Anti ASIC/GPU/FPGA POW-algorithm. New (2019).

[IadixDev]

the distribution of time between solutions must be exponential (since it's the only memoryless distribution), i.e. the probability of finding a solution at time t < T is:

This ok, but need to see the bigger picture of why these property makes it ideal proof of work.

The idea with the model you describe is the distribution of the reward is based on equal chance to win the reward for each unit of work done, with 99% of the work done that doesn't participate in the final solution, only one miner get all the reward when he find the good nonce, and all the other work done for the block is useless.

The idea of OP for reward distribution is clearly different because each unit of work done participate to the elaboration of the final proof and earn a reward. The problem is how to force the work to be shared between different miners to distribute the reward, as each unit of work has 100% chance of being rewarded, and the total amount of work is determined for a given block target time, the distribution must use another mechanism. If a miner is never allocated a "work slot", then he just idle and cost nothing, when he is allocated a "work slot", he compute the proof using the previous one from another miner and gain the reward.

It still need a way spread the work in sort that you have this same kind of distribution of reward based on miner ID or address, except that the miner is just idle until he is given the work, and the distribution depends on another algorithm that define which address is going to do which part of the work for a given block, and all other miner just idle and do no work, so they don't 'loose' anything, and you could have still same idea of the probability to given work to do in a time T will be evenly distributed between all miners, even if a single persons could spawn many miners.

It would still end with the same sort of calcultion except the C for core become a miner ID, and miner is idle until his ID is selected to mine a block.

It's not the same principle than bitcoin pow, but i think it could be viable , or not completely impossible to solve, but maybe i'm missing something.

[1715399063]

1715399063

[tevador]

one miner get all the reward when he find the good nonce, and all the other work done for the block is useless.

The "useless" work is what makes the hashcash style PoW secure.

It still need a way spread the work in sort that you have this same kind of distribution of reward based on miner ID or address, except that the miner is just idle until he is given the work, and the distribution depends on another algorithm that define which address is going to do which part of the work for a given block, and all other miner just idle and do no work, so they don't 'loose' anything

Then the main question is what provides the incentive for miners to cooperate (and suffer the network latency penalty) rather than mine selfishly 100% of the time.

For example, if the block interval is 10 minutes, each stages takes 1 ms to calculate and the average network delay is 49 ms, we can support up to 12000 cooperating miners on the network. However, a selfish miner can calculate 600000 stages locally (with 600000 different addresses) and win the whole block reward every time because his blockchain contains more work than the cooperating blockchain.

[IadixDev]

one miner get all the reward when he find the good nonce, and all the other work done for the block is useless.

The "useless" work is what makes the hashcash style PoW secure.

It still need a way spread the work in sort that you have this same kind of distribution of reward based on miner ID or address, except that the miner is just idle until he is given the work, and the distribution depends on another algorithm that define which address is going to do which part of the work for a given block, and all other miner just idle and do no work, so they don't 'loose' anything

Then the main question is what provides the incentive for miners to cooperate (and suffer the network latency penalty) rather than mine selfishly 100% of the time.

For example, if the block interval is 10 minutes, each stages takes 1 ms to calculate and the average network delay is 49 ms, we can support up to 12000 cooperating miners on the network. However, a selfish miner can calculate 600000 stages locally (with 600000 different addresses) and win the whole block reward every time because his blockchain contains more work than the cooperating blockchain.

Ok let say on 10 minutes block you would create chunks of 10 sec of work, like first generating the total ring chain to be computed, then breaking it down to séries of sub ring chain, in sort that each sub chain need to hash its address or id with the previous work.

Now let say this miner id is not just the address, but an ip/address pair. Each time a new node appear on the network it register itself on the network, and put on the global list of miners id, each time a new block arrive this address/Ip pair is hashed with the new block signature and miners id sorted on this hash, and the first 60 are selected for the next block.

The Ip will be used to send the work to the miner and to send it to the next so Ip can checked in and out even if that wouldnt prevent 3 ips to collude to steal work.

It could be made stronger if all nodes do traceroute on miners and a consensus can be reached on topography of ips, i tend to think its a problem that has a degree of byzantine fault tolerance as any node can check the traceroute of other nodes and deduce if the traceroute sent by another node is incohérent, i think its a classic problem of graph theory with a byzantine fault tolerance, similar to this Techniques for Detection of Malicious Packet Drops in Networks   , taking in account that the topography doesn't have to be 100% accurate, but at least give sufficient probability that two nodes are not located too close to each others, and using some connectivity testing along path with a technique similar to the link. Some 'hard' consensus could be added if there is too much conflict above the byzantine fault tolerance of the system.

Would be a long shot, but wouldnt this garantee a certain degree of decentralisation ?

[tevador]

Ok let say on 10 minutes block you would create chunks of 10 sec of work, like first generating the total ring chain to be computed, then breaking it down to séries of sub ring chain, in sort that each sub chain need to hash its address or id with the previous work.

Now let say this miner id is not just the address, but an ip/address pair. Each time a new node appear on the network it register itself on the network, and put on the global list of miners id, each time a new block arrive this address/Ip pair is hashed with the new block signature and miners id sorted on this hash, and the first 60 are selected for the next block.

The Ip will be used to send the work to the miner and to send it to the next so Ip can checked in and out even if that wouldnt prevent 3 ips to collude to steal work.

It could be made stronger if all nodes do traceroute on miners and a consensus can be reached on topography of ips, i tend to think its a problem that has a degree of byzantine fault tolerance as any node can check the traceroute of other nodes and deduce if the traceroute sent by another node is incohérent, i think its a classic problem of graph theory with a byzantine fault tolerance, similar to this Techniques for Detection of Malicious Packet Drops in Networks   , taking in account that the topography doesn't have to be 100% accurate, but at least give sufficient probability that two nodes are not located too close to each others, and using some connectivity testing along path with a technique similar to the link. Some 'hard' consensus could be added if there is too much conflict above the byzantine fault tolerance of the system.

Would be a long shot, but wouldnt this garantee a certain degree of decentralisation ?

There are so many problems with this I don't even know where to start.

1. This scheme fails to provide the most important property: consensus. What happens if a node receives two different blocks, each with a correct set of 60 signatures? Which version of the blockchain is it going to choose? Note that this doesn't have to be malicious, it can be simply caused by a temporary network split.

2. You failed to explain what happens if one of the 60 selected miners doesn't respond, either maliciously or due to simply being offline.

3. Using IP addresses is a can of worms you don't want to open, trust me. Are you going to limit 1 unique address per IP address? Are you aware that sometimes thousands of people share the same external IP? Are you aware that network routing changes rapidly, sometimes several times per day? Do you know that a billion of IPv6 addresses can be rented for less than $1 per month? Have you thought about the privacy implications of linking coin addresses with physical network addresses?

[IadixDev]

Ok let say on 10 minutes block you would create chunks of 10 sec of work, like first generating the total ring chain to be computed, then breaking it down to séries of sub ring chain, in sort that each sub chain need to hash its address or id with the previous work.

Now let say this miner id is not just the address, but an ip/address pair. Each time a new node appear on the network it register itself on the network, and put on the global list of miners id, each time a new block arrive this address/Ip pair is hashed with the new block signature and miners id sorted on this hash, and the first 60 are selected for the next block.

The Ip will be used to send the work to the miner and to send it to the next so Ip can checked in and out even if that wouldnt prevent 3 ips to collude to steal work.

It could be made stronger if all nodes do traceroute on miners and a consensus can be reached on topography of ips, i tend to think its a problem that has a degree of byzantine fault tolerance as any node can check the traceroute of other nodes and deduce if the traceroute sent by another node is incohérent, i think its a classic problem of graph theory with a byzantine fault tolerance, similar to this Techniques for Detection of Malicious Packet Drops in Networks   , taking in account that the topography doesn't have to be 100% accurate, but at least give sufficient probability that two nodes are not located too close to each others, and using some connectivity testing along path with a technique similar to the link. Some 'hard' consensus could be added if there is too much conflict above the byzantine fault tolerance of the system.

Would be a long shot, but wouldnt this garantee a certain degree of decentralisation ?

There are so many problems with this I don't even know where to start.

1. This scheme fails to provide the most important property: consensus. What happens if a node receives two different blocks, each with a correct set of 60 signatures? Which version of the blockchain is it going to choose? Note that this doesn't have to be malicious, it can be simply caused by a temporary network split.

2. You failed to explain what happens if one of the 60 selected miners doesn't respond, either maliciously or due to simply being offline.

3. Using IP addresses is a can of worms you don't want to open, trust me. Are you going to limit 1 unique address per IP address? Are you aware that sometimes thousands of people share the same external IP? Are you aware that network routing changes rapidly, sometimes several times per day? Do you know that a billion of IPv6 addresses can be rented for less than $1 per month? Have you thought about the privacy implications of linking coin addresses with physical network addresses?

1. All nodes need to work on signature starting from a hash that contain the same merkle root, like pool mining.

2. One solution to this could be have several possible miners for the same work, either spreading the reward, or selected depending on network latency or other method.

3. All miners should have unique IP. The technique for routing is not for detecting internet layer network routing, but an internal routing between blockchain nodes. A specific node routing could be selected for mining nodes.

The network address is already known to all nodes or mining pool that you are connected to, and physical address are actually propagated to the whole network to increase the number of nodes that can connect to each other, so if you connect to an open P2P network like blockchain, you're IP already potentially shared on the whole network. https://en.bitcoin.it/wiki/Protocol_documentation#Network_address https://en.bitcoin.it/wiki/Protocol_documentation#addr, so in theory an attacker with a certain number of spying node can already do this. If you mine on a pool, this connection is already made. It inself bitcoin protocol doesn't really prevent ip/address association.

For billion IPs harder to solve. Need to see if a distribution on ip range or location could mitigate this.

[tevador]

1. All nodes need to work on signature starting from a hash that contain the same merkle root, like pool mining.

Then what you are describing is not actually a consensus mechanism. You are saying that there is only one version of the truth and all nodes have to follow it. That's a centralized network. You may as well have a central bank to simplify everything. Pooled mining is also centralized.

If you want a consensus protocol, you need a way to choose which version of the blockchain to follow (and all nodes must agree on that).

The network address is already known to all nodes or mining pool that you are connected to, and physical address are actually propagated to the whole network to increase the number of nodes that can connect to each other, so if you connect to an open P2P network like blockchain, you're IP already potentially shared on the whole network. https://en.bitcoin.it/wiki/Protocol_documentation#Network_address https://en.bitcoin.it/wiki/Protocol_documentation#addr

Yes, the IP addresses of nodes are known but not linkable to their coin address.

There was a recent attack on ZCash an Monero which allowed IP addresses to be linked with funds. It's already been fixed. Do you want to reintroduce this attack as a "feature"?

[IadixDev]

1. All nodes need to work on signature starting from a hash that contain the same merkle root, like pool mining.

Then what you are describing is not actually a consensus mechanism. You are saying that there is only one version of the truth and all nodes have to follow it. That's a centralized network. You may as well have a central bank to simplify everything. Pooled mining is also centralized.

If you want a consensus protocol, you need a way to choose which version of the blockchain to follow (and all nodes must agree on that).

The network address is already known to all nodes or mining pool that you are connected to, and physical address are actually propagated to the whole network to increase the number of nodes that can connect to each other, so if you connect to an open P2P network like blockchain, you're IP already potentially shared on the whole network. https://en.bitcoin.it/wiki/Protocol_documentation#Network_address https://en.bitcoin.it/wiki/Protocol_documentation#addr

Yes, the IP addresses of nodes are known but not linkable to their coin address.

There was a recent attack on ZCash an Monero which allowed IP addresses to be linked with funds. It's already been fixed. Do you want to reintroduce this attack as a "feature"?

Everyone can still check the transactions in the merkle root, the pow consensus show that all nodes agree on this merkle root. If not they will not mine the block. Enough node need to be honest like in any byzantine fault tolerant system. As far as i know, it's already like this on most mining pool even if in theory the stratum protocol allow for each miner to change the block, i don't think a lot of miner really even check the merkle root in a pool mining.

In monero they take more care about privacy, but in itself bitcoin protocol doesn't specially protect again ip/address association. All nodes that receive a new mining block know the ip of the mining node and the address used for the reward.

Mining pool already know your ip and your mining address and it wouldn't be really hard for an attack to connect the two.

I'm not saying there are no problem with this system, but i'm not so categorical that they can't be fixed at all, keeping it in a sufficient byzantine fault tolerance range comparable to bitcoin pool mining. Maybe maybe not The OP also said he had full solution

[tevador]

Everyone can still check the transactions in the merkle root, the pow consensus show that all nodes agree on this merkle root. If not they will not mine the block. Enough node need to be honest like in any byzantine fault tolerant system.

So you are basically saying "all nodes must agree otherwise they will not agree". Then you will have at least several chain splits per day and the whole network will malfunction. You simply cannot hope that all nodes will always have the same set of transactions.

In monero they take more care about privacy, but in itself bitcoin protocol doesn't specially protect again ip/address association. All nodes that receive a new mining block know the ip of the mining node and the address used for the reward.

Mining pool already know your ip and your mining address and it wouldn't be really hard for an attack to connect the two.

If there was a way to link bitcoin addresses to IP addresses on the protocol level, it would be a huge issue for bitcoin. Although bitcoin is already pretty much a surveillance coin due to its linkable transactions, this would be a whole new level of orwellian proportions.

And modelling a decentralized network based on pooled mining is flawed since pooled mining is centralized.

[Whilemost]

Hi. You created the stable POW algorithm not only with ASIC devices, but also against GPUs, which is awesome. We hope you will develop it further and make it more popular. 

[Longthi_4823_Love]

I will follow the principles that you have summarized. I really like the first rule is periodic calculations. Forced hashing is what is needed, which is the main algorithm for block signing. In your opinion, it's great to replace it with the Ring Bit Function (RBF).

[IadixDev]

And modelling a decentralized network based on pooled mining is flawed since pooled mining is centralized.

It could still be less centralized than pooled mining on certain aspect, like currently nothing prevent mining pool to cheat on the reward / share, and they already take a % of the benefits, here at least this aspect is more transparent.

The problem with different version of the blockchain is transposed to establishing the consensus on a "mining route" , that start with a merkle root, and break the work into different miners selected evenly in the pool.

But pooled mining is necessary for this system to work, it cannot work if every node solo mine its own block.

[Nguyenthanh2391]

for the third rule the two-step signature. I agree with the two stages you mentioned. But I still want to ask, do we need another three-stage four? 

[tevador]

It could still be less centralized than pooled mining on certain aspect, like currently nothing prevent mining pool to cheat on the reward / share, and they already take a % of the benefits, here at least this aspect is more transparent.

So basically you want to fight ASIC mining centralization with even more centralization.

The problem with different version of the blockchain is transposed to establishing the consensus on a "mining route" , that start with a merkle root, and break the work into different miners selected evenly in the pool.

And if two nodes have a different merkle root?

It seems that you have missed the main point of proof of work and the Nakamoto consensus.

[IadixDev]

It could still be less centralized than pooled mining on certain aspect, like currently nothing prevent mining pool to cheat on the reward / share, and they already take a % of the benefits, here at least this aspect is more transparent.

So basically you want to fight ASIC mining centralization with even more centralization.

The problem with different version of the blockchain is transposed to establishing the consensus on a "mining route" , that start with a merkle root, and break the work into different miners selected evenly in the pool.

And if two nodes have a different merkle root?

It seems that you have missed the main point of proof of work and the Nakamoto consensus.

The proof of work can prove that a certain number of nodes, ideally selected evenly in the pool, have agreed on the merkle root that they have mined. Pooled mining cannot provide more than this, all nodes needs to work on the same block.

This protocol is different than bitcoin, i'm not saying it's the same consensus method or equivalent to bitcoin pow, it needs another mechanism added to it that is still not clearly defined to make it as decentralized as bitcoin solo mining that is used by 0.1% of bitcoin miners today.

[tevador]

bitcoin solo mining that is used by 0.1% of bitcoin miners today.

It's not just for solo mining. Different pools also need to reach consensus among themselves. Your argument would be valid only if 99.9% of bitcoin hashrate came from a single pool.

Your protocol fails even in the very likely case that two pools mine two blocks with different merkle roots.

[IadixDev]

bitcoin solo mining that is used by 0.1% of bitcoin miners today.

It's not just for solo mining. Different pools also need to reach consensus among themselves. Your argument would be valid only if 99.9% of bitcoin hashrate came from a single pool.

Your protocol fails even in the very likely case that two pools mine two blocks with different merkle roots.

It's not my protocol lol

I just find the principle interesting, and i think it can be made to work with certain advantages, i'm just studying the system If it can't work then too bad, i just discovered this few days ago like everyone else, but i'm really not so sure it can't be made to work.

I read your arguments and i understand them, but i don't see much anything else than bold statement of authority, and no brick wall for this, if you can think outside of the box of bitcoin pow protocol, nobody claimed this is a full solution to solve all problems of current blockchain protocols.

I'm just extrapolating possible solution path, would need to out think the whole things a bit more thoroughly, but also waiting for more informations from OP as he said he has a solution, so need to see his side as well. Would need to put all the problematic on paper flat down and seeing the properties and problems and how they can be solved or not. I wouldn't be so categorical so far.

[tevador]

nobody claimed this is a full solution to solve all problems of current blockchain protocols.

The claims made by OP are certainly strong:

What to do with it?

You can implement this algorithm in any cryptocurrency and it will be the best POW algorithm you have ever known.

I was just pointing out that this is not something usable at the moment and probably never will be. The things I mentioned above are not just minor issues but fundamental flaws.

[IadixDev]

nobody claimed this is a full solution to solve all problems of current blockchain protocols.

The claims made by OP are certainly strong:

What to do with it?

You can implement this algorithm in any cryptocurrency and it will be the best POW algorithm you have ever known.

I was just pointing out that this is not something usable at the moment and probably never will be. The things I mentioned above are not just minor issues but fundamental flaws.

He Said after it solve the pow problem in itself with the properties he listed, which i already checked and they work.

The pool part is the third part, where he says its not a full solution for all blockchain problems in the following posts.

The problem you talk about has been issued also in the first posts, where he says he has other solution to solve work distribution.

I didnt see any point you made that is not solvable, if you only have arguments of authority its not going to have a lot of impact on me.

[tevador]

He Said after it solve the pow problem in itself with the properties he listed, which i already checked and they work.

There is no "pow problem".

Proof of work is a solution to the problem of decentralized consensus. The PoW posted here doesn't solve it.

he says he has other solution to solve work distribution.

I don't see any solution posted anywhere. It looks like he is using this argument to obtain funding, which everyone should be very sceptical about.

[IadixDev]

He Said after it solve the pow problem in itself with the properties he listed, which i already checked and they work.

There is no "pow problem".

Proof of work is a solution to the problem of decentralized consensus. The PoW posted here doesn't solve it.

he says he has other solution to solve work distribution.

I don't see any solution posted anywhere. It looks like he is using this argument to obtain funding, which everyone should be very sceptical about.

Yes for the moment there is no full solution, but it doesnt mean one cannot be found.

I didnt see a point you made that not solvable with similar characteristics to bitcoin mining pool.

Wanting To obtain funding is not incompatible with having a working solution, what kind of logic is that lol it make you skeptical, doesnt mean everyone "should be" its ironical for someone advocating decentralisation to make so many argument of authority, maybe there is room for skepticism about your opinion as well