Bitcoin Forum
July 21, 2018, 09:57:32 PM
 Welcome, Guest. Please login or register.
 News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 Home Help Search Donate Login Register
 Pages: [1] 2 3  All
 Author Topic: conjecture about proof-of-work and cryptocurrencies  (Read 7963 times)
grondilu
Legendary

Offline

Activity: 1134
Merit: 1001

 February 08, 2011, 05:33:55 PM

As you know many people don't like the idea of using CPU power in order to make so-called "useless" computations.

I suspect it is possible to rigorously prove that any cryptocurrencies, providing it fulfills a few conditions, has to be based on proof-of-work, and thus on CPU.

So far I can't prove it seriously, so it is just a conjecture.    I'd be glad if someone with a solid maths and IT background could bring a demonstration.

So it would look like:

Quote from: grondilu
If a cryptocurrency respects the folowing criteria:

* it doesn't discriminate any node of the network ;
* the initial monetary amount available in the network is zero (apart from the genesis block) ;

Then at any time, the probability of generation of a new monetary unit for any node is proportionnal to the CPU of this node.

Obviously this relies on a theoretical, more general definition of "cryptocurrency".  I won't give such a definition here but I guess you get the idea.
1532210252
Hero Member

Offline

Posts: 1532210252

Ignore
 1532210252

1532210252
 Report to moderator
1532210252
Hero Member

Offline

Posts: 1532210252

Ignore
 1532210252

1532210252
 Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1532210252
Hero Member

Offline

Posts: 1532210252

Ignore
 1532210252

1532210252
 Report to moderator
1532210252
Hero Member

Offline

Posts: 1532210252

Ignore
 1532210252

1532210252
 Report to moderator
bitcool
Legendary

Offline

Activity: 1439
Merit: 1000

Live and enjoy experiments

 February 08, 2011, 06:09:28 PM

Not sure if it's even possible, but it would be REALLY nice if somehow we can integrate bitcoin's proof-of-work with seti@home's computation.  http://boinc.berkeley.edu/
then I'll feel much better about the energy I consumed on my mining rigs.
EDIT: Never mind, apparently this has been discussed: http://bitcointalk.org/index.php?topic=203.0 http://bitcointalk.org/index.php?topic=335.0  I need to clarify that I think bitcoin-mining is like gold-mining, the energy is NOT "wasted", it's a necessary evil dealing with the weakness of humanity.
Cryptoman
Hero Member

Offline

Activity: 723
Merit: 500

 February 08, 2011, 06:42:22 PM

Perhaps in the future, as bitcoin becomes used extensively and the transaction volume becomes much greater, there will be plenty of "work" just growing the block chain, and the difficulty factor can be reduced accordingly.  This way, more energy is put into supporting commerce and less into finding a hash with an arbitrary number of zeros.

"A small body of determined spirits fired by an unquenchable faith in their mission can alter the course of history." --Gandhi
bitcool
Legendary

Offline

Activity: 1439
Merit: 1000

Live and enjoy experiments

 February 08, 2011, 06:56:03 PM

Money is power to buy other people's labor. There are many ways to gain this power, by force, cheat or voluntary exchange.

I think using proof-of-work is more a sociological choice than science. In modern democratic societies, labor-for-labor exchange is most acceptable to the majority of people. If bitcoin were invented 200 years ago, the issuance of new coins might be decided differently, say by how much King George pooped in any given day.
marcus_of_augustus
Legendary

Offline

Activity: 2674
Merit: 1076

 February 09, 2011, 11:06:15 AM

The intrinsic value of a bitcoin is the total energy and computational/informational content that went into creating it (incl. energy to produce computing resource materials, silicon, etc, human labour, brainpower, encryption difficulty). The market value will tend toward the intrinsic value in the long term. I expect bitcoin values to become strongly correlated with the underlying kiloWatt-hour electrical energy price and oil, gas, coal (fossil fuels while they are still around) or fissile nuclear materials, etc. Depending on the independent circumstances of the markets in each of these energy generating fuels they correlate with gold, silver and other metal ratios over long periods. Metals are correlated with energy because that's what it takes to prospect for them and dig them up (it is not rocket science just economics).

