Bitcoin Forum
June 21, 2024, 11:10:03 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Proof of Individual Work (PoIW)  (Read 342 times)
ir.hn (OP)
Member
**
Offline Offline

Activity: 322
Merit: 54

Consensus is Constitution


View Profile
May 25, 2020, 01:21:17 AM
 #1

Proof of individual work is proving you did computational work to an external party.  Currently right now in Bitcoin only one person can prove his work at a time.  Proof of Individual work would allow all computers to prove their own work in a reasonable timeframe.  Here is a way to do that while also blocking gpu/asic/fpga speed up for the most part:

https://web.archive.org/web/20200525010535/https://www.naturehacker.org/2020/05/proof-of-individual-work-poiw.html

It is a little hard to give a summary, but basically we need to generate a truly random number (which is the hardest part) of sufficient length (over 100 digits so GNFS is used) and allow a person to prime factor it to verify they did work.  The task is easy enough for them to complete on one computer in a reasonable time frame.

It is basically a CAPTCHA alternative but uses machine work instead of human work.  So ya... Don't like captcha's? maybe this will replace them for many uses Wink.

Let me know what you think, I think the use cases are huge and will be world changing.

NotATether
Legendary
*
Offline Offline

Activity: 1638
Merit: 6907


bitcoincleanup.com / bitmixlist.org


View Profile WWW
May 25, 2020, 08:11:55 AM
Merited by Welsh (2)
 #2

Secondly the generation of the random number is centralized by the server so could be open to abuse of the server owner.  How can we generate a true random number?

It is possible to securely generate a number with sufficient amount of randomness by applying the Diffie-Hellman key exchange when the server transmits the number to you, which is basically what HTTPS does already. So, you can load the server with enough entropy sources to get as much randomness as you need, without having to burden the client with this task and waiting disproportionate lengths of time to get a random number, since maybe the client runs out of randomness sources which makes reads to /dev/random wait.

But if you don't trust the server then you shouldn't be using random numbers from it in the first place. There is no way for a client to force a malicious server to generate a truly random number as all of that is controlled entirely by the server. For what it's worth, the server owner is free to bypass the safety measures with nonces and stuff you mentioned and return some degenerate primes. Diffie-Hellman is only foolproof if you trust the other party not to send you malicious data.

It is a little hard to give a summary, but basically we need to generate a truly random number (which is the hardest part) of sufficient length (over 100 digits so GNFS is used) and allow a person to prime factor it to verify they did work.  The task is easy enough for them to complete on one computer in a reasonable time frame.

Normal computers cannot factor extremely large prime numbers in a reasonable amount of time. If your goal is to make another kind of consensus algorithm then it needs to be feasible to perform on all the nodes.

.
.BLACKJACK ♠ FUN.
█████████
██████████████
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
████████████████
░██████████████
████████████
███████████████░██
██████████
CRYPTO CASINO &
SPORTS BETTING
▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
█████████
.
tromp
Legendary
*
Offline Offline

Activity: 988
Merit: 1108


View Profile
May 25, 2020, 03:35:05 PM
 #3

Normal computers cannot factor extremely large prime numbers in a reasonable amount of time.

Factoring extremely large prime numbers is quite trivial.

Factoring extremely large composite numbers on the other hand...
NotATether
Legendary
*
Offline Offline

Activity: 1638
Merit: 6907


bitcoincleanup.com / bitmixlist.org


View Profile WWW
May 25, 2020, 04:23:48 PM
 #4

Normal computers cannot factor extremely large prime numbers in a reasonable amount of time.

Factoring extremely large prime numbers is quite trivial.

Factoring extremely large composite numbers on the other hand...

Whoops, yes I meant factoring composite numbers in my above post. It must have slipped through my head. There's almost no work that needs to be done to prime factor an already prime number.

.
.BLACKJACK ♠ FUN.
█████████
██████████████
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
████████████████
░██████████████
████████████
███████████████░██
██████████
CRYPTO CASINO &
SPORTS BETTING
▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
█████████
.
ir.hn (OP)
Member
**
Offline Offline

Activity: 322
Merit: 54

Consensus is Constitution


View Profile
May 26, 2020, 12:33:29 AM
Last edit: May 26, 2020, 12:48:26 AM by ir.hn
 #5

Thanks for the input guys.

So the thing is using the merkleroot from a blockchain is actually a good way to generate "entropy" that both the server and client can agree on, then my idea is to use a random nonce from the server and a nonce from the client and then hash all three of those things to generate our "large number".  So I have done the calculations and a 101 digit composite number will take around 1.5 hours to factor on a pretty top of the line ryzen processor.  As processors get even better this time frame will continue to go down of course.  I can also do the calc with a raspberry pi and see, I'm guessing it should complete in a few days.

edit: turns out takes 12.75 days on a raspberry pi 2.  Not horrible but ya.

beniissembert
Newbie
*
Offline Offline

Activity: 20
Merit: 1


View Profile WWW
June 05, 2020, 08:08:51 AM
 #6

what about privacy-centric features to guaranty user privacy in a PoIW environment? Is there any mechanism dedicated to avoiding full transparency?
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!