Bitcoin Forum
December 04, 2016, 08:42:02 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Would it be possible...  (Read 1539 times)
omerioun
Newbie
*
Offline Offline

Activity: 14



View Profile
August 10, 2011, 06:49:56 PM
 #1

.
1480884122
Hero Member
*
Offline Offline

Posts: 1480884122

View Profile Personal Message (Offline)

Ignore
1480884122
Reply with quote  #2

1480884122
Report to moderator
1480884122
Hero Member
*
Offline Offline

Posts: 1480884122

View Profile Personal Message (Offline)

Ignore
1480884122
Reply with quote  #2

1480884122
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Meni Rosenfeld
Donator
Legendary
*
expert
Offline Offline

Activity: 1890



View Profile WWW
August 10, 2011, 07:36:51 PM
 #2

Would it be possible to replace random hashing calculations with say real world distributed computer calculation processing such as is from the BOINC client, World Community Grid or Folding@Home?

If so how difficult would the change be?

Maybe modifying the BTC miners to register to these projects as a common Bitcoin processor for all of these projects simultaneously, injecting the packet processing into standard block processing etc.

I am thinking if this is possible this alone could be a HUGE boost to bitcoin (and bitcoin like) currencies as you greatly expand your interested client base and appeal to individual humanitarian causes as well as natural profiteering and liberty minded individuals.

In all likelihood we would likely pick up dedicated users from the other networks as well since with BTC and BTC like currencies they earn money for their philanthropy  Cheesy
Mining is about generating a certificate, easily verifiable without a centralized service, that work was done acknowledging a specific timeline of transactions. This is probably incompatible with external computing projects. If you can think of a way to combine them you'll have to be much more specific.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
August 10, 2011, 07:55:37 PM
 #3

Difficulty can not be faked.  Anything else can.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
vector76
Member
**
Offline Offline

Activity: 70


View Profile
August 10, 2011, 08:22:22 PM
 #4

If you can come up with a way of combining proof-of-work (as in securely provable) together with general-purpose useful work, that would be a wonderful thing.  To my knowledge, nobody knows how to do this.
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
August 10, 2011, 09:03:45 PM
 #5

One thing to keep in mind, which is often overlooked is that the "difficulty" is not just arbitrary waste-of-time to slow down BTC generation.  It is actually directly related to how "difficult" it is to attack the network.  The higher the difficulty, the harder it is for one person/organization start re-writing the block chain and reversing transactions.  Every extra hash that's needed to solve a block is a little bit of extra security against an attacker.   We can't just arbitrarily replace hashing with other things, without compromising the security.  Even if we tried, we'd likely end up leaving open holes for people to skip the non-hashing parts of the mining and get an advantage over other miners (which isn't dangerous but it won't be a popular revision to the protocol).

In order for something to do what you suggest (replace hashing as proof-of-work and be useful), the problem must satisfy the criteria:
(1) The solution is a piece of information that is extremely difficult to find
(2) A given solution can be checked extremely fast

To find a nonce that creates a block header with 40 leading zero bits will take 2^40 SHA256 calculations (on average), but once you've done it, it takes everyone else in the world exactly 1 SHA256 calculation to verify the solution.  I don't know much about FAH calculations, but I don't think they fall into this category.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
markm
Legendary
*
Offline Offline

Activity: 1778



View Profile WWW
August 10, 2011, 11:22:29 PM
 #6

Folding at home pools could be great though, that is, run such projects similar to the way mining pools work.

For example if looking for a valuable protein to patent to make a lot of money selling things licensed by the patent, then once the patent sells, or starts getting income, the people who did the computing could be paid off based on the amount of the computing they did.

There is probably some ocmpany somwhere that is going to end up making money with whatever the folding people discover, even if they pretend to be "not for profit".

Or do they have some way of making sure no-one ever makes a profit from what they find, on the contrary the results will be useable only by volunteers or something?

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
August 11, 2011, 12:00:51 AM
 #7

I do not think it would work. right now, bitcoin is completely decentralized, if you were to impose things like F@H, then bitcoin becomes centralized and useless. that is unless someone provides some rock solid solutions to the problem.

Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
August 11, 2011, 12:17:17 PM
 #8

Guys, please read the FAQ before posting questions like this in the dev section:

https://en.bitcoin.it/wiki/FAQ

Quote
Why don't we use calculations that are also useful for some other purpose?
To provide security for the Bitcoin network, the calculations involved need to have some very specific features. These features are incompatible with leveraging the computation for other purposes.
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
August 11, 2011, 12:31:54 PM
 #9

Would it be possible to replace random hashing calculations with say real world distributed computer calculation processing such as is from the BOINC client, World Community Grid or Folding@Home?
Why pay miners for calculations that don't secure the hash chain? These "random" hashing calculations are not random -- they add computational effort to the public hash chain, preventing double spending attacks.

