Topic: conjecture about proof-of-work and cryptocurrencies - page 2. (Read 8271 times)
Alkor, I think you missed the point of Bitcoin. Its biggest advantage is that it is decentralized. Having expensive proof-of-works is simply a side-effect of having a distributed system. No one's interested in yet another centralized system; there are already hundreds of those, many of which have much larger backing and more trust than your idea ever will.
I'd be more general than that and say that there is no way a currency can, all at once
- be issuable by anyone (decentralized issuing)
- be easy/cheap to issue
- have limited inflation
I agree with this assertion.
I've been consider an alternative to bitcoin which has no computational proof-of-work, but simply a central timestamping server - which determines in which order transactions will appear in the chain. Whenever a double spending occurs, nodes consult the timestamping server as to which transaction should be in the chain, and discard the other one.
This version of Bitcoin will also be censorship resistant, because the central timestamping server has a very simply job (simply to order transactions), and can be easily replaced if disabled by a central authority.
In this version, all the coins will be issued in the beginning, and then the software will be distributed across all nodes. No subsequent increases in the number of coins will be allowed. An increase would require modification of the software, and that will be rejected by most nodes as it will devalue their currency.
So while in this version coins will not be issuable by anyone, they will be very cheap to issue, and the system will have no inflation. More importantly, no resources will be wasted in proof-of-work. The only drawback is the centralized nature of the timestamping server, but it can be easily replaced if it gets banned.
Well, wouldn't it have been possible to start with a digital currency that had a fixed, unchanging number of units, and used a transaction cost scheme as the incentive structure from the start?
Sure, we'll call it GavinCoin and I get all the coins to start.If you want some, you just send me some of that worthless fiat currency that you have laying around.
Sound good?
You think this is a rebuttal, but in fact it's all the same to me, and others like me, who are coming late to bitcoin, and with no intention of buying hardware and doing my own mining. I've nonetheless forked over some fiat currency for these bitcoins, just because they seem to have acquired some value. Why wouldn't it {have been / be} possible to start with a fixed number of coins distributed among some community of hackers and get it started that way? The vast majority of bitcoins, presumably, were generated when the system was very young, and so are already in the hands of the early adopters.
You are totally free to create your KlorthoCoin. Go for it, really. At some point anyway this kind of stuffs will happen. Just don't be offended if I don't value your klorthocoin much.
The vast majority of bitcoins, presumably, were generated when the system was very young, and so are already in the hands of the early adopters.
If your definition of "very young" is "before I learned about it", then sure, of course the majority of bitcoins were generated when it was "very young". But the number of bitcoins generated per hour is no different today than it was a year ago. It is just distributed among a much larger pool of people.
The majority of bitcoins have yet to be generated. We're not even halfway there yet.
Well, wouldn't it have been possible to start with a digital currency that had a fixed, unchanging number of units, and used a transaction cost scheme as the incentive structure from the start?
Sure, we'll call it GavinCoin and I get all the coins to start.If you want some, you just send me some of that worthless fiat currency that you have laying around.
Sound good?
You think this is a rebuttal, but in fact it's all the same to me, and others like me, who are coming late to bitcoin, and with no intention of buying hardware and doing my own mining. I've nonetheless forked over some fiat currency for these bitcoins, just because they seem to have acquired some value. Why wouldn't it {have been / be} possible to start with a fixed number of coins distributed among some community of hackers and get it started that way? The vast majority of bitcoins, presumably, were generated when the system was very young, and so are already in the hands of the early adopters.
Even if you use some kind of a source of verifiable random numbers from cosmic radiation or whatever, as long as the system is anonymous, it will fallback into CPU power or hardware ressource.
Basically if the right to receive bitcoins is based on some sky event, then everyone will try to post as many sky predictions as possible, just in order to increase their probability of winning. And the amount of predictions you can post would be proportionnal to your CPU.
