conjecture about proof-of-work and cryptocurrencies

[anisoptera]

The vast majority of bitcoins, presumably, were generated when the system was very young, and so are already in the hands of the early adopters.

If your definition of "very young" is "before I learned about it", then sure, of course the majority of bitcoins were generated when it was "very young". But the number of bitcoins generated per hour is no different today than it was a year ago. It is just distributed among a much larger pool of people.

The majority of bitcoins have yet to be generated. We're not even halfway there yet.

[1714787643]

1714787643

[1714787643]

1714787643

[grondilu]

Well, wouldn't it have been possible to start with a digital currency that had a fixed, unchanging number of units, and used a transaction cost scheme as the incentive structure from the start? 

Sure, we'll call it GavinCoin and I get all the coins to start.
If you want some, you just send me some of that worthless fiat currency that you have laying around.
Sound good?

You think this is a rebuttal, but in fact it's all the same to me, and others like me, who are coming late to bitcoin, and with no intention of buying hardware and doing my own mining. I've nonetheless forked over some fiat currency for these bitcoins, just because they seem to have acquired some value.  Why wouldn't it {have been / be} possible to start with a fixed number of coins distributed among some community of hackers and get it started that way?  The vast majority of bitcoins, presumably, were generated when the system was very young, and so are already in the hands of the early adopters.

You are totally free to create your KlorthoCoin.   Go for it, really.   At some point anyway this kind of stuffs will happen.  Just don't be offended if I don't value your klorthocoin much.

[alkor]

I'd be more general than that and say that there is no way a currency can, all at once

• be issuable by anyone (decentralized issuing)
• be easy/cheap to issue
• have limited inflation

I agree with this assertion.

I've been consider an alternative to bitcoin which has no computational proof-of-work, but simply a central timestamping server - which determines in which order transactions will appear in the chain. Whenever a double spending occurs, nodes consult the timestamping server as to which transaction should be in the chain, and discard the other one.

This version of Bitcoin will also be censorship resistant, because the central timestamping server has a very simply job (simply to order transactions), and can be easily replaced if disabled by a central authority.

In this version, all the coins will be issued in the beginning, and then the software will be distributed across all nodes. No subsequent increases in the number of coins will be allowed. An increase would require modification of the software, and that will be rejected by most nodes as it will devalue their currency.

So while in this version coins will not be issuable by anyone, they will be very cheap to issue, and the system will have no inflation. More importantly, no resources will be wasted in proof-of-work. The only drawback is the centralized nature of the timestamping server, but it can be easily replaced if it gets banned.

[CydeWeys]

Alkor, I think you missed the point of Bitcoin.  Its biggest advantage is that it is decentralized.  Having expensive proof-of-works is simply a side-effect of having a distributed system.  No one's interested in yet another centralized system; there are already hundreds of those, many of which have much larger backing and more trust than your idea ever will.

[alkor]

Alkor, I think you missed the point of Bitcoin.  Its biggest advantage is that it is decentralized.  Having expensive proof-of-works is simply a side-effect of having a distributed system.  No one's interested in yet another centralized system; there are already hundreds of those, many of which have much larger backing and more trust than your idea ever will.

CydeWeys, I haven't missed the point of Bitcoin. Even though it may appear that bitcoin is a decentralized system, in the long term it will converge to the centralized system I described as miners become more specialized and control most of the computational power. With the recent case of one of the mining pools surpassing the 50% hashing power, we are already close to having a centralized proof of work system anyway.  So eventually there is little doubt that select few highly-efficient miners will control what transactions get verified and what don't.

Besides, a system based on a centralized time-stamping server would not be yet another centralized system.  All centralized monetary systems are currently able to  inflate their currency, whereas with the centralized time-stamping system the central entity will not be able to create new money. That will be it's only advantage.

[grondilu]

Besides, a system based on a centralized time-stamping server would not be yet another centralized system.  All centralized monetary systems are currently able to  inflate their currency, whereas with the centralized time-stamping system the central entity will not be able to create new money. That will be it's only advantage.

It's not a totally bad idea.  Whom would new money be given to, though?

Also, even if the time-stamping server could not steal money or create new one, it would still have the power to double spend.  So it would be difficult to obtain a consensus about who is trustworthy enough to get this power.

So to speak bitcoin IS a system with centralized time server.  But the server changes every ten minutes or so.  So somehow, bitcoin is already an extreme version of what you are suggesting.

[alkor]

It's not a totally bad idea.  Whom would new money be given to, though?

The system could be bootstrapped from Bitcoin by assigning balances to each address in accordance with the current wealth distribution of Bitcoin users. The new system will use the same private/public key architecture as Bitcoin, and since users control their private keys, they will be able to spend their coins on both systems. The first (genesis) transaction in the new system will be one that assigns to all current Bitcoin public addresses in existence their respective Bitcoin balance.

Also, even if the time-stamping server could not steal money or create new one, it would still have the power to double spend.  So it would be difficult to obtain a consensus about who is trustworthy enough to get this power.

The job of the time-stamping server would be to assign order to transactions that is final and immutable. Instead of the current block-chain there will be a chain of transactions signed by the time-stamping server. A copy of the chain of transactions will be stored on every node. If the time-stamping server attempts to double-spend, then it will have to modify the immutable chain of transactions, and that attempt will be rejected by the network of nodes, since each node will be able to see that the server is trying to assign a different order number to a transaction it has previously signed. Once that happens, the community has to choose a new time-stamping server that is trustworthy. Since the job of the time-stamping server is easy, it would be trivial to set one up.

Another problem with a central time-stamping server would be that it will have the power to selectively not include transactions into the chain based on their addresses. But the same problem exists in the current bitcoin implementation. And the solution again would be to chose a new server if the current one starts behaving badly.

[grondilu]

A copy of the chain of transactions will be stored on every node. If the time-stamping server attempts to double-spend, then it will have to modify the immutable chain of transactions, and that attempt will be rejected by the network of nodes, since each node will be able to see that the server is trying to assign a different order number to a transaction it has previously signed.

No.  A double-spending would not work this way.  The timestamp server would sign two transactions but will just wait a bit to publish the oldest one.  It will do as if there had been some network latency.  There is no way the other nodes can prove it was not honnest.

Since the job of the time-stamping server is easy, it would be trivial to set one up.

setting one up is easy, sure.  But the tricky part is to chose one and to convince everyone to use the same.

And the solution again would be to chose a new server if the current one starts behaving badly.

Bitcoin choses a new server every ten minutes or so, without having to wait for it to behave badly.  This is much better.

[ben-abuya]

I'm not sure if this applies, but in nature, timestamping is distributed. That's how your heart works, for instance -- no one cell sets the pulse. Crickets do the same thing.

[alkor]

No.  A double-spending would not work this way.  The timestamp server would sign two transactions but will just wait a bit to publish the oldest one.  It will do as if there had been some network latency.  There is no way the other nodes can prove it was not honest.

I think I didn't make myself clear. The chain of transactions must always be in a consistent state, i.e. no address can have a negative balance. Every node can verify the chain is in a consistent state. If the time-stamping server signs a transaction that puts the chain in an inconsistent state, then the server is rejected by the network. So a double-spend isn't really possible without invalidating the chain a copy of which is stored on every node.

setting one up is easy, sure.  But the tricky part is to chose one and to convince everyone to use the same.

Sure, that's a valid criticism. Maybe one could build a hierarchical structure where one could easily reach a consensus of a new time-stamping server across the network once the old one behaves badly.  

[grondilu]

That's how your heart works, for instance -- no one cell sets the pulse. Crickets do the same thing.

Hum... sounds interesting.  Any source/documentation about that?

[grondilu]

No.  A double-spending would not work this way.  The timestamp server would sign two transactions but will just wait a bit to publish the oldest one.  It will do as if there had been some network latency.  There is no way the other nodes can prove it was not honest.

I think I didn't make myself clear. The chain of transactions must always be in a consistent state, i.e. no address can have a negative balance. Every node can verify the chain is in a consistent state. If the time-stamping server signs a transaction that puts the chain in an inconsistent state, then the server is rejected by the network. So a double-spend isn't really possible without invalidating the chain a copy of which is stored on every node.

Well, I don't know.  Maybe it's possible.  But it is surely trickier than what you seem to think.   For instance, say indeed some node sees an inconsistent entry in the table.  It has to tell every one.  They all have to check the accusation is true and then they all have to decide to ban the bad timestamp server, revoke its previous transactions (how many??), chose a new one and so on.   An ugly mess for sure.

[alkor]

Well, I don't know.  Maybe it's possible.  But it is surely trickier than what you seem to think.   For instance, say indeed some node sees an inconsistent entry in the table.  It has to tell every one.  They all have to check the accusation is true and then they all have to decide to ban the bad timestamp server, revoke its previous transactions (how many??), chose a new one and so on.   An ugly mess for sure.

You are right it's messy. But the only messy part is how to choose a new time-stamp server.
Revoking transactions will be easy. Only transactions that were placed after the invalid transaction will be revoked - but they should never have been placed in the chain by honest nodes anyway. Once a new time-stamp server is chosen - valid transaction will be placed back into the chain by that server. Even the originally invalid transaction may be placed into the chain eventually if the balance of the account to which it refers becomes sufficiently large.