Quote
I am thinking if this is possible this alone could be a HUGE boost to bitcoin (and bitcoin like) currencies as you greatly expand your interested client base and appeal to individual humanitarian causes as well as natural profiteering and liberty minded individuals.
You're welcome to do all those things if you want, but it doesn't help secure the hash chain. That's what miners are paid for.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
jtimon
Legendary
*
Offline Offline

Activity: 1246


View Profile WWW
August 11, 2011, 12:57:18 PM
 #10

The problem with those calculations is that they require as much work to generate them than to verify they're right.
The hashes are hard to get but easy to verify.
If you modify the client the way you propose, non mining clients will need much more work.
Also repeated work that doesn't serve the BOINC project after the first time.
A server could verify it for you (maintaining a database), but then you're giving up the decentralization.

2 different forms of free-money: Freicoin (free of basic interest because it's perishable), Mutual credit (no interest because it's abundant)
Sukrim
Legendary
*
Offline Offline

Activity: 1848


View Profile
August 11, 2011, 01:56:43 PM
 #11

BOINC is an infrastructure, not a specific project.

What ould be done would be to have a BOINC powered Bitcoin pool and offering the power of the pool to others. The others would then have to submit their BOINC project + Bitcoins for the computation time + Miners then could switch between direct mining or calculations + getting paid for them with the same outcome money wise.

A bigger problem though is that companies rather invest more money just to protect the integrity + confidentiality of their data or pay other companies (Amazon) to do that calculations for them - I doubt that besides some WPA or other password cracking you would have many customers in any cluster where random people can join.

To answer the question:
Yes, it is possible to calculate other stuff next to mining too - it however would just decrease your Bitcoin income proportionally unless you get paid for that other work in Bitcoin too.
To incentivize this you could offer bounties, lotteries or whatever but everything would be outside the actual Bitcoin sphere/work/client. There is no way I can think of to actually put something like that directly into the Bitcoin client/protocol.

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
jtimon
Legendary
*
Offline Offline

Activity: 1246


View Profile WWW
August 11, 2011, 04:15:42 PM
 #12

Also repeated work that doesn't serve the BOINC project after the first time.

BOINC is an infrastructure, not a specific project.

I meant the concrete BOINC project having its calculations made by the bitcoin network.

Your idea is interesting but doesn't involve changing the bitcoin mining calculations.
Users would just sell their computer power to BOINC projects for bitcoins instead of using it directly for mining. It could make the difficulty more stable when many miners come at the same time. It could be healthy for mining, even if it's not the first though that comes to mind.

2 different forms of free-money: Freicoin (free of basic interest because it's perishable), Mutual credit (no interest because it's abundant)
vector76
Member
**
Offline Offline

Activity: 70


View Profile
August 11, 2011, 05:05:21 PM
 #13

One major consideration is that the proof of work, as it's currently defined, has zero dependence on outside data.  This gives it a certain robustness, whereas if there were some dependence on a job list or some kind of computing grid external data, then the security of the entire system is degraded to the security of the external data source.  There is no guarantee that the jobs are as hard as they need to be, or that the system can't somehow be gamed or cheated.  The current double-SHA256 is impossible to cheat without breaking SHA256.

Better to just buy and sell compute cycles using bitcoins, rather than try to fit useful computations into the block chain proof-of-work.
jtimon
Legendary
*
Offline Offline

Activity: 1246


View Profile WWW
August 11, 2011, 07:16:39 PM
 #14

1)  Transactions only, no mining new coins

You can't separate transaction fees from mining. the miner/pool who solves the block first gets both the reward and the tx fees.
This will only happen when there's no more new btc to mine.
But as said, the computing for btc (without affecting the security of bitcoin) seems an interesting idea. The rewards would tend to be equivalent to mining, so when too many miners join the mining business at the same time, part of the "over-competence can be outsourced" to the BOINC for btc market.

2 different forms of free-money: Freicoin (free of basic interest because it's perishable), Mutual credit (no interest because it's abundant)
ByteCoin
Sr. Member
****
expert
Offline Offline

Activity: 416


View Profile
August 12, 2011, 01:28:30 AM
 #15

I have identified some necessary properties for a useful proof of work in this post.

