4/27/13: PLEASE SEE THIS THREAD: https://bitcointalk.org/index.php?topic=189239.0
Decrits is a continuation of my proposals for Encoin
, but with many significant new ideas.ABSTRACT:
• Decrits will work to keep a relatively
stable value over time by having an unbounded coin production that is related to the time, hardware, and energy costs required to produce new currency.
• During periods of instability due to market expansion or technological leaps, Decrits will create new currency freely based on what is being minted for cost and distribute it to existing account holders and those who transact on the network to quickly bring back stability. This has the beneficial side effect of giving profits to the people that use the currency rather than wasting it on hardware manufacturers and electric companies.
• Decrits will use a proof-of-share system for network security entirely in lieu of proof-of-work. No energy is required to secure the network other than transaction verification. Proof-of-work is only
used to create new currency. Transaction fees are paid to shareholders.
• Decrits will ensure that transactions are typically secure from double- or bad-spends within seconds. See the Security section.
• Decrits will use an account ledger rather than a transaction ledger for keeping track of balances. This will result in a standard transaction being about one-third the size of the smallest common Bitcoin transaction, and 5-10x+ less than Bitcoin transactions with many inputs. It also means that the entire history of the network need not be stored or pruned as it is already in a compact format.
• Decrits will reward early adopters by giving away multiples of minted currency, such as 5x or 10x what would normally be minted. Early adopters will also be in the position to benefit for some time off of early purchase of shares as described in the Security section. While the project is in development, coins may be pre-awarded to people who make large and small contributions to its development.
• Decrits will incentivize being a transmitting node for the network by paying a small portion of the network transaction fees for the service.
• If a loaf of bread costs 1 DCR in 2012, then a loaf of broad will cost 1 DCR in 2050, assuming the production costs of bread and money have not changed. If the production costs of money have changed to where a loaf of broad costs 2 DCR in 2050, then 1 DCR saved from 2012 will be about 2 DCR in 2050. See this post
for an explanation.
Please note that all of these ideas are up for discussion and if this ever became a reality I would hope for some heavy debate on how exactly to tweak many of these features to ensure a well-oiled currency.
SECURITY: PROOF OF SHARE + TIME-BASED REPUTATION
Users of the network may opt to buy a network share in return for receiving a portion of network transaction fees. The money used to buy these shares is locked and cannot be used for regular transactions. Each share lasts for a 1 year period that automatically renews unless the shareholder declines to renew within 30 days of that renewal. There is no limit to the amount of shares that may be purchased. Once a new share is purchased, there is a 3 year probationary period where the shareholder's reputation does not increase. After the 3 year probationary period, reputation will increase by up to 3 times the initial amount over an additional 3 year period. Percentages of transaction fees are awarded based on the shareholder's reputation compared to the total network reputation.
The probationary period exists so that long-standing shareholders are rewarded for continuing service to the network. It also makes one-shot monopolistic takeover attempts take much more time and be much less profitable in the interim. (And probably a futile endeavor to begin with, see the voting system section.)
Anyone owning shares will be selected based on predetermined orders that change every so often to put together a list of transactions over a 10 second period. Since only the specific share owner is allowed to create a transaction block for a specific time period, any transaction seen in these blocks can be considered double-spend proof as long as the network is ordered properly up to that point. e.g. the blocks are in order and are all available.
Advantages over bitcoin: No energy is required to secure the system other than transaction verification. Any shareholder attempting to approve a bad spend or create more than one block per time window will lose their share. Even if an evil entity owns 99% of the shares, they cannot approve a bad spend or have the same shareholder attempt to recreate an older block as this can all be proven and honest shareholders will destroy their shares and prove to the clients which network is honest.
Disadvantages: It is a much more complex system. However, not requiring energy or investment in expensive hardware is a significant advancement. Share holders will have to remain online at all times.
The money creation system is still a very tentative idea. Money creation starts with a big block of coins available to be minted based on the amount transaction fees over the last year (with a large minimum amount), divided by 12 to get a base line. Each minter creates coins individually. To begin minting coins, minters must put their name into the coin minting queue which must include a proof of work equal to 10% of the standard coin award's value (e.g. if each user is assigned to mint 2 coins, he must give a solution equal to 0.2 coins to join the queue). Once enough minters have joined the queue, minting can begin (this formula will be based on the total number of coins available to be minted for this block). When minting begins, the cost of the solution to join the queue will drop to 7.5%, and after a significant portion of the coins have been mined (25% or so), the cost to join will drop to 5%.
When the block begins, only 50% of the queued users will be selected to create coins. While each minter creates coins individually, they are assigned together with a group of 39 other minters with which they compete. The first 10 users in each group will receive a slight bonus to their award, and once the 10th solution is given, all 10 users will be assigned to new groups to create more coins. This process continues for each set of 10 except that the 3rd and the 4th set of 10 are only added back to the queue and not immediately given a new group.
Overall, this system encourages minters to be just slightly better than average. Go too fast, and you wait for the other 9 members to find solutions. Go too slow, and you can be penalized. You can of course join the queue multiple times with a fast system, but you may be selected more times than your system can currently handle. Go really slow (over 3 standard deviations or whatever testing seems fair) and you will be booted out of the queue and lose your 0.2 coin investment.
Coins will not
be deposited into the minting accounts until after
the entire block of coins has been minted and they will be awarded over time based on the days that the coins were mined (e.g. if it took 10 days to finish a coin block, coins minted on the 1st day will be deposited on the 11th day, 2nd on the 12th, and so on). This is for two reasons: difficulty adjustment and the coin multiplier. The difficulty will be adjusted after
each block and given a weighted adjustment based on the last 10(?) difficulty changes. Difficulty only goes up, never down. The difficulty will be adjusted by dropping the top and bottom 25 percentiles and comparing the change of the middle 50% to the last block. Once this is calculated, the value of the awards will be reduced accordingly. E.g. a 10% increase in difficulty means that a 2.0 coin award would be reduced to about 1.818 coins (100/110% * 2.0). This prevents a serious upset to the money supply if, for example, someone discovers a way to double the speed of the hashing algorithm.
After the bootstrapping period is over, by default each coin block will be multiplied by 5x to all existing accounts and by 5x as a lottery to transactions that happened during the minting period. Existing accounts will earn interest based on their proportion of coins to the existing total with the smallest 0.5-1% of accounts being dropped to avoid excessive tiny calculations and transactions will be randomly selected to award either the sender or receiver with free money (this will occur in a way that can't be gamed--if the payout for a tx with a 0.01 tx fee is selected to receive 1 coin, the odds of it being selected will be 1/101). What this does is reduce the actual amount of energy spent in creating new money so that the people using the money profit instead of the electric company. Additionally, as more efficient hardware arises over time, existing users will see their account balances increase as the value of an individual coin may reduce in value over time.
There is no limit or timeframe to the number of coin blocks that can be created. When one is finished, a new one can begin as soon as there is the minimum required minters. The block is a starting and stopping point to adjust difficulty and begin awards and so on.
Because only a small amount of currency is created via minting and there is a large startup cost (the 0.2 fee times however many it takes to begin a block), investing in specific technologies like ASICs will be unlikely to bear fruit; rather, commonplace, sunk equipment costs such as GPUs will win the day. Massive amounts of money do not need to be wasted on always one upping someone else to get a larger share of the same sized pie. If it is generally profitable to create coins, people will mint; if not, they won't.
CAVEATS: There are some significant caveats to this system that would probably be solved quite efficiently in the future. There may be large periods of time where the minting computer is inactive but must be monitoring the network. This is wasteful. However, this is mostly countered by being a CloudNet member described in the next section. Additionally, if 1 coin approximates about 50 computer hours, it will be a fairly common event for the average computer to take 150 hours or more to find a solution, or almost a week. This is not ideal. However, it would be possible for some very complex pool designs to efficiently smooth out this process--but joining a pool will only be a matter of convenience, not necessity. Also, having each user create their own blocks will be data intensive, but it will most likely be equal to or greater than typical bitcoin efficiency when P2Pool becomes the dominant form of mining (which I think there is no doubt).
PAYING FOR THE NETWORK
With each coin slated to be on the order of about $1 USD/EUR/GBP to produce (based on semi-wild ass guess), the initial transaction fee is set at 0.01 DCR or 0.01% of the transaction, whichever is greater. The receiver pays the fee in the same vein as paypal or credit cards. The percentage fee is necessary to account for the potential reduction in value of an individual coin while keeping transaction fees in line as well as keeping Decrits banks of the future from settling up accounts between each other for 0.01 DCR at the end of the day and removing the incentive to be a shareholder. Shareholders split all transaction fees in accordance with their shares, with 5% of the transaction fees going to the CloudNet, or the group of users that send and receive transactions for the network.
