Topic: Proof of burn - a potential alternative to proof of work and proof of stake - page 2. (Read 9039 times)

The concept was proposed in 2012, then the Counterparty team put the PoB to reality now.

https://bitcointalksearch.org/topic/annxcp-counterparty-pioneering-peer-to-peer-finance-official-thread-395761

But why it showed that 'Unable to decode input address' in the block chain? It is strange!

It allows for voluntary transition to a new system, but isn't it a waste of BTC?
I.e. if you have 2 new systems with incompatible rules, one requires PoB and the other just "Proof of Ownership",
otherwise they are identical, I don't see the reason why the PoB version would have higher market value, except "people
made sacrifices for it, therefore it must be valuable".

Thanks for the link the the ANN.

These are the burns (POB) for Counterparty

See https://bitcointalksearch.org/topic/annxcp-counterparty-pioneering-peer-to-peer-finance-official-thread-395761

Cheers

I'm trying to understand this transaction.

https://blockchain.info/tx/8e08bfdf208f0e2659615ab035523c792d41d808c698d25eb12489c74c78fc80

Why do you need the external randomness?

Couldn't you just have the "simulated rig" generate a lowest hash each second of

Hash(, new block-id, t) / (number of burnt coins)

where t is the timestamp in the header.

The Rig-Id would be selected by the buyer when burning the coins/buying the rig.  There would be a rule that duplicate seeds are not allowed.

If there are 2 chains with the same psuedo-proof of work, the one with the earliest timestamp at the fork would win.

The decay in power of the rigs is a good plan.  However, if the currency deflates, then buying later would effectively be cheaper, so maybe not necessary.

I wonder if it using the number of coins burned over time could be used to measure deflation.

Question: Are the "simulated GPUs permanent?", i.e. once I create one and wait the two months can it continue mining bitcoins forever (with hashing power proportional to its initial burn)?

If not, then I think this proposal is going to be extremely insecure relative to PoS and/or PoW. If the burn is transient, then the security device is equivalent to GPUs that self-destruct after a certain amount of time has gone by. That is bad. If the lifespan of the simulated rigs is short, then double-spending attacks will be exceptionally cheap.

If the burn is permanent, then you are essentially selling something like dilutable shares in the discounted present value of all future txn fees. To attack this, you would need to burn more than the sum total of all past burns. That would like be a significant proportion of all total coins. There is also the nice property here that attack costs increase monotonically over time (ignoring careless loss of simulated rigs by participants). I don't think this will be as secure as PoS, but it seems secure enough and there appear to be general benefits in terms of accelerated deflation. The permanent burn seems like a good approach to me.

I am not happy with your solution to the randomness problem. I don't think there should be any external dependencies. Just ask anyone who mines a block to submit 1 byte of randomness. I think that will work fine. It is impossible to manipulate the future any meaningful degree with just one byte of randomness. However, block sequences generate a very large amount of randomness, so future behavior over a time scale longer than a few hours is completely unpredictable.

Can you use Bitcoin block hashes as a source of randomness ?
If Bitcoin is secure, then Burncoin will be, without the need for merged mining.

I proposing an alternative to PoBurn that does not require a random source.
I'm posting it in a new thread. Check https://bitcointalksearch.org/topic/proof-of-bet-an-alternative-to-everything-else-131230

Instead of putting in lottery data, why not ask the miner's to submit the randomness, i.e. the miners submit a 0 or 1 with each block? The aggregation of these 0s and 1s is a source of "randomness". I don't think you could do much to help yourself with just a 0 or a 1. On the other hand, the aggregation of a long series of 0s and 1s will be unpredictable unless the chain is already under the control of a single agent.

Interesting...

What if the coin get stuck in a time where nobody has burn enough coins in the past two months?

No new block will appear, and there will be no re-calculation of the target price. Also there will be no more coins burnt since no new block is holding the transaction where coins are burnt.

Wouldn't that be kind of deadlock ?

The angle I like on this is not a PoB system exactly, but a PoB method of transfer to a new crypto-currency. It allows for gradual and voluntary transition to a system with incompatible rules. I think if a better system than bitcoin was devised a PoB bridge could save it years of bootstrapping.

I have a few problems with this proposal

1)  I'm not convinced that producing a script that is always false, that hashes out to a previously used address, qualifies as proof that said address doesn't also have an honest private key.  What is to prevent any miner who has successfully mined a block in the past, to brute force a false script that produces the same hash address?  This would certainly be easier than trying to force a key-pair collision, as the script doesn't have to fit into a pre-determined key length, and just about any false script should qualify, would it not?  Brute forcing all the txout's in the block that you have already found, and finding even one match, gives that miner unearned advantages while not preventing said txout from being respent anyway.

2)  Assuming this does work as well as intended, the net result is that the block reward is simply lower, so isn't it just an auction for the cheapest miner willing to do the work?

3)  The precise number of coins in present circulation cannot be determined, but this might also be true with PoW if we consider the unknown number of lost private keys.

4)  The very real expenditure of resources prohibits the attacker who is otherwise willing to deliberately accumulate coins in order to destroy the currency.  Basicly, methods such as PoS and PoB create a potential attack vector that PoW doesn't suffer from; the case of a long trustworthy node turning to the dark side, for whatever reason.  A 51% brute force attack is just as costly for any attacker, no matter who, when or why they choose to attack.  The other methods elevate certain players into a 'trusted node' status, by different methods, and could provide an attacker leverage by only compromising the security model of a major trusted node first.

Re comparison with proof of stake: I've posted a brief overview of the economic implications of switching to proof of burn on Peter Šurda's "Economics of Bitcoin" blog. Basically it turns coin-holders into de facto shareholders in the future stream of fees (minus miners' supporting costs) - just like proof of stake does - but with the interesting extra feature that the coin-holders don't have to become miners to realise their share of these "de facto dividends". (Of course, that could be argued to have its downside - less incentive to become a miner perhaps? - but the potential upside is a really solid strengthening of the coin's value, helping make various attacks more expensive all round.)

Re the earlier work: no, I hadn't come across that, thanks for the reference to it! I've added a link to it on the Wiki page - though I do warn readers that the earlier work is of a centralised nature (the "trusted entity" business), and not directly comparable to decentralised proof-of-burn mining. But yes, it's still interesting that coin-burning was "in the ideasphere" already!

1. Interesting

2. Should be moved to the alt currencies forum.

3. Can you tl;dr the benefits over proof of stake?

4. The idea of "Coin-burning as a tool for transition between cryptocurrencies" first appeared, I believe, in the so called "Dacoinminster' Second Bitcoin Whitepaper". If you borrowed the idea from there, credit and reference is due. In fact, I think you should refer to it regardless.

Readers of this section of the forum may be interested in my proposal for a new core mining protocol for cryptocurrency, "proof of burn" - a potential alternative to proof of work and proof of stake (though perhaps closer in spirit to the latter), with many interesting properties and economic consequences.

        https://en.bitcoin.it/wiki/Proof_of_burn

Comments and feedback welcome.