SETI, folding@home etc are not suitable.

ByteCoin
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
August 18, 2011, 05:51:43 AM
 #16

I read Bytecoin's properties of proof-of-work problems.  I believe there is another property that is necessary, but I might be wrong so I hope someone will chime in if they see a way to avoid this problem.   Consider the infeasible example of number factoring as proof-of-work.  I don't know how it would work, link to previous blocks, etc.  Just assume that the "work" is number factoring, which is hard to do, easy to verify.   

Now, I'm on a network of untrusted nodes.  We're all working to factor a number.  I find a solution, and then declare "The solution is X*Y=Z here's my public key, now give me my 50 BTC!"  What is stopping the first node that receives this message from simply claiming the solution is his own, swapping his public key into the message, and then broadcasting it?  Nodes can try to compare timestamps, but network latency is high variance.  How does he know that the other guy isn't the true "winner" but his network packets had more hops?

The nice thing about the current hashing solution is that the coinbase tx to yourself is part of your hashed solution.  If someone tries to swap in their own public key, they break the hash and it becomes invalid.  The only way to "steal" it is just to do the work themself.

So my question is, given a problem that is otherwise ideal, but does not have ownership somehow tied into the proof-of-work, is there a way to avoid the problem I described above?  If not, I think this severely limits the number of candidate problems.

-Eto



Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
August 18, 2011, 06:02:59 AM
 #17

Now, I'm on a network of untrusted nodes.  We're all working to factor a number.  I find a solution, and then declare "The solution is X*Y=Z here's my public key, now give me my 50 BTC!"  What is stopping the first node that receives this message from simply claiming the solution is his own, swapping his public key into the message, and then broadcasting it?  Nodes can try to compare timestamps, but network latency is high variance.  How does he know that the other guy isn't the true "winner" but his network packets had more hops?

The nice thing about the current hashing solution is that the coinbase tx to yourself is part of your hashed solution.  If someone tries to swap in their own public key, they break the hash and it becomes invalid.  The only way to "steal" it is just to do the work themself.

So my question is, given a problem that is otherwise ideal, but does not have ownership somehow tied into the proof-of-work, is there a way to avoid the problem I described above?  If not, I think this severely limits the number of candidate problems.
The whole purpose of mining is to secure the transactions. Any algorithm that didn't secure the transactions, including the coinbase transaction, would be useless.

Factoring a number could be used for proof of work, but the number would have to be based on the previous block's hash and the hash of the transaction tree. So the point is, you could use factoring for your proof of work, but you couldn't choose what numbers you had to factor -- the transactions and the chain would have to do that.

In that case, the difficulty would be how big the smallest factor had to be -- otherwise, you could just work to get an even number and divide it by 2. In fact, you could drop in factoring as a replacement PoW algorithm. You'd hash just the same as you do now, but instead of looking for a low hash output, you'd look for a hash output you could factor but such that the smaller factor exceeded the difficulty. Verifying the proof of work would include making sure that neither factor was smaller than the difficulty and that the smaller factor was prime. (Otherwise, it's too easy.)

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
August 18, 2011, 06:20:28 AM
 #18

I think you missed the point of my post.  I wasn't concerned about factoring itself, just the general miner-ownership property.  People have proposed all sorts of ideas, and my question was whether a problem that doesn't have miner-ownership tied into the solution can even be considered?  If my assessment is correct, that further limits the number of problems that are candidates for PoW.

Although perhaps I missed the point of your post.  What you are suggesting is that many problems could be implemented by requiring desirable properties of the resultant hash instead of leading zeros.   I don't know how many useful problems there could be that fit into this, but it's more than I thought about before.


Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
ByteCoin
Sr. Member
****
expert
Offline Offline

Activity: 416


View Profile
August 19, 2011, 12:59:57 AM
 #19

I read Bytecoin's properties of proof-of-work problems. 

Thanks for taking the time to understand my thoughts.

The way to stop people hijacking your factoring proof-of-work is using the relevancy property. The work you performed was relevant to the block which includes the transaction that credits you.

In the particular case of factoring we could agree on a large composite number that would be a worthwhile factoring, perhaps a number from this list.

The simplest method I can think of would be to implement MPQS where the coefficients of the polynomial are derived from the block hash. The proof of work would be one or more (depending on the difficulty) relations of sufficient quality. After sufficient relations have been found then the factorization is completed, the factors published on the bitcoin net along with the next target.

ByteCoin
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!