I've casually proposed this for Bitcoin in the past, but there's no way that something as experimental as this would ever be done in Bitcoin without at least a successful altcoin example, so it'd be cool to see it implemented in an altcoin, if any altcoin devs are interested. I have not rigorously examined this scheme for any flaw, so maybe it won't work well at all, but maybe it will.
One problem in Bitcoin is mining centralization. To solve this, I propose that the PoW be changed to the following:
- If the block height mod 4 is 0, the PoW for that block is SHA-3 (or similar), an ASIC-friendly algorithm.
- If the block height mod 4 is 1, the "PoW" for that block is "follow the satoshi", a form of proof-of-stake described in the
Proof of Activity paper.
- If the block height mod 4 is 2, the PoW for that block is
cuckoo, a very ASIC-unfriendly algorithm.
- If the block height mod 4 is 3, the "PoW" for that block is again "follow the satoshi".
Most likely:
- The SHA-3 group will be controlled mainly by a handful of centralized ASIC miners as is the case with mining in Bitcoin today.
- The cuckoo group will be controlled mainly by a handful of botnet operators, though ordinary users might also participate to some extent.
- The PoS group will be controlled mainly by a handful of early adopters, though ordinary users might also participate to some extent.
However, importantly,
all three groups need to cooperate in order to do anything majorly evil such as rewriting many past blocks. And since the three groups seem very likely to be independent, this significantly increases the decentralization and security of the system's mining.
The reason that PoS appears twice is that if you had a PoW step followed by a PoW step, the miners in the first PoW group would be incentivized to try redoing the block in their group whenever a block is solved, since otherwise they just have to wait. Adding a quick PoS block after each PoW step makes this less likely to succeed.
There should be two PoW difficulties: one based on steps 0 and 1, and one based on steps 2 and 3. PoW must be combined with PoS in the difficulty calculation because the nature of "follow the satoshi" leads to blocks often failing due to offline nodes in PoS, and this must be taken into account in the difficulty calculation.
"Follow the satoshi" is a particularly good PoS method because you can only participate if you run an actual full node. There's no way to cheat. As suggested by the Proof of Activity paper, participating in PoS using a particular address should require the participant to have the ability to spend at least a large percentage of the address's coins. The ability to risklessly delegate PoS authority leads to pooled PoS, an undesirable point of centralization.
Since PoS appears twice, it should have to redistribute at least half of its total block rewards to steps 0 and 2. It might also be desirable to change the reward distributions even more, since ASIC miners will probably be much more expensive than cuckoo miners, which will certainly be much more expensive than PoS miners. Redistribution of the mining reward can be done in a simple way by requiring that a block with
x coins of total reward (subsidy + fees) must be accompanied by a transaction that spends the entire total reward, and this transaction must have a fee of at least
y% * x. The next block will then include this transaction, taking its fees, and maybe again redistributing the fees if necessary.
