Topic: Gold collapsing. Bitcoin UP. - page 1099. (Read 2032266 times)

Down to 35%

Only if we throw out all the snapshot metrics and look at it as video.
We saw the large chucks move out of Ghash and into Discus Fish and BTC Guild.  
They weren't trickles, they were cut-overs.
The retail CEX users saw that suddenly there's no problem and by and large stayed.  
More joined since the problem was swept under the carpet and the cycle continues.

I have nothing against Ghash and co.  I wish them every success.
It is merely a problem of power concentration vs decentralization.

Proof of work would still work even if new coins were being minted (it had better work, because within a few decades minting will drop to insignificant levels).

Imagine all the Bitcoin were premined and distributed by some other mechanism. You'd still need an objective way to determine transaction ordering.

Proof of work would function the same way as I described above - whomever proves the highest expenditure of opportunity cost will have their version of the ordering preferred over another miner who has expended less opportunity cost.

Without issuing new coins, you wouldn't even need a specific difficulty target to have a working system - the highest PoW would win each block. Difficulty is only needed to keep block creation near a constant rate because mining combines ledger updates with minting and having a deterministic schedule for minting is desirable.

justusranvier, please let us know when your article is published and thanks for test-posting here

I have a question: you say that coin issuance is not the problem solved by mining, distributed consesus is, and that the two just coincide.

after explaining honest signaling you argue:


But isn't the fact that solving a block is being rewarded (fees, coinbase tx) also a part of making telling the truth less expensive than telling lies?

So isn't the combination of consensus-finding and coin issuance (or at least some sort of reward) not merely a "temporary coincidence", but a necessity?

quoting this for future reference.

This is one of the best threads ever...

Looks like Hashcash came out the year before b-money.

Figuring out that kind of chronology is why it takes longer to write articles than making forum posts.

There's a lot of information to rescue from the memory hole.

So if Wei Dai conceptualized that, what was Adam Back's contribution to POW?

The reason I had the energy is that I was already working on that explanation because it's part of an article I want to write in the near future. It just so happened that kodtycoon's post was a great opportunity to create a preview/summary.

Thank you for answering that roll your eyes assertion. I clearly did not have the energy to do so. You did.

Great explanation.

This is the problem with proof of stake: it was invented by people who have no idea what problem mining is supposed to solve and have some agenda other than solving that problem.

Mining is not about allocating the issuance of new coins. The fact that they are tied together in Bitcoin is a temporary coincidence. Mining is about solving the problem of distributed consensus - how do a bunch of independent nodes spread all over the planet agree on a precise ordering of transactions when every node must operate with an incomplete view of the network and anybody might be trying to cheat?

This problem has nothing to do with elitism or notions of fairness or populism. Overlaying those agendas into the solution is a great way to not solve the problem.

As nodes on the network continually work to establish a consistent of narrative of what has happened in the netwowk based on their own incomplete knowledge, there will be times where two nodes disagree. Mining is nothing more than a signalling mechanism which provides an objective basis for choosing which version of history to treat as correct, whenever a conflict occurs such that more than one alternative version exist.

The design criteria for what makes a good mining algorithm comes from signalling theory:

There's a reason that when Wei Dai proposed b-money in 1998, he didn't even bother to explain why calculations in a proof of work system, "must be easy to determine how much computing effort it took to solve the problem and the solution must otherwise have no value, either practical or intellectual." He assumed this statement would be so obviously true that no explanation was needed. Apparently this is no longer the case.

The signal sent by proof of work is the amount of opportunity cost the miner has paid in order to produce the block. The fact that mining calculations are completely useless outside the signalling system itself is what makes lies more expensive than telling the truth, thus satisfying the conditions for honest signalling. The opportunity cost the miner pays to produce a block only represents a profitable trade for the miner if the network accepts their block. So when it comes to a node in the network choosing between two valid blocks, choosing to accept the block with the higher PoW means choosing the block which produced by the miner who has the most at stake in terms of opportunity cost paid.

Note that if the miner has to use specialized hardware for which there is no possible use other than mining, the signal is even better than performing otherwise-useless calculations on general purpose hardware. Higher opportunity costs = more reliable signal.

Proof of work is a proof of stake system, the only one that actually works.

PoS coins use the number of coins held as the basis for their signalling system. Since coins have an exchange rate, they obviously do not fulfill the criteria of having no value, either practical or intellectual. Thus PoS is not an viable mechanism for honest signalling.

that mechanism is far less than optimal for many reasons and excludes those who don't have mining gear and favours those with higher powered mining gear. It's no different to "rich getting richer" in nxt. In that respect, pow is elitist

Ghash already did that one.  the amount was small,  the double spend was detected by the community, the rogue employee was caught, and they've never done it again. Remember 51% means they lose blocks 49% of the time. How do they repeatably build a 2-3 block lead,  orphan off the double spend block, withdraw the stolen bitcoin from the exchange, without being detected? 

Even if 100% righteous, one may still fall to coercion.

Of it it is merely money that motivates.  There are larger sums available, and at stake, than the market cap of bitcoin.
The centralization itself is the problem... Doesn't even matter if rags to riches guys are perfectly honest.  They are vulnerable if they love their kids, or parents, or anyone even themselves more than Bitcoin's integrity.

Installing centralized banking control over a population has been done with wars and assassinations and all manor of wickedness.  A Double spending attack is comparatively benign.

I'm not saying that any of this is going to happen, or not even that there are folks that think bitcoin isn't good for them and might want to see it fail, or that if there were such folks, that they might have vast resources and the capability to execute complicated plans.
But since you asked....  yes it exists as an existential risk to bitcoin.  Maybe you give it a pValue of .01 or less.  
Even so, if it were in play... all the pieces are in the right places for it.

There are many. Here is a simple one:
Lets pretend that there exists some bitcoin gambling sites where you send bitcoin as the mechanism of betting with immediate results knowable.
If a losing bet somehow never made it into the block chain, but the winning ones did might that be profitable?
If these are hidden within a large amount of betting, but just often enough to skew the odds in your favor so you have both house edge and betting control, all of the assets of such a gambling site could be siphoned out over time repeately.  Since the transaction record is the block chain itself for this site, and the individual bets are not preserved for some privacy sensitive reason, you get a scenario such as the one you requested.

More complex scenarios would also include being discovered, (rogue employee found a way around internal safeguards?) which then creates a confidence attack on the price.  But you knew ahead of time so you have a short position in place.  As well as buying lots of cheap LTC ahead of this and holding it as the backup currency with better mining diversity so as folks shift to that for security, you get to sell into the demand.
Managing the news cycle so as to create the right panic responses is also a piece of the game.

It is a small advantage in the security field to be blessed with an evil mind, and cursed with deep ethics.  The world appears broken to us, everywhere we look, but we don't step through the cracks, as they all lead to condemnation of ourselves, and one can never escape one's self.  

But then it's also possible that the threat is overestimated by that same logic.

Also, I've followed the story behind Bitfury because of his phenomenal success and rise to fame from his garage in Russia. Also because I hash with his units. If there was one rags to riches bitcoin success that wouldn't jeopardize his multi million dollar success story for a  cup of coffee double spend attack it would be him. Also, it looks like he will be selling shares  on Wall Street soon.

Yes, precisely right.
Point being, it doesn't account for hash power that went into the solving (and ultimately the relay) or the amount of hashing in the pool, or any of that.  It is measured after the fact.
Thus preventing pools with "too high hash rate" is not even easily determinable.

Also there is what I think of as the "Tusken Raider" attack that GHash.io/CEX/Bitfury is currently doing to hide the amount of hash power in different pools.

Seriously though, can you explain to me the mechanics of an attack scenario that is technically and economically viable, repeatable, undetectable  and puts cash into his bank account as a result?

All of this you could have avoided by just using a mechanism that requires you to pay the market value for any stake, such as a PoW..