Bitcoin Forum
December 06, 2016, 04:06:20 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Two points about the mining algorithm  (Read 1122 times)
shads
Full Member
***
Offline Offline

Activity: 224


View Profile WWW
July 01, 2011, 01:09:37 PM
 #1

1/ Why adjust difficulty so infrequently?

2/ Why diminishing rewards on such a staggered basis?

On point 1:  The 2 week cycle exposes the network to a number of attacks.  It's safety is based on the assumption that no one party could obtain near majority control easily but this is really not the case and won't be until BTC has grown an awful lot more.  A simple attack vector is to throw masses of power in at the beginning of a block, greatly accelerating the rate of generation and the difficulty on the next block.  As soon the difficulty adjustment happens withdraw all that processing power.  Rate of coin generation drops dramatically transaction processing slows down, miners start dropping out, less coins come on the market so prices go up and said owner of mass processing power can trickle out his coins from the last block to keep prices steady, towards the end of the difficulty cycle they can come back in and take an even bigger slice or wait until the next cycle and clean up on the lowered difficulty. .  Why not a shorter cycle?  In theory enough power could put the network in a stagnant mode for a long time until the next difficulty change. 

On point 2:  There are a lot of unproven assumptions about the incentive of transaction fees as block rewards drops.  No one really knows if they'll be enough to keep driving mining.  Let's be clear, the system doesn't just need miners, it needs a LOT of miners to maintain it's integrity and prevent the kind of manipulation outlined in point 1.  If you're going the change the reward why do it in such spaced out and dramatic fashion?  Once every year or two a 50% cut.  That's going to create shocks to the market every time it happens.  Why not a more graduated approach?  In fact why drop the reward at all?...  Even if the goal is a deflationary currency (and the jury is still way off calling whether that's better than a non-inflationary or deflationary currency) a constant block reward still achieves that goal.  Each block currently adds 50 BTC to the total money supply.  Each 50BTC is a smaller proportion of the total money supply than the last one. 

PoolServerJ Home Page - High performance java mining pool engine

1LezqRatQz7MeNoCVziYwcdwtqeEbvrdAq - http://payb.tc/shads

Quote from: Matthew N. Wright
Stop wasting the internet.
1481040380
Hero Member
*
Offline Offline

Posts: 1481040380

View Profile Personal Message (Offline)

Ignore
1481040380
Reply with quote  #2

1481040380
Report to moderator
1481040380
Hero Member
*
Offline Offline

Posts: 1481040380

View Profile Personal Message (Offline)

Ignore
1481040380
Reply with quote  #2

1481040380
Report to moderator
1481040380
Hero Member
*
Offline Offline

Posts: 1481040380

View Profile Personal Message (Offline)

Ignore
1481040380
Reply with quote  #2

1481040380
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481040380
Hero Member
*
Offline Offline

Posts: 1481040380

View Profile Personal Message (Offline)

Ignore
1481040380
Reply with quote  #2

1481040380
Report to moderator
1481040380
Hero Member
*
Offline Offline

Posts: 1481040380

View Profile Personal Message (Offline)

Ignore
1481040380
Reply with quote  #2

1481040380
Report to moderator
1481040380
Hero Member
*
Offline Offline

Posts: 1481040380

View Profile Personal Message (Offline)

Ignore
1481040380
Reply with quote  #2

1481040380
Report to moderator
mintymark
Sr. Member
****
Offline Offline

Activity: 272


View Profile
July 13, 2011, 03:00:08 PM
 #2

I think this is very sensible. Does anyone care to defend the current situation ?

[[ All Tips gratefully received!!  ]]
15ta5d1N8mKkgC47SRWmnZABEFyP55RrqD
foo
Sr. Member
****
Offline Offline

Activity: 409



View Profile
July 13, 2011, 03:14:41 PM
 #3

1) Because that's how Satoshi designed it.

2) Because that's how Satoshi designed it.

I know this because Tyler knows this.
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 1890



View Profile WWW
July 13, 2011, 03:19:06 PM
 #4

Re 1: First we need to ask why difficulty adjustment is based on a naive calculation instead of a more sophisticated control system. And the answer is probably that Satoshi either didn't have the foresight to include one, or he feared that it would be less understood and harder to implement.

Given that we're using a naive approach, evaluating generation rate in an interval too short will create too much variance, and difficulty will fluctuate every update.

The attack you've mentioned has been discussed before, and the current consensus is that it will be dealt with manually if it ever happens. So, while in theory it could be possible to create a consensus to change the adjustment algorithm, it doesn't seem to matter enough.

Re 2: The reason block reward diminishes at all is that Satoshi subscribes to the economic theory which says that the total amount of monetary units should have a fixed limit (I think this is called the Austrian school).

Why is the drop so staggered? Probably also has something to do with simplicity of understanding and implementation. I don't think the drop will be too disruptive. The amount generated is small compared to the total in circulation, and the drop will be considered in advance.

Making transaction fees high enough to support the required mining is an important challenge for Bitcoin going forward, which I think can be alleviated by augmenting proof-of-work with other synchronization methods.

I'd support a new blockchain where block reward is constant.


1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
drsaul
Newbie
*
Offline Offline

Activity: 14


View Profile
July 13, 2011, 03:23:08 PM
 #5

I think this is very sensible. Does anyone care to defend the current situation ?

Sure I'll try.  All players know about the "abrupt" changes in reward.  Therefore there should not be a large unpredicted response from the market during this change.  The existence of the change is already factored into the price so theoretically the market is just as likely to jump significantly on any other day.  It is the unexpected that really freaks out the market.    Further, more frequent changes are more difficult to manage. 

 
Timo Y
Legendary
*
Offline Offline

Activity: 938


bitcoin - the aerogel of money


View Profile
July 13, 2011, 03:55:28 PM
 #6

Nothing that is 100% predictable creates a shock to the market.


GPG ID: FA868D77   bitcoin-otc:forever-d
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 2016



View Profile
July 13, 2011, 04:25:42 PM
 #7

1/ Why adjust difficulty so infrequently?

On point 1:  The 2 week cycle exposes the network to a number of attacks. [snip]
Why not a shorter cycle?  In theory enough power could put the network in a stagnant mode for a long time until the next difficulty change.  

The longer cycle prevents a number of attacks.

What you've described is rather costly and fairly modest DOS attack at best, its damage is limited by the difficulty change clamping, it's not profitable for the attacker beyond "disrupt bitcoin", and it exists outside of the security model of bitcoin in any case.

The expenses is a key factor: If you have the tens of millions of dollars of specialized hardware to outpace the whole bitcoin network by a significant fraction, why wouldn't you mine profitably using that power— and if you are mining profitably then breaking bitcoin is not in your interest.   If you're the sort that doesn't care about bitcoin profits (perhaps some government gone crazy) then there are far less costly attacks against bitcoin available to you (DDOS, writing laws, negative PR campaigns, hiring ninjas to kill developers).  These attacks are likely to be far more effect too since the difficulty changes are clamped to 4x per cycle.

The most easily understood attacks that the long cycle prevents are ones related to manipulation of difficulty by miners via lying about the time.

Attack 1.

Because of the various physical realities of the world, we can only expect participating nodes to have approximately the same time. Because the chain splits when nodes disagree if a block is invalid, perhaps irreparably so depending on the nature of the disagreement, it's critical that any block validation be globally consistent.   So we need to allow considerable slop on any blockchain time validation.  The shorter the difficulty cycle is compared to the allowed time slop, the more lying miners can fake the difficulty, and thus artificially speed up the rate of inflation.    Right now, they can only shift it by two hours out of ~two weeks. Which isn't that much.  

Attack 2.

An attacker with some hash power, but not a ton has gained complete control of your network connectivity into the bitcoin network (perhaps they've compromised your ISP,  or they're performing a sybil attack against the whole network.   In any case, they're able to partition you.

In the worst case, you've been offline for a while and need a bunch of the block chain.   In preparation the attacker has been mining a fork of the blockchain starting, perhaps, from the highest hard-coded checkpoint in the popular client software (or otherwise, if they know what you last heard). They're off on their own doing this.  They mine out the rest of that DIFFCYCLE setting the timestamps to cause the greatest reduction in difficulty they can.  They continue to mine, setting the time to result in a 4x reduction in difficulty each cycle.   Every cycle of blocks they mine their work gets four times easier.

Eventually they get down to a difficulty low enough that they can easily produce one block per five minutes, and guide their timestamps back in line with reality.

Now you reconnect, they feed you their fabricated chain, proxying over transactions from the real network.  Other than discrepancies in the block number, which joe-user won't notice, you can't tell that you're on a fantasy chain.  Because they control your network you won't hear about the real chain.  On the fantasy chain they can respend transactions that were spent elsewhere on the real chain, they can also cheaply reverse and respend transactions given to you at will on the fantasy chain, since they can easily mine forks on it.

With the long diffcycle this attack is prevented by two mechanisms: The long cycles mean that you must perform a enormous amount of work in absolute terms in order to drive down the difficulty at all.  Unless you have enough hash power to challenge the whole network this will take you a very long time.   Before a very long time has passed, users will have either heard of the more of the real longer chain so your target is constantly movin, or they will have noticed that bitcoin has gone weeks without working, and updates to the bitcoin client will have moved forward the furthest point in the past at which you can split the chain.
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 2016



View Profile
July 13, 2011, 04:35:14 PM
 #8

Re 1: First we need to ask why difficulty adjustment is based on a naive calculation instead of a more sophisticated control system. And the answer is probably that Satoshi either didn't have the foresight to include one, or he feared that it would be less understood and harder to implement.

Because "a more sophisticated control system" inevitably means non-linear which leads to various attacks and perverse incentives, like mining in bursts being more profitable than mining continually.  Under the current system the only non-linear behavior is the clamps which don't happen unless someone is bursting a significant multiple of the network average rate, and with that much hash power they could have been been mining more profitably by just mining continually.

(Eventually there may be incentives to mine in bursts due to fees, but it seems likely to me that the incentive to do that goes away as soon as there is any with-fee backlog at all, orthogonal in any case— if the system commonly operated in a non-linear region there would always be incentives for these sort of games)

...Add this to the points I made about a faster system opening up many kinds of attacks.

Sometimes I wonder what kind of god Satoshi must be to have foreseen so many issues which are missed by so many other obviously intellegent people…
ne1
Member
**
Offline Offline

Activity: 85


View Profile WWW
July 13, 2011, 05:13:34 PM
 #9

My biggest concern is the transition from block reward to transaction fees.  Although we will be able to see it coming, the division of block reward is something we need to be prepared for.  I know "the market will fix itself", but the more informed and prepared we are, the smoother the transition.  Keeping the incentive to mine/hash/validate transactions consistant is important to long term stability.   It's critical.  Is there anyone out there who can help me calculate this equation.

if (block reward) divides by 2 at given difficulty, (how much fee) x transaction volume would be  required to make up incentive and avoid a dramatic reduction of hash power. 

or

fees and transaction volume required to offset profit loss from difficulty increase. 

If someone can help with this, I will put it into a little what if dashboard like this.

http://bitcoindashboards.com

Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 1890



View Profile WWW
July 13, 2011, 05:43:34 PM
 #10

Re 1: First we need to ask why difficulty adjustment is based on a naive calculation instead of a more sophisticated control system. And the answer is probably that Satoshi either didn't have the foresight to include one, or he feared that it would be less understood and harder to implement.
Because "a more sophisticated control system" inevitably means non-linear which leads to various attacks and perverse incentives, like mining in bursts being more profitable than mining continually.  Under the current system the only non-linear behavior is the clamps which don't happen unless someone is bursting a significant multiple of the network average rate, and with that much hash power they could have been been mining more profitably by just mining continually.
I was thinking along the lines of a PI controller. I don't see how it can cause the problems you describe.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!