Pages:
Author

Topic: MC2: A cryptocurrency based on a hybrid PoW/PoS system - page 60. (Read 195184 times)

legendary
Activity: 1484
Merit: 1005
Okay, I have some more questions.

The hash type used for the block is calculated and added for the block header.  The hash type that is supposed to be used is used is shown through the block header.  Because we know what hash type is used it is easier to verify the legitimacy of the block.  But, how do we verify that the correct hash is chosen?  We would need to calculate that.  But, then that would defeat the whole point.  In the whitepaper it says the hash type is given so that you don't need to calculate it.  Who would be calculating and verifying the hash type?

The hash type used is determined from a pseudorandomly generated table for the first 200k or so blocks and then is simply derived from the Pearson hash of the 1st, 2nd, ... , nth block after reaching this predefined block height.

In the case of both this and N, they are (eventually) both chosen from the blockchain itself, but through previous blocks, never current blocks.

Note: N values are calculated from the last 8 blocks in a block cycle, but also not current blocks.  The N value is calculated from a much harder scrypt hash of the merkle root.  I think the merkle root is able to be gamed though (by manipulating coinbase transaction) so in the next draft this should change to to the block hash rather than the merkle root.  We might also need to do another scrypt hash instead of the Pearson hash for secure hash algorithm order and then use that to determine the order of SHAs -- this could afford more security and is easy to implement.

We verify that the correct hash is chosen the same way we do in bitcoin: We require that the hash has a number of leading zeroes (difficulty).  Because the type of hash in also in the block header, you could never use one of the other hashes too (the network clients would reject it even if it satisfied the correct number of leading zeroes).

Edit: If we use the block hash though, we need to contend with the fact that we have essentially a truncated input because of leading zeroes.  This might be make it a little less secure (though I doubt it).  In this case, we can just use the last 256-bits (which will likely never be 0's) of the block header hash for use in the hard hash to calculate N.
hero member
Activity: 756
Merit: 500
Okay, I have another question.

The hash type used for the block is calculated and added for the block header.  The hash type that is supposed to be used is used is shown through the block header.  Because we know what hash type is used it is easier to verify the legitimacy of the block.  But, how do we verify that the correct hash is chosen?  We would need to calculate that.  But, then that would defeat the whole point.  In the whitepaper it says the hash type is given so that you don't need to calculate it.  Who would be calculating and verifying the hash type?

hero member
Activity: 714
Merit: 510
Anyway I'm digesting your paper and I think a lot of it is brilliant so you've won me over as a long term supporter. I think these sorts of currencies need more democratic processes built in because this way they can adapt better to social conditions. The one problem I see with cryptocurrencies is that they all assume that not a lot will change from now to 100 years from now. It's almost certain that Bitcoin cannot last 100 years by design. The birth of AGI or superintelligence will change everything and that hasn't really been factored into this enough.

Theoretical question, if AI or a robot does some work should that AI or robot have to be paid in some sort of cryptocurrency as well? That would potentially be an advance because it would make balance the value of human labor and robot or AI labor for instance if even robot or AI labor is accounted for. It would also provide a mechanism to potentially fund building robots and AI if the creators would be able to tax the profits of their robots.

This would mean there would be no free labor, not even if bots. This is philosophical but I figured I'd add it to the discussion because if cryptocurrency becomes more energy efficient and AI reaches artificial general intelligence and eventually super intelligence then there will be less a need for human labor at all. Why not consider that when designing cryptocurrency?
Quote
The miraculous thing about Bitcoin is that the protocol can change over time; the clients just need to download new versions they agree upon.  Right now the BTC protocol is good enough, but in 10 years? 20 years? 30 years?  The democratic system is in place as an eventuality -- you might be surprised as to what doesn't change in 30 years, too.  But if AI is designing things, well, I think it'll probably look quite a lot different than this.

But what if the insecurity or disaster comes from the governments in charge? Let's say Bitcoin is wonderful and takes off but governments like how it's set up and wont let us make changes? It has to be easy enough to make changes and thus it has to be very modular.