Basically if the right to receive bitcoins is based on some sky event, then everyone will try to post as many sky predictions as possible, just in order to increase their probability of winning. And the amount of predictions you can post would be proportionnal to your CPU.
Quote from: grondilu
If a cryptocurrency respects the folowing criteria:
* it doesn't discriminate any node of the network ;
* the initial monetary amount available in the network is zero (apart from the genesis block) ;
Then at any time, the probability of generation of a new monetary unit for any node is proportionnal to the CPU of this node.
* it doesn't discriminate any node of the network ;
* the initial monetary amount available in the network is zero (apart from the genesis block) ;
Then at any time, the probability of generation of a new monetary unit for any node is proportionnal to the CPU of this node.
Not sure if this is true.
I can think of an untamperable distributed timpestamp method that doesn't rely on
Cosmic Radiation
Every node agrees to point a radio dish at predefined sector of the sky and measure the random fluctuations in cosmic radiation in some standardised way.
These measurements are translated into a linear data stream that is permanetly recorded by every node.
Then use the block chain concept, except that the nonce in each block isn't incremented, it's the latest chunk from above data stream.
Distributing newly minted money is harder, but can also be performed with a cosmic radiation proof-of-work. The target isn't a hash but a set of stars/galaxies in a certain configuration (for example). Nodes scan the sky with high powered telescopes and the first node to find such a configuration digitally signs its exact coordinates. It is then easy for other nodes to verify the stars on those coordinates.
Somebody could of course open thousands of nodes with a forged data stream, but those blocks would be rejected by the nodes that physically have a dish pointing at the sky.
Maybe I have missed something? Could this type of block chain be forged in some other way?
@moa: the cost to generate is of course dependent on how many people are trying to do it, and that in turn depends on the perceived sale price, so it's not clear how the theory of value you're proposing doesn't suffer from a feedback loop.
@grondilu: computational proof of work isn't the only choice, even for a technology with similar constraints and threat models to bitcoin. for example, you could use ip addresses or bandwidth, but satoshi decided that those would lead to a less reliable allocation. (at least, he considered ip addresses specifically. i'm not sure he considered bandwidth, probably because its use in this context would pose very complex problems. consider that in a bittorrent or emule 'economy', however, bandwidth is the key resource that 'buys' you what you want.)
it's all a practical judgment call, not a theoretical limitation. think through how generation might work with ip addresses or other features of network topology as the basis of generation, and i think you'll find it's not obviously horrible and may even pose some advantages to hashing.
other methods for distributed timestamping have been explored in past literature, but they depend on different models of trust and threats.
@grondilu: computational proof of work isn't the only choice, even for a technology with similar constraints and threat models to bitcoin. for example, you could use ip addresses or bandwidth, but satoshi decided that those would lead to a less reliable allocation. (at least, he considered ip addresses specifically. i'm not sure he considered bandwidth, probably because its use in this context would pose very complex problems. consider that in a bittorrent or emule 'economy', however, bandwidth is the key resource that 'buys' you what you want.)
it's all a practical judgment call, not a theoretical limitation. think through how generation might work with ip addresses or other features of network topology as the basis of generation, and i think you'll find it's not obviously horrible and may even pose some advantages to hashing.
other methods for distributed timestamping have been explored in past literature, but they depend on different models of trust and threats.
Well, wouldn't it have been possible to start with a digital currency that had a fixed, unchanging number of units, and used a transaction cost scheme as the incentive structure from the start?
Sure, we'll call it GavinCoin and I get all the coins to start.If you want some, you just send me some of that worthless fiat currency that you have laying around.
Sound good?
It seems to me this discussion has drifted pretty far from the initial topic.
Well, wouldn't it have been possible to start with a digital currency that had a fixed, unchanging number of units, and used a transaction cost scheme as the incentive structure from the start? I don't know, this has undoubtedly been discussed before, but I'm just wondering. It seems like something closer to the way bittorrent works, where the reward for participating is faster download times. In this kind of scheme, the reward for participating would be a greater share in the (hopefully very small) total transaction cost pie.
As you know many people don't like the idea of using CPU power in order to make so-called "useless" computations.
I'm pretty new here, but one thing I read early on was that the main point of the generation of new bitcoins is to be an incentive to get people to participate in the network. And that eventually, the tap will run dry, and then the incentive is supposed to switch to some kind of transaction cost scheme, right?Well, wouldn't it have been possible to start with a digital currency that had a fixed, unchanging number of units, and used a transaction cost scheme as the incentive structure from the start? I don't know, this has undoubtedly been discussed before, but I'm just wondering. It seems like something closer to the way bittorrent works, where the reward for participating is faster download times. In this kind of scheme, the reward for participating would be a greater share in the (hopefully very small) total transaction cost pie.
Quote
Cost and value are two different concepts.
Heh thanks, I was well aware of that and your recommended reading but you must have missed (misunderstood?) what I was saying two posts above.
The premium captures the difference between cost and value of an object I believe.
Unless there is some enduring quality that demands a premium upon any item it will tend to its cost of production in the long term ... it is a thoroughly "Austrian" concept also, demonstrated by the observation that all fiat paper money has eventually been valued at around the cost of paper and printing involved in its production. Gold has never been far from its cost of production plus some premium for its utility as money, although this premium can vary by several multiples of cost of production depending on economic circumstances. Bitcoins are unique right now in that they serve all the historic roles of money; fungibility, divisibility, scarcity, store-of-value (we'll see) in a market where most flavours competing fiat currencies (paper and digital) fall down on one or several of these roles.
In any case, I'm sure that the free market will eventually give us price discovery in the long term for the value of bitcoins. Other crypto-currency P2P networks that spring up in competition to bitcoins will ensure it.
in that sense they are worth the average energy needed to create a bitcoin. Take total hash power spent to date creating them divided by the number of bitcoins created to get average hash power per bitcoin .... intrinsic value due energy spent anonymisation/securing.
Anonymity is the key to making digital currencies fungible. A trace of transactions attributed to digital currency makes each unit distinguishable from another. E.g: I do not want that dirty terrorists, money-launderer, paedophiles (pick one) digital units in my account.
Anonymity is the key to making digital currencies fungible. A trace of transactions attributed to digital currency makes each unit distinguishable from another. E.g: I do not want that dirty terrorists, money-launderer, paedophiles (pick one) digital units in my account.
The cost of operating the system does not determine the value of that system. The cost of producing a bitcoin does not determine the value of that bitcoin. Cost and value are two different concepts. A bitcoin's value is that which a person will give up to acquire a bitcoin.
Here's some reading material for you:
The Subjective Theory of Value - http://mises.org/austecon/chap4.asp
http://en.wikipedia.org/wiki/Subjective_theory_of_value
Whatever it is, bitcoin is absolutely not a fiat currency.
Fiat means by decree, dictate, statute, law, legal tender, etc ... http://www.thefreedictionary.com/fiat
Quote
It can't be quite that straightforward, because in the early days bitcoins were created using much less energy than the most recent bitcoins. Even though we can distinguish them, we don't value them any differently.
But they are fungible, each currently circulating bitcoin is indistinguishable from any other (unless the block chain ever gets unravelled 
), so in that sense they are worth the average energy needed to create a bitcoin. Take total hash power spent to date creating them divided by the number of bitcoins created to get average hash power per bitcoin .... intrinsic value due energy spent anonymisation/securing.Anonymity is the key to making digital currencies fungible. A trace of transactions attributed to digital currency makes each unit distinguishable from another. E.g: I do not want that dirty terrorists, money-launderer, paedophiles (pick one) digital units in my account.
I'd be more general than that and say that there is no way a currency can, all at once
That looks clever.
- be issuable by anyone (decentralized issuing)
- be easy/cheap to issue
- have limited inflation
That looks clever.
I'd be more general than that and say that there is no way a currency can, all at once
You can at most pick two. Both bitcoins and precious metals for ex. satisfy first and third criteria, but they are hard to obtain. A centralized electronic currency would satisfy the second and third, but not the first.
I don't think it's "mathematically provable", but it's probably "praxeologically provable", what's practically the same thing since math and praxeology, despite their (great) differences, follow the same scientific method.
- be issuable by anyone (decentralized issuing)
- be easy/cheap to issue
- have limited inflation
You can at most pick two. Both bitcoins and precious metals for ex. satisfy first and third criteria, but they are hard to obtain. A centralized electronic currency would satisfy the second and third, but not the first.
I don't think it's "mathematically provable", but it's probably "praxeologically provable", what's practically the same thing since math and praxeology, despite their (great) differences, follow the same scientific method.
Hum... I think I shouldn't have talked about the generationn process, but instead I should have talked about the "election" process.
My point is that CPU power has to be used in order to determ which node in the network will be in charge of validating transactions. The reward for this task is not really relevant for my point.
Sounds better, thanks ^^My point is that CPU power has to be used in order to determ which node in the network will be in charge of validating transactions. The reward for this task is not really relevant for my point.
Anyway, I agree that right now the "work" done by the client to elect a tie-breaker is quite useless. It would be nice if we could leverage other, more useful, computation tasks to let the time tick in the Bitcoin universe.
Right from the start I can think of the entire Boinc stack which is (kinda) useful, but we have to consider certain problems:
- Blocks have to be generate at regular intervals
- Difficulty has therefor to be adjustible
- Proof-of-work dictates that once a result if found it has to be easily verified
Hum... I think I shouldn't have talked about the generationn process, but instead I should have talked about the "election" process.
My point is that CPU power has to be used in order to determ which node in the network will be in charge of validating transactions. The reward for this task is not really relevant for my point.
As discussed in many other places Bitcoin does not have intrinsic value, it just has the value people are willing to pay for it, for an easier faster, cleaner way to transfer money.
Mining has to be seen as the act of securing the future value of the Bitcoins in your wallet. Getting additional Coins in exchange for computation power is a nice extra, but it's just that, an extra. Additionally the gain from mining will decrease, since the mining reward is set to half at certain stages in the network development.
Mining has to be seen as the act of securing the future value of the Bitcoins in your wallet. Getting additional Coins in exchange for computation power is a nice extra, but it's just that, an extra. Additionally the gain from mining will decrease, since the mining reward is set to half at certain stages in the network development.
The intrinsic value of a bitcoin is the total energy and computational/informational content that went into creating it
It can't be quite that straightforward, because in the early days bitcoins were created using much less energy than the most recent bitcoins. Even though we can distinguish them, we don't value them any differently.
The intrinsic value of a bitcoin is the total energy and computational/informational content that went into creating it (incl. energy to produce computing resource materials, silicon, etc, human labour, brainpower, encryption difficulty). The market value will tend toward the intrinsic value in the long term. I expect bitcoin values to become strongly correlated with the underlying kiloWatt-hour electrical energy price and oil, gas, coal (fossil fuels while they are still around) or fissile nuclear materials, etc. Depending on the independent circumstances of the markets in each of these energy generating fuels they correlate with gold, silver and other metal ratios over long periods. Metals are correlated with energy because that's what it takes to prospect for them and dig them up (it is not rocket science just economics).
In the short and medium terms premiums will probably be placed on bitcoins for various reasons; uniqueness, scarcity, anonymity, security. Also possible market manias or euphoric bubbles could erupt to distort values temporarily.
Money and energy have been joined at the hip since the beginning. Money is simply stored energy in some instances. Bitcoin is moving up the evolutionary ladder like atomic energy is to burning wood in caves.
Jump to: