Pages:
Author

Topic: [ANN] Bitcoin PoW Upgrade Initiative - page 4. (Read 42931 times)

legendary
Activity: 3430
Merit: 3080
March 23, 2017, 05:28:39 PM
Give 5% of the block reward to the new PoW. This is enough to create a new DRAM-based mining community + hardware/software infrastructure without alienating/bankrupting existing SHA2 miners.

If SHA2 miners continue misbehaving (blocking Segwit, threatening to use other implementations), we increase the new PoW's reward with another soft fork. Hopefully this option won't have to be used: the threat will be enough to keep them compliant.

I like the sound of that implementation. It squashes a significant argument against a PoW change, avoids a hard fork, and would keep the markets far calmer.
member
Activity: 112
Merit: 27
March 23, 2017, 04:56:59 PM
We're looking mostly at GPU friendly (possibly memory-hard, depending on the algo) PoW that will provide a good compromise against generic botnets and ASICs to gain time.

Here's my proposal: Implement the new PoW as a PoWA (proof-of-work additions) soft fork. New PoW is memory-hard Cuckoo Cycle (whose creator has joined the discussion here), or possibly Equihash.

Give 5% of the block reward to the new PoW. This is enough to create a new DRAM-based mining community + hardware/software infrastructure without alienating/bankrupting existing SHA2 miners.

If SHA2 miners continue misbehaving (blocking Segwit, threatening to use other implementations), we increase the new PoW's reward with another soft fork. Hopefully this option won't have to be used: the threat will be enough to keep them compliant.

Conservative approach allows us to use relatively untested PoW algorithm safely, as blockchain continues to be 95% secured by old SHA2 hashing power. Getting the larger community behind a conservative solution will also be easier. Pro-Core miners will support it, since it's a far better option for them than the current standoff and possible network fork.
donator
Activity: 980
Merit: 1000
March 23, 2017, 04:17:06 PM
If you're serious about a Proof-of-Work switch I would humbly point you to what Nexus (http://nexusearth.com/features.html) is doing with ASIC and quantum computer resistant Pure SHA-3 (Using Skein-1024 and Keccak-1600) CPU pool/GPU solo mining.

Here's their thread: https://bitcointalksearch.org/topic/nexus-pure-sha3-cpugpu-npos-15-active-innovations-more-to-come-657601

Why? We're talking about Bitcoin. Unless you mean to one of their concrete PoWs for some reason. I didn't see much documentation on their PoWs there.

Yes. Specifically, we're talking about changing Bitcoin's Proof-of-Work.

OK try this then:
https://en.wikipedia.org/wiki/SHA-3

I referenced Nexus as a real-world example because of their use of a combination of Skein-1024 and Keccak-1600 algorithms which leads to an ASIC and quantum computer Proof-Of-Work which is what this thread was about.

I propose if you're going to change Bitcoin's proof-of-work to something other than the current SHA-2(56) to something else then you might as well go all in on SHA-3 to make it even more secure against near-future quantum computing technology (which governments may already have).

SHA-3 does that.

For reference here are the lifespans of various cryptographic hash functions including our beloved SHA-2(56)
http://valerieaurora.org/hash.html

As you can see SHA-3 (Keccak) is the most secure and it has been brought up earlier in this thread.


Well, if you have been paying attention, Luke already coded a Keccak PoW change last year. It would literally take just changing the activation block if that was the change.

But thanks for your input.

I'm very familiar with it. I have coded a Keccak lib myself and a BLAKE as well.

We're looking mostly at GPU friendly (possibly memory-hard, depending on the algo) PoW that will provide a good compromise against generic botnets and ASICs to gain time.
newbie
Activity: 20
Merit: 0
March 23, 2017, 03:49:03 PM
Whenever any cites that Val Aurora article, please follow-up and link to this newer, better, article:

https://z.cash/technology/history-of-hash-function-attacks.html

blog post about this article when we posted it:

https://z.cash/blog/hash-functions.html

Sincerely,

Zooko

testing image: https://z.cash/images/hash-functions-chronology.png

testing image: http://i.imgur.com/rAxg7qP.png
legendary
Activity: 990
Merit: 1108
March 23, 2017, 03:38:32 PM
I propose if you're going to change Bitcoin's proof-of-work to something other than the current SHA-2(56) to something else then you might as well go all in on SHA-3 to make it even more secure against near-future quantum computing technology (which governments may already have).