CloudNet members sign into a queue similar to the coin minters. To join this queue, a small, refundable deposit will be required. This allows any CN member who attempts to be deceptive to be punished. Anyone wishing to send a transaction or simply just receive a copy of network traffic can connect to a CloudNet peer based on the available list. To send a tx, a client will add a 3 byte CN peer code to their transaction so that that peer will receive credit for the transaction. They may send it to several peers and whichever has it included in the transaction block will receive credit. At the end of the day, the top 50% of CN peers based on number of transactions confirmed will receive evenly
the 5% of transaction fees. Since the fees are spread evenly, there is less incentive to game the system.
Several other services will be available on the network that will have fees and these fees will be distributed in the same manner.
CN members will sign (or offer to sign) communications. This holds them accountable to losing their deposit for being malicious. It may also help prevent malicious software from compromising a share holder (maybe). It will make man-in-the-middle attacks on merchants nearly impossible.
The voting system is a bit sketchy at this point, but essentially there will be several, non-network breaking things that may be changed by shareholder vote such as adding a new signature algorithm. These votes will require a 75% majority to pass. A vote that changes significant portions of the network operation will require a 90% majority to pass. There are a lot more details on my ideas for this on the notes page. Some sort of code-neutral system will have to eventually be organized by the community to ensure that each future client can be properly prepared and so on for a code change.
It is my opinion that the network must have some ability to quickly coordinate and properly organize a network protocol change in the face of a serious problem without direct developer intervention. Additionally, if some malicious entity does gain control of a large portion of the network reputation and attempts to do something malicious, even a small percentage of shareholders will be able to divorce from the network via the vote. If this happens, all existing accounts will be unable to receive transactions until they either declare an allegiance or create new accounts specific to one side or the other. Existing accounts will be able to send money to the new accounts or declared accounts normally for a period of 30 (?) days until the divorce becomes final. Any undeclared accounts will remain on the unchanged side of the network. Shareholder money and reputation on each side will be destroyed if it has voted the other way. The fact that this option for the network to peacefully divorce may prevent any attack of this type from ever forming, and divorcing will only be used when there is a real point of contention, such as if a large majority of the shareholders decide to raise transaction fees unnecessarily.
There will not be a coin multiplier until after the first bootstrap period (there would likely be several stages). Initially there might be a 5x coin award to minters for the first 3 years. These coins will be awarded immediately, not after the entire coin block is finished. This is to keep any momentum in the currency from stalling when it is still taking baby steps. But before even that, I would hope to have an extensive beta testing period and use the message boards to award people future coins for finding bugs or suggesting good ideas and so on and actually have a community based project instead of one that was produced behind closed doors and released with zero public discussion on any of its properties.
Consciousness stream: http://pastebin.com/33uYZ1MS
I apologize for the terrible ordering and the fact that ideas are all over the place, but I've noticed from going back to my old notes that I was able to regurgitate old ideas into new ones that I had long dropped as a bad idea. Please note that this forum post should be considered my preferred ideas if there are any clashes with the consciousness stream.
A backup of the Encoin wiki is available here: http://justinbporter.com/encoin/doku.php
but this is not my site and I can't guarantee that it will remain available.
This stuff was all mostly fine-tuned from designing the encoin proposals. Peers of the network will all use a superhash of everything called the Consensus Block (CB) to maintain network consensus on the ordering of events. Connecting each CB together are about 8,700 transaction blocks which are created approximately every 10 seconds by share holders in a semi-predetermined order. NTP pool is used to keep reasonable time synchronization across the network, and clients include a timestamp in the transaction. Shareholders will use this estimate their approximate latency based on when they receive them, and will wait that much time (to a point) before sending its block for the 10 second time period. Transactions won't get duplicated in nearby blocks since each shareholder will only include transactions in the proper time window (with exceptions if transactions have been obviously missed and so on). This encourages people creating transactions to be honest about time for quickest inclusion into the chain. After each assigned shareholder creates a transaction block, other share holders will have been predetermined to sign that block plus any transactions that were missed. The next block will ack these signatures and the extra transactions. The more share holders there are, the more that will sign each block to keep network consensus times down. The extra signatures should be dwarfed by the overall transaction activity of a healthy network.
Account ledger uses a 5 byte number for 256*4.3B maximum accounts. The address space is infinite as any number of DSAs can be used. All transactions refer to account numbers (where possible) rather than addresses to save a gigantic amount of data. Clients do not need to maintain much history other than the state of the shareholders from the last time it connected. Then it can download the share holder history portion of the CB, and download enough current data (along with shareholder signatures) to convince it that this is the correct network. How much shareholders and cloudnet peers need to hold is up for debate, perhaps 1 years worth, perhaps less. Full copies can't be forged and it will be available somewhere.