Pages:
Author

Topic: Interleaved Mining - Increase decentralization of full nodes and mining (Read 3664 times)

newbie
Activity: 39
Merit: 0
Quote
The goal is not to replace miners, that would be a violation of the social contract the protocol offered to miners.
Miners have invested large sums of money into protecting Bitcoin and screwing them is just not logical.

I happen to disagree. The large miners have invested large sums of money in order to earn a lot of BTC.
Quote
Also, as long as the current ASIC mining farms are protecting the chain, they are a great advantage as they greatly increase the barrier to attack the chain. The goal of the proposal is to leave revenue with them but diffuse political power by sharing it with stake holders. Or in other words, to increase diversity in miners so that 2-3 parties cannot hold the currency hostage.

The large ASIC mining farms are theoretically protecting the chain with their enormous hashing power. But the main reason for their very existence is to make money they care only so much for BTC as it concerns their money making industry. In theory this hashing power should be supplied by a lot of decentralized miners but in reality this hashing power comes from a few huge miners. And that's not how it was meant to be in fact it's now almost how it shouldn't be as the big miners have more weight than anybody else.

I don't see how this could be changed more easily than by changing the PoW from SHA2 to something much more complex.
newbie
Activity: 23
Merit: 0
Wouldn't it be sufficient to replace the PoW sheme with something far more complicated than SHA-256 to kick all the big ASIC-farms out? Just replacing SHA2 with something that can't be put onto an ASIC for years to come would be an easy solution to distribute mining again as the mining could be done by those running full nodes again. Mining wouldn't be a business anymore but more a compensation for running a full-node all the time.
If then some ASICs should show up in the future the PoW could be changed again. This also rather helps to secure the network in the long run as I just don't see how huge ASIC-Farms in third world countries providing more then 50% of hashing-power help secure BTC.

The goal is not to replace miners, that would be a violation of the social contract the protocol offered to miners.
Miners have invested large sums of money into protecting Bitcoin and screwing them is just not logical.

Also, as long as the current ASIC mining farms are protecting the chain, they are a great advantage as they greatly increase the barrier to attack the chain. The goal of the proposal is to leave revenue with them but diffuse political power by sharing it with stake holders. Or in other words, to increase diversity in miners so that 2-3 parties cannot hold the currency hostage.
newbie
Activity: 39
Merit: 0
Wouldn't it be sufficient to replace the PoW sheme with something far more complicated than SHA-256 to kick all the big ASIC-farms out? Just replacing SHA2 with something that can't be put onto an ASIC for years to come would be an easy solution to distribute mining again as the mining could be done by those running full nodes again. Mining wouldn't be a business anymore but more a compensation for running a full-node all the time.
If then some ASICs should show up in the future the PoW could be changed again. This also rather helps to secure the network in the long run as I just don't see how huge ASIC-Farms in third world countries providing more then 50% of hashing-power help secure BTC.
newbie
Activity: 23
Merit: 0
Could the PoS blocks be used to determine the blocksize limit / capacity limit change? For example, if the system sees that there's too little coins being staked or too little amount of PoS blocks being generated, it decreases the limit. In other words, could this scheme be used to determine the safe capacity zone of Bitcoin?

The issue with such a scheme is that you add yet another magic number into the protocol, potentially causing rifts as to what the right amount should be.

Also as the bitcoin economy grows, we should expect wealth concentration to continue to dilute over to a larger number of people. Many small holders would not be willing to spend resources to run a node if the probability of mining a block is miniscule. So i would expect the number of coins being staked to decrease as Bitcoin grows, kind of the opposite effect you are looking for.

Also, number of coins staked != number of different ppl mining
newbie
Activity: 23
Merit: 0
This looks brilliant to me. Feels like this would be natural development for Bitcoin.

  • This fixes the 51% attack problem.
  • Increases the general reliability of the system as mining centralization risks would be gone and there would be an incentive to run a node.
  • Normal nodes could also show their opinion about soft forks.
  • Hard forking would be a lot harder, and it would be easy to see what actual nodes (with bitcoins) are "voting" for.

I think the best way to implement this scheme would be to change as little as possible of the current system. PoW blocks interval could be kept at 10 minutes target with same block & tx fee rewards as of today. PoS blocks could be made with with 10 or 20 minutes intervals. It would decrease the block interval slightly. PoS blocks would earn only through fees from the transactions they include. I heard it could be possible to do this without the need of keeping staking coins online, too, which makes this secure too.