I think the moment we get AGI everything changes and all rules of economics will be screwed. There will be no reason to hire human beings to do labor so how would human beings earn Bitcoin or any other cryptocurrency?

At some point human beings will have to earn by taxing their machines somehow. Today in 2013 AI isn't able to design things, but in 2031 this may be different and AI may be able to design everything. When that happens it will impact cryptocurrencies as well and if we can plan for that possibility in the design early on then perhaps we can mitigate any potential existential threat which could come.

It sounds baseless, but many people are concerned that all their jobs will be replaced by machines, robots and AI. A more energy efficient currency might only speed that up and what good is a cryptocurrency in that environment?

Overall though I value your currency. I just hope when it's being programmed it has a very modular design so that it can continuously and easily be updated even if the politics make it hostile to do so.
legendary
Activity: 1484
Merit: 1005

The value n is
again used to determine the cycle size of the polymorphic hash chain, where
each of the 8 possibilities of a sequential memory-hard hash function are
incorporated into the hash chain once and only once; as before, in MC2 n =
8. These are also ordered in a pseudorandom fashion every cycle.


Are there details on the pseudo-random mechanism and why it is done this way? Is it secure to do it pseudo-random rather than truly random?

Sorry but I'd like more information because whenever I see pseudo-random I usually perceive it as a negative red-flag.

The quantities of N for each 8 block cycle are pseudorandom because they are based on the hard hashes of the merkle roots of the last 8 blocks.  I say pseudorandom because something is determining them.  The reason this can't likely be gamed is because the hard hashes from which these are based on take a long time and a lot of memory to compute (N = 262144; I think they take about 500 msec each to compute on a CPU).  In order to game them, you would have to both select for the blocks you put into the hash chain (very hard, because PoW is competitive) and also calculate millions of these extremely hard hashes.

Quote

the order will be determined by the integer ordering of the Pearson hashes
of the the Merkle root of blocks {(current block 259,200) ... (current block 259,192) – – }
such that


Huh? Okay why was this decision chosen unless it's the only way?
Pearson hashes are non-secure, but they are exactly 8-bits.  The gap for all subranges in N' (Nmax - Nmin) is 256, and 2^(8 bits) = 256.  Because we calculate the pearson hash from the hard hash we've already generated, it shouldn't pose a security issue (as before, the hard hashes are really, really hard to game).

Edit: Sorry, realized this was about the block ordering, not N-ordering and value generation.  I figured that it would be unlikely that people game values in the chain for the ordering of the SHAs years in advance, because that's a massive expenditure of energy (throwing away millions of blocks) in order to do so.  There are other ways to do so, but this was easy and there shouldn't be any major security qualms about it I would think (but if you can think of some, I am all ears).  I should note in the next update of the paper that these will be based on the PoW blocks only, not PoS blocks (which can easily be gamed).

Quote
Anyway I'm digesting your paper and I think a lot of it is brilliant so you've won me over as a long term supporter. I think these sorts of currencies need more democratic processes built in because this way they can adapt better to social conditions. The one problem I see with cryptocurrencies is that they all assume that not a lot will change from now to 100 years from now. It's almost certain that Bitcoin cannot last 100 years by design. The birth of AGI or superintelligence will change everything and that hasn't really been factored into this enough.

Theoretical question, if AI or a robot does some work should that AI or robot have to be paid in some sort of cryptocurrency as well? That would potentially be an advance because it would make balance the value of human labor and robot or AI labor for instance if even robot or AI labor is accounted for. It would also provide a mechanism to potentially fund building robots and AI if the creators would be able to tax the profits of their robots.

This would mean there would be no free labor, not even if bots. This is philosophical but I figured I'd add it to the discussion because if cryptocurrency becomes more energy efficient and AI reaches artificial general intelligence and eventually super intelligence then there will be less a need for human labor at all. Why not consider that when designing cryptocurrency?

