Topic: [ANN] Bitcoin PoW Upgrade Initiative - page 2. (Read 42931 times)

No, I mean the "coffees in the chain" brigade.

Does that argument not favour a hashing algo that does work with GPUs/FPGAs? Is that even possible without the risk of an ASIC being developed?

By that I assume you mean the big Chinese miners. Wasnt the specialization of mining a part of the natural evolution of Bitcoin? There are some people who argue against the POW upgrade because they say they would preferably go with the ASIC miners than the botnet that hackers are known to be using. 

If these people believe in security by being under a racket with full control over their currency, let them have their coin. I didn't need BTC for that.

AFAIC their presence is a liability, if they get to influence the decision process.

That is your point of view yes, but what about the rest? Will they follow the people who can secure the network or will they follow the new POW upgrade and take the road less traveled? It will be a hard decision but I think the majority will follow the safer road.

exactly!, who wants?
i say Banks or SWIFT!!imagine a new SWIFT based in sha256. As secure as bitcoins(because it would have a considerable hash capacity!), at least for now. 250millions usd$? its a bargain for a startup that aims to detrone SWIFT! People need to prepare , investigate this hyphotesis. we must be negotiating with people(BU miners) that are already out of bitcoin.
Read my post , few posts below, for more info.

They can try to keep their fork alive but who wants to use a crypto completely dominated by 4 odd dudes from China? Maybe Roger and a few other lunatics? Win-win.

If theres a POW upgrade what will happen to the Chinese miners? Will it be possible for them to continue to mine using the old SHA256 and fork away from the upgraded POW algorithm? I think that would be a losing move for the current developers and the ones behind them.

 
I love this one.  

Like you said, but an extension of what you suggest, have the check-bits being searched for as a function of the previous mined block.  Instead of searching for 00000000000 starting at nth 0, search for 76436753432 at nth 7.  Or that at 21, going backwards.  21/20/19/18/etc.  Or pick the Xth prime, and skip the Yth prime of each element, where the primes used is a function of the hash of the previous block.

Introduce them as a randomized instantiation.  ~10/1000 is this new 'format'.  Then, after 1000, it's ~20/1000.   Have a new difficulty setting for these new elements.  Who cares if you get a virtually instantaneous block reward for 10/1000.  No different than chance happening for that normally.  By the time that it got to 100/1000 there would be an entirely new set of miners, on an entirely new set of difficulty settings.

It doesn't punish the miners that are currently mining in an untoward manner.  It gives them an acceptable return on their existing hardware.  That would account for a two year rollover.

Then, let the miners know that the same thing is going to happen again in two years.

It de-incentivizes hardware solutions, but doesn't kill them.  I'm not sure this solve the long-term problem of centralization though.  While the prime thing is good, you want all of that calculation to be done by the miner, with the least amount effort you can come up with so that it can be validated.  This just means that you could have relatively minor modification to the hash validation that current hardware wouldn't be designed for.  I don't actually know how the ASIC's verify that a specific hash meets the requirements of validation.  It might be as simple as updating a single variable within their hardware or software implementation.  Instead of looking for "000000" look for "123456".

I would like to share an hypothesis.

With enough asics a group of miners could offer/sell an alternative to SWIFT for banks?

The group could settle a secret agreement with some banks to raise a few billion US$ for their hash capacity (they would have to leave bitcoin).
They would need something like 40% to 50% of bitcoin hash rate to avoid attacks (Bitcoin unlimited is in almost 40%?).
 They would have to keep building asics to keep hash capacity in bitcoin level. Or build even more.
Them we would live in a world with 2 major coins. Both only vulnerable to each other hash capacity.
The miner (banks backed) would have lot of budget to keep pumping asics until bitcoin is forced to change POW or other mitigation strategy.
The group would guarantee its future in asics manufacturing and operations and would ´t care if bitcoin fails. Quick $ with low risk. As it would have a signed contract with major banks to back them.
Actually this group of miners would gain with bitcoin suffering.
Banks could have a chance to have its own SWIFT and damage bitcoin considerably, gaining more time for their fiat party, with very low costs for them(comparing to acquisitions we are seeing today and the SWIFT value) .

Yeah, I was talking about changing the PoW generally. Not championing my personal favourite as I'm still reading what others think.

This is why a gradual phase-in of the new PoW via PoWA is the best option.

There is collateral damage.

But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

Right now the mining cartel protects us from any other potential attackers in terms of hashing. Still, not an acceptable situation.

Not really.  Until it stabilizes, my expectation would be that you would just need to wait for more confirms before you can be assured that the chain you've put a transaction in hasn't been orphaned.  Now 6, perhaps as high as 20.  When lightning is available, I don't think that's really that much of an issue.

Thats what I think. My next question for that would be, wont it make the network open to attacks if the difficulty suddenly drops low? The idea might be good on paper but its really only complicating matters. Best to come with a new POW algorithm that uses less energy.

In order to keep the two chains in sync and ensure that the new PoW hash power is always working, the new PoW miners can assemble the next proto-block from mini-blocks and mine it only after legacy miners have mined and broadcast the current block. The period while the new PoW miners are mining the proto-block is downtime for the legacy miners; their hash power is going to waste. In order to minimize this downtime, we need a fast confirmation time for the new PoW. One minute isn't too extreme, actually, if we consider Ethereum's 20-second confirmation time.

It's a tradeoff. Yes, transitioning faster would attract more new PoW miners. So would giving them a larger share of the block reward at the beginning, say 10%.

On the other hand, since this is "non-hostile" fork proposal that seeks to gain broad community consensus, we don't want to alienate legacy miners by turning their hardware into scrap metal too quickly. This is why I would prefer to err on the side of an overly long phase-out period rather than an overly short one. A linear phase-out is preferable to an exponential one for the same reason.

As for attacks, non-upgraded miners may attempt to attack the chain to fool non-upgraded nodes, but this is a risk for any SF. We just have to rely on having most economic nodes upgraded by flag day.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi devs, can you all send your nominations for who the most credible individuals are for managing an m-of-n account (for holding the PoW bounty's reward funds)?

1) Please send PGP-signed emails to [email protected] (you may encrypt if you wish to remain anonymous, my PGP key ID is 331B6406 (pgp.mit.edu)).

2) Once all the nominations are received, I will make one big post containing all of the signed emails (unless the sender wishes to remain anonymous due to fear of BitfuryGeorge).

3) We reach out to the agreed upon individuals, inviting them to become custodians of the multisig address and requesting a public BTC address (for which they control the private key) from each of them.

4) Create the multisig address, notify the new custodians of the account.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJY2FrYAAoJECXDNTkzG2QGrvwH/0CjwKRgSmHmMPFXKA8F1YWa
CMcrWx0KN2ykhqxclxEAlMIs8Zb4u3KO89nejza/Guh0f2sNWSCW6NvrEhRzHodf
TSn8VpCcjpeYc1Iu5wSMBTVk6h/dqZy0eJJRukN4M8qTstnwvU2B48I7Q24x9zLe
B2lOxqhm3fIauaXCTgey4YLgvMfo058jg7+x9DrYKtmP8jht49AmvBv+XI69YfHq
XHvTpbipeNsoTR7qQUXnsnGtbMW7Sl0jywFjRUe1Gq7xGBf6ICH6WkCBLgRDCPCA
z+7gqv6zqjZaAqmbaZej/+4JShnhX2wgj1LKvtW65TdJuyxy4KG6sS231wgAp/4=
=yOSx
-----END PGP SIGNATURE-----

DeSantis has started some work (he wants to do some testing before posting his source code for peer review though).
He's creating a Keccak fork and a Cuckoo fork, and has created a beautiful automated testing utility that I hope he gives me permission to link to you guys.

The testing utility (I've viewed the source, it's not vaporware) allows you to spin up multiple Docker containers, each containing a different Bitcoin node; some of the nodes can be Bitcoin 0.14.0, some of them can be Bitcoin Unlimited, and some of them can be Keccak, Cuckoo, etc.

