[If tx limit is removed] Disturbingly low future difficulty equilibrium

[cunicula]

the proof of steak idea not only would be hard to implement, it also is poorly thought out, introducing more complexity into the system would only make it more difficult to use bitcoin, unless i am missing something?

You are righ that it is poorly thought out, but that doesn't mean it can't work with more thinking. For example, I dismissed Meni's idea, but on further thought i believe that i may be wrong. His idea may be viiable. We need to have more people thinking about the issues.

I would prefer a system ith the following features:
1) the value of your vote is tied to both hashing power and your stake in a pool of voting coins
what is vote
2) it is possible to destroy txn fees to take reduce the money supply if the aggregate hash rate falls or fails to grow
what
3) people who participate in voting receive a monetary reward if their votes match those of the majority of votes.
what is voting
4) disagreement with the majority of votes can result in confiscation of your money
5) there is a significant time lag between acquiring bitcoin and being allowed to vote.
6) there is a significant time lag between ceasing to vote and being able to transfer coins used for voting.
7) money supply growth is pegged at a small fraction of txn fees
txn fees are a very small fraction of the median txn, say 0.1% or less
9) there is no plan to alter the system in the future

You don't need all these features in a proof of stake system, so it can be much simpler than this. However, I think all the features are useful.

if i understand proof of stake, its a system to prevent attacks on the bitcoin network. so far there have been almost no successful large scale attacks on the network.

however if you really want proof of stake, feel free to make your own client with it inside and prove us wrong.

the problem with this argument is that the system is set up to offer strong security now, and progressively weaker security later on. Apparently, most people only care about the current operation of the system. The fact that it is probably not sustainable doesn't bother anyone. I think it is just a seeing is believing issue. Depressingly similar to US gov't finances.

[1713520038]

1713520038

[1713520038]

1713520038

[1713520038]

1713520038

[1713520038]

1713520038

[1713520038]

1713520038

[ctoon6]

the problem with this argument is that the system is set up to offer strong security now, and progressively weaker security later on. Apparently, most people only care about the current operation of the system. The fact that it is probably not sustainable doesn't bother anyone. I think it is just a seeing is believing issue. Depressingly similar to US gov't finances.

how will the security get weaker. if you want to continue using bitcoin you will mine for a few hours a day, its only common curtsey that you help secure the network you use.

[cunicula]

the proof of steak idea not only would be hard to implement, it also is poorly thought out, introducing more complexity into the system would only make it more difficult to use bitcoin, unless i am missing something?

You are righ that it is poorly thought out, but that doesn't mean it can't work with more thinking. For example, I dismissed Meni's idea, but on further thought i believe that i may be wrong. His idea may be viiable. We need to have more people thinking about the issues.

I would prefer a system ith the following features:
1) the value of your vote is tied to both hashing power and your stake in a pool of voting coins
what is vote
2) it is possible to destroy txn fees to take reduce the money supply if the aggregate hash rate falls or fails to grow
what
3) people who participate in voting receive a monetary reward if their votes match those of the majority of votes.
what is voting
4) disagreement with the majority of votes can result in confiscation of your money
5) there is a significant time lag between acquiring bitcoin and being allowed to vote.
6) there is a significant time lag between ceasing to vote and being able to transfer coins used for voting.
7) money supply growth is pegged at a small fraction of txn fees
txn fees are a very small fraction of the median txn, say 0.1% or less
9) there is no plan to alter the system in the future

You don't need all these features in a proof of stake system, so it can be much simpler than this. However, I think all the features are useful.

if i understand proof of stake, its a system to prevent attacks on the bitcoin network. so far there have been almost no successful large scale attacks on the network.

however if you really want proof of stake, feel free to make your own client with it inside and prove us wrong.

the longest block chain is the valid blockchain. By vote i mean the ratethat a miner can add to the chain. Currently, this rate is proportional to hashing power only. I would like a system where hashing power can be leveraged with proof of stake. For example,

Currently

# of votes = # of hashes

I would prefer

# of votes = (escrowed voting bitcoins)^0.9*(# of hashes)^0.1

[cunicula]

the problem with this argument is that the system is set up to offer strong security now, and progressively weaker security later on. Apparently, most people only care about the current operation of the system. The fact that it is probably not sustainable doesn't bother anyone. I think it is just a seeing is believing issue. Depressingly similar to US gov't finances.

how will the security get weaker. if you want to continue using bitcoin you will mine for a few hours a day, its only common curtsey that you help secure the network you use.

i believe people are motivated by profit not anonymous acts of public service.

[kjj]

the problem with this argument is that the system is set up to offer strong security now, and progressively weaker security later on. Apparently, most people only care about the current operation of the system. The fact that it is probably not sustainable doesn't bother anyone. I think it is just a seeing is believing issue. Depressingly similar to US gov't finances.

Just because you keep saying something doesn't make it a fact.

[ctoon6]

the problem with this argument is that the system is set up to offer strong security now, and progressively weaker security later on. Apparently, most people only care about the current operation of the system. The fact that it is probably not sustainable doesn't bother anyone. I think it is just a seeing is believing issue. Depressingly similar to US gov't finances.

how will the security get weaker. if you want to continue using bitcoin you will mine for a few hours a day, its only common curtsey that you help secure the network you use.

i believe people are motivated by profit not anonymous acts of public service.

you profit because you pay less, would you rather pay visa 20+$ a month or simply run a client for a few hours a day totaling about 5-10?

[Meni Rosenfeld]

the problem with this argument is that the system is set up to offer strong security now, and progressively weaker security later on. Apparently, most people only care about the current operation of the system. The fact that it is probably not sustainable doesn't bother anyone. I think it is just a seeing is believing issue. Depressingly similar to US gov't finances.

how will the security get weaker. if you want to continue using bitcoin you will mine for a few hours a day, its only common curtsey that you help secure the network you use.

i believe people are motivated by profit not anonymous acts of public service.

you profit because you pay less, would you rather pay visa 20+$ a month or simply run a client for a few hours a day totaling about 5-10?

This is nonsensical.
1. If Bitcoin is successful then most people won't and shouldn't know what mining is or how to do it (this is largely the case even now).
2. Those who do know can use Bitcoin without mining. It's not like the alternatives are "use Bitcoin and mine" and "don't use Bitcoin and don't mine".
3. Mining on the CPU with the Bitcoin client is worthless. You need either a GPU or a future dedicated hashing chip, and dedicated software.
4. Mining has a cost, it will require purchasing hardware most people don't have and operating it. It also requires setting up the software. People won't do it without being incentivized.
5. If Bitcoin succeeds then attacking the network can become much more lucrative, and a whole lot of mining will be required to prevent it. A few random contributors won't be enough.
6. Currently the network security is supported by the coinbase (generation of new coins). If you want to make the case that it will remain secure when the coinbase goes away, the onus of proof is on you.

[jtimon]

the 37% is just what you need to maintain the current hash rate. It is the current amount issued by bitcoin. 3% or 4% might work, but the aggregate hash rate would probably be at least 10-fold less.
The low aggregate hash rate might be enough or it might not. Because of the "might not" scenario, it makes sense to investigate alternative solutions such as proof of stake.

I've get it now. 37% is what you need to issue annually to have the same security (proportional to the total value) that we have today.
But that number has been always going down. With the second block was 50 * 6 * 24 *365 = 2 628 000% annual reward, with the third was 33 * 6 * 24 * 365 = 1 734 480% annual reward, etc.
But I still don't know why the security we have now is the right level.

[cunicula]

the 37% is just what you need to maintain the current hash rate. It is the current amount issued by bitcoin. 3% or 4% might work, but the aggregate hash rate would probably be at least 10-fold less.
The low aggregate hash rate might be enough or it might not. Because of the "might not" scenario, it makes sense to investigate alternative solutions such as proof of stake.

I've get it now. 37% is what you need to issue annually to have the same security (proportional to the total value) that we have today.
But that number has been always going down. With the second block was 50 * 6 * 24 *365 = 2 628 000% annual reward, with the third was 33 * 6 * 24 * 365 = 1 734 480% annual reward, etc.
But I still don't know why the security we have now is the right level.

I agree with you here. It could be that we have way more security than necessary right now. If we can get by with say 5% of the current security level than I think that everything will work out fine. The question is how low can the security level go before it attracts attackers. I don't think anyone knows the answer. I don't think the wait and see approach is the best idea. There is a considerable amount of money at stake.

[ttk2]

the problem with this argument is that the system is set up to offer strong security now, and progressively weaker security later on. Apparently, most people only care about the current operation of the system. The fact that it is probably not sustainable doesn't bother anyone. I think it is just a seeing is believing issue. Depressingly similar to US gov't finances.

how will the security get weaker. if you want to continue using bitcoin you will mine for a few hours a day, its only common curtsey that you help secure the network you use.

i believe people are motivated by profit not anonymous acts of public service.

you profit because you pay less, would you rather pay visa 20+$ a month or simply run a client for a few hours a day totaling about 5-10?

This is nonsensical.
1. If Bitcoin is successful then most people won't and shouldn't know what mining is or how to do it (this is largely the case even now).
2. Those who do know can use Bitcoin without mining. It's not like the alternatives are "use Bitcoin and mine" and "don't use Bitcoin and don't mine".
3. Mining on the CPU with the Bitcoin client is worthless. You need either a GPU or a future dedicated hashing chip, and dedicated software.
4. Mining has a cost, it will require purchasing hardware most people don't have and operating it. It also requires setting up the software. People won't do it without being incentivized.
5. If Bitcoin succeeds then attacking the network can become much more lucrative, and a whole lot of mining will be required to prevent it. A few random contributors won't be enough.
6. Currently the network security is supported by the coinbase (generation of new coins). If you want to make the case that it will remain secure when the coinbase goes away, the onus of proof is on you.

                  Currently we can use our knowledge of the difficulty to estimate the total hashing power of the network and also the total hashing power of the pools by looking at how many blocks they generate over a period of time. The effectiveness of double spending attacks rely on people not knowing about the attack going on, because you need to get a merchant (or some other sap) to take your coins and exchange them for goods before you pull the rug out from under him and unspend those coins. Provided we keep alarms on the system to let people know 51% attacks would be unless. Everyone knows how many blocks are being generated per period of time, its broadcast, using this knowledge, combined with knowledge of major miners block generation rates every client could do the math on that information and determine weather 51% or more of the hashing power has been accommodated for or not. When a single entity has 51% everyone is informed by their client and Bitcoin spending stops, the moment the attacker breaches 51% everyone using Bitcoin is told not to spend or accept until such a time as the attack ceases. This is a really heavy handed move, and yes it would be bad for Bitcoin, but a 51% attack is bad regardless of what we do about it so why not take a course designed to destroy the attackers incentive. 

[Meni Rosenfeld]

Currently we can use our knowledge of the difficulty to estimate the total hashing power of the network and also the total hashing power of the pools by looking at how many blocks they generate over a period of time. The effectiveness of double spending attacks rely on people not knowing about the attack going on, because you need to get a merchant (or some other sap) to take your coins and exchange them for goods before you pull the rug out from under him and unspend those coins. Provided we keep alarms on the system to let people know 51% attacks would be unless. Everyone knows how many blocks are being generated per period of time, its broadcast, using this knowledge, combined with knowledge of major miners block generation rates every client could do the math on that information and determine weather 51% or more of the hashing power has been accommodated for or not. When a single entity has 51% everyone is informed by their client and Bitcoin spending stops, the moment the attacker breaches 51% everyone using Bitcoin is told not to spend or accept until such a time as the attack ceases. This is a really heavy handed move, and yes it would be bad for Bitcoin, but a 51% attack is bad regardless of what we do about it so why not take a course designed to destroy the attackers incentive.  

... Unless of course the attacker wants to destroy faith in Bitcoin (politics? Stake in current financial system? Short-selling?), in which case suspension of all Bitcoin activity would count as "mission accomplished".

We need a mechanism to prevent attacks whatever the motivation and strategy of the attacker is.

[cunicula]

Currently we can use our knowledge of the difficulty to estimate the total hashing power of the network and also the total hashing power of the pools by looking at how many blocks they generate over a period of time. The effectiveness of double spending attacks rely on people not knowing about the attack going on, because you need to get a merchant (or some other sap) to take your coins and exchange them for goods before you pull the rug out from under him and unspend those coins. Provided we keep alarms on the system to let people know 51% attacks would be unless. Everyone knows how many blocks are being generated per period of time, its broadcast, using this knowledge, combined with knowledge of major miners block generation rates every client could do the math on that information and determine weather 51% or more of the hashing power has been accommodated for or not. When a single entity has 51% everyone is informed by their client and Bitcoin spending stops, the moment the attacker breaches 51% everyone using Bitcoin is told not to spend or accept until such a time as the attack ceases. This is a really heavy handed move, and yes it would be bad for Bitcoin, but a 51% attack is bad regardless of what we do about it so why not take a course designed to destroy the attackers incentive. 

... Unless of course the attacker wants to destroy faith in Bitcoin (politics? Stake in current financial system? Short-selling?), in which case suspension of all Bitcoin activity would count as "mission accomplished".

We need a mechanism to prevent attacks whatever the motivation and strategy of the attacker is.

Or they could just buy up cheap cpins during the attack. Suspend the attac. Sell the coins once prices recover. Go back to step 1.

[BitterTea]

Or they could just buy up cheap cpins during the attack. Suspend the attac. Sell the coins once prices recover. Go back to step 1.

Why do you assume prices will fall during an attack on the block chain?

[stryker]

what i dont understand is why the 21 million limit on bitcoins?  I mean over time bitcoins are lost anyway.... so why not continue awarding bit coins on block generation?  the number of coins awarded could be based on some metric? % of total expenditure or number of transactions..... what ever it takes to make it rewarding enough to keep the required amount of hashing needed to keep the network secure??

[jtimon]

what i dont understand is why the 21 million limit on bitcoins?  I mean over time bitcoins are lost anyway.... so why not continue awarding bit coins on block generation?  the number of coins awarded could be based on some metric? % of total expenditure or number of transactions..... what ever it takes to make it rewarding enough to keep the required amount of hashing needed to keep the network secure??

The aim of the target monetary base is to have it fixed and stop the initial needed monetary inflation.
What I propose is generate always the same amount and destroy a proportion of the target base, and that proportion will eventually be equal to the amount generated, having at that time the desired fixed base.

[kjj]

When a single entity has 51% everyone is informed by their client and Bitcoin spending stops, the moment the attacker breaches 51% everyone using Bitcoin is told not to spend or accept until such a time as the attack ceases.

Blocks are anonymous.  How do you propose to figure out the distribution of hashing power?

[ttk2]

When a single entity has 51% everyone is informed by their client and Bitcoin spending stops, the moment the attacker breaches 51% everyone using Bitcoin is told not to spend or accept until such a time as the attack ceases.

Blocks are anonymous.  How do you propose to figure out the distribution of hashing power?

take a look at http://bitcoinwatch.com/ they have a hash rate distribution monitor right on their page, its live. By keeping an eye on the rate of block production with a known difficulty they can estimate the total network power, by looking at the blocks produced by any one pool in a given period with a known difficulty they can estimate that pools hashing power, since all major pools report his information (and even if they did not they have to tell miners when they found a block) we can accurately know what portion of the total hashing power is controlled by whom.

[kjj]

When a single entity has 51% everyone is informed by their client and Bitcoin spending stops, the moment the attacker breaches 51% everyone using Bitcoin is told not to spend or accept until such a time as the attack ceases.

Blocks are anonymous.  How do you propose to figure out the distribution of hashing power?

take a look at http://bitcoinwatch.com/ they have a hash rate distribution monitor right on their page, its live. By keeping an eye on the rate of block production with a known difficulty they can estimate the total network power, by looking at the blocks produced by any one pool in a given period with a known difficulty they can estimate that pools hashing power, since all major pools report his information (and even if they did not they have to tell miners when they found a block) we can accurately know what portion of the total hashing power is controlled by whom.

So, the attacker is going to publish a data feed showing their hashing power prior to the attack?  Or are you suggesting that we shut down the network whenever we can't account for at least half of the network power?

[ttk2]

When a single entity has 51% everyone is informed by their client and Bitcoin spending stops, the moment the attacker breaches 51% everyone using Bitcoin is told not to spend or accept until such a time as the attack ceases.

Blocks are anonymous.  How do you propose to figure out the distribution of hashing power?

take a look at http://bitcoinwatch.com/ they have a hash rate distribution monitor right on their page, its live. By keeping an eye on the rate of block production with a known difficulty they can estimate the total network power, by looking at the blocks produced by any one pool in a given period with a known difficulty they can estimate that pools hashing power, since all major pools report his information (and even if they did not they have to tell miners when they found a block) we can accurately know what portion of the total hashing power is controlled by whom.

So, the attacker is going to publish a data feed showing their hashing power prior to the attack?  Or are you suggesting that we shut down the network whenever we can't account for at least half of the network power?

Yes, take a look at the graph now, we can account for more than 85% of the hashing power, i have never seen the "other" section top 30%. Any major mining pool can be easily added to the monitor. And i highly doubt that a new non-malicious pool will sprint up and get 51% before they add it to the monitor. 

[ctoon6]

Yes, take a look at the graph now, we can account for more than 85% of the hashing power, i have never seen the "other" section top 30%. Any major mining pool can be easily added to the monitor. And i highly doubt that a new non-malicious pool will sprint up and get 51% before they add it to the monitor. 

Now explain to me how you will implement this idea into bitcoin so that it is not centralized.