SHA-3 does that.

All SHA-3 candidates are rather ASIC-friendly, and Hashcash with such a hash function is highly
vulnerable to quantum speedup with Grover's algorithm.
sr. member
Activity: 341
Merit: 250
March 23, 2017, 03:31:43 PM
If you're serious about a Proof-of-Work switch I would humbly point you to what Nexus (http://nexusearth.com/features.html) is doing with ASIC and quantum computer resistant Pure SHA-3 (Using Skein-1024 and Keccak-1600) CPU pool/GPU solo mining.

Here's their thread: https://bitcointalksearch.org/topic/nexus-pure-sha3-cpugpu-npos-15-active-innovations-more-to-come-657601

Why? We're talking about Bitcoin. Unless you mean to one of their concrete PoWs for some reason. I didn't see much documentation on their PoWs there.

Yes. Specifically, we're talking about changing Bitcoin's Proof-of-Work.

OK try this then:
https://en.wikipedia.org/wiki/SHA-3

I referenced Nexus as a real-world example because of their use of a combination of Skein-1024 and Keccak-1600 algorithms which leads to an ASIC and quantum computer Proof-Of-Work which is what this thread was about.

I propose if you're going to change Bitcoin's proof-of-work to something other than the current SHA-2(56) to something else then you might as well go all in on SHA-3 to make it even more secure against near-future quantum computing technology (which governments may already have).

SHA-3 does that.

For reference here are the lifespans of various cryptographic hash functions including our beloved SHA-2(56)
http://valerieaurora.org/hash.html

As you can see SHA-3 (Keccak) is the most secure and it has been brought up earlier in this thread.
donator
Activity: 980
Merit: 1000
March 23, 2017, 02:01:16 PM
If you're serious about a Proof-of-Work switch I would humbly point you to what Nexus (http://nexusearth.com/features.html) is doing with ASIC and quantum computer resistant Pure SHA-3 (Using Skein-1024 and Keccak-1600) CPU pool/GPU solo mining.

Here's their thread: https://bitcointalksearch.org/topic/nexus-pure-sha3-cpugpu-npos-15-active-innovations-more-to-come-657601

Why? We're talking about Bitcoin. Unless you mean to one of their concrete PoWs for some reason. I didn't see much documentation on their PoWs there.
member
Activity: 112
Merit: 27
March 23, 2017, 01:39:54 PM
changing pow would be a temporary method of opposing the chinese miners. it should be a tool used alongside a UASF if there is going to be one.

Introducing a very moderate (say 5% of the block reward) PoWA as a soft fork would allow the miners to stay in business while putting them on notice that if they misbehave in the future we can up that percentage with a new soft fork. This would be a permanent rather than temporary measure that would create a new class of DRAM miners.
member
Activity: 75
Merit: 10
March 23, 2017, 01:13:35 PM
changing pow would be a temporary method of opposing the chinese miners. it should be a tool used alongside a UASF if there is going to be one.
sr. member
Activity: 341
Merit: 250
March 23, 2017, 11:50:46 AM
If you change PoW to only remove asic mining capability, that won't stop someone throwing up racks and racks of computers in a datacenter in China again.

Racks of computers in datacenters is a given, but why only in China? Thanks to the universal availability of DRAM, those racks can now go up all over the world. That's the key difference.

China has very inexpensive power, so they can run more systems less expensively than elsewhere. However, I get your point, while it's not the silver bullet it would certainly help level the playing field again, at least for a little while.

FYI: Electricity in parts of Washington State, USA is as cheap or even cheaper than China due to the hydroelectic PUDs. That's why McAffee/Bitmain are building their facility there.
sr. member
Activity: 341
Merit: 250
March 23, 2017, 11:15:57 AM
If you're serious about a Proof-of-Work switch I would humbly point you to what Nexus (http://nexusearth.com/features.html) is doing with ASIC and quantum computer resistant Pure SHA-3 (Using Skein-1024 and Keccak-1600) CPU pool/GPU solo mining.

Here's their thread: https://bitcointalksearch.org/topic/nexus-pure-sha3-cpugpu-npos-15-active-innovations-more-to-come-657601
sr. member
Activity: 341
Merit: 250
March 23, 2017, 11:09:59 AM
Why would it be too late after an attack to HF? A few txs get stolen or blocked?

For a similar reason you're giving not to pre-empt it: building support for the new idea. It's possible that too many people will be psychologically impacted by the success of the attack, and consequently do what you're suggesting is wrong with my approach (despite the fact I've made no emotional arguements at all): allow emotions to dictate their decision instead of reason.

If we engage people to support pre-emptive action, a determined mindset would replace a fatalistic reaction. It's about harnessing a positive psychological feedback loop instead of a negative psychological feedback loop.


By my estimates 95% won't preemptively fork the PoW algo ... do you really think you can convince them all to preemptively HF?

Including Bitmain's current hashrate %? Clearly not. A PoW fork only needs to get the support of the miners who don't want to be ruled by a malign majority, although I'm seeing an obvious problem; how to measure that. Setting a block height activation would invite counter measures. Not sure how it could be achieved.


Sounds like the "Coalition of the Willing" and "Weapons of Mass Destruction" argument which lead to the disaster that was the Iraq pre-emptive strike/invasion and war.
sr. member
Activity: 341
Merit: 250
March 23, 2017, 11:07:13 AM
It's profoundly unreasonable to pass off unbacked assertions as any form of reason


I've provided sound reasoning already, refute it.

I would if I could find it, but from what I see you've taken some facts, made up a story around them, and then because your story fits the facts you say it must be true. But of course your story fits the fact, you used them to make it up.

Yes, it reads as conspiracy theory mixed with confirmation bias.
donator
Activity: 980
Merit: 1000
March 23, 2017, 07:42:41 AM
Any chance of coming up with something that has benefits outside Bitcoin as well?  Similar to GridCoin or CureCoin?

No, because that would be braindead unless someone comes with a breakthrough that makes an arbitrary/useful PoW rock-solid and didn't need a massive amount of extra gossiping in the network.

Sadly this doesn't exist AFAIK and these two are completely broken.
newbie
Activity: 6
Merit: 0
March 23, 2017, 02:26:52 AM
...ok... so just tried to hash the entire .bitcoin/blocks on my node... that takes a long time lol. Something like: (following) might work better/ be more practical...

sha256(sha256( nonce + NormalValidBlockData + hash2(hash2(first n bytes of all previous blocks/blockhashes concatenated + nonce)) ))

where n is difficulty2...

come to think of it... there really is no need for difficulty2... difficulty1 (the normal difficulty) will have to come way down after the block interval goes way up due to 1) asic deprecation and 2) more complex hash function...

effectively putting the big hash in the inner loop of the little hash.

This would be very difficult to build an asic for... specialized hardware is fast ram. a commodity.

incentives to keep blockchain size down. way easier to verify than to hash... but it breaks node pruning.

Could be very simple to include the hash2(hash2()) value... just encode it in a transaction in the block. Nodes check to see if the transaction exists by calculating the hash per the reported nonce and looking at OP_RETURN or something... if not... the block is invalid.

...another idea to prevent an initial shock to the block creation time is to initialize n as a function of the regular difficulty such that n = 1 at the current difficulty (on flag day).
newbie
Activity: 2
Merit: 0
March 23, 2017, 01:47:35 AM
Any chance of coming up with something that has benefits outside Bitcoin as well?  Similar to GridCoin or CureCoin?
newbie
Activity: 6
Merit: 0
March 23, 2017, 01:39:15 AM
Couldn't this be implemented as a UASF instead? The SHA256 side can be rendered insignificant from the get-go and blocks would still be backwards compatible.

That would be pretty risky on a flag day without knowing which side every service and exchange would take. The argument for a HF is politically harder. This is silly, but it's the current status of the Bitcoin culture.

Maybe as a progressive but relatively quick PoW switch as a SF, it could be done. As Maxwell describes here: https://www.reddit.com/r/Bitcoin/comments/60j1zi/bram_cohen_bittorrents_creator_a_soft_fork_change/df6snyy/

This may be the best way to get a POW change started as it gets everyone used to the idea. If things go south quickly, I'm sure the transition could be accelerated through another SF (more palatable at that point) or even an emergency HF.

Actually I had not thought of going about it in this order and it makes an awful lot of sense.

I was thinking in having the contingency ready for the sudden one and the longer term progressive one to be applied in a more "relaxed" period. But actually the "I'm altering the deal, pray I don't alter it any further" approach makes even more sense from the incentives point of view.

-----

As for intricate, not proven combinations of multiple algorithms: I'd stay away. More risk that some attack vector is discovered in the future.

The more I think about it the more I believe a SF PoW change is the best option -- even in an emergency.  It's the least disruptive to users and businesses with alternate clients.  Exchanges, wallet providers, etc should only need to set up a border node and they'll have all the time they need to upgrade their legacy systems.  AFAIK, this can't be done with a HF and would cause a lot more economic disruption.

I'm pretty much there also. Block needs to be SHA2'd just like before... as well as "something else'd" to be valid. If we roll out SW and ideally LN strikes at the exact same time... the affect would be pretty effective. In my understanding-- there would still be the difficulty lag, which would be overcome with SW/LN ... no hardfork. What's not to like?

How about (just another fun log to throw on the fire... feel free to pick it apart... not too thoroughly though out...) miners need to hash THE ENTIRE BLOCKCHAIN + the new block?
full member
Activity: 135
Merit: 107
March 22, 2017, 12:13:30 PM
Couldn't this be implemented as a UASF instead? The SHA256 side can be rendered insignificant from the get-go and blocks would still be backwards compatible.

That would be pretty risky on a flag day without knowing which side every service and exchange would take. The argument for a HF is politically harder. This is silly, but it's the current status of the Bitcoin culture.

Maybe as a progressive but relatively quick PoW switch as a SF, it could be done. As Maxwell describes here: https://www.reddit.com/r/Bitcoin/comments/60j1zi/bram_cohen_bittorrents_creator_a_soft_fork_change/df6snyy/

This may be the best way to get a POW change started as it gets everyone used to the idea. If things go south quickly, I'm sure the transition could be accelerated through another SF (more palatable at that point) or even an emergency HF.

Actually I had not thought of going about it in this order and it makes an awful lot of sense.

I was thinking in having the contingency ready for the sudden one and the longer term progressive one to be applied in a more "relaxed" period. But actually the "I'm altering the deal, pray I don't alter it any further" approach makes even more sense from the incentives point of view.

-----

As for intricate, not proven combinations of multiple algorithms: I'd stay away. More risk that some attack vector is discovered in the future.

The more I think about it the more I believe a SF PoW change is the best option -- even in an emergency.  It's the least disruptive to users and businesses with alternate clients.  Exchanges, wallet providers, etc should only need to set up a border node and they'll have all the time they need to upgrade their legacy systems.  AFAIK, this can't be done with a HF and would cause a lot more economic disruption.
legendary
Activity: 1512
Merit: 1057
SpacePirate.io
March 21, 2017, 07:25:33 PM
If you change PoW to only remove asic mining capability, that won't stop someone throwing up racks and racks of computers in a datacenter in China again.

Racks of computers in datacenters is a given, but why only in China? Thanks to the universal availability of DRAM, those racks can now go up all over the world. That's the key difference.

China has very inexpensive power, so they can run more systems less expensively than elsewhere. However, I get your point, while it's not the silver bullet it would certainly help level the playing field again, at least for a little while.
legendary
Activity: 1554
Merit: 1014
Make Bitcoin glow with ENIAC
March 21, 2017, 06:56:57 PM

Jeebus!

This thread is really catching on. Have any of you thought of maybe trying find a pragmatic solution to the issue at hand?

Can't we all just get along?

Pages:
Jump to: