable was precisely because his customers knew that his coins were real and, in this respect, differed completely from what the U.S. government distributes.

Think about the many distributive technologies that came out in these frontier days in which a new world was being born. All the Internet giants were being born during these years. Other services were simply distributive, such as Napster, which completely revolutionized music distribution, but was crushed by the feds in 2001.

The result was the deep entrenchment of distributed network file sharing, which is more ubiquitous than ever before. All these movements were about challenging the status quo in a fundamental way, the daring decision to take on state-blessed institutions and tap into the power of the consuming public to choose private over public services.

The movement was not killed, despite every attempt. What it actually did was change the whole way we get our services, use the Internet, and engage each other in our social and economic lives. In a rapid and thrilling way, we began to see all the ways in which power could be devolved away from the elites and toward the people. It has left a permanent mark on the world.

The Liberty Dollar was part of this movement. For decades, some very high-level intellectuals had taken note of the decline of the quality of money, from about, oh, 1913, all the way to the advent of pure paper money in 1971. The inflation of the late 1970s made the point: There has to be a better way. Economist F.A. Hayek wrote that it was entirely possible that a high-quality private money could compete with a government money.

But who would step out and make the attempt? What entrepreneur would dare come forward and offer up an alternative as a product in the consumer market?

Bernard von NotHaus was the man. There is nothing illegal about minting silver into round shapes and putting pictures on them. It’s not even clear that there is anything wrong with calling it a dollar, provided he didn’t try to claim it was a government dollar. And this is exactly what he did.

The money monopolists in Washington went absolutely nuts about this. They threw the book at him, and added some of the most hilarious rhetorical flourishes that one can imagine. The attorney who prosecuted the case for the government said the following:

“Attempts to undermine the legitimate currency of this country are simply a unique form of domestic terrorism. While these forms of anti-government activities do not involve violence, they are every bit as insidious and represent a clear and present danger to the economic stability of this country. We are determined to meet these threats through infiltration, disruption, and dismantling of organizations which seek to challenge the legitimacy of our democratic form of government.”

But they stopped Bernard, right? Didn’t he fail? He can be very confident in knowing that he made a gigantic mark in history. He demonstrated that it could be done. He threw a model out there that would not go away. And only two years after the looting of his business, an ambitious computer programmer created a code protocol that became what is now known as Bitcoin.

But the inventor of Bitcoin — whose identity is either completely unknown or one of the best kept secrets in history — knew better than to operate like a business. He made not silver rounds, but digital units. He didn’t store these units in one place, but rather had them live on a globally distributed network that no government can shut down. He relied not on a third-party transmitter, but instead made it possible for this new currency to be traded peer to peer.

Bitcoin is a brilliant combination of the Liberty Dollar’s soundness and Napster’s distribution methods, with a few extra features thrown in to protect it against shutdowns.

In other words, Bernard von NotHaus took one for the sound-money team, and, in time, the world will see that his instincts were exactly right. Monopolies can’t last. Not even the world’s most powerful government can keep quality and consumer preference at bay forever. His idea pointed to a bright future in a revolutionary way. The revolution will not occur with guns and battles, but through enterprise, entrepreneurship, and a billion tiny acts of peaceful consumer choice.

[AnonyMint]

We can't stop velocity and debt overshoot and the downwave bankruptcies, but we can accomplish three improvements with the improvements I suggest for Mini-blockchain + perpetual debasement PoW:

1. Remove the most obvious design flaw(s, both reducing blockchain overhead and 0% transaction fee, c.f. upthread for detailed explanations) that makes it easy for cartels to control mining.

2. Remove centralized control over the perpetual creation of money, thus reduce the ability to use crisises to reward those who control the government.

3. Make it very difficult for those who lend to be backstopped by insurance (and thus implicitly by the government) and thus they have to go bankrupt more frequently thus keeping bubbles small and more frequent, also preventing them from aggregating too much capital (they then have to deal with the economy-of-scale of small risk differences for each loan). One way this happens is if the coin eliminates the ability to tax. So there isn't any funding for collective insurance. Because realize that private insurance MUST always fail (another math to discuss) so public bailouts are inevitable. There are other points I could make on this...

Add:

4. Remove the capability for the private banks to create base money out-of-thin air when they issue loans on reserves:

http://en.wikipedia.org/wiki/G._Edward_Griffin#The_.22Mandrake_mechanism.22

Of course they may still be able (if not illegal) to write more receipts for deposits, than they have reserves, but they won't actually be able to create base cryptocurrency money, thus bank runs and defaults should be more frequent and self-correcting (as they were in the 1800s on a gold base money with gold certificates as receipts for deposits). The subversion is if the receipts begin trading as currency (e.g. Ripple currency) and are more widely accepted than the cryptocurrency base money, which I guess is what happened near the end-game of the 1800s.

Griffin's view is similar to many other gold-standard supporters' critique of the fractional-reserve banking system and the Federal Reserve in particular: that it makes money "magically" appear from nothing.

In Griffin's view, the "magical" quality of this mechanism is really just a simple mathematical limit. When banks loan money, they don't actually loan existing money. Rather, they allocate money to loan, but they are limited by how much money they can create. The law basically says that, for each dollar a bank has on hand in one of its savings accounts, it is allowed to create another 90 cents to give out as a loan. (The dollar from the savings account is still there, and can still be spent by the person who owns the savings account.) This loan is then spent, and the recipient puts it into another bank, and that bank can now loan 90 cents times 0.9 = 81 cents. This can be repeated many times (depending on the demand for loans) until it approaches its mathematical limit of 10 dollars.

For example, when the Federal Reserve holds on deposit 1 billion in marketable United States Treasury security then the banks in the banking system, public and private, and bound by U.S. financial law, are able to generate 10 billion in new debt over time.

Readers (I know Etlase2 knows this), please realize I am not talking about eliminating investors-at-risk from aggregating capital, i.e. I am not anti-capitalism. Rather I am saying that loaning money to anyone with a heartbeat is a low-knowledge activity that should not be backstopped by the public (government + insurance).

You can see that taxes (government) and insurance (along with inflated real estate prices by giving everyone with a heartbeat a 30 year mortgage which pulls 30 years of future demand into the present radically raising prices) are the major reason western countries are more expensive than developing countries which don't have high government as a percent of GDP, don't have well developed insurance industry, and don't have high debt levels as of percent of GDP:

http://www.thaivisa.com/forum/topic/677362-whats-your-monthly-cost-to-live-in-thailand/

http://grandfather-economic-report.com/#govt

http://www.heritage.org/index/explore (sort by "Govt Spending")

http://www.gfmag.com/tools/global-database/economic-data/11855-total-debt-to-gdp.html
(Total Debt, which is more accurate)

http://en.wikipedia.org/wiki/List_of_countries_by_public_debt
(Public Debt, which misses much of the debt in countries such as China)

http://en.wikipedia.org/wiki/List_of_countries_by_future_gross_government_debt
(Future Public Debt, captures some of the rises in debt coming, yet misses many of classes of debt and contagion effects coming)

[BombaUcigasa]

It is not clear what is the deal with the fees:
- Will the pruned blocks delete the already given mining fees, if so that would break transactions that spend the fees?
- Do the pruned blocks keep the mining fees transactions, how do they preserve the special coinbase transaction for this?
- Who pays for the new block that includes already mined transactions with spent fees? Does the new block offer just new transactions fees?
- Do you use recurring fees, thus double-triple-Xuple charge someone's account down to 0 and create artificial demurrage?


I ask only because it is unclear in the whitepaper, and it was one of the things that stopped me from joining the bounty efforts.

[AnonyMint]

Perhaps you might get a response from the original proponents. I think I can possibly answer correctly interim.

It is not clear what is the deal with the fees:
- Will the pruned blocks delete the already given mining fees, if so that would break transactions that spend the fees?
- Do the pruned blocks keep the mining fees transactions, how do they preserve the special coinbase transaction for this?

These end up in account balances tree, just as any other transaction does. All transactions are secured into the account balances the same way (eternal proof chain + sliding window of transaction history).

- Who pays for the new block that includes already mined transactions with spent fees? Does the new block offer just new transactions fees?

Huh? Perhaps I am misunderstanding your question; sounds like you misunderstand how transactions work in Bitcoin versus this proposed Mini-blockchain.

- Do you use recurring fees, thus double-triple-Xuple charge someone's account down to 0 and create artificial demurrage?

No. I don't know where you got this idea. I will guess that you have some confusion about how the blockchain works in Bitcoin versus this proposed Mini-blockchain and this may be causing you to invent things that have not been stated.

[BombaUcigasa]

That's because the whitepaper mentions "fees" 5 times, yet they are used only in philosophical contexts and not in examples or suggested rules.

When pruning an old block, for which fees have already been paid, the transactions will be included for free in the new block, at the cost of the current effort minus current fees.

How can then the mini-blockchain offer "lower fees" if more effort is needed for the same reward?

[digitalindustry]

Add:

4. Remove the capability for the private banks to create base money out-of-thin air when they issue loans on reserves:

http://en.wikipedia.org/wiki/G._Edward_Griffin#The_.22Mandrake_mechanism.22

Of course they may still be able (if not illegal) to write more receipts for deposits, than they have reserves, but they won't actually be able to create base cryptocurrency money, thus bank runs and defaults should be more frequent and self-correcting (as they were in the 1800s on a gold base money with gold certificates as receipts for deposits). The subversion is if the receipts begin trading as currency (e.g. Ripple currency) and are more widely accepted than the cryptocurrency base money, which I guess is what happened near the end-game of the 1800s.


+1

Now you make more sense anonymint.

Ripple is essentially designed for this purpose,  but actually it serves no purpose, where as in an old analog system ripple could actually serve a purpose,  its a paradox of sorts,  it reminds me a little of the zeitgeist paradox I identified.

For example break down the headline just basic support for this movement and you will find a large demographic in post what i would call " post cocommunists baby boomers" , what im trying to state badly is , those generations after the " communist baby boomers" .

So we have these supporters , of the zeitgeist movment , but wait for it :

Without "multidimensional information" ,  a  the zeitgeist movement would not exist,  but also without "multidimensional information"  the zeitgeist movement may have been very large , but because of it primary reason for existance is also the reason for its failure.

So we have this effect you see.

One in fact Tesla predicted,  maybe the genius of all humans?

[BombaUcigasa]

Add:

4. Remove the capability for the private banks to create base money out-of-thin air when they issue loans on reserves:

http://en.wikipedia.org/wiki/G._Edward_Griffin#The_.22Mandrake_mechanism.22

Of course they may still be able (if not illegal) to write more receipts for deposits, than they have reserves, but they won't actually be able to create base cryptocurrency money, thus bank runs and defaults should be more frequent and self-correcting (as they were in the 1800s on a gold base money with gold certificates as receipts for deposits). The subversion is if the receipts begin trading as currency (e.g. Ripple currency) and are more widely accepted than the cryptocurrency base money, which I guess is what happened near the end-game of the 1800s.


+1

Now you make more sense anonymint.

Ripple is essentially designed for this purpose,  but actually it serves no purpose, where as in an old analog system ripple could actually serve a purpose,  its a paradox of sorts,  it reminds me a little of the zeitgeist paradox I identified.

For example break down the headline just basic support for this movement and you will find a large demographic in post what i would call " post cocommunists baby boomers" , what im trying to state badly is , those generations after the " communist baby boomers" .

So we have these supporters , of the zeitgeist movment , but wait for it :

Without "multidimensional information" ,  a  the zeitgeist movement would not exist,  but also without "multidimensional information"  the zeitgeist movement may have been very large , but because of it primary reason for existance is also the reason for its failure.

So we have this effect you see.

One in fact Tesla predicted,  maybe the genius of all humans?

Everything you wrote here that you think it makes sense ... it doesn't.

[AnonyMint]

When pruning an old block, for which fees have already been paid, the transactions will be included for free in the new block, at the cost of the current effort minus current fees.

How can then the mini-blockchain offer "lower fees" if more effort is needed for the same reward?

The pruned transactions are discarded and not added to new blocks (otherwise how would we shrink the blockchain which is the entire point). The account balance tree retains the necessary information, which is secured by the unpruned (i.e. "eternal") proof chain and a recent history ("sliding window") of transactions.

P.S. The following comments are stuck in moderation queue, so I throw them here in case they never appear there:

http://blog.mpettis.com/2013/10/hidden-debt-must-still-be-repayed/#comment-3203

Indeed it appears the outcome in the USA will be politically decided. If the government is not successful in convincing the broad populace to backstop the $quadrillion of derivatives of the too big to fail banks, then the writedown will be charged mostly to investors. Whereas, if via the growing socialism movement, the populace can be convinced to accept $trillions in bail-ins and $17 trillion in retirement plan nationalizations, then the broad populace will pay for the writedown.

I can cite the official G7 government website plans for the bail-ins which stipulate that writing down trading losses (e.g. derivatives) takes precedence over bondholders and depositors; and the discussion of the $17 trillion retirement nationalization has reached official agency level already. Also I cite references on the well documented theory that Obama refused to allow continuing funding proposals during the recent government shutdown in order to enrage the broad populace and insure the democrats win the Congress in 2014, thus giving them the power to carry out these plans and to raise taxes (“tax the rich” which really means the middle class and small business) significantly. Giving traitor Boemer, the Tea Party has split from the Republican party which is now disintegrating.

Europe is already well along this socialism path as Spain recently added a tax on sunlight and France recently made it illegal to shutdown a company that is unprofitable, thus forcing the company to increase debt perpetually.

Google “Some Iron Laws of Political Economics” to understand why socialism can’t retreat without a Minsky moment chaos.

http://blog.mpettis.com/2013/10/hidden-debt-must-still-be-repayed/#comment-3179

The solution to China’s debt spiral is the same as the solution to utilizing the FX reserves most efficiently by increasing imports– liberalize the economy so decentralized fitness[1] of private investment can provide (investment and employment) opportunities for the home sector and thus consumption to rise. The export and housing sectors are heavily subsidized and pushed to overinvestment (and oversubscription of available resources) by centralized policy and crony ownership.

[1] I’ve explained fitness in terms of simulated annealing and degrees-of-freedom in past blog comments, and a simpler way of visualizing it is that small things grow faster, i.e. selling cold water on a hot day can double or triple capital, yet a billionaire can never do that in a day.

Correct me if I am wrong, but China’s debt spiral hasn’t peaked yet thus adjustment hasn’t begun in context of a Minsky moment that ALWAYS occurs at the peak (i.e. China’s solution to prior debt crisis was not a peak, rather an extension to enable debt to continue to grow). China can’t make such a drastic shift without chaos (i.e. a transfer from crony sector to write-down the debt), and chaos won’t be accepted willingly. So will China slow grind while increasing debt perpetually as Japan did for 23 years, or will it have a Minsky moment sooner forcing it into chaotic adjustment? I would love to see an article that explored the differences between Japan and China towards understanding the factors. Japan can’t continue to increase debt forever, thus a Minsky moment must eventually occur.

I again take issue with Michael’s repeated contention that the USA has adjusted. The banks have not been recapitalized because they are sitting on a $quadrillion of derivatives that are going to blow up ostensibly when Europe, China or Japan does. It was the default of Rothschilds’ small bank in Austria that set off the contagion of World War 1, so it may not even require one of the major economies to blow up. Debt continues to increase globally and the USA is no exception.

Michael, how do 300+% debt-to-GDP levels (with a $quadrillion of credit swap derivatives as the enabler) for the entire world resolve in historically. Every one with a noodle should understand there is going to be massive chaos ahead and there is no solution that can avoid that Minsky moment. What am I missing that causes you to think the USA has adjusted or recapitalized? The socialism and debt is increasing everywhere, no write-downs or peaks have been achieved except perhaps in Iceland.

P.S. Michael thanks for clarifying that you desire comments. I was contemplating if you had turned them off intentionally.

[digitalindustry]

Add:

4. Remove the capability for the private banks to create base money out-of-thin air when they issue loans on reserves:

http://en.wikipedia.org/wiki/G._Edward_Griffin#The_.22Mandrake_mechanism.22

Of course they may still be able (if not illegal) to write more receipts for deposits, than they have reserves, but they won't actually be able to create base cryptocurrency money, thus bank runs and defaults should be more frequent and self-correcting (as they were in the 1800s on a gold base money with gold certificates as receipts for deposits). The subversion is if the receipts begin trading as currency (e.g. Ripple currency) and are more widely accepted than the cryptocurrency base money, which I guess is what happened near the end-game of the 1800s.


+1

Now you make more sense anonymint.

Ripple is essentially designed for this purpose,  but actually it serves no purpose, where as in an old analog system ripple could actually serve a purpose,  its a paradox of sorts,  it reminds me a little of the zeitgeist paradox I identified.

For example break down the headline just basic support for this movement and you will find a large demographic in post what i would call " post cocommunists baby boomers" , what im trying to state badly is , those generations after the " communist baby boomers" .

So we have these supporters , of the zeitgeist movment , but wait for it :

Without "multidimensional information" ,  a  the zeitgeist movement would not exist,  but also without "multidimensional information"  the zeitgeist movement may have been very large , but because of it primary reason for existance is also the reason for its failure.

So we have this effect you see.

One in fact Tesla predicted,  maybe the genius of all humans?

Everything you wrote here that you think it makes sense ... it doesn't.

Thats a relief,

  I was starting to think over it and feel it made perfect sense.

[digitalindustry]

When pruning an old block, for which fees have already been paid, the transactions will be included for free in the new block, at the cost of the current effort minus current fees.

How can then the mini-blockchain offer "lower fees" if more effort is needed for the same reward?

The pruned transactions are discarded and not added to new blocks (otherwise how would we shrink the blockchain which is the entire point). The account balance tree retains the necessary information, which is secured by the unpruned (i.e. "eternal") proof chain and a recent history ("sliding window") of transactions.

P.S. The following comments are stuck in moderation queue, so I throw them here in case they never appear there:

http://blog.mpettis.com/2013/10/hidden-debt-must-still-be-repayed/#comment-3203

Indeed it appears the outcome in the USA will be politically decided. If the government is not successful in convincing the broad populace to backstop the $quadrillion of derivatives of the too big to fail banks, then the writedown will be charged mostly to investors. Whereas, if via the growing socialism movement, the populace can be convinced to accept $trillions in bail-ins and $17 trillion in retirement plan nationalizations, then the broad populace will pay for the writedown.

I can cite the official G7 government website plans for the bail-ins which stipulate that writing down trading losses (e.g. derivatives) takes precedence over bondholders and depositors; and the discussion of the $17 trillion retirement nationalization has reached official agency level already. Also I cite references on the well documented theory that Obama refused to allow continuing funding proposals during the recent government shutdown in order to enrage the broad populace and insure the democrats win the Congress in 2014, thus giving them the power to carry out these plans and to raise taxes (“tax the rich” which really means the middle class and small business) significantly. Giving traitor Boemer, the Tea Party has split from the Republican party which is now disintegrating.

Europe is already well along this socialism path as Spain recently added a tax on sunlight and France recently made it illegal to shutdown a company that is unprofitable, thus forcing the company to increase debt perpetually.

Google “Some Iron Laws of Political Economics” to understand why socialism can’t retreat without a Minsky moment chaos.

http://blog.mpettis.com/2013/10/hidden-debt-must-still-be-repayed/#comment-3179

The solution to China’s debt spiral is the same as the solution to utilizing the FX reserves most efficiently by increasing imports– liberalize the economy so decentralized fitness[1] of private investment can provide (investment and employment) opportunities for the home sector and thus consumption to rise. The export and housing sectors are heavily subsidized and pushed to overinvestment (and oversubscription of available resources) by centralized policy and crony ownership.

[1] I’ve explained fitness in terms of simulated annealing and degrees-of-freedom in past blog comments, and a simpler way of visualizing it is that small things grow faster, i.e. selling cold water on a hot day can double or triple capital, yet a billionaire can never do that in a day.

Correct me if I am wrong, but China’s debt spiral hasn’t peaked yet thus adjustment hasn’t begun in context of a Minsky moment that ALWAYS occurs at the peak (i.e. China’s solution to prior debt crisis was not a peak, rather an extension to enable debt to continue to grow). China can’t make such a drastic shift without chaos (i.e. a transfer from crony sector to write-down the debt), and chaos won’t be accepted willingly. So will China slow grind while increasing debt perpetually as Japan did for 23 years, or will it have a Minsky moment sooner forcing it into chaotic adjustment? I would love to see an article that explored the differences between Japan and China towards understanding the factors. Japan can’t continue to increase debt forever, thus a Minsky moment must eventually occur.

I again take issue with Michael’s repeated contention that the USA has adjusted. The banks have not been recapitalized because they are sitting on a $quadrillion of derivatives that are going to blow up ostensibly when Europe, China or Japan does. It was the default of Rothschilds’ small bank in Austria that set off the contagion of World War 1, so it may not even require one of the major economies to blow up. Debt continues to increase globally and the USA is no exception.

Michael, how do 300+% debt-to-GDP levels (with a $quadrillion of credit swap derivatives as the enabler) for the entire world resolve in historically. Every one with a noodle should understand there is going to be massive chaos ahead and there is no solution that can avoid that Minsky moment. What am I missing that causes you to think the USA has adjusted or recapitalized? The socialism and debt is increasing everywhere, no write-downs or peaks have been achieved except perhaps in Iceland.

P.S. Michael thanks for clarifying that you desire comments. I was contemplating if you had turned them off intentionally.

Because you are coming to understand the debt=currency relationships,  debt continues to rise labor becomes redundant,  its similar in degrees to crypto difficulty,  will labor continue as incentives approach 0.

[gatra]

if I disconnected for a week (or whatever the length of the minichain), then when I connect i have to download a full new chain. If I'm shown more than one by different nodes, which one do I choose? the one with more work? what if the diff went down? I could end up downloading an old chain...

[AnonyMint]

if I disconnected for a week (or whatever the length of the minichain), then when I connect i have to download a full new chain. If I'm shown more than one by different nodes, which one do I choose? the one with more work?

Yes you trust the proof chain that has more difficulty. The proof chain is much more compact than Bitcoin's complete history of all transactions.

If there is a (50+%, thus not likely) secret chain attack, then you need to refer to more complete history of transactions saved by the community.

what if the diff went down? I could end up downloading an old chain...

What is the "diff"? What do you mean "old chain"?

[gatra]

What is the "diff"? What do you mean "old chain"?

By diff I mean the difficulty. Imagine this scenario:
Let's the minichain has 1 week worth of blocks. In week 1, network difficulty was set to a number which we'll call d1. And nodes A and B are connected during week 1 and then disconnect.
During week 2, nodes A and B are not connected. Also, for some reason some nodes disconnect too (let's say week 2 is vacations in Silicon Valley, this is not crazy, bitcoin difficulty has a trend of going up but sometimes it oscilates a bit), making the difficulty of week 2 go down. So d2 < d1.
Now, when nodes A and B connect to the network on week 3, they have a minichain of week 1 (the "old chain") which has more work, more difficulty, than the rest of the network which has ONLY the blocks of week 2. If nodes A and B see each other they will fork, not accepting the good minichain.
So you can't choose based on difficulty. But you can't choose based on timestamp, because those are easy to forge. You must do some combination when deciding which is the valid minichain.

Also, and worst, if I want to create a fake minichain for attacking, I could spend months or even a couple of years creating the minichain of one week. A hardcoded genesis block prevents this, and forces me to start from a fixed point, but new blocks are added to the end of the valid chain all the time. If you don't have this, a 50% attack can create a minichain in 1 week, but a 25% attack could create one in 2 weeks, and so on, a 6.25% attack could create a whole fake minichain in 2 months.


I like the idea, I'm just pointing out that there are many things to have in mind and it may be tricky to make it work.

[bitfreak!]

Now, when nodes A and B connect to the network on week 3, they have a minichain of week 1 (the "old chain") which has more work, more difficulty, than the rest of the network which has ONLY the blocks of week 2. If nodes A and B see each other they will fork, not accepting the good minichain.

The entire "chain" can be thought of as the proof chain + the mini-blockchain. What you seem to be forgetting here is the proof chain. The first thing nodes A and B will do is update their proof chain (every node has a full copy of the proof chain because it's tiny), and it's the proof chain which is used to calculate the cumulative difficulty of the entire chain.

[gatra]

oh, I get it, you're right
It's interesting, but I still don't completely understand how everything fits together, I need to read the pdf a couple of times...

[bitfreak!]

Initially I disliked the idea of Bitcoin's fixed supply but I think with a slight tweak it could be the best solution. We want to have something which will act as a solid currency, encouraging people to spend their wealth but without penalizing them for saving as seems to be the case with Freicoin. We also want to avoid the problem of deflation from lost coins (government seizers, death of hoarders without wills, lost keys and mistaken transfers). Bitfreak suggested somewhere that coins in unused accounts should be removed and remind after some lengthy period of time (something like 100 years) just to avoid long term deflation but I see doing this on a smaller time scale as being beneficial in other ways.

The problem is, can you achieve a currency which encourages people to spend their money with a mechanism other than debasement or something similar to it? I can agree with the basic idea that debasement is potentially desirable if it's used to keep the value of the currency stable, but I cannot agree if it's used to steal value from the currency over time. But the fundamental problem is designing the debasement mechanism in such a way that is keeps the value of the currency stable. First of all what are we measuring the "value" of the coin against, what is its value relative to, and how can we ensure that the thing it is pegged to is also stable. There simply is no way in my mind for how that can be achieved in a satisfactory manner, the only logical solution imo is a floating coin with a value determined by the free market and a stable currency supply which doesn't increase or decrease perpetually (which can be achieved by re-mining lost coins).

I'd propose that transactions should have a set fee based on percentage; what exactly I think is debatable but I'd say 1%.

One of the great things about Bitcoin, and one of the things which really encourages me to send international payments using bitcoin, is that I'm basically only paying for the bandwidth of my transaction, I'm not paying some disproportionate fee which has nothing to do with the cost of sending the transaction. Having a percent based fee takes away that incentive and forces people to pay fees which are completely unrelated to the bandwidth cost of sending the transaction. So it's something I don't think is a great idea.

[bitfreak!]

I need to read the pdf a couple of times...

Read the project wiki, the white-paper is quite out-dated now.

[AnonyMint]

The problem is, can you achieve a currency which encourages people to spend their money with a mechanism other than debasement or something similar to it?

People can't even be encouraged to spend with debasement. Either the value is rising, or a rational person will convert the currency for an asset that is rising in value.

You are conflating currency with asset AGAIN. I pointed that out to you upthread.

Bitcoin as an asset is rising in value, even while its debasement is a horrific 11% currently. Debasement neither causes the price to fall, nor does it correlate with the value of an asset.

You confuse things which are not directly proportional mathematically, because you forget the Quantity Theory of Money equation:

M x V = P x Q ≈ GDP

P (price) of goods and services doesn't necessarily increase (i.e. drop in value of the currency) in the above equation when M (money supply) increases, because the production Q can increase and/or the V (velocity) can decrease. In addition to those variables for a currency, for an asset such as Bitcoin, the demand can also be increasing faster than M.

I can agree with the basic idea that debasement is potentially desirable if it's used to keep the value of the currency stable,

What you agree to is irrelevant. It is what the community wants that is relevant, and polls I ran showed clearly the community understands debasement is desirable.

Stability is nonsense, as the price is set by the market.

The purpose of perpetual debasement is to fund mining. Funding mining from tx fees will lead to cartelization of Bitcoin (because the cartels such Amazon.com can siphon all txs to themselves by offering 0 tx fees or tx fee refunds) as I explained upthread, which means you will completely lose control of the debasement and be right back to an elite controlled money supply (which is precisely where Bitcoin is headed 2033 and I even believe it was designed that way by the NSA, and Satoshi was not one person).

The other purpose of perpetual debasement is that as I explained mathematically upthread, society will ALWAYS require it via their use of debt. And thus if you don't have it, society will replace your coin (via wars if necessary).

A tertiary purpose of debasement is that mining is the only way to get virgin coins, which are not tainted by previous illegal activities on the existing coins in the public ledger.  

http://www.nestmann.com/civil-forfeiture-of-cash-it-could-happen-to-you

Proving that your cash is connected to a crime is surprisingly easy to demonstrate. That's because 97% or more of cash circulating today contains tiny concentrations of narcotics residues—primarily cocaine. All police need to do is to bring in a drug-sniffing dog to inspect the cash.  If the dog alerts, police seize the cash. And, under civil forfeiture rules, it's up to you to prove that the cash has a legitimate origin.

Consider the case of Emiliano Gomez Gonzolez. During a traffic stop, Nebraska state troopers asked Gonzolez for permission to search his vehicle. During the search, the troopers found bundles of currency totaling $124,700. Based on a dog sniff, police seized all the money.

Gonzolez contested the forfeiture in court. Prosecutors neither convicted nor accused Gomez or any of the other owners of the seized cash of any crime. Nor did police find any drugs, drug paraphernalia, or drug records connected to the cash. Despite these facts, a federal appeals court upheld the confiscation of every dollar found in the vehicle.

In thousands of cases across the United States each year, police follow the same pattern. In a search of someone's home or vehicle, they discover a significant quantity of cash. They then bring in a dog to sniff the cash for the presence of drug residues. The dog alerts virtually 100% of the time. This supposedly gives police probable cause to seize the cash under state or federal civil forfeiture laws.

Owners of property subject to civil forfeiture find themselves in an Alice-in-Wonderland legal landscape where the property seized is accused of a crime, rather than the owner. The owners must follow obscure rules that originate in Admiralty law, with which most attorneys aren't familiar. Under these rules, the seized property is presumed guilty, and it's up to its owner to demonstrate that the property is innocent. (Yes, it's bizarre, but it's the law!)

but I cannot agree if it's used to steal value from the currency over time.

Sorry but I will tell you frankly, this demonstrates low IQ thought process. Your IQ must not be above 120 (or you are not trying to think).

A small 3 - 5% (similar to the natural rate for gold) debasement doesn't steal.

1. It funds the damn coin mining, so your coins are not destroyed by a cartel.

2. How can it steal when the debasement doesn't drive the price? A healthy coin gets more demand and thus a higher price.

That stupid, hard-headed, goldbug nonsense has to go!

But the fundamental problem is designing the debasement mechanism in such a way that is keeps the value of the currency stable. First of all what are we measuring the "value" of the coin against, what is its value relative to, and how can we ensure that the thing it is pegged to is also stable. There simply is no way in my mind for how that can be achieved in a satisfactory manner, the only logical solution imo is a floating coin with a value determined by the free market and a stable currency supply which doesn't increase or decrease perpetually (which can be achieved by re-mining lost coins).

No shit Sherlock. What do you expect for raising such a stupid idea.

Stability is a non-existent thing in nature. Nature is relative and dynamic. I will once again suggest reading about what scientists know about what the Universe is made of (in short everything is relative, there is no invariant point of stability in the universe):

http://unheresy.com/The%20Universe.html

I am sorry, but I am so sick of dealing with low IQ nonsense when the person habitually repeats it without refuting the points that have been made already upthread showing that it is nonsense.

I'd propose that transactions should have a set fee based on percentage; what exactly I think is debatable but I'd say 1%.

One of the great things about Bitcoin, and one of the things which really encourages me to send international payments using bitcoin, is that I'm basically only paying for the bandwidth of my transaction, I'm not paying some disproportionate fee which has nothing to do with the cost of sending the transaction. Having a percent based fee takes away that incentive and forces people to pay fees which are completely unrelated to the bandwidth cost of sending the transaction. So it's something I don't think is a great idea.

Agreed 1% is too high. There needs to be a tx fee, else (non-cartel) miners are not incentivized to include transactions in blocks. But 1% is ridiculous. 0.01% is probably enough.

A set tx fee would help to simplify wallet clients and be sure your transaction is accepted in the next block.

[digitalindustry]

The problem is, can you achieve a currency which encourages people to spend their money with a mechanism other than debasement or something similar to it?

People can't even be encouraged to spend with debasement. Either the value is rising, or a rational person will convert the currency for an asset that is rising in value.

You are conflating currency with asset AGAIN. I pointed that out to you upthread.

Bitcoin as an asset is rising in value, even while its debasement is a horrific 11% currently. Debasement neither causes the price to fall, nor does it correlate with the value of an asset.

You confuse things which are not directly proportional mathematically, because you forget the Quantity Theory of Money equation:

M x V = P x Q ≈ GDP

P (price) of goods and services doesn't necessarily increase (i.e. drop in value of the currency) in the above equation when M (money supply) increases, because the production Q can increase and/or the V (velocity) can decrease. In addition to those variables for a currency, for an asset such as Bitcoin, the demand can also be increasing faster than M.

I can agree with the basic idea that debasement is potentially desirable if it's used to keep the value of the currency stable,

What you agree to is irrelevant. It is what the community wants that is relevant, and polls I ran showed clearly the community understands debasement is desirable.

Stability is nonsense, as the price is set by the market.

The purpose of perpetual debasement is to fund mining. Funding mining from tx fees will lead to cartelization of Bitcoin (because the cartels such Amazon.com can siphon all txs to themselves by offering 0 tx fees or tx fee refunds) as I explained upthread, which means you will completely lose control of the debasement and be right back to an elite controlled money supply (which is precisely where Bitcoin is headed 2033 and I even believe it was designed that way by the NSA, and Satoshi was not one person).

The other purpose of perpetual debasement is that as I explained mathematically upthread, society will ALWAYS require it via their use of debt. And thus if you don't have it, society will replace your coin (via wars if necessary).

A tertiary purpose of debasement is that mining is the only way to get virgin coins, which are not tainted by previous illegal activities on the existing coins in the public ledger.  

http://www.nestmann.com/civil-forfeiture-of-cash-it-could-happen-to-you

Proving that your cash is connected to a crime is surprisingly easy to demonstrate. That's because 97% or more of cash circulating today contains tiny concentrations of narcotics residues—primarily cocaine. All police need to do is to bring in a drug-sniffing dog to inspect the cash.  If the dog alerts, police seize the cash. And, under civil forfeiture rules, it's up to you to prove that the cash has a legitimate origin.

Consider the case of Emiliano Gomez Gonzolez. During a traffic stop, Nebraska state troopers asked Gonzolez for permission to search his vehicle. During the search, the troopers found bundles of currency totaling $124,700. Based on a dog sniff, police seized all the money.

Gonzolez contested the forfeiture in court. Prosecutors neither convicted nor accused Gomez or any of the other owners of the seized cash of any crime. Nor did police find any drugs, drug paraphernalia, or drug records connected to the cash. Despite these facts, a federal appeals court upheld the confiscation of every dollar found in the vehicle.

In thousands of cases across the United States each year, police follow the same pattern. In a search of someone's home or vehicle, they discover a significant quantity of cash. They then bring in a dog to sniff the cash for the presence of drug residues. The dog alerts virtually 100% of the time. This supposedly gives police probable cause to seize the cash under state or federal civil forfeiture laws.

Owners of property subject to civil forfeiture find themselves in an Alice-in-Wonderland legal landscape where the property seized is accused of a crime, rather than the owner. The owners must follow obscure rules that originate in Admiralty law, with which most attorneys aren't familiar. Under these rules, the seized property is presumed guilty, and it's up to its owner to demonstrate that the property is innocent. (Yes, it's bizarre, but it's the law!)

but I cannot agree if it's used to steal value from the currency over time.

Sorry but I will tell you frankly, this demonstrates low IQ thought process. Your IQ must not be above 120 (or you are not trying to think).

A small 3 - 5% (similar to the natural rate for gold) debasement doesn't steal.

1. It funds the damn coin mining, so your coins are not destroyed by a cartel.

2. How can it steal when the debasement doesn't drive the price? A healthy coin gets more demand and thus a higher price.

That stupid, hard-headed, goldbug nonsense has to go!

But the fundamental problem is designing the debasement mechanism in such a way that is keeps the value of the currency stable. First of all what are we measuring the "value" of the coin against, what is its value relative to, and how can we ensure that the thing it is pegged to is also stable. There simply is no way in my mind for how that can be achieved in a satisfactory manner, the only logical solution imo is a floating coin with a value determined by the free market and a stable currency supply which doesn't increase or decrease perpetually (which can be achieved by re-mining lost coins).

No shit Sherlock. What do you expect for raising such a stupid idea.

Stability is a non-existent thing in nature. Nature is relative and dynamic. I will once again suggest reading about what scientists know about what the Universe is made of (in short everything is relative, there is no invariant point of stability in the universe):

http://unheresy.com/The%20Universe.html

I am sorry, but I am so sick of dealing with low IQ nonsense when the person habitually repeats it without refuting the points that have been made already upthread showing that it is nonsense.

I'd propose that transactions should have a set fee based on percentage; what exactly I think is debatable but I'd say 1%.

One of the great things about Bitcoin, and one of the things which really encourages me to send international payments using bitcoin, is that I'm basically only paying for the bandwidth of my transaction, I'm not paying some disproportionate fee which has nothing to do with the cost of sending the transaction. Having a percent based fee takes away that incentive and forces people to pay fees which are completely unrelated to the bandwidth cost of sending the transaction. So it's something I don't think is a great idea.

Agreed 1% is too high. There needs to be a tx fee, else (non-cartel) miners are not incentivized to include transactions in blocks. But 1% is ridiculous. 0.01% is probably enough.

A set tx fee would help to simplify wallet clients and be sure your transaction is accepted in the next block.

Dam Anonymint,  did you miss a prescription?

You probably could stop calling people low IQ ,.... wait for it....

If your elevated IQ statment regarding the relativity of all things in nature is true, then surely IQ comes under this broad umbrella,  and you are not only contradictory in comment , but owe Bit freak an apology.

To your " fee's siphoned back to create monopoly,  and it was all done by the NSA" narrative.  

Well I have to credit you with the idea,  but unfortunately the decentralized nature of consensus based information systems is just one of the stumbling blocks.

Another is that inequities in this system ( once widespread) ( that is to say labor is expended primarily for say BTC), well , said inequalities would more than likely cause the quick and immediate destruction,  reconstruction or parallelism,  of  of the system and/or another system.

So while I wouldn't write off your statments, and well I suppose you could be right, but this means that the NSA,  had zero foresight to understand the nature of future information systems.

Look upon TV ratings,  and tell me such future.

{ although I will concede I just recently pictured many a happy TV watcher lining upmfor a palm print to transact BTC without knowing who was recording the palm print and where the information was going,  on this net connected device }

so you know...

But please to be nice cost 0 BTC or NSAcoin or even USD.

[AnonyMint]

I'd propose that transactions should have a set fee based on percentage; what exactly I think is debatable but I'd say 1%.

One of the great things about Bitcoin, and one of the things which really encourages me to send international payments using bitcoin, is that I'm basically only paying for the bandwidth of my transaction, I'm not paying some disproportionate fee which has nothing to do with the cost of sending the transaction. Having a percent based fee takes away that incentive and forces people to pay fees which are completely unrelated to the bandwidth cost of sending the transaction. So it's something I don't think is a great idea.

Agreed 1% is too high. There needs to be a tx fee, else (non-cartel) miners are not incentivized to include transactions in blocks. But 1% is ridiculous. 0.01% is probably enough.

A set tx fee would help to simplify wallet clients and be sure your transaction is accepted in the next block.

A percentage fee even if small is not as good as a small fee in coin units, because the cost for the network per transaction shouldn't vary by the value of the transaction, we don't want miners to ignore lower value transactions, and we want to disincentivize dust transactions.

Data transfer costs are below 10 cents per GB, thus even if each transaction causes 1MB in total network load, cost should be roughly 1/100 of a cent. If we expect the coin to ultimately be worth more than $1000, 1/10 millionth of the coin unit is a sufficient tx fee. Perhaps 1 millionth is better to allow some margin for increased network load and/or lower value of the coin.

Dam Anonymint,  did you miss a prescription?

You probably could stop calling people low IQ ,.... wait for it....

No. I am just tired of reading his repeated "debasement is stealing" illogic. Both Etlase2 and I have already refuted that upthread.

If your elevated IQ statment regarding the relativity of all things in nature is true, then surely IQ comes under this broad umbrella,

Of course single IQ measure of "g" can't measure the value of differing perspectives. But that is not the situation here. He is just wrong. The math is unarguable.

 and you are not only contradictory in comment , but owe Bit freak an apology.

No he owes me an apology for wasting my time with that nonsense. Else he can refute what I and Etlase2 already explained.

To your " fee's siphoned back to create monopoly,  and it was all done by the NSA" narrative.

Satoshi even admitted it. He predicted the mining would be done by large corporations in the future.  

Well I have to credit you with the idea,  but unfortunately the decentralized nature of consensus based information systems is just one of the stumbling blocks.

Another is that inequities in this system ( once widespread) ( that is to say labor is expended primarily for say BTC), well , said inequalities would more than likely cause the quick and immediate destruction,  reconstruction or parallelism,  of  of the system and/or another system.

So while I wouldn't write off your statments, and well I suppose you could be right, but this means that the NSA,  had zero foresight to understand the nature of future information systems.

Currencies are more long-lived than operating system monopolies, e.g. Windoze-- winner takes all and it is nearly impossible to unseat the currency that everyone else is already using, e.g. the dollar.

We have one chance to put a decentralized currency in place of the dollar, then the masses won't be interested in switching again, because the compelling differences won't exist for them any more.

[digitalindustry]

"Currencies are more long-lived than operating system monopolies, e.g. Windoze-- winner takes all and it is nearly impossible to unseat the currency that everyone else is already using, e.g. the dollar.

We have one chance to put a decentralized currency in place of the dollar, then the masses won't be interested in switching again, because the compelling differences won't exist for them any more."



Ok let me break this down:

1. People will stop watching TV.

2. People will become less retarded.

3. People HAVE stopped watching TV.

4. People HAVE become less retarded.

{see the trend here.}

5. TV is a single directional form of information, a system of control.

6. now add ({Poverty}) to the equation lets call that ({P})

7. We have better (generally and it only has to be a little bit ) educated people receiving multiple point of information {sending and receiving} {similar to a blockchain} lets call these people ({ME}) Multipoint Educated.

8 ME + P = BitFail.

But !

did we think of

9. ME + E = "What the fuck are we doing"

Where ({E}) means the Epiphany of agencies and governments that at a point, they figure out its easier not to try to control people on mass ({ME}), but to instead work with them.

10. Because on a competitive stage -  {ME + P = BitFail}  isn't very productive , so if i'm Joe USA running {ME + P = BitFail} , and Jack Europe is running {ME + E = "What the fuck are we doing"} and related solutions, who's society is going to move forward and who's society is going to descend into so sort of neo - Communism/Police state.

11. Police states are notably inefficient, (wait don't bring up Germany, think it though first..)

12. So humanity only needs one rational actor  , where by we can measure our success and failure , that rational actor seems to be the Russian Federation as they move towards freedom , not oppression  look at RT look at the free comments system , the success of this system, the rise of popularity do you believe this went unnoticed ?  

Summary:

Freedom works , and free markets work, and they tend to be the most system efficient thing we have, so generally if competition exists markets will tend towards a freer system.

I expect the Leaders of the Russian federation understand this, maybe they are just waiting for their friends to catch up ?  
no one is perfect, and its a fine line of course.



** Where "BitFail" is the attempt to control a mass of ({ME}) people without violence , as violence is a failure in its self , and thus may lead to that .

*** In the past becasue all information was controlled and directed (hopefully you agree) when ({P}) occurred , often so did a War , this was usually becasue the result of ({P}) could be directed by the control system to any convenient outlet.

**** you can see some of ({ME + E = "What the fuck are we doing"}) in the recent "Snowden" and etc affairs, instead of looking negatively upon these things , one has to say these are positives ....

I don't want to get long winded here , but :

along the way to its ultimate failure as a system of control , there would need to be a transition , you see where at a point {think like a fluid} the TV system would have to "take on" ideas' from the ({ME}) so you see as multidimensional information competes with the control of information - the control system as its failing has to "adapt" to the continuing new situations, this "adaption" is a net positive .

becasue you see the glass the TV its self is of course not the problem its only the source of the information, so the Control system is constantly faced with an IF OR type situation ,

IF we ignore it what happens?

OR we have to try to "Spin" it.

it would take a lot of energy its quite an inefficient way to have to deal with information.

with "Snowden" etc, the Control System for the most part OR and tried to spin , which is a positive becasue it shows further integration.  

whereas you see in the past maybe the affair might have been "Deleted" .

[digitalindustry]

Of course if you read the news and many story's...

based on my above hypothesis, the USA looks like its failing or say may be a  "Failed State"

the seemingly rising Police violence etc, but I tend to take some of it with a grain of salt as I have to look (again) at the sources of that information.   

the USA has a bad corruption problem, but many rational actors inside.

[AnonyMint]

digitalindustry,

Nothing has changed with human nature and human failings. I stand by my statement that we get only one chance to make the digital currency for the world. Once the masses have adopted one, there won't be a chance to change it any more. Heck we already can't hard fork Bitcoin, because of the vested interests of the pools.

You simply don't understand that people don't change from the money that everyone else is accepting, unless the money they are using fails. We get one chance to change from the dollar (and Euro, etc), because all the governments of the world are bankrupt and they will be hunting down all the money and stealing it to pay for the socialism which is growing everywhere (including Russia which is corrupt as hell and bankrupt). And the EU is corrupt as hell too and bankrupt. Ditto China. Here is a page for you to read:

http://blog.mpettis.com/2013/10/hidden-debt-must-still-be-repayed/#comment-3179

P.S. I don't want to continue to argue this. I want to keep my comments focus on the technical points of the design of an altcoin which can replace Bitcoin.

[digitalindustry]

Agreed , I'll agree to disagree at this point .

I agree the blockchain issue needs focus..

[AnonyMint]

http://blog.mpettis.com/2013/10/hidden-debt-must-still-be-repayed/#comment-3544

Mancur Olsen's generative algorithm says that democracy ALWAYS individualizes the benefits (incentives for voters) and socialize the costs (debt). And debt is always future taxation.

Democracy is a power vacuum, which sucks in vested interests. The only possible way I can see to change this is to eliminate the ability of government to tax and spend. This is why I am a minanarchist (not anarchy). I think possibly (not certain) Bitcoin (or a replacement) might have the potential to restore some balance between private ownership of wealth and government's power to use force to tax.

==============================

http://blog.mpettis.com/2013/10/hidden-debt-must-still-be-repayed/#comment-3546

Panics in the 1800s were due to the private banks writing fractional receipts for gold on deposit, thus expanding debt and monetary velocity, until individual bank runs would reveal the insolvency of fractional receipts thus causing frequent corrections to the overexpansion of debt.

In the 1900s, we replaced this with centrally controlled fractional reserves, which has enabled the global system to run to extremely insane levels of debt without frequent correction. And this is going to end in a scorched earth.

There is no solution as documented in my upthread comment with link to Mancur Olsen's analysis. Decentralized currencies such as Bitcoin have the potential to bring us back to the 1800s with more frequent corrections, by restoring the balance-of-power between socialists and private enterprise. As a minanarchist, I would prefer that, but today the world is dominated by socialists and they will not like it. So there is fight coming. Sorry to say. I wish it wasn't so.

[AnonyMint]

Read in context at following link:

http://blog.mpettis.com/2013/10/hidden-debt-must-still-be-repayed/#comment-3549

============================

Guys thank you for both pointing out quite eloquently that the world has turned socialist, thus the "far-left" is now the "center-right". For me as a minanarchist (subset of Libertarian), any redistribution plan is "left" relative to a historical baseline. If the entire population is left, then I have to wait for them to kill themselves as leftists always do, so then the true "center-right" is restored after that.

They always kill themselves because they don't understand the basic premise of economics, which is that small things grow faster, thus any form of central planning is waste and bankruptcy, but not until after the socialists do everything they can do to disallow bankruptcy including gestapos, rationing, etc. I want to refer you to some specific comments I already made on this page, which go into more detailed explanation:

1800s vs. 1900s vs. 2000s coming

failure of centralized investment

why smaller things grow faster

illogic of collective central planning

The reason insurance is always failure is because it pools investments and the investments are thus centrally planned.

Sorry to you socialists but I remain a minanarchist because history has always repeated. The socialists get blinded by a recent 50 - 80 years, so then they drive over the cliff as they always do. How many genocides, dark ages, and massive economic implosions from history do you need me to cite and relate to the socialism that caused them. Of course the socialists will invent other causation theories. C'est la vie!

Since I am the only minanarchist here and since I think Dr. Pettis wants to hear from all sides, I hope you all understand why I have so many comments on this page, because I am the only person speaking from the other side on this page. Yes we are far outnumbered by the socialists, and that is why we need an anonymous weapon to survive the outcome of socialism, such as Bitcoin as I have suggested as a possibility (not certain).

[AnonyMint]

Read in context at following link:

http://blog.mpettis.com/2013/10/hidden-debt-must-still-be-repayed/#comment-3551

============================

very common to hear that government debt doesn’t matter if its denominated in by a currency issuer because the central bank can print as much as it wants to pay the bills

It is more or less garbage...

Prof. Pettis, are you refuting Paul Krugman's recent article where he wrote as quoted below?

terror of a debt crisis that keeps not happening, and, in fact, can’t happen to a country like the United States, which has its own currency and borrows in that currency. Yet the scaremongers can’t bring themselves to let go...

...He and his friends have been wrong about everything so far, and they literally have no idea what they’re talking about.

Krugman displays a debt-to-GDP chart which is extremely misleading because total debt ratio for the UK is over 500%! Additionally we know most of the western government unfunded liabilities are hiding off balance sheet.

Or here where Krugman misleadingly argues that Spain's 25% unemployment is due to not enough debt spending, when others of us believe the unemployment is structural for as long as socialism (and the requisite shared Euro currency) has stymied Spanish competitiveness.

The socialist Krugman appears to argue every problem can be smoothed (on the way to resolution) with Keynesian debt spending.

Krugman even thinks the drop in world trade growth has something to do with container ships and tariffs, and I guess he failed to realize there is trade in services and that lower international trade means lower economic growth (except short-term where the debt is rushing into unsaturated debt markets of the newly emerging countries, such as the Philippines which is growing faster than any other country in the world, if discounting China's GDP growth as a fabrication).

P.S. Hope you saw Krugman's blog post on the Chinese and Middle Easterners parking their (crony ill-gotten) cash in London flats. The G20 socialism cooperation will be going after all this wealth, some of it justifiably so, but unfortunately I postulate the honest upper middle-class small businessmen will get razed too, which will worsen the postulated future implosion.

[digitalindustry]

I need to read the pdf a couple of times...

Read the project wiki, the white-paper is quite out-dated now.

Im reading it now , why has it not been put forward to a test ?

Seems the only things left to do relate to  testing weaknesses.

Devs should be lining up. ?

[AnonyMint]

Monetary Darwinism. Listen to Daniel Krawisz at around the 34 min point:

http://letstalkbitcoin.com/e53-monetary-darwinism/#.UnmHJ3CBmfY

[digitalindustry]

Hope bitfreak! is still here lol

[AnonyMint]

The Problem with Altcoins.

[DAN444]

AnonyMint
I recently discovered your posts.
I find them very interesting and informative.
Thank you.

You once wrote that if government pays for everything, family doesnt matter much.
The collapse of former Soviet union seems to prove the contrary.
Are you familliar with Dmitry Orlov's book?
Orlov holds that the Soviet Union hit a “soft crash” because centralized planning, housing, agriculture, and transportation left an infrastructure private citizens could co-opt so that no one had to pay rent or go homeless and people showed up for work, even when they were not paid. He writes that Orlov believes the U.S. will have a hard crash, more like Germany’s Weimar Republic of the 1920s.
http://fora.tv/2009/02/13/Dmitry_Orlov_Social_Collapse_Best_Practices
(at 33 min)
Regards

[denisps]

I really like this Mini-Blockchain concept. The potential is limitless. I was thinking about the concept and want to share some of the ideas I came up with.

If instead of defining the accounts by single public key, we allow multiple public keys and a number that represents the number of signatures required we can create a whole set of account types without any scripts.
Let's say first we store a byte, first 4 bits of which represent the number of keys in the account and the next 4 bits represent the number of signatures required, then the following table will show what kinds of accounts that could potentially define:

Keys	Signatures	Account Type
1	1	Regular
2+	1	Joined
2+	Keys	Mutual Agreement
3	2	Escrow

There are more values that I can define which could just be used as constants to represent additional account types like trust fund and the like.

So for escrow, you could just send the money to the 2of3 address and when the other party fulfill or not fulfill the terms, that you can specify in the memo, they or you can create a transaction, sing it and send it to the other party or the escrow for the other required signature. In most cases, the escrow wouldn't even have to get involved.

Now, how nice would it be to have a trust account without relying on a trustee.

I also thought to share the addresses not as set of public keys, but as hash of the set. It would save a lot of space and simplify the database structure, but that might potentially compromise the security in case of hash collision because optional public keys could make a lot of room for nonce data. Unless the address itself is signed by each of the keys used which would validate each key. And considering that key generation is slow, especially combined with hashing the security will be intact.

The other idea is:
Instead of using a separate data structure to save all the balances of all the accounts and synchronize every version of it with the network.
Miners could just list all the affected account/balance pairs from the current block and all the account/balance pairs that weren't mentioned since the discarded block in the current block.

I came up with it as I still can't wrap my head around how would miners be able to get all the historical versions of the account tree to validate it's accuracy in every point in time.

[coloredcoin]

I will play a coloredcoin based this interesting mini-blockchain project.

[AnonyMint]

Now attack scenario. Suppose there is attacker with more than 50% of hashing power. He takes hash of current best block N and tries generating a next one but instead of using real account database he just create new one in which he holds all coins. If he is able to keep this chain in front of original one for as long as original network looses block N contents he can reveal his chain and it would look perfectly valid for all nodes because they lost track of how account database looked on block N.

It looks like algorithm presented in this paper is only as secure as mini blockchain is secure and if attacker could sustain 51% hashing power for as long as mini blockchain cycle completes it could cause much more severe problems than in bitcoin, because attacker could rewrite entire account balances database and not just make some double spends.

Essentially Bitcoin has the same risk for clients that don't download the entire transaction history, and the solution is the same which is to ask the peers that have the relevant transaction history to prove which chain is not valid.

On further thought, aaaxn's proposed attack is impossible if the cryptographic hash used to construct the Account Tree and Proof Chain can't be preimaged.

Because there is no way the attacker can find a suitable set of replacement addresses and balances to match the hash in the Proof Chain.

Thus all the discussion that followed aaaxn's post above regarding centralization and the need to remember transaction data history is irrelevant.

[aaaxn]

Now attack scenario. Suppose there is attacker with more than 50% of hashing power. He takes hash of current best block N and tries generating a next one but instead of using real account database he just create new one in which he holds all coins. If he is able to keep this chain in front of original one for as long as original network looses block N contents he can reveal his chain and it would look perfectly valid for all nodes because they lost track of how account database looked on block N.

It looks like algorithm presented in this paper is only as secure as mini blockchain is secure and if attacker could sustain 51% hashing power for as long as mini blockchain cycle completes it could cause much more severe problems than in bitcoin, because attacker could rewrite entire account balances database and not just make some double spends.

Essentially Bitcoin has the same risk for clients that don't download the entire transaction history, and the solution is the same which is to ask the peers that have the relevant transaction history to prove which chain is not valid.

On further thought, aaaxn's proposed attack is impossible if the cryptographic hash used to construct the Account Tree and Proof Chain can't be preimaged.

Because there is no way the attacker can find a suitable set of replacement addresses and balances to match the hash in the Proof Chain.

Thus all the discussion that followed aaaxn's post above regarding centralization and the need to remember transaction data history is irrelevant.

Wow, I didn't think anyone is still discussing this idea but still no one actually tried to implement it

As for the problem, I think you are mistaken. Attacker does not need to match hash in original proof chain. Proof chain contain only hashes, and without accompanying transaction data there is no way to tell if transformation of account tree from state which hashes to A to state with B hash is valid.
When attacker start his own branch he can create new tree and just tell that this hash resulted from set of legal transactions. After full cycle these transactions are lost and no one can prove he lied.

I still don't think it is a problem because we only have problem reaching consensus in short term. No one will have any problem with determining if blockchain which tries to overwrite few months of history is legitimate or not.

[ondratra]

Read first few pages - it sounds awesome! If you will need any help from web developer in future you can count on me

[AnonyMint]

Now attack scenario. Suppose there is attacker with more than 50% of hashing power. He takes hash of current best block N and tries generating a next one but instead of using real account database he just create new one in which he holds all coins. If he is able to keep this chain in front of original one for as long as original network looses block N contents he can reveal his chain and it would look perfectly valid for all nodes because they lost track of how account database looked on block N.

It looks like algorithm presented in this paper is only as secure as mini blockchain is secure and if attacker could sustain 51% hashing power for as long as mini blockchain cycle completes it could cause much more severe problems than in bitcoin, because attacker could rewrite entire account balances database and not just make some double spends.

Essentially Bitcoin has the same risk for clients that don't download the entire transaction history, and the solution is the same which is to ask the peers that have the relevant transaction history to prove which chain is not valid.

On further thought, aaaxn's proposed attack is impossible if the cryptographic hash used to construct the Account Tree and Proof Chain can't be preimaged.

Because there is no way the attacker can find a suitable set of replacement addresses and balances to match the hash in the Proof Chain.

Thus all the discussion that followed aaaxn's post above regarding centralization and the need to remember transaction data history is irrelevant.

Wow, I didn't think anyone is still discussing this idea but still no one actually tried to implement it

As for the problem, I think you are mistaken. Attacker does not need to match hash in original proof chain. Proof chain contain only hashes, and without accompanying transaction data there is no way to tell if transformation of account tree from state which hashes to A to state with B hash is valid.
When attacker start his own branch he can create new tree and just tell that this hash resulted from set of legal transactions. After full cycle these transactions are lost and no one can prove he lied.

I believe you are mistaken.

The Account Tree is a hierarchy of hashes and the single hash at the top of the tree is stored in the Proof chain. Thus in order to create an alternative history for the Account Tree, the adversary would need to construct an Account Tree history (at each block interval) which matches the Proof chain hashes (for each block) because the history of the Proof chain is never discarded. This can not be mathematically accomplished in log O(log N) time (i.e. not in exponential time) if the hashing algorithm approximates a Random Oracle or actually less restrictively for as long as it can't be preimaged, i.e. if a cryptographically secure hash is employed.

I still don't think it is a problem because we only have problem reaching consensus in short term. No one will have any problem with determining if blockchain which tries to overwrite few months of history is legitimate or not.

All that consensus discussion upthread has been rendered irrelevant by my assertion above. TADA!

[aaaxn]

I believe you are mistaken.

The Account Tree is a hierarchy of hashes and the single hash at the top of the tree is stored in the Proof chain. Thus in order to create an alternative history for the Account Tree, the adversary would need to construct an Account Tree history (at each block interval) which matches the Proof chain hashes (for each block) because the history of the Proof chain is never discarded. This can not be mathematically accomplished in log O(log N) time (i.e. not in exponential time) if the hashing algorithm approximates a Random Oracle or actually less restrictively for as long as it can't be preimaged, i.e. if a cryptographically secure hash is employed.

Transactions included in block describe operations which you have to do on current account tree to get updated version of this tree.
In block N Account Tree was in state X. We apply transactions and get state Y. Hashes of account tree in both states are included in adjacent blocks. Question is: what information do we need to verify if set of transactions which caused transition from state X to state Y obeyed network rules? Hashes in Proof Chain are not enough, they are just random strings for outside observer. Full Account Trees in both states are potentially not enough too (maybe txns in block N really sent all existing coins to single address ?). We need transactions. (BTW: header of transactions tree also need to be in proofchain).

I still don't think it is a problem because we only have problem reaching consensus in short term. No one will have any problem with determining if blockchain which tries to overwrite few months of history is legitimate or not.

All that consensus discussion upthread has been rendered irrelevant by my assertion above. TADA!

In real world - yes. Just imagine what would happen if suddenly someone would emerge with longer bitcoin blockchain invalidating months of current blockchain. We would get a patch in no time with hardcoded checkpoint just after branching. Same thing will happen with any future sufficiently important cryptocurrency, so why keep pretending wee need system to resolve such conflicts in software?

[AnonyMint]

Question is: what information do we need to verify if set of transactions which caused transition from state X to state Y obeyed network rules? Hashes in Proof Chain are not enough, they are just random strings for outside observer. Full Account Trees in both states are potentially not enough too (maybe txns in block N really sent all existing coins to single address ?). We need transactions. (BTW: header of transactions tree also need to be in proofchain).

You are still not grasping the mathematical point I made. There is no mathematical way to create an Account Tree in each block that is different from the only one that will hash to the hash value in the Proof Chain.

The Proof Chain guarantees that the Account Tree chain is not an imposter, even if the history of the Account Tree is discarded.

[aaaxn]

Question is: what information do we need to verify if set of transactions which caused transition from state X to state Y obeyed network rules? Hashes in Proof Chain are not enough, they are just random strings for outside observer. Full Account Trees in both states are potentially not enough too (maybe txns in block N really sent all existing coins to single address ?). We need transactions. (BTW: header of transactions tree also need to be in proofchain).

You are still not grasping the mathematical point I made. There is no mathematical way to create an Account Tree in each block that is different from the only one that will hash to the hash value in the Proof Chain.

The Proof Chain guarantees that the Account Tree chain is not an imposter, even if the history of the Account Tree is discarded.

And you are not grasping the point that you don't need to create different account tree with same hash as real one to cheat the system. Hash tree changes from one block to other and that's when you cheat. In next block (of your alternate proofchain) you just provide hash of tree which was not result of applying valid transactions to previous state but just made out of thin air. Without transactions you cant prove it's invalid.

[AnonyMint]

Transaction history is retained for some reasonable window of time, e.g. a month.

To present to the network a blockchain which differs from the one others have, the only possible way is the differences must originate from before the retained transaction history (or the differences must include only transactions the attacker can sign which is same vulnerability in Bitcoin), because the attacker can't sign transactions for which he doesn't hold the private key.

Your only valid point is that if someone has significantly more than the network hashrate, they can compute a fake Proof Chain going back to before the retention window of transaction data, then they could claim any Account Tree they wish to.

Then you claim that nodes who have not always been online since the time of the deviation of the Proof Chain would not know which blockchain to trust (they would naturally trust the one with more hashrate).

But Bitcoin has a similar vulnernability, in that nodes would not know which transaction history to trust, i.e. the coinbase coins rewards that were for the miner could be awarded to the attacker. Fact is that there are records on the internet kept and so no one wold dare try this, because it would be front page news.

Thus your argument is silly. Copies of the valid Proof Chain will be stored all over the internet. Anyone trying to go back months and change the Proof Chain is going to be thwarted by the power of human communication.

Orphaned chains resolve on the order of hours, i.e. one chain doesn't hide from the world for months, then suddenly appear and expect to not be outed by human communication. Impossible.

For both mini-block chain coins and Bitcoin, the attacker would create a fork which no one would follow except for followers that were deviously (or fooled by some very powerful entity that could paint the media story) intent on following the attacker's theft.

[aaaxn]

Transaction history is retained for some reasonable window of time, e.g. a month.

To present to the network a blockchain which differs from the one others have, the only possible way is the differences must originate from before the retained transaction history (or the differences must include only transactions the attacker can sign which is same vulnerability in Bitcoin), because the attacker can't sign transactions for which he doesn't hold the private key.

Your only valid point is that if someone has significantly more than the network hashrate, they can compute a fake Proof Chain going back to before the retention window of transaction data, then they could claim any Account Tree they wish to.

Then you claim that nodes who have not always been online since the time of the deviation of the Proof Chain would not know which blockchain to trust (they would naturally trust the one with more hashrate).

But Bitcoin has a similar vulnernability, in that nodes would not know which transaction history to trust, i.e. the coinbase coins rewards that were for the miner could be awarded to the attacker. Fact is that there are records on the internet kept and so no one wold dare try this, because it would be front page news.

Thus your argument is silly. Copies of the valid Proof Chain will be stored all over the internet. Anyone trying to go back months and change the Proof Chain is going to be thwarted by the power of human communication.

Orphaned chains resolve on the order of hours, i.e. one chain doesn't hide from the world for months, then suddenly appear and expect to not be outed by human communication. Impossible.

For both mini-block chain coins and Bitcoin, the attacker would create a fork which no one would follow except for followers that were deviously (or fooled by some very powerful entity that could paint the media story) intent on following the attacker's theft.

Well, I can only fully agree with you, because that's exactly what I was saying. It is possible, but we don't have to worry about it for reasons you stated.

Side note: bitcoin is slightly more resilient because you can't rewrite history from before of chain spilt, but it doesn't matter anyway.