Is Bitcoin over-paying for Hash-Power Security?

[AnonyMint]

And how do you propose to protect us from top-down central banking?

You will try to use PR to convince the masses to be virtuous? Hahaha. Go ahead. Humans have been trying for since before Athens.

The masses want their cake and bread and whoever will give it to them for free, they will take it. Period.

Edward Snowden sacrificed his life to PR and look what happened to him. The masses don't give a f$ck about your idealistic goals. They want their fun, drugs, tattoos, nose rings, cigarettes, chocolate, etc, etc,etc, etc,

And you want to waste my money trying to convince them?

I want my portion of debasement going towards incentivizing miners on how to be the most efficient. I think this is much more difficult for the SOBs to compete with than the current system where they control the PR because they award as much debt as the masses want. To compete with them on their terms you have to give away massive amounts of debt and tie that together with PR telling the masses how great it is to have what you want when you want it for free (just watch the TV please).

Sorry to blow a big hole in your business plan, but it is better you change course now, not later.

[1714775330]

1714775330

[1714775330]

1714775330

[1714775330]

1714775330

[AnonyMint]

I also agree that bitcoin is overpaying for security.

Let me see your nonsense equation.

What is that type of mining process called? Proof of Stake.

Nothing other than PoW can be secure, because the others don't have randomized input entropy. I already debated and studied this in great detail. I am not going to again.

[td services]

So, I challenge each of you who voted for 'more is always better' to either withdraw your vote and post how much you would pay or select one of the other options.   Either that, or post here and explain why more is always better.

I chose more is better because all of the other options involved pegging to an arbitrary amount of fiat currency backed by government debt. It would be better to keep everything internal to its own coin, Bitshares.

When I first heard of Bitcoin, when it was selling for 10 cents, a major reason I didn't think it would go anywhere was the mining seemed like a silly 'make work' type process which just consumed electricity and didn't do anything useful. I would still rather see the effort go to something productive.

Mining does offer an incentive to early adopters to risk resources and time to expand the network.

My personal favorite of productive mining is carrying network traffic and contributing hardware resources, to build an alternative to the internet, a wireless/wired community network which also functions as a distributed cloud server.  The mining and coin generation could be tied to encryption of traffic for the network, earned when data is requested from a router by others, spent when a user requests data from other routers than his own.

[AnonyMint]

When I first heard of Bitcoin, when it was selling for 10 cents, a major reason I didn't think it would go anywhere was the mining seemed like a silly 'make work' type process which just consumed electricity and didn't do anything useful. I would still rather see the effort go to something productive.

It is productive to encourage private industry to become more efficient than utilities. That is precisely what we need on a large-scale to defeat the SOB's control over energy which is one the main ways they keep us slaved to their currencies, because we have to pay for their energy in their currency.

My personal favorite of productive mining is carrying network traffic and contributing hardware resources, to build an alternative to the internet, a wireless/wired community network which also functions as a distributed cloud server.  The mining and coin generation could be tied to encryption of traffic for the network, earned when data is requested from a router by others, spent when a user requests data from other routers than his own.

No I already showed in another thread how this violates the principle of input entropy that is necessary. (If you need to the link to my logic, I can dig it up for you?)

Just stop trying to find an alternative to PoW. There can't be one. I am telling you this as a theoretical mathematician.

[bytemaster]

So, I challenge each of you who voted for 'more is always better' to either withdraw your vote and post how much you would pay or select one of the other options.   Either that, or post here and explain why more is always better.

I chose more is better because all of the other options involved pegging to an arbitrary amount of fiat currency backed by government debt. It would be better to keep everything internal to its own coin, Bitshares.

When I first heard of Bitcoin, when it was selling for 10 cents, a major reason I didn't think it would go anywhere was the mining seemed like a silly 'make work' type process which just consumed electricity and didn't do anything useful. I would still rather see the effort go to something productive.

Mining does offer an incentive to early adopters to risk resources and time to expand the network.

My personal favorite of productive mining is carrying network traffic and contributing hardware resources, to build an alternative to the internet, a wireless/wired community network which also functions as a distributed cloud server.  The mining and coin generation could be tied to encryption of traffic for the network, earned when data is requested from a router by others, spent when a user requests data from other routers than his own.