The miraculous thing about Bitcoin is that the protocol can change over time; the clients just need to download new versions they agree upon.  Right now the BTC protocol is good enough, but in 10 years? 20 years? 30 years?  The democratic system is in place as an eventuality -- you might be surprised as to what doesn't change in 30 years, too.  But if AI is designing things, well, I think it'll probably look quite a lot different than this.
legendary
Activity: 1484
Merit: 1005
I like the idea, but have a couple of comments

whitepaper: "BLAKE512, SKEIN512, SHA3-512 (KECCAK512), and SHA2-512 are incorporated with both Salsa20 and Chacha20 stream ciphers."

I like how this makes fpga's and asics harder, but it also means that if there is a flaw in any one of these hashes or stream ciphers then the coin fails.  Is there any other way to achieve this goal?
The worst thing that can happen with a secure hash algorithm is that any given input's output hash can be predicted more easily than actually hashing it.  In the event this happens, we only lose 1/4 of the security of the chain (1/4 of the blocks can be solved more quickly than the others) because we are still using all the other secure hash algorithms, whereas with bitcoin if SHA2 fails the entire chain will trainwreck.  If there is a collision attack or something of this nature for one of the hash algorithms, we can just replace it in an update -- the effect on the currency overall is minimal.

Quote
whitepaper:  "Transactions will largely stay the same as in BTC; coin age will be calculated from the the timestamp of the block in which it appears."

Why calculate from the timestamp and not the block height?  timestamps can be incorrect, the block height can't be. They both give estimates since the block height to time calculation is based on the target block time that isn't always met, but it is good to base as much as possible on truths inherent to the blockchain.


This is a (good) possibility too -- we can use PoW block height as a consistent metric for network time.  I will think about this some more and may use it.
hero member
Activity: 714
Merit: 510
Looks very good!
Just one thing: change the name to something usable and new while you can.
Memcoin2 sounds like this is just a second copy of something else, and doesn't sound appealing at all
Don't make the same mistake peepeecoin made :p

How about Omegacoin?
Better than Memcoin.
hero member
Activity: 714
Merit: 510
Link to the draft version of the whitepaper: Download

Notable things about this chain:
- Uses a new approach to secure hashing algorithms for the hash tree of a given block that should increase FPGA/ASIC resistance
- After 27 coin years it employs a democratic system of voting to manipulate the interest rate of the block chain (users act as the central bank and regulate the rate of inflation)
- Difficulty is based on the linear weighted average of the block times for the past 18 days for PoW blocks
- New block reward adjustment algorithm is given that yields an 8% decrease in block reward per year
- Simple PoS design (tried to strip it of as many complexities as possible)
- PoW and PoS systems are designed to happily coexist, with favour slightly given to the PoW system
- PoS system also intended to prevent 51% attacks

Feel free to peer-review/tear it apart.  I will be the first to say that I'm pretty terrible at math, so please correct any mistakes I've made.  I'd love to hear why you think it's a great/terrible idea, though.  Obviously I anticipate there are a lot of problems with it that I couldn't foresee, so please help me out!

Figure 2 also doesn't want to display with the Y-axis title correct, not sure why that is/too tired to fix this (been working on this/thinking about it for almost 11 hours now).


The value n is
again used to determine the cycle size of the polymorphic hash chain, where
each of the 8 possibilities of a sequential memory-hard hash function are
incorporated into the hash chain once and only once; as before, in MC2 n =
8. These are also ordered in a pseudorandom fashion every cycle.


Are there details on the pseudo-random mechanism and why it is done this way? Is it secure to do it pseudo-random rather than truly random?

Sorry but I'd like more information because whenever I see pseudo-random I usually perceive it as a negative red-flag.


the order will be determined by the integer ordering of the Pearson hashes
of the the Merkle root of blocks {(current block 259,200) ... (current block 259,192) – – }
such that


Huh? Okay why was this decision chosen unless it's the only way?

Anyway I'm digesting your paper and I think a lot of it is brilliant so you've won me over as a long term supporter. I think these sorts of currencies need more democratic processes built in because this way they can adapt better to social conditions. The one problem I see with cryptocurrencies is that they all assume that not a lot will change from now to 100 years from now. It's almost certain that Bitcoin cannot last 100 years by design. The birth of AGI or superintelligence will change everything and that hasn't really been factored into this enough.

Theoretical question, if AI or a robot does some work should that AI or robot have to be paid in some sort of cryptocurrency as well? That would potentially be an advance because it would make balance the value of human labor and robot or AI labor for instance if even robot or AI labor is accounted for. It would also provide a mechanism to potentially fund building robots and AI if the creators would be able to tax the profits of their robots.

This would mean there would be no free labor, not even if bots. This is philosophical but I figured I'd add it to the discussion because if cryptocurrency becomes more energy efficient and AI reaches artificial general intelligence and eventually super intelligence then there will be less a need for human labor at all. Why not consider that when designing cryptocurrency?
member
Activity: 115
Merit: 10
I like the idea, but have a couple of comments

whitepaper: "BLAKE512, SKEIN512, SHA3-512 (KECCAK512), and SHA2-512 are incorporated with both Salsa20 and Chacha20 stream ciphers."

I like how this makes fpga's and asics harder, but it also means that if there is a flaw in any one of these hashes or stream ciphers then the coin fails.  Is there any other way to achieve this goal?



whitepaper:  "Transactions will largely stay the same as in BTC; coin age will be calculated from the the timestamp of the block in which it appears."

Why calculate from the timestamp and not the block height?  timestamps can be incorrect, the block height can't be. They both give estimates since the block height to time calculation is based on the target block time that isn't always met, but it is good to base as much as possible on truths inherent to the blockchain.
newbie
Activity: 17
Merit: 0
I'd be willing to invest my spare hours of programming into this. I'm mostly into android backend and c++ programming.
hero member
Activity: 714
Merit: 510
Will be one to watch. Would it be Scrypt-based, or an offshoot of scrypt?

Heavily scrypt based (scrypt with four different secure hash algorithms and two different stream cipher algorithms for fault tolerance and ASIC resistance in arranged in the blockchain in a randomized order)

This sounds quite good. I'm going to keep a close eye on this coin as it looks very interesting. I especially like the democratic element.
member
Activity: 70
Merit: 10
+1 for Metacoin
That's my favorite also.

Quote
Meta - Indicates a concept which is an abstraction from another concept, used to complete or add to the latter.
This coin is meta all over the place.
legendary
Activity: 1118
Merit: 1004
Looks very good!
Just one thing: change the name to something usable and new while you can.
Memcoin2 sounds like this is just a second copy of something else, and doesn't sound appealing at all
Don't make the same mistake peepeecoin made :p

It's a working title, I'm open to suggestions.

Megacoin (MGC)
Perfectcoin (PTN) (PTC)
Metacoin (MTC)
TheCoin (TCN)

+1 for Metacoin
legendary
Activity: 1484
Merit: 1005
So the PoW blocks aren't competitively mined? Does the miner get nothing from a PoW block?

Sorry if these are answers already written.. I should probably read your initial stuff more closely..

They are competitively mined as in BTC/LTC/PPC.  PoS blocks are not competitively mined, you can simply grab them once you have enough coins of a certain age (which is why you need to put heavy restrictions on the timing of PoS blocks; otherwise a double spend is really, really easy).

Quote
I also kinda like this idea, but it also poses the difficulty of deciding what level interest should be.

The reward for MC2 is 12.5 coins per clock (vs. 25 coins per block initially for PoW), and it decreases 8% per coin year the same as for the PoW blocks.  I think it's ideal for PoW to have a doubly higher reward, as PoW takes more computational effort.
hero member
Activity: 609
Merit: 505
1) Require that every single PoS block be followed by a PoW block and succeeded by a PoW block, limiting the maximum block rate of the network to PoW and preventing PoS blocks from easily making forks so they can double spend.

I'm pretty new to PoS designs, but wouldn't this kinda defeat any long-term energy efficiency purposes of using PoS? Why bother with PoS at all then?

No -- it still affords enhanced security for no real net gain in electricity used.  You get some extra resistance to 51% attacks and extra confirmations through this system.

So the PoW blocks aren't competitively mined? Does the miner get nothing from a PoW block?

Sorry if these are answers already written.. I should probably read your initial stuff more closely..

Quote
Aside from that, I'd really like to have an alt. chain where you are rewarded for saving coins in a fashion that is disconnected from the market.

I also kinda like this idea, but it also poses the difficulty of deciding what level interest should be.
legendary
Activity: 1484
Merit: 1005
1) Require that every single PoS block be followed by a PoW block and succeeded by a PoW block, limiting the maximum block rate of the network to PoW and preventing PoS blocks from easily making forks so they can double spend.

I'm pretty new to PoS designs, but wouldn't this kinda defeat any long-term energy efficiency purposes of using PoS? Why bother with PoS at all then?

No -- it still affords enhanced security for no real net gain in electricity used.  You get some extra resistance to 51% attacks and extra confirmations through this system.

Aside from that, I'd really like to have an alt. chain where you are rewarded for saving coins in a fashion that is disconnected from the market.
hero member
Activity: 609
Merit: 505
1) Require that every single PoS block be followed by a PoW block and succeeded by a PoW block, limiting the maximum block rate of the network to PoW and preventing PoS blocks from easily making forks so they can double spend.

I'm pretty new to PoS designs, but wouldn't this kinda defeat any long-term energy efficiency purposes of using PoS? Why bother with PoS at all then?
legendary
Activity: 1344
Merit: 1001
Haha I first thought the MC2 stood for mc^2 as in e=mc^2, Einstein's energy equation. So it would be 'Energy' coin  Wink
member
Activity: 70
Merit: 10
Looks very good!
Just one thing: change the name to something usable and new while you can.
Memcoin2 sounds like this is just a second copy of something else, and doesn't sound appealing at all
Don't make the same mistake peepeecoin made :p

It's a working title, I'm open to suggestions.

Megacoin (MGC)
Perfectcoin (PTN) (PTC)
Metacoin (MTC)
TheCoin (TCN)
legendary
Activity: 1484
Merit: 1005
I've been thinking about the PoS system a lot, and this is what I'm concluding as the most simple mechanism to use for their general generation:

1) Require that every single PoS block be followed by a PoW block and succeeded by a PoW block, limiting the maximum block rate of the network to PoW and preventing PoS blocks from easily making forks so they can double spend.
2) For confirmations, six blocks of any type should be used.  Because of 1), this makes a maximum of 3 stake blocks for any six confirmations (which I think should be safe; PoW durations are twice that of Litecoin and most vendors are okay accepting 6 LTC blocks).
3) Stake blocks will be accepted based on their cumulative coin age as calculated by the sum of the products of (coin quantity from input transaction * coin age aka transaction age).  When faced with two or more PoS blocks at nearly the same time, all will be orphaned except the one with the largest cumulative coin age.

I will work this into the next draft of the whitepaper unless someone thinks it's a terrible idea for whatever reason.

I'm also happy this is garnering so much interest.  I'll create BTC and LTC donation addresses tomorrow, and I'll report what people have given.  I don't really want any money for it myself, so I'll hold it in reserve here and distribute it to any developers who hop onto the project.  What I really need are programmers at this point.
legendary
Activity: 1484
Merit: 1005
Looks very good!
Just one thing: change the name to something usable and new while you can.
Memcoin2 sounds like this is just a second copy of something else, and doesn't sound appealing at all
Don't make the same mistake peepeecoin made :p

It's a working title, I'm open to suggestions.
Pages:
Jump to: