The mining is not arbitrary waste-of-time kind of work. It serves the purpose of securing the network, and cannot just be replaced with other activities. The biggest weakness of Bitcoin is if any one entity, or group of cooperating entities control more than 50% of the entire

**global** computation on the BTC network. This is because, in order to execute a double-spend, you have to be able to write blocks faster than the non-cooperating nodes. In this sense, when we talk about "difficulty", it's not just difficulty in generating coins, it's also difficulty in attacking the network.

If a bunch of miners were to switch to some other problem, even temporarily, that would open the door for someone with a lot of resources to take a shot at double-spends, which could do quite a bit of damage to people's overall confidence in BTC. I'd say that no one has the resources to do this at this point, but you mentioned governments, which are probably the only entities left with "feasible" resources to do it. So the best way to defend against the attackers/governments is actually to do

*exactly what we're doing already*, which is mining as fast as we can to max out the difficulty.

Now, the question has come up before, is there any other kind of computation that could serve the same purpose as hashing for the BTC network, but also be useful in some other application? There's two criteria for this:

- (1) The "problems" to be solved must have flexibility to impose arbitrary difficulty of solving -- so that the network difficulty can be calibrated to the global computation speed
- (2) A solution to the problem in (1) must be extremely fast to verify.

Hashing to a set number of zeros is great because the target hash can impose just about any level of difficulty on the network, and while it takes 2^52 hashes for you to find a block with 52 zero bits in front, it takes everyone else exactly

**one** hash to verify you found a solution. This is why it's called a "proof-of-work" security. It requires a ton of computing power to produce a valid solution, and easy to "prove" that you did it. If you can find another problem that has this kind of flexibility and solve/verify relationship, it might be possible to use it. But it would most definitely be in another blockchain... and lord knows we have enough of those already...

EDIT: Actually, I shouldn't speak so negatively of new blockchains. If someone actually produced a new blockchain that was based on solving a real-world, curing-cancer kind of problem, I think it would be very welcome. The only thing better than securing the network is to

*also* be finding cures for cancer at the same time!