In the short and medium terms premiums will probably be placed on bitcoins for various reasons; uniqueness, scarcity, anonymity, security. Also possible market manias or euphoric bubbles could erupt to distort values temporarily.

Money and energy have been joined at the hip since the beginning. Money is simply stored energy in some instances. Bitcoin is moving up the evolutionary ladder like atomic energy is to burning wood in caves.

ribuck
Donator
Hero Member

Offline

Activity: 826
Merit: 1003

 February 09, 2011, 11:40:13 AM

The intrinsic value of a bitcoin is the total energy and computational/informational content that went into creating it

It can't be quite that straightforward, because in the early days bitcoins were created using much less energy than the most recent bitcoins. Even though we can distinguish them, we don't value them any differently.
Cdecker
Hero Member

Offline

Activity: 490
Merit: 503

 February 09, 2011, 12:32:14 PM

As discussed in many other places Bitcoin does not have intrinsic value, it just has the value people are willing to pay for it, for an easier faster, cleaner way to transfer money.

Mining has to be seen as the act of securing the future value of the Bitcoins in your wallet. Getting additional Coins in exchange for computation power is a nice extra, but it's just that, an extra. Additionally the gain from mining will decrease, since the mining reward is set to half at certain stages in the network development.

Want to see what developers are chatting about? http://bitcoinstats.com/irc/bitcoin-dev/logs/
Bitcoin-OTC Rating
grondilu
Legendary

Offline

Activity: 1134
Merit: 1001

 February 09, 2011, 01:18:54 PM

Hum...    I think I shouldn't have talked about the generationn process, but instead I should have talked about the "election" process.

My point is that CPU power has to be used in order to determ which node in the network will be in charge of validating transactions.  The reward for this task is not really relevant for my point.
Cdecker
Hero Member

Offline

Activity: 490
Merit: 503

 February 09, 2011, 04:14:38 PM

Hum...    I think I shouldn't have talked about the generationn process, but instead I should have talked about the "election" process.

My point is that CPU power has to be used in order to determ which node in the network will be in charge of validating transactions.  The reward for this task is not really relevant for my point.
Sounds better, thanks ^^

Anyway, I agree that right now the "work" done by the client to elect a tie-breaker is quite useless. It would be nice if we could leverage other, more useful, computation tasks to let the time tick in the Bitcoin universe.

Right from the start I can think of the entire Boinc stack which is (kinda) useful, but we have to consider certain problems:
• Blocks have to be generate at regular intervals
• Difficulty has therefor to be adjustible
• Proof-of-work dictates that once a result if found it has to be easily verified
So SETI does not really qualify (too unpredictable, ...), maybe the prime number sieve might be a good candidate (find a prime number of a certain length), but it destroys the chainability (I can start calculating any length number without knowing the predecessor).

Want to see what developers are chatting about? http://bitcoinstats.com/irc/bitcoin-dev/logs/
Bitcoin-OTC Rating
caveden
Legendary

Offline

Activity: 1106
Merit: 1000

 February 09, 2011, 04:31:57 PM

I'd be more general than that and say that there is no way a currency can, all at once
• be issuable by anyone (decentralized issuing)
• be easy/cheap to issue
• have limited inflation

You can at most pick two. Both bitcoins and precious metals for ex. satisfy first and third criteria, but they are hard to obtain. A centralized electronic currency would satisfy the second and third, but not the first.
I don't think it's "mathematically provable", but it's probably "praxeologically provable", what's practically the same thing since math and praxeology, despite their (great) differences, follow the same scientific method.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
grondilu
Legendary

Offline

Activity: 1134
Merit: 1001

 February 09, 2011, 04:35:18 PM

I'd be more general than that and say that there is no way a currency can, all at once
• be issuable by anyone (decentralized issuing)
• be easy/cheap to issue
• have limited inflation

That looks clever.
marcus_of_augustus
Legendary

Offline

Activity: 2674
Merit: 1076

 February 09, 2011, 08:08:36 PM

Whatever it is, bitcoin is absolutely not a fiat currency.

Fiat means by decree, dictate, statute, law, legal tender, etc ... http://www.thefreedictionary.com/fiat

Quote
It can't be quite that straightforward, because in the early days bitcoins were created using much less energy than the most recent bitcoins. Even though we can distinguish them, we don't value them any differently.
But they are fungible, each currently circulating bitcoin is indistinguishable from any other (unless the block chain ever gets unravelled ), so in that sense they are worth the average energy needed to create a bitcoin. Take total hash power spent to date creating them divided by the number of bitcoins created to get average hash power per bitcoin .... intrinsic value due energy spent anonymisation/securing.

Anonymity is the key to making digital currencies fungible. A trace of transactions attributed to digital currency makes each unit distinguishable from another. E.g: I do not want that dirty terrorists, money-launderer, paedophiles (pick one) digital units in my account.

0x6763
Guest

 February 10, 2011, 04:46:27 AM

in that sense they are worth the average energy needed to create a bitcoin. Take total hash power spent to date creating them divided by the number of bitcoins created to get average hash power per bitcoin .... intrinsic value due energy spent anonymisation/securing.

Anonymity is the key to making digital currencies fungible. A trace of transactions attributed to digital currency makes each unit distinguishable from another. E.g: I do not want that dirty terrorists, money-launderer, paedophiles (pick one) digital units in my account.

The cost of operating the system does not determine the value of that system.  The cost of producing a bitcoin does not determine the value of that bitcoin.  Cost and value are two different concepts.  A bitcoin's value is that which a person will give up to acquire a bitcoin.

Here's some reading material for you:

The Subjective Theory of Value - http://mises.org/austecon/chap4.asp

http://en.wikipedia.org/wiki/Subjective_theory_of_value
marcus_of_augustus
Legendary

Offline

Activity: 2674
Merit: 1076

 February 10, 2011, 07:04:09 AM

Quote
Cost and value are two different concepts.

Heh thanks, I was well aware of that and your recommended reading but you must have missed (misunderstood?) what I was saying two posts above.

The premium captures the difference between cost and value of an object I believe.

Unless there is some enduring quality that demands a premium upon any item it will tend to its cost of production in the long term ... it is a thoroughly "Austrian" concept also, demonstrated by the observation that all fiat paper money has eventually been valued at around the cost of paper and printing involved in its production. Gold has never been far from its cost of production plus some premium for its utility as money, although this premium can vary by several multiples of cost of production depending on economic circumstances. Bitcoins are unique right now in that they serve all the historic roles of money; fungibility, divisibility, scarcity, store-of-value (we'll see) in a market where most flavours competing fiat currencies (paper and digital) fall down on one or several of these roles.

In any case, I'm sure that the free market will eventually give us price discovery in the long term for the value of bitcoins. Other crypto-currency P2P networks that spring up in competition to bitcoins will ensure it.

Klortho
Newbie

Offline

Activity: 7
Merit: 0

 May 19, 2011, 03:52:53 AM

It seems to me this discussion has drifted pretty far from the initial topic.
As you know many people don't like the idea of using CPU power in order to make so-called "useless" computations.
I'm pretty new here, but one thing I read early on was that the main point of the generation of new bitcoins is to be an incentive to get people to participate in the network.  And that eventually, the tap will run dry, and then the incentive is supposed to switch to some kind of transaction cost scheme, right?
Well, wouldn't it have been possible to start with a digital currency that had a fixed, unchanging number of units, and used a transaction cost scheme as the incentive structure from the start?  I don't know, this has undoubtedly been discussed before, but I'm just wondering.  It seems like something closer to the way bittorrent works, where the reward for participating is faster download times.  In this kind of scheme, the reward for participating would be a greater share in the (hopefully very small) total transaction cost pie.
Gavin Andresen
Legendary

Offline

Activity: 1652
Merit: 1014

Chief Scientist

 May 19, 2011, 04:00:21 AM

Well, wouldn't it have been possible to start with a digital currency that had a fixed, unchanging number of units, and used a transaction cost scheme as the incentive structure from the start?
Sure, we'll call it GavinCoin and I get all the coins to start.

