Pages:
Author

Topic: [ANN] Bitcoin PoW Upgrade Initiative - page 2. (Read 42931 times)

donator
Activity: 980
Merit: 1000
March 30, 2017, 03:00:59 PM
By that I assume you mean the big Chinese miners. Wasnt the specialization of mining a part of the natural evolution of Bitcoin? There are some people who argue against the POW upgrade because they say they would preferably go with the ASIC miners than the botnet that hackers are known to be using. 

No, I mean the "coffees in the chain" brigade.
legendary
Activity: 3430
Merit: 3080
March 30, 2017, 07:10:33 AM
There are some people who argue against the POW upgrade because they say they would preferably go with the ASIC miners than the botnet that hackers are known to be using. 

Does that argument not favour a hashing algo that does work with GPUs/FPGAs? Is that even possible without the risk of an ASIC being developed?
sr. member
Activity: 868
Merit: 259
March 30, 2017, 02:10:33 AM
That is your point of view yes, but what about the rest? Will they follow the people who can secure the network or will they follow the new POW upgrade and take the road less traveled? It will be a hard decision but I think the majority will follow the safer road.

If these people believe in security by being under a racket with full control over their currency, let them have their coin. I didn't need BTC for that.

AFAIC their presence is a liability, if they get to influence the decision process.

By that I assume you mean the big Chinese miners. Wasnt the specialization of mining a part of the natural evolution of Bitcoin? There are some people who argue against the POW upgrade because they say they would preferably go with the ASIC miners than the botnet that hackers are known to be using. 
donator
Activity: 980
Merit: 1000
March 29, 2017, 06:05:46 AM
That is your point of view yes, but what about the rest? Will they follow the people who can secure the network or will they follow the new POW upgrade and take the road less traveled? It will be a hard decision but I think the majority will follow the safer road.

If these people believe in security by being under a racket with full control over their currency, let them have their coin. I didn't need BTC for that.

AFAIC their presence is a liability, if they get to influence the decision process.
sr. member
Activity: 868
Merit: 259
March 29, 2017, 02:48:41 AM
There is collateral damage.

But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

Right now the mining cartel protects us from any other potential attackers in terms of hashing. Still, not an acceptable situation.

If theres a POW upgrade what will happen to the Chinese miners? Will it be possible for them to continue to mine using the old SHA256 and fork away from the upgraded POW algorithm? I think that would be a losing move for the current developers and the ones behind them.

They can try to keep their fork alive but who wants to use a crypto completely dominated by 4 odd dudes from China? Maybe Roger and a few other lunatics? Win-win.

That is your point of view yes, but what about the rest? Will they follow the people who can secure the network or will they follow the new POW upgrade and take the road less traveled? It will be a hard decision but I think the majority will follow the safer road.
newbie
Activity: 6
Merit: 0
March 28, 2017, 09:08:10 AM
There is collateral damage.

But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

Right now the mining cartel protects us from any other potential attackers in terms of hashing. Still, not an acceptable situation.

If theres a POW upgrade what will happen to the Chinese miners? Will it be possible for them to continue to mine using the old SHA256 and fork away from the upgraded POW algorithm? I think that would be a losing move for the current developers and the ones behind them.

They can try to keep their fork alive but who wants to use a crypto completely dominated by 4 odd dudes from China? Maybe Roger and a few other lunatics? Win-win.

exactly!, who wants?
i say Banks or SWIFT
!!imagine a new SWIFT based in sha256. As secure as bitcoins(because it would have a considerable hash capacity!), at least for now. 250millions usd$? its a bargain for a startup that aims to detrone SWIFT! People need to prepare , investigate this hyphotesis. we must be negotiating with people(BU miners) that are already out of bitcoin.
Read my post , few posts below, for more info.
donator
Activity: 980
Merit: 1000
March 28, 2017, 07:29:42 AM
There is collateral damage.

But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

Right now the mining cartel protects us from any other potential attackers in terms of hashing. Still, not an acceptable situation.

If theres a POW upgrade what will happen to the Chinese miners? Will it be possible for them to continue to mine using the old SHA256 and fork away from the upgraded POW algorithm? I think that would be a losing move for the current developers and the ones behind them.

They can try to keep their fork alive but who wants to use a crypto completely dominated by 4 odd dudes from China? Maybe Roger and a few other lunatics? Win-win.
sr. member
Activity: 868
Merit: 259
March 28, 2017, 02:47:54 AM
There is collateral damage.

But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

Right now the mining cartel protects us from any other potential attackers in terms of hashing. Still, not an acceptable situation.

If theres a POW upgrade what will happen to the Chinese miners? Will it be possible for them to continue to mine using the old SHA256 and fork away from the upgraded POW algorithm? I think that would be a losing move for the current developers and the ones behind them.
newbie
Activity: 8
Merit: 0
March 27, 2017, 11:09:52 PM
A change of PoW as a quickfix (to fool currently manufactured ASICS) without too much risk of bugs can be as follows:

Instead of checking for n zero bits, implement checking for n one bits instead.

If you are bold, you can have the sequence of leading bits to check to be dependant on the trailing bits of the previous block.
 
I love this one.  

Like you said, but an extension of what you suggest, have the check-bits being searched for as a function of the previous mined block.  Instead of searching for 00000000000 starting at nth 0, search for 76436753432 at nth 7.  Or that at 21, going backwards.  21/20/19/18/etc.  Or pick the Xth prime, and skip the Yth prime of each element, where the primes used is a function of the hash of the previous block.

Introduce them as a randomized instantiation.  ~10/1000 is this new 'format'.  Then, after 1000, it's ~20/1000.   Have a new difficulty setting for these new elements.  Who cares if you get a virtually instantaneous block reward for 10/1000.  No different than chance happening for that normally.  By the time that it got to 100/1000 there would be an entirely new set of miners, on an entirely new set of difficulty settings.

It doesn't punish the miners that are currently mining in an untoward manner.  It gives them an acceptable return on their existing hardware.  That would account for a two year rollover.

Then, let the miners know that the same thing is going to happen again in two years.

It de-incentivizes hardware solutions, but doesn't kill them.  I'm not sure this solve the long-term problem of centralization though.  While the prime thing is good, you want all of that calculation to be done by the miner, with the least amount effort you can come up with so that it can be validated.  This just means that you could have relatively minor modification to the hash validation that current hardware wouldn't be designed for.  I don't actually know how the ASIC's verify that a specific hash meets the requirements of validation.  It might be as simple as updating a single variable within their hardware or software implementation.  Instead of looking for "000000" look for "123456".
newbie
Activity: 6
Merit: 0
March 27, 2017, 09:05:55 PM
I would like to share an hypothesis.

With enough asics a group of miners could offer/sell an alternative to SWIFT for banks?

The group could settle a secret agreement with some banks to raise a few billion US$ for their hash capacity (they would have to leave bitcoin).
They would need something like 40% to 50% of bitcoin hash rate to avoid attacks (Bitcoin unlimited is in almost 40%?).
 They would have to keep building asics to keep hash capacity in bitcoin level. Or build even more.
Them we would live in a world with 2 major coins. Both only vulnerable to each other hash capacity.
The miner (banks backed) would have lot of budget to keep pumping asics until bitcoin is forced to change POW or other mitigation strategy.
The group would guarantee its future in asics manufacturing and operations and would ´t care if bitcoin fails. Quick $ with low risk. As it would have a signed contract with major banks to back them.
Actually this group of miners would gain with bitcoin suffering.
Banks could have a chance to have its own SWIFT and damage bitcoin considerably, gaining more time for their fiat party, with very low costs for them(comparing to acquisitions we are seeing today and the SWIFT value) .

donator
Activity: 980
Merit: 1000
March 27, 2017, 06:22:20 AM
But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

This is why a gradual phase-in of the new PoW via PoWA is the best option.

Yeah, I was talking about changing the PoW generally. Not championing my personal favourite as I'm still reading what others think.
member
Activity: 112
Merit: 27
March 27, 2017, 06:18:45 AM
But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

This is why a gradual phase-in of the new PoW via PoWA is the best option.
donator
Activity: 980
Merit: 1000
March 27, 2017, 05:54:50 AM
There is collateral damage.

But the trade-off is this: allow a certain attack from a malicious actor or potentially allow cheaper-than-usual attacks from unknown actors temporarily.

Right now the mining cartel protects us from any other potential attackers in terms of hashing. Still, not an acceptable situation.
newbie
Activity: 8
Merit: 0
March 27, 2017, 04:48:38 AM
wont it make the network open to attacks if the difficulty suddenly drops low?

Not really.  Until it stabilizes, my expectation would be that you would just need to wait for more confirms before you can be assured that the chain you've put a transaction in hasn't been orphaned.  Now 6, perhaps as high as 20.  When lightning is available, I don't think that's really that much of an issue.
sr. member
Activity: 868
Merit: 259
March 27, 2017, 02:37:41 AM
Wont this make difficulty rise and fall like a wave?

Each algorithm would have its own difficulty I would imagine.

Thats what I think. My next question for that would be, wont it make the network open to attacks if the difficulty suddenly drops low? The idea might be good on paper but its really only complicating matters. Best to come with a new POW algorithm that uses less energy.
member
Activity: 112
Merit: 27
March 27, 2017, 02:34:00 AM
What's the rationale for making the mini-blocks 10 per legacy block? I'm thinking of the orphan rate.
In order to keep the two chains in sync and ensure that the new PoW hash power is always working, the new PoW miners can assemble the next proto-block from mini-blocks and mine it only after legacy miners have mined and broadcast the current block. The period while the new PoW miners are mining the proto-block is downtime for the legacy miners; their hash power is going to waste. In order to minimize this downtime, we need a fast confirmation time for the new PoW. One minute isn't too extreme, actually, if we consider Ethereum's 20-second confirmation time.

I'm also unconvinced about a "years" timeframe. I would propose 1 year, where the interval between the 5% steps starts at close to infinity increase for the 5-10% part, and gradually increases the interval between steps (like an exponential curve inverted about x=y, is that the cosine curve?)

Going faster to begin with should help to attract hashing power to newPoW, and in turn dissuade the BU miners from even attempting the various attacks they have no doubt developed. The "long tail" will gradually contribute to calming what would inevitably be a very febrile atmosphere surrounding the initial 5% change (the accompanying FUD would no doubt be typically disproportionate)
It's a tradeoff. Yes, transitioning faster would attract more new PoW miners. So would giving them a larger share of the block reward at the beginning, say 10%.

On the other hand, since this is "non-hostile" fork proposal that seeks to gain broad community consensus, we don't want to alienate legacy miners by turning their hardware into scrap metal too quickly. This is why I would prefer to err on the side of an overly long phase-out period rather than an overly short one. A linear phase-out is preferable to an exponential one for the same reason.

As for attacks, non-upgraded miners may attempt to attack the chain to fool non-upgraded nodes, but this is a risk for any SF. We just have to rely on having most economic nodes upgraded by flag day.
newbie
Activity: 31
Merit: 0
March 26, 2017, 07:21:42 PM
There are several developers working on PoW changes already , but what we need is proper peer review testing and a big bounty for this work. I am willing to donate btc and help fund raise for this , but we need 3 trustworthy an public people to handle the funds. Who is interested or who should we ask to get this started?

The "public" stipulation may be difficult to satisfy. Irrespective of how much support we can build, whoever accepts an escrow role is sticking their head above the parapets rather significantly (Bitfury have already threatened legal action against PoW changes, although against who is undetermined I believe)

Can the several developers not present their designs, rates and also addresses to donate to?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi devs, can you all send your nominations for who the most credible individuals are for managing an m-of-n account (for holding the PoW bounty's reward funds)?

1) Please send PGP-signed emails to [email protected] (you may encrypt if you wish to remain anonymous, my PGP key ID is 331B6406 (pgp.mit.edu)).

2) Once all the nominations are received, I will make one big post containing all of the signed emails (unless the sender wishes to remain anonymous due to fear of BitfuryGeorge).

3) We reach out to the agreed upon individuals, inviting them to become custodians of the multisig address and requesting a public BTC address (for which they control the private key) from each of them.

4) Create the multisig address, notify the new custodians of the account.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJY2FrYAAoJECXDNTkzG2QGrvwH/0CjwKRgSmHmMPFXKA8F1YWa
CMcrWx0KN2ykhqxclxEAlMIs8Zb4u3KO89nejza/Guh0f2sNWSCW6NvrEhRzHodf
TSn8VpCcjpeYc1Iu5wSMBTVk6h/dqZy0eJJRukN4M8qTstnwvU2B48I7Q24x9zLe
B2lOxqhm3fIauaXCTgey4YLgvMfo058jg7+x9DrYKtmP8jht49AmvBv+XI69YfHq
XHvTpbipeNsoTR7qQUXnsnGtbMW7Sl0jywFjRUe1Gq7xGBf6ICH6WkCBLgRDCPCA
z+7gqv6zqjZaAqmbaZej/+4JShnhX2wgj1LKvtW65TdJuyxy4KG6sS231wgAp/4=
=yOSx
-----END PGP SIGNATURE-----
newbie
Activity: 31
Merit: 0
March 26, 2017, 06:45:17 PM
Have you guys looked at Cuckoo cycle?

FWIW we evaluated Cuckoo as well for Zcash, and it was a strong second-place contender. There wasn't really anything wrong with it — it just didn't seem to have quite as much of a rigorous scientific analysis as Equihash. However, that is a very subjective thing for me to say. You could argue (and Cuckoo's author, John Tromp, does argue persuasively) that Cuckoo's history of analysis and refinement is better than Equihash's.

What about cycling through 10 unique PoWs every 10 blocks?

I'm not the best at discrete analysis and understand this multiplies attack surface 10-fold, but could we splinter miners into small, specialized, and de-fanged factions using 10 different well-chosen hash algorithms, then scatter them among CPUs/GPUs/FPGAs/ASICs?

Block 1 JH
Block 2 Skein
Block 3 Groestl
Block 4 Cuckoo
Block 5 Keccak
Block 6 Equihash
Block 7 BLAKE2
Block 8 SCrypt
Block 9 CryptoNight
Block 10 Ethash



DeSantis has started some work (he wants to do some testing before posting his source code for peer review though).
He's creating a Keccak fork and a Cuckoo fork, and has created a beautiful automated testing utility that I hope he gives me permission to link to you guys.

The testing utility (I've viewed the source, it's not vaporware) allows you to spin up multiple Docker containers, each containing a different Bitcoin node; some of the nodes can be Bitcoin 0.14.0, some of them can be Bitcoin Unlimited, and some of them can be Keccak, Cuckoo, etc.

With these containerized Bitcoin nodes, you can then simulate various forking scenarios, and actually observe in real-time how it plays out. With my limited bitcoin programming knowledge, I am waiting for him to document the config file that controls the node counts & types, and to create some python installation script (which are easier to debug for me at least).

tl;dr - DeSantis is testing Keccak & Cuckoo using a Bitcoin Network Simulator.
legendary
Activity: 3430
Merit: 3080
March 26, 2017, 04:15:03 PM
Here's a schematic of my proposed PoWA (proof-of-work additions) soft-fork blockchain.




New PoW chain is shown in pink, legacy blockchain in blue.

Brief description:

  • New PoW miners and legacy miners mine in parallel. Proofs for the new PoW blockchain's mini-blocks are embedded into legacy chain in a special transaction.
  • All assembling of TXs into blocks and reorgs happen on the new PoW chain. Legacy miners' role is restricted to finding SHA256 hashes, final block assembly (calculating payouts, creating the coinbase TX) and broadcasting the block.
  • Mini-blocks are 100 Kb in size; new PoW blockchain has one-minute block discovery rate (i.e. confirmation time).
  • Mini-block headers are like ordinary block headers but with an added payout address.
  • New PoW miners mine with no downtime. Legacy miners experience an avg. of 10% downtime while waiting for new PoW miners to mine one block. (It may be possible to eliminate this downtime by having new PoW miners solve only mini-blocks and not entire block.)
  • Initially, 95% of block reward will go to legacy miners and 5% to new PoW miners. Legacy miners' share will be gradually reduced (over a period of years?) until it reaches zero.
  • After legacy miner broadcasts a valid block, new PoW miners assemble all TXs from mini-blocks mined so far into a single Bitcoin block with no Coinbase TX, solve the block and broadcast it along with mini-block headers to legacy miners.
  • Legacy miner adds mini-block proofs, TX counts and payout addresses to the special transaction, calculates payouts (initially distributing 95% of reward to himself and 5% equally among new PoW miners), adds payout outputs to Coinbase TX and then solves and broadcasts the block as usual.
  • If new PoW miners solve nine mini-blocks faster than legacy miners solve one block, then they continue mining empty mini-blocks until legacy miners finally solve the block. Thus a block may contain more than 10 mini-blocks.
  • In the reverse case, fewer than 10 mini-blocks will be assembled into a block, and the new PoW miner who assembles the block will add as many TXs to the final mini-block as required in order to reach the blocksize limit (currently 1MB).

All of the above is preliminary and subject to change.


What's the rationale for making the mini-blocks 10 per legacy block? I'm thinking of the orphan rate.

I'm also unconvinced about a "years" timeframe. I would propose 1 year, where the interval between the 5% steps starts at close to infinity increase for the 5-10% part, and gradually increases the interval between steps (like an exponential curve inverted about x=y, is that the cosine curve?)

Going faster to begin with should help to attract hashing power to newPoW, and in turn dissuade the BU miners from even attempting the various attacks they have no doubt developed. The "long tail" will gradually contribute to calming what would inevitably be a very febrile atmosphere surrounding the initial 5% change (the accompanying FUD would no doubt be typically disproportionate)
member
Activity: 112
Merit: 27
March 26, 2017, 02:27:21 PM
Here's how I propose to decentralize mining with a PoWA (proof-of-work additions) soft fork:


New PoW chain is shown in pink, legacy blockchain in blue.

Brief description:

  • New PoW miners mine continuously, legacy miners almost continuously. Proofs for the new PoW blockchain's mini-blocks are embedded into legacy chain in a special output of the coinbase transaction.
  • All assembling of TXs into blocks and reorgs happen on the new PoW chain. Legacy miners' participation is restricted to solving the SHA256 proof-of-work, adding their payout address to the coinbase TX and broadcasting the block.
  • Mini-blocks are 100 Kb in size; new PoW blockchain has one-minute block discovery rate (i.e., confirmation time).
  • Mini-block headers are like ordinary block headers but with an added payout address.
  • Legacy miners experience an avg. of 10% downtime while waiting for new PoW miners to mine the next proto-block.
  • Initially, 90% of block reward will go to legacy miners and 10% to new PoW miners. Legacy miners' share could be gradually reduced (over a period of years?) until it reaches zero.
  • After legacy miner broadcasts a valid block, new PoW miner assembles a "proto-block" (a nearly complete Bitcoin block) out of TXs from all mini-blocks mined since last proto-block. Extra TXs are added from mempool to make the block full. Payout outputs for mini-blocks and proto-block are added to the coinbase TX (with 10% of block reward divided equally among them). Mini-block headers and legacy block header hash are embedded in the special output of the coinbase TX. Miner solves the proto-block and broadcasts it to legacy miners.
  • Legacy miner adds his payout output and proto-block header to the coinbase TX and Merkle root to the header, making the block complete. He then solves and broadcasts the block as usual. Legacy miner is allowed to alter only four pieces of data: timestamp, nonce, coinbase nonce and his payout output.
  • If new PoW miners solve nine mini-blocks faster than legacy miners solve one block, then they continue mining empty mini-blocks until legacy miners finally solve the block. Thus a proto-block may contain more than nine mini-blocks.
  • In the reverse case, proto-block will contain fewer than nine mini-blocks.
  • "Longest chain" according to new consensus rules is chain with the most embedded mini-block/proto-block proofs. This prevents legacy miners from initiating reorgs.
  • System is PoW agnostic, but a memory-hard algorithm such as Cuckoo Cycle or Equihash would be preferred, as this would lead to the creation of a new  decentralized mining industry based on universally available DRAM.

This description is preliminary; certain details may be subject to change.

Benefits:

  • New decentralized mining industry is created.
  • Legacy miners are deprived of all decision-making power and possibility of attacking the chain.
  • Gradual or partial phase-in of new PoW reduces security risk.
  • Bitcoin's effective confirmation time is reduced to one minute.
  • Despite the 10% "haircut" they receive, legacy miners can profit from the SF if economic majority upgrades and most value remains on upgraded chain. Thus the proposal could expect to gain broad community consensus, even among miners.

Variations:

  • Legacy miners' share of block reward could be left at 90%, with no phase-out, making proposal more attractive to them.

Pages:
Jump to: