Bitcoin Forum
December 05, 2016, 02:42:32 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: cryptocurrencies not based on proof-of-work  (Read 1260 times)
killerstorm
Legendary
*
Offline Offline

Activity: 994



View Profile
July 23, 2012, 08:00:44 AM
 #1

I wonder whether there are any developments on cryptocurrencies which are not based on blockchain proof-of-work.

I can think of one such scheme with a centralized timestamping server(s). It still can be run democratically just like bitcoin if users can select what timestamping server they trust. Double-spending is possible in case timestamping server goes rogue, but client software should detect this and revoke trust from that server. Then user can select another timestamping server he would trust.

Note that double spending is technically possible with bitcoin too, it's just rather unlikely unless attacker has superior hashing power. Taking into account that most bitcoin mining is now pooled, threat model isn't that much different: bitcoin users vote with their hashing power for mining pool they trust. If top mining pools collude they can implement 51+% attack, but then users will probably switch to different pool.

With trust-based centralized timestamping it's just more straightforward. Not that even though that it doesn't use proof-of-work, it isn't really that much vulnerable to Sybil attack (i.e. flooding network with attacker-controlled peers) because user's decisions won't be influenced by peers he doesn't interact with.

I.e. I would need to agree on timestamping server I trust with merchant I'm buying goods from, but it's rather unlikely that attacker would spawn lots of legit-looking merchants.

Further security can be improved with multiple timestamping servers and integration with proof-of-work-based timestamping (i.e. bitcoin merged mining). Although this would require more complex conflict resolution protocols.

But there is a shortcut: if forking happens, clients just stop functioning and we wait till software developers will find a solution and send an updated version of client. So essentially this can be quite vulnerable to DDoS but resilient to malicious double-spends.

This stuff seems to be rather trivial, so I wonder, have anybody already implemented this? If not, maybe we should? I mean a merged-mining based variant to make it more appealing.

(If it's not obvious, the goal is to make transactions instantaneous. Also, largely removes needs for blockchain downloads without completely sacrificing security.)

colored coins proof-of-concept: private currencies, stock/bond p2p exchange

Tips and donations: 16v13Fa9cPmfFzpm9mmbWwAkXY4gyY6uh4
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480905752
Hero Member
*
Offline Offline

Posts: 1480905752

View Profile Personal Message (Offline)

Ignore
1480905752
Reply with quote  #2

1480905752
Report to moderator
1480905752
Hero Member
*
Offline Offline

Posts: 1480905752

View Profile Personal Message (Offline)

Ignore
1480905752
Reply with quote  #2

1480905752
Report to moderator
1480905752
Hero Member
*
Offline Offline

Posts: 1480905752

View Profile Personal Message (Offline)

Ignore
1480905752
Reply with quote  #2

1480905752
Report to moderator
Francesco
Sr. Member
****
Offline Offline

Activity: 252


View Profile
July 23, 2012, 08:45:55 AM
 #2

Well I can see another problem: where would mining go? Bitcoin isn't yet mature enough, it would be quite less attractive without the money from mining... maybe after another 4 years, when reward would have gone to 12.5 anyway, and the economy will be much more robust, it will be reasonable.

Also, your reasoning is logic, mining pool are a sort of "centralized server" anyway (and for me personally, I wouldn't really notice if the exchange and the Glbse were just communicating numbers between them instead of sending bitcoins though the network and the blockchain -it would just be faster) ...but I wouldn't underestimate the psycological effect of being able to say that (in principle) the system is completely decentralized. That what really sets us apart, after all.

If, however, the system went in the sense that any transaction choses as "timestamping server" a completely random sample (10? 100?) of users, and that users got rewarded for that, then it would definitely be interesting.
(but, there would be the risk of someone invading the network with large amounts of clients, maybe tiny virtual machines on a server... that's why proof-of-work was chosen originally, after all. But maybe it would be possible to stop this behaviour, I don't know)
killerstorm
Legendary
*
Offline Offline

Activity: 994



View Profile
July 23, 2012, 10:00:52 AM
 #3

Well I can see another problem: where would mining go?

As I mentioned, it isn't incompatible with (merged) mining. Mining still can be used for initial coin distribution. It just isn't an ultimate authority.

I.e. when central block chain disagrees disagrees with miner's block chain we just stop processing transaction and wait for a manual resolution. (Unlike bitcoin which automatically picks longest block chain.)

Quote
Bitcoin isn't yet mature enough, it would be quite less attractive without the money from mining...

Sure, mining is a significant part of appeal. Or 'was', since CPU mining just makes no sense now and even GPU-based mining isn't that profitable.

Quote
...but I wouldn't underestimate the psycological effect of being able to say that (in principle) the system is completely decentralized. That what really sets us apart, after all.

'Decentralized' is just a buzzword which can mean many things. Ranging from democratic control to robustness to 'barrier to entry'.

If you remember those threads which discuss blockchain size scaling, people were arguing that at some point (many transactions per second) only large mining operations will ever touch blockchain directly since it would be of humongous size. So getting into bitcoin business at a tier1 player would cost a lot of money to get hardware, but even then, what if largest current operators will collude to ignore blocks you mine? Is it still decentralized?

On the other hand, in scheme I proposed above democratic control is much more straightforward as it comes directly from users, not from mining operations. 'Barrier to entry' is just different -- now bitcoin obviously wins, but in case of miner collusion it would take a lot of $$$ to override it, but in case with centralized timestamping you 'just' need to convince majority of users to switch to your server. Arguably, it might be easier. Centralized timestamping absolutely loses in terms of robustness, though, but that's another story.

If you remember, fate of P2SH was decided mostly among a small number of people (Gavin, Tycho, Luke-Jr and slush), so collusion isn't too far fetched to consider.

Quote
(but, there would be the risk of someone invading the network with large amounts of clients, maybe tiny virtual machines on a server... that's why proof-of-work was chosen originally, after all. But maybe it would be possible to stop this behaviour, I don't know)

Yeah, that's the Sybil attack I was talking about. This is why timestamping server should be selected manually and consciously rather than via an automated algorithm, without proof-of-work there is no other way, I think.

If you worry about initial coin distribution, traditional mining can be used for that.

If you worry about choice of timestamping server after a failure, consider this scenario: you want to buy some item from an AwesomePantsStore which accepts weirdcoins. You have no other choice than to accept same timestamping server as used by that AwesomePantsStore, otherwise merchant wouldn't recognize your transaction as valid. There is absolutely no risk for you: if AwesomePantsStore picks a wrong timestamping server, it just risks to lose money due to double spending. So risk always lies on a merchant, buyer can always choose timestamping server suggested by an entity he sends coins to.

colored coins proof-of-concept: private currencies, stock/bond p2p exchange

Tips and donations: 16v13Fa9cPmfFzpm9mmbWwAkXY4gyY6uh4
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1414

Newbie


View Profile
July 23, 2012, 11:13:38 AM
 #4

I wonder whether there are any developments on cryptocurrencies which are not based on blockchain proof-of-work.

I'm working on such a currency. It's in alfa stage now. Beta-testing is planned next week.

This currency could be "mined" using network cards. So mine BTC on GPU, LTC on CPU and the new coins on network cards. Looking forward to meet a currency which could be mined on some other part of my PC... Smiley
killerstorm
Legendary
*
Offline Offline

Activity: 994



View Profile
July 23, 2012, 11:27:53 AM
 #5

This currency could be "mined" using network cards.

How is that possible?

Quote
Looking forward to meet a currency which could be mined on some other part of my PC... Smiley

Well, HDD comes to my mind. You're paid for storing stuff on your disk. Ownership of disk space is confirmed when you are able to retrieve content from its hash.

I don't quite get how to make a cryptocurrency out of it, at least not a bitcoin-like one, but at least there is a way where one can prove that his has a limited and valuable resource to another.

Maybe it makes sense to make it ripple-like (LETS) where peers will grant credit lines to each other proportional to amounts of data they store for each other.

colored coins proof-of-concept: private currencies, stock/bond p2p exchange

Tips and donations: 16v13Fa9cPmfFzpm9mmbWwAkXY4gyY6uh4
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1414

Newbie


View Profile
July 23, 2012, 11:40:56 AM
 #6

This currency could be "mined" using network cards.

How is that possible?


I've used the term "to mine" coz everyone here understands it. In real I use a term "to mint" to describe a process of new coins generating.

Coins are "mined" when ur "miner" sends data to other "miners". I explained the idea here - https://bitcointalk.org/index.php?topic=92700.msg1025327#msg1025327
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1722

Let's talk governance, lipstick, and pigs.


View Profile
July 23, 2012, 12:37:15 PM
 #7

There is a crypcoin being developed by the Royal Canadian Mint called MintChip.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1414

Newbie


View Profile
July 23, 2012, 02:26:33 PM
 #8

There is a crypcoin being developed by the Royal Canadian Mint called MintChip.

It has some serious disadvantages:
- coins generated by Royal Canadian Mint
- it's bound to Canadian dollar
- u have to use a special device
Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
July 23, 2012, 10:50:42 PM
 #9

I have proposed this in many variations, the newest being Decrits: https://bitcointalk.org/index.php?topic=91183.0
Currency is still mined, but security is from proof of share.

Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
July 24, 2012, 12:32:32 PM
 #10

I suggested a variant here -- there still is proof of work, but only by nodes authorized by a master node which has veto power over any blocks.

 - http://bitcoin.stackexchange.com/questions/3501/what-client-to-use-for-an-alternative-special-purpose-blockchain/3507#3507

ElectricMucus
Legendary
*
Offline Offline

Activity: 1540


Drama Junkie


View Profile
July 24, 2012, 01:26:56 PM
 #11

Why not combine the two? Ahh never mind... you know presenting concept isn't that much fun without something to look at. This made bitcoin successful satoshi just did it, he wrote it without and released it with the concept together.

First they ignore you, then they laugh at you, then they keep laughing, then they start choking on their laughter, and then they go and catch their breath. Then they start laughing even more.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!