Hash power and mining are independent variables.   Currency can still be issued via the random selection from mining.  Under a 'fixed cap' this random allocation would be limited to something like $5 million market value per year where as Bitcoin is currently randomly allocating $200 million market value per year.  

The truth is it isn't being randomly allocated, but allocated toward those who add hashing power to the network.  Hashing power beyond a certain point is waisted resources.  If you could get the same benefit to early adopters to grow and expand the network via something like dividends then you would actually end up with the same growth and expansion of the network and wide adoption without consuming unnecessary electricity.  

[AnonyMint]

Hash power and mining are independent variables.   Currency can still be issued via the random selection from mining.  Under a 'fixed cap' this random allocation would be limited to something like $5 million market value per year where as Bitcoin is currently randomly allocating $200 million market value per year.

Can that defeat the $2.3 trillion black budget of the DOD?

It is currently limited in Bitcoin, it will be 0 in 2033.

Even I am only proposing 5% per annum, so if the coin reaches $100 billion mcap, that will still only be $5 billion per year.  

The truth is it isn't being randomly allocated, but allocated toward those who add hashing power to the network.  Hashing power beyond a certain point is waisted resources.  If you could get the same benefit to early adopters to grow and expand the network via something like dividends then you would actually end up with the same growth and expansion of the network and wide adoption without consuming unnecessary electricity.  

Why is consuming electricity bad? What if that private investment causes us to make 100% safe, solid-state breeder reactors that give us 1000 times cheaper energy than we have now.

Energy is 1000 times overpriced, because the SOB's have a monopoly on it.

Can you even fathom how much energy there is in the universe compared to our population. You must have a very myopic (head in sand, can't see over the forest) thinking. Open your mind wider and see the big picture.

You are not THE MARKET. Stop trying to be God.

[td services]

You are not THE MARKET. Stop trying to be God.

This thread does seem to favor picking winners and losers to an extent.

Quote from: td services on Today at 04:58:09 AM
My personal favorite of productive mining is carrying network traffic and contributing hardware resources, to build an alternative to the internet, a wireless/wired community network which also functions as a distributed cloud server.  The mining and coin generation could be tied to encryption of traffic for the network, earned when data is requested from a router by others, spent when a user requests data from other routers than his own.

No I already showed in another thread how this violates the principle of input entropy that is necessary. (If you need to the link to my logic, I can dig it up for you?)

Don't recall discussion, please link. Thanks.

[AnonyMint]

Quote from: td services on Today at 04:58:09 AM
My personal favorite of productive mining is carrying network traffic and contributing hardware resources, to build an alternative to the internet, a wireless/wired community network which also functions as a distributed cloud server.  The mining and coin generation could be tied to encryption of traffic for the network, earned when data is requested from a router by others, spent when a user requests data from other routers than his own.

No I already showed in another thread how this violates the principle of input entropy that is necessary. (If you need to the link to my logic, I can dig it up for you?)

Don't recall discussion, please link. Thanks.

https://bitcointalk.org/index.php?topic=273197.msg2950518#msg2950518

Also a link on why non-PoW systems won't be secure:

https://bitcointalk.org/index.php?topic=273197.msg2954801#msg2954801
https://bitcointalk.org/index.php?topic=255171.msg2960802#msg2960802

[td services]

The random encryption of a network encryption algorithm should have plenty of entropy for PoW with no way to predict the work for the next block. 

[cunicula]

Your comments are nonsensical. Let's ignore mixed PoW/Pos for the moment. Mixed pow/pos is much easier to design and almost certainly the best option for future altcoins.

For debate purposes, however, it is cleaner to analyze pure PoS. Pure PoS is the only implementation out there right now (e.g PPCoin and its knockoffs), so the subject is of practical as well as theoretical interest.

PPCoin is still stochastic, however. It is even cleaner if we talk about a deterministic voting system. This allows us to ask: 1) Do we actually need entropy at all? 2) Could a secure consensus be achieved under deterministic PoS mining?

I think the answers are 1) no we don't need entropy. 2) Yes, a secure deterministic system is possible.

 (For the purposes of argument please ignore the question of block interval arrival variance in what follows, this is extremely difficult to manage in a deterministic system. A system with huge variance in block times can still be secure against attack.)


I'm too lazy to go into detail I think, but here is the basic idea: [Edit: I cleaned some stuff up for posterity]
 
1) Each txn is labelled with a specific block height, h, and a hash of a blockchain history at time h-1. You can only put a txn in a block if the block's height matches the txn;s block height label and if the history at time h-1 matches the actual blockchain at time h-1. You can only use a signing key once every 1000 blocks. If you use the same signing key twice within this interval, then miners are allowed to stick the duplicate signing key in a block as evidence of cheating and issue all inputs still controlled by this key as txn fees. (Essentially you are forced into the best practice of never re-using keys). If your txn fails to confirm, then you have to wait 1000 blocks to try again.

2) The total outstanding issuance of coins is ordered, so we can refer to an unambiguous satoshi #135322353523 and all be talking about the same satoshi.

3) Assume that all coins have been issued. (e.g. take the current bitcoin blockchain as the initial coin distribution)

3) Call the amount of satoshis in txn fees in block of height h, fh. Each block must contain at least 10^8 satoshis (1 full coin) in txn fees, so fh>=10^8 for all h

4) Satoshi #f1 mines the first block. The owner of this satoshi signs this block with his signature. Satoshi #(f1+f2) mines the second block. Satoshi #(f1+f2+...+fh) mines block h. Once you get to the last satoshi, you start the counting process over again at satoshi #1.  

4) 99% of txn fees in each block are redistributed to all existing coin holders in proportion to their ownership share after txns with the block are accounted for (of course this uses up a huge amount of space, but that's not the point here. There is also a rounding issue, again beside the point here.) 1% of txn fees go to the block miner, just make this 1% the earliest numbered satoshis in the block. There is no block subsidy, so the total money supply is constant for all blocks h.

5) Whichever chain has the largest cumulative amount of fees is the correct chain. So if there are two blockchains with fees f1+f2+... and f1'+f2'+..., then f1+f2+...' is the correct chain if f1'+f2'+...> f1+f2+... These two chains can differ in height. The comparison rule is still the same. If two chains are equivalent (f1'+f2'+... = f1+f2+...), users just stick with the whichever chain they see first until they hear of a longer one.

This captures the basic idea. Anyone can double spend by paying fees sufficient to overtake the main chain. Since 99% of fees are redistributed to everyone else, double-spending is costly. If you pay all the fees in block h, then you pay f_h to create the block and receive 0.01 f_h as a reward.  You can't leverage existing past txns to double-spend because they are all labelled with a specific block height h and block history up to h-1. To double spend, attackers need to issue new fee paying txns.
No one who has made a txn in the last 1000 blocks will want to help you rewrite history because this exposes all their inputs to expropriation, not just those used to pay fees.

Suppose you want to reverse a txn in block h-2 and the current block chain is of length h. Assume also that the attacker controls a share of k of all coins, where k is something like 0.999999 but strictly less than 1. Because he owns so much, we don't need to worry about his ability to 'land on satoshis he controls' in order to create an attack chain. If he does have to worry about this, attack costs (weakly) increase since he may needs to spend extra to land on his satoshis. The attacker can replace one txn in block h-1 with one of his own that bears the same amount of fees. The minimum cost of this is 1 satoshi. Let's ignore this one satoshi cost for simplicity.

Now the attack chain is up to block (h-1)' where the prime indicates that block (h-1) and (h-1)' are nonidentical. Txns in block h' must indicate a history of (h-1)' for the block to be valid. Thus, the attacker himself has to generate all of these txns. The attacker's cost in fees is fh, where fh is measured in terms of a fraction of the total money supply. The payoff for the attacker is 0.01*fh (as reward for mining) and fh*k*0.99 through redistribution of fees in proportion to ownership.

Thus, the attacker's net change in coin ownership is (0.01*fh + fh*k*0.99) - fh = -0.99*(1-k)*fh  (since k<1 this is strictly negative).

Thus the attack costs increase linearly in fh. For any finite double spending profit, b, there exists an fh such that b-0.99*(1-k)*fh<0. In other words, txns are secure in block h-2 are secure if fh is sufficiently large.

The attacker could also build just one block based on h-2. Again he needs to pay all the fees in fh to do this (recall that existing txns in this block cannot go in h-1). The attack costs are the same (since we neglected the extra cost of creating block h-1 as negligible; if we hadn't neglected using just one block to attack would be cheaper by exactly this amount.) The attacker could also create a larger number of blocks. This is more expensive because the attacker's share of fees decreases with each successive block he creates.


Note: I'm not going to debate you anymore here on this issue. I'm sure you are wrong, but don't see value in convincing you of this. Feel free to rebut my argument as best you can. I'm not going to respond because it is too time-consuming and not productive.

[AnonyMint]

I think the answers are 1) no we don't need entropy. 2) Yes, a secure deterministic system is possible.

I am not going to argue this again. I already did exhaustively. Just search my comments in the Decrits thread (the key ones are linked in my prior post of this thread). And you are very wrong.

You will learn from experience.

P.S. I hope you realize how fragile it is when only selected mining peers can sign the next block. I hope you realize that any algorithm that is used to order the selection can be gamed because it doesn't have input entropy.

[AnonyMint]

The random encryption of a network encryption algorithm should have plenty of entropy for PoW with no way to predict the work for the next block. 

We get random data from the PoW, so random selection is possible. But I don't think it matters if we randomly select from a set of works to do, because someone could have precomputed those works. That is the same point I already made in the links I already presented to you.

The result of the PoW is a truly random generator, so that is some work that could be reused by applications which need truly random generator (non-deterministic) and not just pseudo-random (deterministic).

[cunicula]

I think the answers are 1) no we don't need entropy. 2) Yes, a secure deterministic system is possible.

I am not going to argue this again. I already did exhaustively. Just search my comments in the Decrits thread (the key ones are linked in my prior post of this thread). And you are very wrong.

You will learn from experience.

P.S. I hope you realize how fragile it is when only selected mining peers can sign the next block. I hope you realize that any algorithm that is used to order the selection can be gamed because it doesn't have input entropy.

I read your comments from previous threads. Just irrelevant nonsense and raving as usual.  I generously removed all use of PoW entropy from the algorithm to make things easy for you and the best you can do is unabashedly assume your conclusion.

Sure, you can game this. But that doesn't imply that gaming this is a profitable endeavor. It is the latter statement that matters. The first is irrelevant.

[Anon136]

I think the answers are 1) no we don't need entropy. 2) Yes, a secure deterministic system is possible.

I am not going to argue this again. I already did exhaustively. Just search my comments in the Decrits thread (the key ones are linked in my prior post of this thread). And you are very wrong.

You will learn from experience.

P.S. I hope you realize how fragile it is when only selected mining peers can sign the next block. I hope you realize that any algorithm that is used to order the selection can be gamed because it doesn't have input entropy.

I read your comments from previous threads. Just irrelevant nonsense and raving as usual.  I generously removed all use of PoW entropy from the algorithm to make things easy for you and the best you can do is unabashedly assume your conclusion.

Sure, you can game this. But that doesn't imply that gaming this is a profitable endeavor. It is the latter statement that matters. The first is irrelevant.

Im not going to claim to be right about this or anything. but it seems to me that you might be overlooking the fact that there are other ways to profit by gaming this algorithm besides generating more deceits for yourself.

[AnonyMint]

Just irrelevant nonsense and raving as usual.

Hahaha, and you have demonstrated your inability to analyze in our discussion of BitAssets.

Just go ahead. I know what I am doing.

[cunicula]

Just go ahead.

Put you on ignore per your "just go ahead" suggestion.

If anyone wants to continue this discussion then they will have to take up AnonyMint's mantle and actually prove that the system can be exploited using deductive reasoning.
 
(Anonymint: "You are wrong because I know you are wrong. I claim to have showed these other guys that they were wrong too about some other matter entirely. This establishes that I know how to show that people are wrong. I could show that you are wrong too if I wanted to." -> Ignore
Logical argument -> a response from me)

Here are some ground rules:

Assumption: Profits from double-spending have to be bounded by some finite constant, call it b. Without this assumption, no system can ever be secure regardless of its design.

Definition: The system is not exploitable if there exists some amount of txn fees, x*, such that the net cost of double-spending a txn followed by x txn fees, call it c(x), is greater than or equal to b for all x>=x*

Note: If the system is "not exploitable", txns older than x* cannot be profitably double spent. Essentially you would wait for x* in txn fees to follow your txn and then you could safely assume that the txn is irreversible.

If there is no such x*, then the system is exploitable. To prove me wrong, you would probably assume that x* exists and then generate a logical contradiction.

Above (bottom of post https://bitcointalk.org/index.php?topic=285701.msg3061806#msg3061806) I used deductive logic to show that x* exists for any finite b. Can anyone show a logical error (or improbable starting assumption)?

[AnonyMint]

Ok you know, you know, you know, in spite that I have already presented the logic, yet you claim it doesn't make sense. So how can I win an argument with someone who is incapable of understanding the logic I presented. So that is why I said just go on.

I am not going to waste my time like a dog chasing its tail, by accepting your faulty basis logic which you expect me to disprove. I rose above that myopia already and presented the big picture logic which refutes (supersedes, subsumes, and invalidates) that noise you are typing.

[Anon136]

Just go ahead.

Put you on ignore per your "just go ahead" suggestion.

If anyone wants to continue this discussion then they will have to take up AnonyMint's mantle and actually prove that the system can be exploited using deductive reasoning.
 
(Anonymint: "You are wrong because I know you are wrong. I claim to have showed these other guys that they were wrong too about some other matter entirely. This establishes that I know how to show that people are wrong. I could show that you are wrong too if I wanted to." -> Ignore
Logical argument -> a response from me)

Here are some ground rules:

Assumption: Profits from double-spending have to be bounded by some finite constant, call it b. Without this assumption, no system can ever be secure regardless of its design.

Definition: The system is not exploitable if there exists some amount of txn fees, x*, such that the net cost of double-spending a txn followed by x txn fees, call it c(x), is greater than or equal to b for all x>=x*

Note: If the system is "not exploitable", txns older than x* cannot be profitably double spent. Essentially you would wait for x* in txn fees to follow your txn and then you could safely assume that the txn is irreversible.

If there is no such x*, then the system is exploitable. To prove me wrong, you would probably assume that x* exists and then generate a logical contradiction.

Above (bottom of post https://bitcointalk.org/index.php?topic=285701.msg3061806#msg3061806) I used deductive logic to show that x* exists for any finite b. Can anyone show a logical error (or improbable starting assumption)?

i already did, perhaps the person isnt interested in profiting in decrits. perhaps he is heavily invested in some alternative money and just wants to prevent it from being in the interest of people to invest in decrits.

[cunicula]

i already did, perhaps the person isnt interested in profiting in decrits. perhaps he is heavily invested in some alternative money and just wants to prevent it from being in the interest of people to invest in decrits.

You must have missed or misunderstood this:

Profits from double-spending have to be bounded by some finite constant, call it b. Without this assumption, no system can ever be secure regardless of its design.

As long as he isn't willing to spend infinite amounts of money to fund destruction, then motivation based on a desire to destroy the currency is not an issue.

If he is willing to spend infinite resources to fund his objective, then there is no possible way of stopping him.

[AnonyMint]

i already did, perhaps the person isnt interested in profiting in decrits. perhaps he is heavily invested in some alternative money and just wants to prevent it from being in the interest of people to invest in decrits.

You must have missed or misunderstood this:

Profits from double-spending have to be bounded by some finite constant, call it b. Without this assumption, no system can ever be secure regardless of its design.

As long as he isn't willing to spend infinite amounts of money to fund destruction, then motivation based on a desire to destroy the currency is not an issue.

If he is willing to spend infinite resources to fund his objective, then there is no possible way of stopping him.

Long before double-spends become widespread, everyone will know someone is doing a 50+% attack.

Also it is very difficult to find enough merchants to double-spend to, if the cost of 50+% PoW is extensive.

For a mature system, the amount of double-spends one can achieve before being noticed, will never approach the cost of 50% of the PoW.

If one could somehow short the value of the coin, perhaps a 50+% attack would be profitable. But it is going to be very difficult to build such a large short position unnoticed against a mature system with extensive PoW. Once noticed, it will be impossible to enter enough short positions to make it profitable.

So the fallacy of your theory, is that such attacks can't be done on such a wide-scale without being noticed.