Here is a system for fast transaction times called Proof of Min (PoM):

A distributed time server generates UTC timestamps every second with low network latency. Each timestamp includes a random nonce that is unknown until it is generated by the time server.

The timestamps alternate with the types START and STOP. When the miners receive a START timestamp they start searching for blocks with as low hash value as possible. Each block includes the START nonce. When the miners receive a STOP timestamp they check which of the submitted blocks has the lowest (min) hash value and include it in the block chain.

EDIT: Each miner submits one block (with the lowest hash value found during the time period) to the network of miners. The block must be sent before the next STOP timestamp, early enough to be registered by the other miners.

This will give transaction times of around 2 seconds.

Your idea is flawed.

1. How would a distributed time server generate a single, unique nonce per block? Either the nonce generator would have to be centralized, which is obviously not wanted in a decentralized currency, or a malicious entity can just recode the client to produce a timestamp and nonce combination which is already known to produce a very low hash value.

2. In order to check which hash has the lowest value, the network would have to store every submitted hash until the block is found. If each miner could produce at least 1000 hashes per second and there were at least 100 miners currently hashing, then at least 1 million hashes with their accompanying block contents would have to be stored by each node that verifies the hashes every couple of seconds. That's a lot of memory, not to mention a lot of overhead in time to verify each hash in case any malicious entity submits multiple fraudulent hashes with low hash values. 1000 hashes per second is not even a lot.

3. 2 second transaction times will create an extremely bloated blockchain, not to mention a ton of orphaned blocks. Who really needs such a quick transaction period?

Here is an example of random nonce generation:

"(I'm aware that people on the forums are coming up with randomness protocols for proof-of-stake, proof-of-activity and the like which don't involve external true randomness like lotteries - they just hash the last hundred blocks' hashes together, or something like that. I don't think this is good enough. [For their application or for mine!] Someone producing the latest block, given the previous 99, can privately produce billions of cheap variations on it, by varying the order the transactions are listed etc, until they find, and publish, the one that "games" the randomness in their favour. However, if I'm wrong about this, and hashing the last hundred blocks is in fact fine, then good! We can drop the lottery rigmarole!" -- https://en.bitcoin.it/wiki/Proof_of_burn


Each miner would only submit one hash value (the lowest found during the time period).


That could be a problem. I don't know the exact details about that.

A distributed time server with random nonce generation is probably tricky to develop. But it's the general idea I wanted to present. So that other people can figure out possible solutions or explain why it would be impossible.

Another part I forgot to answer. The timestamp nonce is included in the block. So the miners can check if the nonce included is the same as the current START timestamp nonce from the distributed time server. The miners have to wait for the START nonce in real-time, since they don't know what the random value of the nonce will be. And if the miners try to generate their own nonce values, the other miners will immediately see that those values are different than the Start timestamp nonce from the distributed time server.

NTP isn't trustless. You trust your servers and if they lie to you, your time will be wrong.

You are saying nothing but "I want this, I want that" without really knowing what you are talking about.

The Bitcoin miner network IS already a distributed time server. Due to its decentralized nature its resolution could not be too high. If you believe you are able to create an even better distributed time server than the miner network, just do it.

I've been meaning to put Anders on ignore for a while now.  This thread finally reminded me to do it.

I'm getting a bit bored with his poorly thought out, hey, let just do the following and all the problems of the world will be solved:

• Step 1. Collect underpants
• Step 2. ?
• Step 3. Profit

The number of newbies that show up here thinking that their ideas are brand new and nobody has bothered to think of them in the past 6 years just astounds me.

I'm not saying that a newbie can't come up with an original idea, just that most of them don't, and none of them seem to even consider the possibility that their idea isn't new and that they should learn a bit about what has already been discussed regarding their idea before they present it as revolutionary.

Another problem to consider: How many bitcoin transactions per 10 minutes are done today? Around 400 perhaps. Compare that with the millions and millions ordinary money transactions per ten minutes happening in the world today. If Bitcoin is supposed to become anywhere near mainstream, it would have to cope with several orders of magnitude increase in number of transactions. Block chain bloat, anyone?

Yes, pretty much.  That's the entire point of mining.

Bitcoin-like things work because the earliest transaction is the valid transaction, and later ones are invalid and orphaned.  The trouble was how do you know what's earliest?  Your clock might be wrong.  Outside sources might lie to you.  Information propagation takes time.  And on top of it, when money is involved, you have to assume everybody else is trying to lie and cheat and steal from you.  And that on top of THAT, you want the system to be able to work with nodes coming on and offline, and they need to be able to download updates and KNOW, not trust, that they are accurate.  Sure, a signature could contain a timestamp, but the signer might have just lied, even if he had accurate information.

So how the hell do you solve that?

By not relying on time, but instead relying on WORK.  Churning through sha hashes until you find one within a specific range.  If we assume sha hashes are not predictable, then we know that if you found a specific hash, you HAD to have, on average, churned through some number of hashes.  And given that it takes TIME to calculate a hash, we know that it will on average take some amount of time to do that work.  Now we have a basis for coordinating our clocks.  We may not know the exact time, but we CAN quite easily verify that work has been done, and we know that that work HAD to have taken some amount of time.

So now we can all synchronize our clocks, not by time, but by the longest valid chain of work done, because we know that it could not possibly have been faked.  The work WAS done.  The valid hash is proof of that.  And now, we can have nodes coming on- and off-line, lying to us, and on and on, and all we have to do is get somebody, anybody, to send us the valid chain, and we'll know it's valid, because we can check it very easily, and we've all agreed ahead of time that the longest ("longest" meaning most work) valid chain is the real chain.

Yes, bitcoin mining's whole purpose is to solve the distributed time server problem in a TRUSTLESS manner.  The purpose of doing the work is to PROVE that time has elapsed.  The transaction with more work done on top of it is OLDER.  Thus, we can now verify which transaction came first.

If you can solve the time server another way, you will have done what nobody could do for decades until Satoshi.  Go for it.