Topic: Idea for an altcoin: 3-way hybrid PoW (Read 2402 times)

I didn't see this when it was originally posted, thus I am late to respond.

Assuming much greater than 51% mining cartel control then if the PoW blocks provide the randomness to select the PoS address to construct the next block, then the PoW is still in control and does not need to coordinate with the PoS in order to do PoW attacks. Except in any case, the PoS can also jam the latest PoW block, thus causing ambiguity as PoW miners must decide how to long to wait before they instead produce a replacement PoW block which selects a different PoS address. This destroys the unambiguous Nash equilibrium to mine asap, thus I believe that will cause a divergence of PoW away from consensus to multiple competing partial orders because different miners will take different strategies so you have a split of the network hashrate such that no chain can definitely advance ahead of the other one (or at least you'll have massive orphan rate and selfish mining strategies with much smaller minorities of the hashrate).

If instead the PoS is using its self-referential entropy (i.e. nothing-at-stake), there can be ambiguity for PoW miners over which PoS block to build on, which can cause a divergence of PoW away from consensus to multiple competing partial orders.

As for removing the catastrophic PoS, it is an incorrect presumption that there can ever be any PoW algorithm (even hybrid) that can't be optimized by economies-of-scale. I covered this in more detail in my white paper, but here was an early version of a pertinent portion.


I don't want to waste time analyzing Theymos's proposal very mathematically and exhaustively, because my intuitive understanding is it is very insecure.

Unfortunately he has probably incentivized someone to go hype an altcoin on this insecure concept, proclaiming that it was endorsed by Theymos.

From most secure to least secure.

PoW(alg A, ASIC-friendly)/PoS/PoW(alg B, memory hard, ASIC resistant) > PoW/PoS > PoS > PoW

They mosTLY can handle the dev side. (talent is out there).
I am just conventional wisdom.
if anyone is listening ...

Wow dude ! You quite sharp huh !? xP Well... don't just stand there man ! Get to it ! You have thought alot about this and thank god it is not a copy paste like most coins. You actually thought of the problems and ways to get around them. Good job on that. I hope someone that can dev takes notice because this is an opportunity. Damn I wish I could dev coins I would so do this coin idea of yours.

In case a FORK appears, and there is a great deal of chaos, the POS would hold the right to declare which is the legitimate chain.  Maybe endorsement is a better word.  

example:

5% of the POW miners signal 'Huh? there are 2 chains!'
this causes the min. confirm times to increase (prevent double spends);
and alerts the POS side to find consensus on a Last Known good block;
Once 80% of of the POS agrees things throttle back up to full speed.

POS would remain at a stand still on 'their' consensus Last Known good block, because the next block would be the fork point, it would wait there until the POW network sorts out the winner.

Yes, there is doubt. PPC still has centralized checkpoints, and even with the checkpoints there is no place where you can short PPC


that could be a good idea: POS rewards would encourage nodes to be online without affecting security (EDIT: for this POS blocks would not count as confirmations)


I don't understand what this means.... executive rights?

'POS are not undoubtedly more secure'
'which chain is preferred when a fork is presented'

so there is still doubt despite several years of working chains? (ppc)
i would suggest the POS does NOT really 'move the chain' [in this case here /3-way hybrid PoW]

rather provides oversite, and executive rights when a fork is presented
in the meantime it manages network stuff, rewards 'vested' holders, rewards reliable working nodes, other accounting stuff

"undoubtedly" "more secure"? it's not even a consensus design since the method for deciding consensus (which chain is preferred when a fork is presented) is not explained!     EDIT: but it undoubtedly is interesting, agreed on that

this was not yet answered:

first tell me the decision method, then we can discuss if it is more or less secure. Myriad looks more secure in some aspects, but it doesn't have POS. Those hybrid altcoins that have POS are not undoubtedly more secure.


Anybody knows of a working implementation of "Follow the satoshi"? in many cases the owner of the satoshi will not be online... I wonder how they deal with that... and how do they make sure the randomization is not manipulated.

let them all compete
diff would increase for the winner and inversely decrease for the lossers

the POS side would focus on managing the network, verifying, validate consensus functions

and add a data storage layer (see sia/burst) ... sorta like steem but better. 

>r0ach,
Returning to something like the 1950's would be a bliss. It probably won't happen soon because contradictions in the global society must first be rooted out. Historically it would take a series of bloodsheds to return to somewhat peaceful living. You seem to expect the economic collapse to be an event, I tend to see it as a years long progression. In the latter mode working on solutions suited for the times of after the hot phase of falling off the cliff isn't insane. Having a few gold chains to trade for food in the times of necessity isn't insane either.

The definition of insanity is trying to perfect a system for a given task (decentralization) when the laws governing said technology and diminishing returns inherently give you the opposite of what you're trying to accomplish.  Also, when complex systems collapse (i.e. the entire world economic system) they always revert to a more primitive state, meaning you don't get collapse and jump to an even more complex system (Bitcoin).  

You have things blow up and trend more towards the dark ages spectrum.  Not necessarily a replay of the dark ages, just not as complex as before because the current complexity doesn't provide benefit to the majority of populatioin so they will jump at the chance to bail out and return to simpler times anyway.  EROEI (energy returned on energy invested) stats might force it there too if all the low hanging fruit energy resources are already tapped.

I've never actually changed my view on Bitcoin.  I always said that money is an IOU for goods or services to be rendered by someone else at a future date, so an example of the most ideal form of currency would be blocks of pure energy like in the transformers cartoon - "energon".  They can be redeemed at full face value at any time regardless of externalities even if everyone else on the planet ceases to exist.  

In abscence of having blocks of pure energy available, the next best solution is some type of metastable substance that can be leveraged to do work like a block of oil or coal.  If such a thing is not feasible because of obvious problems with interoperability with renewables like solar and hydro, or hard to exhaust sources like nuclear, the next best thing is a scarce form of matter like metals since matter is energy.

What happened to r0ach, did he sell most of his coins? He's so nonchalant about Bitcoin compared to last year when he was selling it like a car dealer

The proposal of a 3-way hybrid PoW is interesting, it is undoubtedly a more secure consensus design than the current ASIC-raped one. If something like this is implemented, Bitcoin's lifespan will be prolonged.

We can all circle jerk from here to eternity pontificating about the ultimate blockchain implementation, but it honestly doesn't matter because Kaczynski was right and all increases in technology inherently lead to increased centralization and loss of freedom.  There are diminishing returns to complexity.  A research team used to be one person (Newton, Tesla, etc), now a research team is 200 Chinese guys of multiple disciplines just to have the possibility in making some kind of advance.

Those 200 people need to blow infinitely more resources compared to their predecessors while also being centrally micromanaged.  Bitcoin follows the same path.  It already took more than one person to make it, now you have this Blockstream thing of people from multidisciplinary fields run as a centralized organization.  

This might not be a problem if Bitcoin had an actual end where you can eventually set it and forget it and disband those groups.  That's the problem with developers, it's hard to make them work, but once they actually start, you can't get rid of them.  

Bitcoin started inadequate for load bearing potential, but even if it was currently 10,000 TPS, people would want 100,000 TPS and you'd still have a Blockstream.  It basically never ends.  You'll always have a small amount of technocrats running the show.  It doesn't really matter if they think they're fighting for freedom or whatever, it's still going to be a perpetual, centralized technocracy in the end.

The only real decentralized currency on the planet earth is silver - gold is cornered by central bankers.  Bitcoin has many characteristics that make it better than fiat currency like not being debt based (issued via borrowing at interest) and not being fractional reserve, but those fundamentals don't even originate from technology itself.  So use Bitcoin for those reasons over fiat until the debt based fiat scam dies, but if the last men standing are gold, silver, and Bitcoin, why willingly enter a technocracy if you don't have to?  

No, you don't put the metal in a bank to back a currency, you use it as the currency in it's native form and burn the paper.  The majority of people are always going to outsource security of their wealth whether it's Bitcoin or metals, so you will always have vaults or banks of some type.  Bitcoin does not get rid of banks.  Even if everyone on the planet was a comp sci major, people would still outsource security of their wealth solely because they have to provide a chain of custody for wills and other such functions.

In the end, we're burning a lot of energy to accomplish most of the same dynamics silver already does.  The reason Bitcoin seems enticing is because debt based fiat is such a giant scam that any type of alternative no matter how ridiculous seems crazy good in comparison.

I like it, very interesting idea!  In terms of the difficulty getting stuck what if there were two parallel mining algo sequences, so you use the original block height mod idea, but two algos are allowed to compete each time based on that.  Basically the benefits of the original idea with paired algos competing on each block.  This way, for example, 2 PoW mining algos would have to be attacked for the difficulty to get stuck. 

could not have said it better myself...


it seems the wheels have already started to turn for some, though. looking forward to seeing where this idea is heading.

and happy to see that people who know what they are doing still lurk here...

I was waiting to see what the smart guys say on this idea..
So good time for a bump i think LOL
Me i am really not very good at the technical side of block chain technology etc.
So i was hoping to see the response from the guys around here that know their stuff.

Yes, the problem of the mod 4 idea is that miners are idle until it's their turn again. An idle miner consumes less than a working miner, but it sill consumes a lot of power. I think that if can't find a way around this then it's a show-stopper.

Letting all the 4 "channels" run in parallel raises 2 immediate questions:

- When is a block confirmed? 6 pos blocks is not as secure as 4 blocks from different methods. This can be solved saying "1 confirmation is whenever you have 1 block from each method". So 1 confirmation requires at least 4 blocks, and 2 confirmations require at least 8 blocks, but can take many more blocks in case of bad luck.

- How to weigh two competing chains for a reorg? Imagine two chains that have the same length and the same blocks up to height n-1, but block n is method A in one chain and method B in the other one. Which one has more work (or weight, or "trust")? Since different methods have different unrelated difficulties it's not easy to compare. Myriad solved this using factors resulting from empirical tests: scrypt is assumed to be 1000 times as hard as double-sha256, so now the work for different algorithms can be compared. But how do you compare POS vs POW? most hybrid coins don't: they just allow POS to rewrite POW blocks by assigning a constant minimal "trust" to POW blocks.
If you want to avoid someone from rewriting history you can assign exponentially decreasing work to consecutive blocks from the same method. Example: after a SHA3 block, if the following block is also SHA3 then you multiply it's work by 0.5 and so on until a block from another method is found.

wait... you have that same problem with the mod 4 idea: if there are 2 chains that only differ in the last 4 blocks but one chain has more difficulty in the mod 0 block and at the same time less difficulty in the mod 1 block. Which chain is the best?

ASICs don't need all that much time to go from off to mining, so I'm not sure if that'd help.


That's a good point, and other hybrid proposals do usually allow for continuous mining by all PoWs. The reason I did it this way is to ensure that one group cannot have any influence on any others. You know for sure that if a transaction has 4 confirmations then it has gone through all 4 steps and all 3 PoW groups. Whereas with simultaneous mining, it's more difficult to feel confident that this same property will hold. For example, even if you disallow one chain from getting too far ahead of another one, maybe a super-powerful attacker could completely wipe out the *entire* history of one chain, totally screwing things up. Maybe there are ways to do it safely, but it's more difficult.

Requiring miners to pause for a while is sub-optimal, but I think it's workable. Electricity would be saved when not mining, so it might not be that terrible.

Interesting idea. What comes to mind first is that it would make PoW mining very sporadic. Essentially each PoW group would have to wait a lot until they can work again.


I'm not sure what this method does better than having the same PoW methods running in parallel though.

If there's only ever one algo that will be accepted for the next block that means the difficulty retarget is also tied to that algo and can essentially get stuck.
For example, let's say there's a massive ASIC pool which gets taken down due to DDoS or something. Then there comes a block that can only be solved with this ASIC friendly algo.
What will happen is the network will slow down because it has to wait for the next block to be solved with a difficulty that cannot be changed until the block is found - however long that might take.

But if you have multiple algos running in parallel, in the same example above the chain would still be moving without the ASIC algo which means the difficulty retarget could do its job and reduce the ASIC algo's difficulty without having to wait for an ASIC block being found so that small ASIC miners could keep the ASIC chain moving.

Of course, you'd need a limitation on how many consecutive blocks are accepted by the same algorithm (has to be a low number, like let's say 5). Some coins are already doing it afaik.
When the big ASIC pool wakes up to a low ASIC difficulty they can only flashmine 5 blocks before having to wait for another algo to find a block.
But they might not even find 5 blocks even with a very low difficulty since the difficulty retarget can be very very agressive since it can't get stuck. You can even set the difficulty to near infinite for an algo if it's solving blocks too fast and still be fine because it can be taken back down.

All this means that you can balance each block's block generation rate more precisely and you don't have to wait for any algo.

Instead of selecting PoW depending on block height, how about randomizing it depending on last hex digit of the last mined block hash? This randomness of algorithm choice would most likely make this more ASIC resistant.