Bitcoin Forum
December 03, 2016, 05:38:58 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: My challenge  (Read 1330 times)
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
December 21, 2011, 05:39:07 PM
 #1

I've noticed a few threads popping up here about how "wasteful" the mining process is, so to get to the point here's my challenge.

Describe a protocol in sufficient detail that it can be actually implemented (tiny details such as packet format etc don't matter, general operation does) and which has the following properties:

  • No reliance on a central server
  • An unchanging record of past transactions that can not be altered
  • No double spending
  • Ability to receive funds while your client is offline
  • No proof of work requirement

I will pay 5BTC to whoever can solve this challenge - remember it must match all points.
1480786738
Hero Member
*
Offline Offline

Posts: 1480786738

View Profile Personal Message (Offline)

Ignore
1480786738
Reply with quote  #2

1480786738
Report to moderator
1480786738
Hero Member
*
Offline Offline

Posts: 1480786738

View Profile Personal Message (Offline)

Ignore
1480786738
Reply with quote  #2

1480786738
Report to moderator
1480786738
Hero Member
*
Offline Offline

Posts: 1480786738

View Profile Personal Message (Offline)

Ignore
1480786738
Reply with quote  #2

1480786738
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480786738
Hero Member
*
Offline Offline

Posts: 1480786738

View Profile Personal Message (Offline)

Ignore
1480786738
Reply with quote  #2

1480786738
Report to moderator
1480786738
Hero Member
*
Offline Offline

Posts: 1480786738

View Profile Personal Message (Offline)

Ignore
1480786738
Reply with quote  #2

1480786738
Report to moderator
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
December 21, 2011, 05:41:49 PM
 #2

Oh, and no - bitcoin and other blockchain-based currencies forked from it do not count
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 21, 2011, 06:04:42 PM
 #3

Meanwhile, I will give 5 BTC to the first person who describes in sufficient detail how to make my SUV run on hope instead of gasoline.

(My point: proof of work is central to making this whole thing work.  To find a way to make it work without it, would be groundbreaking and far more valuable than 5 BTC.)

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Rejinx
Full Member
***
Offline Offline

Activity: 184



View Profile WWW
December 21, 2011, 06:08:04 PM
 #4

Meanwhile, I will give 5 BTC to the first person who describes in sufficient detail how to make my SUV run on hope instead of gasoline.

(My point: proof of work is central to making this whole thing work.  To find a way to make it work without it, would be groundbreaking and far more valuable than 5 BTC.)

Sorry for asking a dumb question, but what is "proof of work" in this context?

Need a Vircurex referral code? The code is 260-146

or goto https://vircurex.com/register?referral_id=260-146
wareen
Millionaire
Hero Member
*****
Offline Offline

Activity: 742

bitcoin-austria.at


View Profile
December 21, 2011, 06:13:29 PM
 #5

(My point: proof of work is central to making this whole thing work.  To find a way to make it work without it, would be groundbreaking and far more valuable than 5 BTC.)

Yeah, but it's creative thinking: post presumably unsolvable problems in the newbies section and offer a small reward. After all, some important math problems have been solved by a student thinking it was homework Wink
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
December 21, 2011, 06:13:30 PM
 #6

I have an idea to reduce the amount of proof of work required for a given level of security.  Does that count?
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
December 21, 2011, 06:23:13 PM
 #7

(My point: proof of work is central to making this whole thing work.  To find a way to make it work without it, would be groundbreaking and far more valuable than 5 BTC.)

Yeah, but it's creative thinking: post presumably unsolvable problems in the newbies section and offer a small reward. After all, some important math problems have been solved by a student thinking it was homework Wink

My point is much the same as casascius had:

If anyone really does have a solution for this problem (in which case they can probably also solve the halting problem for me too), then let's see it! Otherwise, shut up.

Think of it like a mini randi prize.
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
December 21, 2011, 06:24:22 PM
 #8

I have an idea to reduce the amount of proof of work required for a given level of security.  Does that count?

Unless you can reduce it to 0, no
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
December 21, 2011, 06:30:02 PM
 #9

I have an idea to reduce the amount of proof of work required for a given level of security.  Does that count?
cpu mining?

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
December 21, 2011, 06:36:28 PM
 #10

Let's up this a bit.

Anyone who can solve this problem I will pay 50BTC.

Due to the higher payout, here's some more precise criteria:

No proof of work - no calculations performed for the purpose of making forgery of the transaction record computationally infeasible or impossible - you must find another means of keeping the transaction record intact.

No centralised server - it must be 100% P2P, but i'll allow a solution that bootstraps by grabbing some existing node IP addresses so long as those nodes are not trusted

No double spending - it must not be possible to send the same funds to 2 separate destinations

It must be possible to receive funds while your client is offline without needing to connect to a central server



If you can solve this you can probably make an absolute fortune with your genius in other ways and this 50BTC reward is a tiny and pathetically small bonus.

I promise to be fair in judging any proposed solutions, but my word is final unless at least 1 core developer of the bitcoin client and 1 founder/co-founder at either MTGox or TradeHill overrules me (and for that reason they're not eligible for this reward - sorry).


There you go, a serious challenge - if you have a serious solution, take it up.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 21, 2011, 06:38:55 PM
 #11

If the bottleneck for producing the proof of work weren't energy, then it wouldn't be so "wasteful".  For example, switching mining to FPGA's and ASIC's change the bottleneck to engineering resources instead of energy.  The problem is that a determined rogue government would have no problem acquiring a lot of either.

The ultimate resource that ought to go into creating proof of work would have to be individual human attention.

Anything that strives to minimize the amount of proof of work needed, would have be something along the lines of having blocks digitally signed, and network participants consciously giving more weight to blocks signed by trusted signers.  This way, someone creating disruptive blocks could have their blocks voted out more efficiently than just hoping they don't control most CPU.

If the adversary is a government with the capacity to acquire resources by commandeering them by force from others, such an adversary will always have an advantage.  The only way to level out that kind of advantage would be for there to be a democratic force to take it away.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 2016



View Profile
December 21, 2011, 06:50:48 PM
 #12

Describe a protocol in sufficient detail that it can be actually implemented (tiny details such as packet format etc don't matter, general operation does) and which has the following properties:

You've defined the requirements too weakly.   Take bitcoin, add a requirement that a valid block must be signed by both bob and I (hard code the keys).  Make the difficulty zero.  Change nothing else. (If you also totally screw up a bunch of extra things, you could call the result 'solidcoin').

This meets your criteria because there is no central server. There are distributed servers. The system is secure so long as you trust that bob and I won't conspire to screw everyone.

You can pay to the address in my sig, thanks!
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
December 21, 2011, 06:52:07 PM
 #13

Describe a protocol in sufficient detail that it can be actually implemented (tiny details such as packet format etc don't matter, general operation does) and which has the following properties:

You've defined the requirements too weakly.   Take bitcoin, add a requirement that a valid block must be signed by both bob and I (hard code the keys).  Make the difficulty zero.  Change nothing else. (If you also totally screw up a bunch of extra things, you could call the result 'solidcoin').

This meets your criteria because there is no central server. There are distributed servers. The system is secure so long as you trust that bob and I won't conspire to screw everyone.

You can pay to the address in my sig, thanks!

Oh, and no - bitcoin and other blockchain-based currencies forked from it do not count
bithobo
Member
**
Offline Offline

Activity: 87


Everybody's doing it


View Profile
December 21, 2011, 06:58:43 PM
 #14

Oxytocin Cheesy

Of course, there's no way for it to be measured, especially from a distance, but one can hope Smiley

Spare some bitcoin?
1Fw9ZHPEqKvPs3fcgx7My1Qa9qjF8WyCd6
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
December 21, 2011, 06:59:24 PM
 #15

Oxytocin Cheesy

Of course, there's no way for it to be measured, especially from a distance, but one can hope Smiley

People always said money can't buy you love - what if love was money?
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
December 21, 2011, 07:00:20 PM
 #16

It can be measured by the way - from CerebroSpinal Fluid - perhaps a bit messy
bithobo
Member
**
Offline Offline

Activity: 87


Everybody's doing it


View Profile
December 21, 2011, 07:00:41 PM
 #17

Change nothing else.

How is that less wasteful? The idea is to depend less on electric power, or at least to use that power for creating something useful Smiley

Spare some bitcoin?
1Fw9ZHPEqKvPs3fcgx7My1Qa9qjF8WyCd6
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
December 21, 2011, 07:03:43 PM
 #18

If the bottleneck for producing the proof of work weren't energy, then it wouldn't be so "wasteful".  For example, switching mining to FPGA's and ASIC's change the bottleneck to engineering resources instead of energy.  The problem is that a determined rogue government would have no problem acquiring a lot of either.

The ultimate resource that ought to go into creating proof of work would have to be individual human attention.

Anything that strives to minimize the amount of proof of work needed, would have be something along the lines of having blocks digitally signed, and network participants consciously giving more weight to blocks signed by trusted signers.  This way, someone creating disruptive blocks could have their blocks voted out more efficiently than just hoping they don't control most CPU.

If the adversary is a government with the capacity to acquire resources by commandeering them by force from others, such an adversary will always have an advantage.  The only way to level out that kind of advantage would be for there to be a democratic force to take it away.

Which is why a proof of stake requirement could be used to directly increase the monetary cost without consuming anything.

Consider a protocol that required one have 30 days output to mine at a specific speed.  Speed could be tracked decentralized by a 1 difficulty share chain.  The details aren't important at this point just at this stage accept there is a method to ensure every miner has funds at risk when they mine.  Say that "proof of stake" was 30 days output.  A 1 GH miner will produce (at current difficulty) ~ 1 BTC per day so when they mine a block 30 BTC would be taken from an address they provide and added to the reward (50 BTC) and the entire thing "escrowed" by protocol rules which prohibit coinbase transactions from being spent for 120 blocks.

This in effect is making the up front capital costs HIGHER and as a result energy costs are smaller portion of the lifecyle costs.  Say a 1 GH rig costs about 200 BTC.  At 2 MH/W and 0.025 BTC per kwh over it's life cycle (say 3 years) it will consume about 330 BTC in power.   Total cost for 3 years of hashing power is 200 BTC + 330 BTC = 530 BTC.  A 30 BTC escrow raises the "cost" of the hardware by 15% (although miner gets it all back if there is no attack).   Prior to proof of stake energy makes up 62% of total network cost.  With 30 day proof of stake requirement energy makes up only 58%.

Another way to look at it is from attackers perspective.  1GH of hardware no longer costs 200 BTC.  It costs 230 BTC a 15% premium.  In essence a 30 day proof of stake raises the cost to attack the network by 15%.  The network is 15% "stronger" .  A larger proof of stake (say 90 days) would put a larger premium on capital costs (45%).  Using a method similar to difficulty the network could adapt the proof of stake based on how much funds miners have available.  Miners could make the network stronger simply by keeping funds available.

TL/DR version:
Today cost to attack network is:
Hardware Capital Costs <- equally shared by defenders and attackers
Electrical Costs <- since attack is short lived and hashing continues forever this costs is mostly borne by defenders

With a proof of stake it is:
(Hardware Capital Costs  + Proof of Stake Costs) <- equally shared by defenders and attackers
Electrical Costs <- since attack is short lived and hashing continues forever this costs is mostly borne by defenders

While it doesn't "solve" the OP problem nor does it "solve" the threat of nations it does make the network more efficient (less energy consumed for a given amount of security) and makes any attack by a rogue government (or other non-economic attack) more expensive.  It also has the effect of making economic double spends (double spending w/ intent to profit) a non-issue.   To have 51% of hashing power if Bitcoin has a 30 day "proof of stake" would require an attacker to put ~100K coins ($400K USD) at risk.  A 90 day proof of stake would raise the cost of a such an attack by $1.2M.  In any double spend those "proof of stake funds" would be locked for 120 blocks meaning the attacker is guaranteed to lose a significant portion as the value of Bitcoin crashes.


Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
December 21, 2011, 07:04:07 PM
 #19

I should add another rule: It must be feasible to actually implement and must support multiple untrusted users

Here's my solution:

Reduce the whole network to only 2 people who are best friends
Hawkix
Hero Member
*****
Offline Offline

Activity: 517



View Profile WWW
December 21, 2011, 07:18:03 PM
 #20

I have a (maybe silly) idea .. replace proof of work with proof of time. Instead of mining, run some time consuming process, which cannot be done faster, after which the proof of time will be the lottery ticket to win the block reward and secure it, too.

For example, imagine a device which is natural random number generator - let say a radioactive decay material with a beta particle detector (classic may know that a sufficient hot cup of tea may work, too). The detector will try to search for a rare event in the incoming stream of detected decays, like special sequence of delays between each detected particle. Or, the device may wait for all 2048 molecules of argon to collect at left part of some volume (unlikely, but with the Maxwell's deamon help, possible). Or, waiting for the special mutation of bacteria with large prime number encoded in its protein. Or, those who really understand quantum mechanics (yeah, I mean those 10 people on Earth), can bring up something even better.

Of course, such a device must be self-contained, where the part of testing the work is integral part of the device, cannot be cheated on (like faking the generator). This is the hardest part of the idea to implement and I know it. Speaking in words of one-way functions, the device must somehow report found solution, and somehow prove it, to avoid faking. Simulating the process on any fast computer must not help to find it (nature and its atoms are faster).

Such a device will silently, with minimal energy, run its lottery and its user can only wait (or collect more devices) until a possible solution is found and block secured.

As I said, maybe silly idea.

Donations: 1Hawkix7GHym6SM98ii5vSHHShA3FUgpV6
http://btcportal.net/ - All about Bitcoin - coming soon!
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!