With these containerized Bitcoin nodes, you can then simulate various forking scenarios, and actually observe in real-time how it plays out. With my limited bitcoin programming knowledge, I am waiting for him to document the config file that controls the node counts & types, and to create some python installation script (which are easier to debug for me at least).

tl;dr - DeSantis is testing Keccak & Cuckoo using a Bitcoin Network Simulator.

What's the rationale for making the mini-blocks 10 per legacy block? I'm thinking of the orphan rate.

I'm also unconvinced about a "years" timeframe. I would propose 1 year, where the interval between the 5% steps starts at close to infinity increase for the 5-10% part, and gradually increases the interval between steps (like an exponential curve inverted about x=y, is that the cosine curve?)

Going faster to begin with should help to attract hashing power to newPoW, and in turn dissuade the BU miners from even attempting the various attacks they have no doubt developed. The "long tail" will gradually contribute to calming what would inevitably be a very febrile atmosphere surrounding the initial 5% change (the accompanying FUD would no doubt be typically disproportionate)

Here's how I propose to decentralize mining with a PoWA (proof-of-work additions) soft fork:


New PoW chain is shown in pink, legacy blockchain in blue.

Brief description:

• New PoW miners mine continuously, legacy miners almost continuously. Proofs for the new PoW blockchain's mini-blocks are embedded into legacy chain in a special output of the coinbase transaction.
• All assembling of TXs into blocks and reorgs happen on the new PoW chain. Legacy miners' participation is restricted to solving the SHA256 proof-of-work, adding their payout address to the coinbase TX and broadcasting the block.
• Mini-blocks are 100 Kb in size; new PoW blockchain has one-minute block discovery rate (i.e., confirmation time).
• Mini-block headers are like ordinary block headers but with an added payout address.
• Legacy miners experience an avg. of 10% downtime while waiting for new PoW miners to mine the next proto-block.
• Initially, 90% of block reward will go to legacy miners and 10% to new PoW miners. Legacy miners' share could be gradually reduced (over a period of years?) until it reaches zero.
• After legacy miner broadcasts a valid block, new PoW miner assembles a "proto-block" (a nearly complete Bitcoin block) out of TXs from all mini-blocks mined since last proto-block. Extra TXs are added from mempool to make the block full. Payout outputs for mini-blocks and proto-block are added to the coinbase TX (with 10% of block reward divided equally among them). Mini-block headers and legacy block header hash are embedded in the special output of the coinbase TX. Miner solves the proto-block and broadcasts it to legacy miners.
• Legacy miner adds his payout output and proto-block header to the coinbase TX and Merkle root to the header, making the block complete. He then solves and broadcasts the block as usual. Legacy miner is allowed to alter only four pieces of data: timestamp, nonce, coinbase nonce and his payout output.
• If new PoW miners solve nine mini-blocks faster than legacy miners solve one block, then they continue mining empty mini-blocks until legacy miners finally solve the block. Thus a proto-block may contain more than nine mini-blocks.
• In the reverse case, proto-block will contain fewer than nine mini-blocks.
• "Longest chain" according to new consensus rules is chain with the most embedded mini-block/proto-block proofs. This prevents legacy miners from initiating reorgs.
  
• System is PoW agnostic, but a memory-hard algorithm such as Cuckoo Cycle or Equihash would be preferred, as this would lead to the creation of a new  decentralized mining industry based on universally available DRAM.

This description is preliminary; certain details may be subject to change.

Benefits:

• New decentralized mining industry is created.
• Legacy miners are deprived of all decision-making power and possibility of attacking the chain.
• Gradual or partial phase-in of new PoW reduces security risk.
• Bitcoin's effective confirmation time is reduced to one minute.
• Despite the 10% "haircut" they receive, legacy miners can profit from the SF if economic majority upgrades and most value remains on upgraded chain. Thus the proposal could expect to gain broad community consensus, even among miners.

Variations:

• Legacy miners' share of block reward could be left at 90%, with no phase-out, making proposal more attractive to them.