If you want some, you just send me some of that worthless fiat currency that you have laying around.

Sound good?

How often do you get the chance to work on a potentially world-changing project?
unk
Member

Offline

Activity: 84
Merit: 10

 May 19, 2011, 04:13:31 AM

@moa: the cost to generate is of course dependent on how many people are trying to do it, and that in turn depends on the perceived sale price, so it's not clear how the theory of value you're proposing doesn't suffer from a feedback loop.

@grondilu: computational proof of work isn't the only choice, even for a technology with similar constraints and threat models to bitcoin. for example, you could use ip addresses or bandwidth, but satoshi decided that those would lead to a less reliable allocation. (at least, he considered ip addresses specifically. i'm not sure he considered bandwidth, probably because its use in this context would pose very complex problems. consider that in a bittorrent or emule 'economy', however, bandwidth is the key resource that 'buys' you what you want.)

it's all a practical judgment call, not a theoretical limitation. think through how generation might work with ip addresses or other features of network topology as the basis of generation, and i think you'll find it's not obviously horrible and may even pose some advantages to hashing.

other methods for distributed timestamping have been explored in past literature, but they depend on different models of trust and threats.
Timo Y
Legendary

Offline

Activity: 938
Merit: 1001

bitcoin - the aerogel of money

 May 19, 2011, 08:31:00 AM

Quote from: grondilu
If a cryptocurrency respects the folowing criteria:

* it doesn't discriminate any node of the network ;
* the initial monetary amount available in the network is zero (apart from the genesis block) ;

Then at any time, the probability of generation of a new monetary unit for any node is proportionnal to the CPU of this node.

Not sure if this is true.

I can think of an untamperable distributed timpestamp method that doesn't rely on proof-of-work or  CPU:

Cosmic Radiation

Every node agrees to point a radio dish at predefined sector of the sky and measure the random fluctuations in cosmic radiation in some standardised way.

These measurements are translated into a linear data stream that is permanetly recorded by every node.

Then use the block chain concept, except that the nonce in each block isn't incremented, it's the latest chunk from above data stream.

Distributing newly minted money is harder, but can also be performed with a cosmic radiation proof-of-work.   The target isn't a hash but a set of stars/galaxies in a certain configuration (for example). Nodes scan the sky with high powered telescopes and the first node to find such a configuration digitally signs its exact coordinates.   It is then easy for other nodes to verify the stars on those coordinates.

Somebody could of course open thousands of nodes with a forged data stream, but those blocks would be rejected by the nodes that physically have a dish pointing at the sky.

Maybe I have missed something? Could this type of block chain be forged in some other way?

GPG ID: FA868D77   bitcoin-otc:forever-d
grondilu
Legendary

Offline

Activity: 1134
Merit: 1001

 May 19, 2011, 03:12:35 PM

Even if you use some kind of a source of verifiable random numbers from cosmic radiation or whatever, as long as the system is anonymous, it will fallback into CPU power or hardware ressource.

Basically if the right to receive bitcoins is based on some sky event, then everyone will try to post as many sky predictions as possible, just in order to increase their probability of winning.  And the amount of predictions you can post would be proportionnal to your CPU.
Klortho
Newbie

Offline

Activity: 7
Merit: 0

 May 19, 2011, 10:14:29 PM

Well, wouldn't it have been possible to start with a digital currency that had a fixed, unchanging number of units, and used a transaction cost scheme as the incentive structure from the start?
Sure, we'll call it GavinCoin and I get all the coins to start.
If you want some, you just send me some of that worthless fiat currency that you have laying around.
Sound good?

You think this is a rebuttal, but in fact it's all the same to me, and others like me, who are coming late to bitcoin, and with no intention of buying hardware and doing my own mining. I've nonetheless forked over some fiat currency for these bitcoins, just because they seem to have acquired some value.  Why wouldn't it {have been / be} possible to start with a fixed number of coins distributed among some community of hackers and get it started that way?  The vast majority of bitcoins, presumably, were generated when the system was very young, and so are already in the hands of the early adopters.
 Pages: [1] 2 3  All
Jump to:

Sponsored by , a Bitcoin-accepting VPN.