[ben-abuya]

That's how your heart works, for instance -- no one cell sets the pulse. Crickets do the same thing.

Hum... sounds interesting.  Any source/documentation about that?

grondilu, I remember reading all about that stuff in this book:

http://www.amazon.com/Sync-Order-Emerges-Universe-Nature/dp/0786887214/ref=sr_1_1?ie=UTF8&qid=1306525959&sr=8-1

[marcus_of_augustus]

I'm not sure if this applies, but in nature, timestamping is distributed. That's how your heart works, for instance -- no one cell sets the pulse. Crickets do the same thing.

Nice observation, circadian rhythms, beat frequencies for clocks.

[ben-abuya]

I'm not sure if this applies, but in nature, timestamping is distributed. That's how your heart works, for instance -- no one cell sets the pulse. Crickets do the same thing.

Nice observation, circadian rhythms, beat frequencies for clocks.

Thanks! I started reading Strogatz's book again. I wouldn't be surprised if his work on this stuff could be used in a really cool way:

http://epubs.siam.org/siap/resource/1/smjmap/v50/i6/p1645_s1?isAuthorized=no

The main result is that for almost all initial conditions, the population evolves to a state in which all the oscillators are firing synchronously. The relationship between the model and real communities of biological oscillators is discussed; examples include populations of synchronously flashing fireflies, crickets that chirp in unison, electrically synchronous pacemaker cells, and groups of women whose menstrual cycles become mutually synchronized.

[marcus_of_augustus]

I'm not sure if this applies, but in nature, timestamping is distributed. That's how your heart works, for instance -- no one cell sets the pulse. Crickets do the same thing.

Nice observation, circadian rhythms, beat frequencies for clocks.

Thanks! I started reading Strogatz's book again. I wouldn't be surprised if his work on this stuff could be used in a really cool way:

http://epubs.siam.org/siap/resource/1/smjmap/v50/i6/p1645_s1?isAuthorized=no

The main result is that for almost all initial conditions, the population evolves to a state in which all the oscillators are firing synchronously. The relationship between the model and real communities of biological oscillators is discussed; examples include populations of synchronously flashing fireflies, crickets that chirp in unison, electrically synchronous pacemaker cells, and groups of women whose menstrual cycles become mutually synchronized.

Yeah, I think one of the craziest demonstrations from this was the experiments where the sleep-wake cycle was identified to result from two harmonic oscillators (24.XX hour core body temperature oscillation and another 24.XX oscillator that I can't remember ... melatonin level due to light exposure?) ... anyway they put these lab rat students into a confined room for several weeks and started twiddling temperature and light on-offs and tricked the subjects body's into a 48 hour sleep-wake cycle ... they would be awake for 24 hours and sleep for 24 hours ....

[grondilu]

... anyway they put these lab rat students into a confined room for several weeks and started twiddling temperature and light on-offs and tricked the subjects body's into a 48 hour sleep-wake cycle ... they would be awake for 24 hours and sleep for 24 hours ....

Another way to get a similar result is to have the lab rat student spend some time on this forum 

[phillipsjk]

The job of the time-stamping server would be to assign order to transactions that is final and immutable. Instead of the current block-chain there will be a chain of transactions signed by the time-stamping server. A copy of the chain of transactions will be stored on every node. If the time-stamping server attempts to double-spend, then it will have to modify the immutable chain of transactions, and that attempt will be rejected by the network of nodes, since each node will be able to see that the server is trying to assign a different order number to a transaction it has previously signed. Once that happens, the community has to choose a new time-stamping server that is trustworthy. Since the job of the time-stamping server is easy, it would be trivial to set one up.

Anything based on the Network Time Protocol or astronomical observation won't work. What is the recourse if the "time" server says you didn't make any transactions? Elect a new server? The beauty of the the Bitcoin protocol is that a new server is chosen by lottery every time a new block chain is made. The "time stamp" is a time stamp in terms of entropy and proof of work. To falsify a past transaction takes an increasing amount of resources as time goes on. To falsify the newest block chain you have to prove your version is "better" (I have to read-read what the protocol does for competing block-chains).

Keep in mind that transactions don't have to be synchronous. For smaller transactions, people may be trusted not to double-spend even in the absence of a constant network connection.

[anisoptera]

(I have to read-read what the protocol does for competing block-chains).

Largest proof-of-work wins. In case of ties, miners start working on the first one they saw.

A block with a higher difficulty is considered "larger" for this purpose, so creating your own chain from block 1 at difficulty 1 won't work.