With this scheme there could even be a possibility to implement properly working mechanism to adjust the blocksize limit. Nodes, which currently pay the costs of the network, would be able to vote for their preferred blocksize limit, or adjustment.

Please let me know if I fail here. Smiley

Yup, sounds like you fully understand the advantages and how it would work.
legendary
Activity: 1511
Merit: 1072
quack
Could the PoS blocks be used to determine the blocksize limit / capacity limit change? For example, if the system sees that there's too little coins being staked or too little amount of PoS blocks being generated, it decreases the limit. In other words, could this scheme be used to determine the safe capacity zone of Bitcoin?
legendary
Activity: 1511
Merit: 1072
quack
This looks brilliant to me. Feels like this would be natural development for Bitcoin.

  • This fixes the 51% attack problem.
  • Increases the general reliability of the system as mining centralization risks would be gone and there would be an incentive to run a node.
  • Normal nodes could also show their opinion about soft forks.
  • Hard forking would be a lot harder, and it would be easy to see what actual nodes (with bitcoins) are "voting" for.

I think the best way to implement this scheme would be to change as little as possible of the current system. PoW blocks interval could be kept at 10 minutes target with same block & tx fee rewards as of today. PoS blocks could be made with with 10 or 20 minutes intervals. It would decrease the block interval slightly. PoS blocks would earn only through fees from the transactions they include. I heard it could be possible to do this without the need of keeping staking coins online, too, which makes this secure too.

With this scheme there could even be a possibility to implement properly working mechanism to adjust the blocksize limit. Nodes, which currently pay the costs of the network, would be able to vote for their preferred blocksize limit, or adjustment.

Please let me know if I fail here. Smiley
newbie
Activity: 23
Merit: 0
Seems existing systems are working well. Why do you need all of these considerations. However, I'm willing to join this discussion later.

Please read the first post for details, but in short there are few big goals

- Increase decentralisation of validation by incentivising full nodes
- Solve block propagation issues  by having smaller alternate blocks, allowing POW larger blocks without mining centralisation risk
- Prevent 51% POW mining attack
newbie
Activity: 33
Merit: 0
Seems existing systems are working well. Why do you need all of these considerations. However, I'm willing to join this discussion later.
newbie
Activity: 23
Merit: 0
Quote
50% of the minting & tx fees for block N would have to go to a valid stamp for block (N-3).  If there was more than 2 valid POS stamps (meets difficulty), then the strongest one would be used. 

I highly doubt that will sit well with miners today.
I suppose the way the protocol would work is that 50% of the reward will be locked up, to be awarded 3 blocks later to whoever stamps the block.

Some downsides i see are:
- POS miners will lose the chance to mine transactions, which would have introduced much greater diversity in transaction selection (Increase censorship resistance)
- Block propagation advantage would be lost.

Upside is that POW hashrate is not reduced due to idle time.

Quote
No it is just POS validation of the POW chain.  The purpose is to make it harder to do forks.

That is perhaps the most important goal of this scheme.
Hardening the blockchain would significantly increase the security of the blockchain and in turn greatly increase viability of Bitcoin being a long term Store of Value.
legendary
Activity: 1232
Merit: 1094
But how would you stamp a POW block which has already been mined?

50% of the minting & tx fees for block N would have to go to a valid stamp for block (N-3).  If there was more than 2 valid POS stamps (meets difficulty), then the strongest one would be used. 

The exact method would depend on which POS method selected.

Quote
Does POS mine txns in the stamping scheme?

No it is just POS validation of the POW chain.  The purpose is to make it harder to do forks.
newbie
Activity: 23
Merit: 0
That is actually an interesting idea. The downside would be that it would effectively be a blocksize decrease as older nodes won't see POS blocks, only to see the relevant txns 20min later in the next POW block.

The POW blocks would still have to be one every 10 mins.  Otherwise, the POW difficulty setting algorithm wouldn't work properly.

You would need a system that hits POS blocks every 10 mins too.

An easier alternative would be that blocks must be "stamped" with a POS proof within 3 blocks of being produced.

Stamped POW <- Stamped POW <- Stamped POW <- POW (working on stamp) <- POW <- POW

Each block would end up with both a POW certification and a POS certification.  This means almost no change.  You just need to come up with a way to do the POS stamps.

POS miners would build on the longest POW chain, but ignore blocks unless at least their great-grandparent (and earlier) blocks are stamped.

I like the idea because it will prevent POW from going idle in between blocks.

But how would you stamp a POW block which has already been mined?
Does POS mine txns in the stamping scheme?
This also removes the block propagation advantages of interleaving.



legendary
Activity: 1232
Merit: 1094
That is actually an interesting idea. The downside would be that it would effectively be a blocksize decrease as older nodes won't see POS blocks, only to see the relevant txns 20min later in the next POW block.

The POW blocks would still have to be one every 10 mins.  Otherwise, the POW difficulty setting algorithm wouldn't work properly.

You would need a system that hits POS blocks every 10 mins too.

An easier alternative would be that blocks must be "stamped" with a POS proof within 3 blocks of being produced.

Stamped POW <- Stamped POW <- Stamped POW <- POW (working on stamp) <- POW <- POW

Each block would end up with both a POW certification and a POS certification.  This means almost no change.  You just need to come up with a way to do the POS stamps.

POS miners would build on the longest POW chain, but ignore blocks unless at least their great-grandparent (and earlier) blocks are stamped.

One characteristic of this system is that hashing power is useless between the time a POW block is found and the next POS block is found. 

Yes, this has been brought up, although id like to hear from a miner why this might be an issue if all miners are affected equally by this.

It might not be a big deal if they can direct their resources elsewhere.

It potentially reduces the POW security by 50%.  You can produce a competing (POW) chain with only 50% of the hashing power (ignoring the POS part). 
legendary
Activity: 1008
Merit: 1007
Like i said earlier, the current intention is that generating a block would consume the age of the output used to generate the block, so your age is reduced to 0.

But even if the age was not consumed, i don't follow how that would be a problem?
If i was a POW miner with 20% hashrate, i would constantly have a 20% chance to generate a block, no?

Its a problem because it makes producing double spending blocks costless, forever. In POW this is not a sustainable attack.

Quote
It's simple really, if you don't mine a POS block, someone else will when the timestamp increments and their output gets lucky.

So, instead you mine a POS block with no transactions, thereby having the same effect as withholding the block?
newbie
Activity: 23
Merit: 0
Quote
But if I am the generator of POS 100, I can also be the generator of POS 102 and the probability that I will be is a constant.

Like i said earlier, the current intention is that generating a block would consume the age of the output used to generate the block, so your age is reduced to 0.

But even if the age was not consumed, i don't follow how that would be a problem?
If i was a POW miner with 20% hashrate, i would constantly have a 20% chance to generate a block, no?

Quote
Not quite, unless you intend to award POS miners with a block reward? POW miners have a lot to lose by doing this, POS miners have nothing to lose.

No, rewards stay with POW miners.

It's simple really, if you don't mine a POS block, someone else will when the timestamp increments and their output gets lucky.
legendary
Activity: 1008
Merit: 1007
Eg:
POW 99 ==> POS 100 ==> POW 101

Even if i came up with a new POS 100A block later, i will need to perform more work than POW101 to attack the chain.

But if I am the generator of POS 100, I can also be the generator of POS 102 and the probability that I will be is a constant.

Quote
This is no different than saying that a large Chinese mining pool can withold blocks and slow the network to a crawl.

Not quite, unless you intend to award POS miners with a block reward? POW miners have a lot to lose by doing this, POS miners have nothing to lose.
newbie
Activity: 23
Merit: 0
Quote
A chain is only as strong as the weakest link. Pithy, but true in this instance.

This is not true as long as you can link 2 POW blocks together.

Eg:
POW 99 ==> POS 100 ==> POW 101

Even if i came up with a new POS 100A block later, i will need to perform more work than POW101 to attack the chain.

ie:

POW 99 ==> POS 100 ==> POW 101
             ||
            ==> POS100A ==> POW 101A

But if POS100 was already broadcast first, POW miners are not going to sit around to build atop POS100A when they see it later.

This is no different than a POW block race where miners build atop the first block they see.
Ask yourself, Why don't they switch?
Because if i own any hashpower < 50%, by mining atop the later block, i sabotage myself by increasing the chance that my block will be orphaned as the rest of the network is likely to be mining atop the earlier block instead.


Quote
Here is another attack angle for you, which isn't present in plain POW:

* Go slow

A majority stake holder can bring the entire chain to a crawl by withholding their POS blocks forever; so instead of a 10 minute block time, you'll have a 20 minute block time and there would be nothing anyone could do about it.

This is no different than saying that a large Chinese mining pool can withold blocks and slow the network to a crawl.
This is actually far more dangerous with POW because the largest pools have over 20% of hashing power and 66% of hashing power is within China.
If the Chinese gov shutdown all pools in China, blocks would slow to 30 minutes.

Contrast that to BTC distribution where the largest holder has less than 5% stake.

Quote
Doesn't make any difference; there is still a constant probability of producing a block proportional to your stake, so the more stake you have, the more control you have to double spend.
See above reply. POW Miners will still build atop the first POS block they encounter as they have a real cost to mine ontop of a later block.
legendary
Activity: 1008
Merit: 1007
So i think you are looking at it from the micro view, where the concern is regarding double spending during the POS block. That is a valid concern.

But firstly, it is incorrect to say that the whole chain becomes as insecure as POS.

A chain is only as strong as the weakest link. Pithy, but true in this instance.

Quote
Rather, if you think about it, the combination actually makes the chain far more secure than POW alone.
It basically makes it impossible for a 51% miner to take over the chain unless he also happens to have 50% of all BTC.

Here is another attack angle for you, which isn't present in plain POW:

* Go slow

A majority stake holder can bring the entire chain to a crawl by withholding their POS blocks forever; so instead of a 10 minute block time, you'll have a 20 minute block time and there would be nothing anyone could do about it.

Quote
Regarding the double spending during POS blocks. POS basically works in the following form:

sha256(output hash + timestamp) = HASH
ValidProof(HASH) ~= Coin age * number of coins

So as far as POS is concerned, either you have a valid block or you don't. There is nothing further you can do about it.
Grinding is not possible for the current block.

Doesn't make any difference; there is still a constant probability of producing a block proportional to your stake, so the more stake you have, the more control you have to double spend.
newbie
Activity: 23
Merit: 0
This is incorrect for several reasons.

1) The scenario you described is only valid for the POS block being currently mined, however this is no different than POW miners attempting to mine blocks and come up with 2 blocks around the same time. The network will eventually go with one fork and the other will be orphaned. In this case, it is the POW miners who decide which POS block is built atop.

In your opinion it isn't a problem to have a double spend produced every other block, forever?

In POW, doing this has a cost; the cost of block production, making this attack quickly become unsustainable. However, by mixing the two consensus models, you allow double spends at no cost at regular intervals (the POS blocks), which brings the entire chain down to the same security model as plain POS.

So i think you are looking at it from the micro view, where the concern is regarding double spending during the POS block. That is a valid concern.

But firstly, it is incorrect to say that the whole chain becomes as insecure as POS.
Rather, if you think about it, the combination actually makes the chain far more secure than POW alone.
It basically makes it impossible for a 51% miner to take over the chain unless he also happens to have 50% of all BTC.

Regarding the double spending during POS blocks. POS basically works in the following form:

sha256(output hash + timestamp) = HASH
ValidProof(HASH) ~= Coin age * number of coins

So as far as POS is concerned, either you have a valid block or you don't. There is nothing further you can do about it.
Grinding is not possible for the current block.

Quote
Except that POS blocks contain transactions as well, therefore imply a consensus?
Well, txns also have implications on the state of UTXO set and affect validity of future txns as well, so it isn't really different in practice.
legendary
Activity: 1008
Merit: 1007
This is incorrect for several reasons.

1) The scenario you described is only valid for the POS block being currently mined, however this is no different than POW miners attempting to mine blocks and come up with 2 blocks around the same time. The network will eventually go with one fork and the other will be orphaned. In this case, it is the POW miners who decide which POS block is built atop.

In your opinion it isn't a problem to have a double spend produced every other block, forever?

In POW, doing this has a cost; the cost of block production, making this attack quickly become unsustainable. However, by mixing the two consensus models, you allow double spends at no cost at regular intervals (the POS blocks), which brings the entire chain down to the same security model as plain POS.

Quote
To simplify this, think of POS blocks no different than ordinary Bitcoin txns, POW miners decide which is valid and in what order.

Except that POS blocks contain transactions as well, therefore imply a consensus?
Pages:
Jump to: