Author

Topic: Proof of burn - a potential alternative to proof of work and proof of stake (Read 9090 times)

hero member
Activity: 686
Merit: 500
I'm just wondering, has there been any new PoB coins of note in the last 3 years?

So far on the list I have:

-Counterparty
-Slimcoin


BARR burned, redeemed, and consolidated about 100BTC worth of altcoins in 2015 and 2016. 

It's still available to trade 24/7 on the NXT Asset Exchange, and can never be delisted as long as NXT exists.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
Iain, if you are here still, there is a new coin "on the block" which is using exactly your idea but calling it "Hive Mining". It's Litecoin Cash.

The Whitepaper, in my opinion, does not add nothing substantial to the original concept, only that the coins "work" for a relatively short time in comparation to Slimcoin, the first coin that has used the concept.

However, Litecoin Cash does one thing terribly wrong: they combine PoB with a "community fund", which is very likely centrally managed - as alternative to "burn" the coins you can send them to the community fund. Thus, community members can do some kind of "circle mining": they ensure they qualify for a bounty and then send money to themselves via the community fund. Grin
legendary
Activity: 3010
Merit: 8114
I'm just wondering, has there been any new PoB coins of note in the last 3 years?

So far on the list I have:

-Counterparty
-Slimcoin
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
The main POS chains have a deterministic block production order making producing more than one block at a time impossible. In my design, I wanted something as elegant and permissionless as POW, which only follows the longest chain rule, regardless of participants.

Without PoW or some other external resource "wasted", having a totally objective blockchain security mechanism is is probably impossible. But as Vitalik Buterin points out in his well known article about Proof of Stake and Weak Subjectivity, that may not be a problem at all. Proof of Burn should have very similar properties to Proof of Stake.

Quote
I wanted to get away from the situation in POS where the cost of producing a double spend is a simple constant proportional to your stake, which I don't believe is a tenable design for a world currency. On the limit, my POB design collapsed down to plain POS, which is where I stopped Smiley

My understanding is that the difference lies in the fact that burning in a PoB system is always risky because there is a probability that your earnings from rewards will be less than your burnt amount. So the double spend cost is not completely proportional to stake but to the risk the "burner" is wanting to take. (In fact, if you are more wealthy you will be able to burn more coins, but in Bitcoin occurs something similar, as if you're more wealthy you can buy more hashing power).

But that has (if I don't oversee something) no implications for security, only for the "fairness" of the distribution mechanism. That's why I consider Proof of Burn an interesting alternative to PoS.
legendary
Activity: 1008
Merit: 1007
@monsterer: Thank you for your analysis. I will respond in your thread after I've read more material regarding the attacks you're mentioning. A quick question: Are the attacks you're describing also possible for a pure Proof of Stake system (and so comparable to the "nothing at stake" problem)?

The main POS chains have a deterministic block production order making producing more than one block at a time impossible. In my design, I wanted something as elegant and permissionless as POW, which only follows the longest chain rule, regardless of participants.

I wanted to get away from the situation in POS where the cost of producing a double spend is a simple constant proportional to your stake, which I don't believe is a tenable design for a world currency. On the limit, my POB design collapsed down to plain POS, which is where I stopped Smiley
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
It seems like the reward will always have to be > burn otherwise no one would do it so burning is always net-positive meaning everyone wants to do it as fast as possible to claim the rewards.

It is true that the "expected" total reward (for a participant) must be higher than the burnt amount of coins. If the "total burnt amount" is very high, it can lead to a situation where it is not profitable to burn coins in this moment. In a mature market it can be expected that this will lead to an equilibrium where there will never be "too much" nor "too few" coins burnt.

This equilibrium should lead to a situation where burning it is not guaranteed to be profitable, but with a certain risk it can lead to profit - but in a certain amount of time, e.g. in some months. That means that a "burnt coin" can be considered a long-time investment in the coin. My theory is that this mechanism can stabilize the coin value a bit as these long term investors cannot sell their burnt coins (they can sell their private keys, but in a trustless environment this is very difficult).


Quote
If everyone in the network was participating in burning equally, everyone is getting an equal reward at the expense of everyone else, do we need a reward system at all?  Everyone is getting the same reward.

This situation is unlikely to happen, as for this there must be a very even distribution of coins.

Quote
If a subset of people in the network are participating in the burning then that subset is getting a reward at the expense of everyone not in that subset, is this desirable?  Since there's no physical limitation to burning it seems like in the end the person with the largest balance will get the largest reward in the long run.

Yes, that is true and that is basically the same "problem" like in Proof of Stake, ("rich get richer") but with an important difference. Burnt coins can not be moved (and spent) inmediatly because they are destroyed when burnt; you only can spend your profit after the rewards have been paid. In the situation I describe above, it will last several months to get a profit when PoB mining. This means that a "burning miner" is locking coins for some months.

So the game is a little bit different compared to PoS: it's not wealth but risk what is rewarded, because the value of a PoB currency can drop during these months.


@monsterer: Thank you for your analysis. I will respond in your thread after I've read more material regarding the attacks you're mentioning. A quick question: Are the attacks you're describing also possible for a pure Proof of Stake system (and so comparable to the "nothing at stake" problem)?
hero member
Activity: 686
Merit: 500
In case you haven't heard about it, you might want to check out what we're doing with Multi-Proof-of-Burn as an ongoing and variable method of distribution.

We swap for burned altcoins, with the goal of burning/swapping the entire available supply of an altcoin;  then we move to a different altcoin.  We only launched 2 weeks ago, but we've burned almost a third of the supply of Keycoin, almost a third of Fractalcoin, and almost half of all Sapience coins.

https://bitcointalksearch.org/topic/ann-barr-the-only-cryptocurrency-where-no-ones-ever-lost-money-1219460



legendary
Activity: 1008
Merit: 1007
I did a bunch of analysis on Proof of Burn to asses whether it could cleanly (and as elegantly) replace POW as a way of achieving consensus, but I had to conclude that it couldn't principally because of the finney attack.

More details here:

https://bitcointalksearch.org/topic/m.12446394

Quote
2) Finney attack. It is completely trivial for an attacker to generate an infinite sequence of valid blocks in which he is the solo participant and is also the winner. Since the chain is ordered by maximum burn, this makes any double spend profitable because he can simply dump a massive pile of finney blocks on the fork containing his double spend. Using block timestamps to discard quickly submitted blocks is not a viable solution, since timestamps in a p2p system are unreliable.
full member
Activity: 238
Merit: 122
It seems like the reward will always have to be > burn otherwise no one would do it so burning is always net-positive meaning everyone wants to do it as fast as possible to claim the rewards.

A mechanism would need to be made to fairly select who gets the reward among the set of all people trying to burn.  In the best case this would be evenly distributed among all the people trying to do a burn.

If everyone in the network was participating in burning equally, everyone is getting an equal reward at the expense of everyone else, do we need a reward system at all?  Everyone is getting the same reward.

If a subset of people in the network are participating in the burning then that subset is getting a reward at the expense of everyone not in that subset, is this desirable?  Since there's no physical limitation to burning it seems like in the end the person with the largest balance will get the largest reward in the long run.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
I was now granted access as an editor to the Bitcoin wiki. I have updated the Proof of burn page (http://en.bitcoin.it/wiki/Proof_of_burn) with the following additions:

- the introduction was wrong, as it is not only a method to "bootstrap" a currency out of another, but the original author specifically conceived it as a descentralized consensus method and an alternative to Proof of work / Proof of Stake. I corrected this.
- I added the current implementations (Slimcoin, the now defunct TGCoin which uses pretty the same implementation and the bootstrapping used in Levelcoin and Counterparty). Because of the rules of the Bitcoin wiki, which restrict "altcoin" content, I limited these additions strictly to the technical side of the implementation.

I didn't touch Iain Stewart's original content, because it's of high historical significance and it should stay there unchanged.

Feedback / possible additions to the article are welcome! It would be interesting, above all, what people think if Proof of Burn could be implemented in Bitcoin itself in the future or if there are any "hard" protocol rules that forbid it.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist

When I first read that and started searching, I found Counterparty, but after reading it I discovered that they only used PoB for initial bootstrapping by burning BtC for a limited time. Sad face.  Sad I haven't found any others yet except slimcoin.


CounterParty doesn't need another consensus mechanism, it's piggybacking off of Bitcoin's PoW. It would be silly to.

Yes, Counterparty and Levelcoin (I don't know if it still exists) use PoB only for "bootstrapping a currency out of another".

In fact, with Slimcoin in operation, the wiki article http://en.bitcoin.it/wiki/Proof_of_burn should be updated. There, the first sentence is:

Quote
Proof of burn is method for bootstrapping one cryptocurrency off of another.

It should be something like:

Quote
Proof of burn is a consensus method and an alternative to Proof-of-work and Proof-of-stake. It is used for the distribution of coins among users of a cryptocurrency via block rewards and for bootstrapping one cryptocurrency off of another, being also a potential method to secure the blockchain.

Unfortunately I have no write permissions for the wiki (and my English is perhaps not good enough), someone here has and can update this?
legendary
Activity: 2646
Merit: 1722
https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF
Still don't get it how it works and how is it better?

Maybe it is or maybe it isn't ?

Is Slimcoin an entirely new Economic principal in practice ?

Slimcoin is something that is only made possible by the very foundation of crypto currency.

Imagine walking into your local bank, tearing up some bank notes of paper currency and then asking the desk clerk for a slightly higher fixed % rate of interest on your savings account because their is now less money in circulation.  Cheesy

That is Slimcoin. Destruction of the existing money supply with the mathematical hope / chance of getting a larger return in the future based on that destruction and in essence what is also a deflationary action.

Slimcoin actually helps to test what will happen with Bitcoin in 140+ years when all of the 21 Million Bitcoins are in cirulation and we begin to see the existing money supply deflate, initially creating additional value (in theory) and then the certain very slow decent back down to 0 worth ? Again, I describe the economic principal that 'you cannot trade in diminishing intangibility' - fact.

Certainly in our recent history only government institutions and issuing monetary authorities have been involved in the creation and/or destruction of the money supply.

See: http://www.theatlantic.com/business/archive/2011/04/the-destruction-of-money-who-does-it-why-when-and-how/236990/

See: https://wikipedia.org/wiki/Money_creation

See: https://wikipedia.org/wiki/Money_supply

I cannot think of another direct example where the destruction of money (or in fact any form of commodity) is directly linked to the creation of new money, without being directly linked to the economic principals of supply and demand / inflation and deflation.

I'm no economist - is their a direct term for this - or is this indeed something totally new ?

Finally, here is Philomena Cunk on 'Money' from "Moments of Wonder." - https://www.youtube.com/watch?v=Z-YKw8w-e50   Cheesy 

Quote
And no, PoW is not luck based, not any more than on other coins, the more hash power you got the more of a chance to hit a block.]And no, PoW is not luck based, not any more than on other coins, the more hash power you got the more of a chance to hit a block.

PoB is the same deal, the more coins you burn the more chance you have to hit a block. PoB and PoW are very similar.

This is the crypto currency equivalent of ERNIE - See: https://wikipedia.org/wiki/ERNIE#ERNIE

Well kind of similar anyhow.  Cool

hero member
Activity: 647
Merit: 501
GainerCoin.com 🔥 Masternode coin 🔥
Still don't get it how it works and how is it better?
legendary
Activity: 1176
Merit: 1056
Interesting and need more time to learn more here.
member
Activity: 114
Merit: 12

When I first read that and started searching, I found Counterparty, but after reading it I discovered that they only used PoB for initial bootstrapping by burning BtC for a limited time. Sad face.  Sad I haven't found any others yet except slimcoin.


CounterParty doesn't need another consensus mechanism, it's piggybacking off of Bitcoin's PoW. It would be silly to.
newbie
Activity: 21
Merit: 0
Hi d5000, I'm also quite interested in proof-of-burn after recently reading the wiki page linked in the OP.

When I first read that and started searching, I found Counterparty, but after reading it I discovered that they only used PoB for initial bootstrapping by burning BtC for a limited time. Sad face.  Sad I haven't found any others yet except slimcoin.

I've downloaded slimcoin and started playing with it a bit, though. I'm just really interested in the potential for running a cryptocurrency without the "wasted" power (etc) of running mining rigs (well, wasted unless it's a chilly winter, I guess...  Smiley) and what potential weaknesses it might have that a PoW system doesn't.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
I am reanimating this olde thread because I'm really interested in the Proof-of-burn concept as an alternative to PoW and PoS.

There is actually an altcoin using it, Slimcoin (https://bitcointalksearch.org/topic/ann-slimcoin-proof-of-burn-new-block-gen-mineable-by-low-power-computer-613213). Unfortunately, the software is pretty unstable, with frequent forks ocurring, and the developer seems not able to fix the bugs of the client.

If there are any of the original inventors of Proof-of-burn left in this forum, I would be interested what they think of Slimcoin.

- Is the algorithm it uses for the PoB section sound?
- Would you design a PoB coin this way or differently?
- Are there chances for another PoB coin as a proof-of-concept?

(Disclaimer: I am not really invested in Slimcoin, bought only a few coins for cheap at BTER to try out the burn mechanism, but it's for now the only coin that uses PoB for blockchain maintenance and so I am following it.)
hero member
Activity: 588
Merit: 504
Couldn't we use this to transfer from bitcoin to a stronger protocol should the need arise?

Yes

How is burning N coin to mine a total of (coinbase + fees) M coin per block any different than mining a coin with no proof of burn required but with total reward (M-N) ?  

 

How would you calculate total reward? you mean - total monetary supply of M? or M used to receive N ? sry half asleep.

with counterparty it doesn't use PoW function so there would be no miners, the proof of burn (ie sending to a provably unspendable address) as distribution mechanism just ensures no single party receives a massive initial payout before anything is done, in that sense it's trustless- the developers have to have faith in the project by backing with their own funds the same as joe public
legendary
Activity: 1264
Merit: 1008
How is burning N coin to mine a total of (coinbase + fees) M coin per block any different than mining a coin with no proof of burn required but with total reward (M-N) ? 

 
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
Couldn't we use this to transfer from bitcoin to a stronger protocol should the need arise?
sr. member
Activity: 602
Merit: 252
sr. member
Activity: 403
Merit: 251
The angle I like on this is not a PoB system exactly, but a PoB method of transfer to a new crypto-currency. It allows for gradual and voluntary transition to a system with incompatible rules. I think if a better system than bitcoin was devised a PoB bridge could save it years of bootstrapping.
It allows for voluntary transition to a new system, but isn't it a waste of BTC?
I.e. if you have 2 new systems with incompatible rules, one requires PoB and the other just "Proof of Ownership",
otherwise they are identical, I don't see the reason why the PoB version would have higher market value, except "people
made sacrifices for it, therefore it must be valuable".
sr. member
Activity: 406
Merit: 251
http://altoidnerd.com
legendary
Activity: 1232
Merit: 1094
Why do you need the external randomness?

Couldn't you just have the "simulated rig" generate a lowest hash each second of

Hash(, new block-id, t) / (number of burnt coins)

where t is the timestamp in the header.

The Rig-Id would be selected by the buyer when burning the coins/buying the rig.  There would be a rule that duplicate seeds are not allowed.

If there are 2 chains with the same psuedo-proof of work, the one with the earliest timestamp at the fork would win.

The decay in power of the rigs is a good plan.  However, if the currency deflates, then buying later would effectively be cheaper, so maybe not necessary.

I wonder if it using the number of coins burned over time could be used to measure deflation.
legendary
Activity: 1050
Merit: 1003
Question: Are the "simulated GPUs permanent?", i.e. once I create one and wait the two months can it continue mining bitcoins forever (with hashing power proportional to its initial burn)?

If not, then I think this proposal is going to be extremely insecure relative to PoS and/or PoW. If the burn is transient, then the security device is equivalent to GPUs that self-destruct after a certain amount of time has gone by. That is bad. If the lifespan of the simulated rigs is short, then double-spending attacks will be exceptionally cheap.

If the burn is permanent, then you are essentially selling something like dilutable shares in the discounted present value of all future txn fees. To attack this, you would need to burn more than the sum total of all past burns. That would like be a significant proportion of all total coins. There is also the nice property here that attack costs increase monotonically over time (ignoring careless loss of simulated rigs by participants). I don't think this will be as secure as PoS, but it seems secure enough and there appear to be general benefits in terms of accelerated deflation. The permanent burn seems like a good approach to me.

I am not happy with your solution to the randomness problem. I don't think there should be any external dependencies. Just ask anyone who mines a block to submit 1 byte of randomness. I think that will work fine. It is impossible to manipulate the future any meaningful degree with just one byte of randomness. However, block sequences generate a very large amount of randomness, so future behavior over a time scale longer than a few hours is completely unpredictable.






hero member
Activity: 555
Merit: 654
Can you use Bitcoin block hashes as a source of randomness ?
If Bitcoin is secure, then Burncoin will be, without the need for merged mining.

hero member
Activity: 555
Merit: 654
I proposing an alternative to PoBurn that does not require a random source.
I'm posting it in a new thread. Check https://bitcointalksearch.org/topic/proof-of-bet-an-alternative-to-everything-else-131230
legendary
Activity: 1050
Merit: 1003
Instead of putting in lottery data, why not ask the miner's to submit the randomness, i.e. the miners submit a 0 or 1 with each block? The aggregation of these 0s and 1s is a source of "randomness". I don't think you could do much to help yourself with just a 0 or a 1. On the other hand, the aggregation of a long series of 0s and 1s will be unpredictable unless the chain is already under the control of a single agent.
hero member
Activity: 555
Merit: 654
Interesting...

What if the coin get stuck in a time where nobody has burn enough coins in the past two months?

No new block will appear, and there will be no re-calculation of the target price. Also there will be no more coins burnt since no new block is holding the transaction where coins are burnt.

Wouldn't that be kind of deadlock ?
legendary
Activity: 1246
Merit: 1016
Strength in numbers
The angle I like on this is not a PoB system exactly, but a PoB method of transfer to a new crypto-currency. It allows for gradual and voluntary transition to a system with incompatible rules. I think if a better system than bitcoin was devised a PoB bridge could save it years of bootstrapping.
legendary
Activity: 1708
Merit: 1010
I have a few problems with this proposal

1)  I'm not convinced that producing a script that is always false, that hashes out to a previously used address, qualifies as proof that said address doesn't also have an honest private key.  What is to prevent any miner who has successfully mined a block in the past, to brute force a false script that produces the same hash address?  This would certainly be easier than trying to force a key-pair collision, as the script doesn't have to fit into a pre-determined key length, and just about any false script should qualify, would it not?  Brute forcing all the txout's in the block that you have already found, and finding even one match, gives that miner unearned advantages while not preventing said txout from being respent anyway.

2)  Assuming this does work as well as intended, the net result is that the block reward is simply lower, so isn't it just an auction for the cheapest miner willing to do the work?

3)  The precise number of coins in present circulation cannot be determined, but this might also be true with PoW if we consider the unknown number of lost private keys.

4)  The very real expenditure of resources prohibits the attacker who is otherwise willing to deliberately accumulate coins in order to destroy the currency.  Basicly, methods such as PoS and PoB create a potential attack vector that PoW doesn't suffer from; the case of a long trustworthy node turning to the dark side, for whatever reason.  A 51% brute force attack is just as costly for any attacker, no matter who, when or why they choose to attack.  The other methods elevate certain players into a 'trusted node' status, by different methods, and could provide an attacker leverage by only compromising the security model of a major trusted node first.
jr. member
Activity: 33
Merit: 7
1. Interesting

2. Should be moved to the alt currencies forum.

3. Can you tl;dr the benefits over proof of stake?

4. The idea of "Coin-burning as a tool for transition between cryptocurrencies" first appeared, I believe, in the so called "Dacoinminster' Second Bitcoin Whitepaper". If you borrowed the idea from there, credit and reference is due. In fact, I think you should refer to it regardless.

Re comparison with proof of stake: I've posted a brief overview of the economic implications of switching to proof of burn on Peter Šurda's "Economics of Bitcoin" blog. Basically it turns coin-holders into de facto shareholders in the future stream of fees (minus miners' supporting costs) - just like proof of stake does - but with the interesting extra feature that the coin-holders don't have to become miners to realise their share of these "de facto dividends". (Of course, that could be argued to have its downside - less incentive to become a miner perhaps? - but the potential upside is a really solid strengthening of the coin's value, helping make various attacks more expensive all round.)

Re the earlier work: no, I hadn't come across that, thanks for the reference to it! I've added a link to it on the Wiki page - though I do warn readers that the earlier work is of a centralised nature (the "trusted entity" business), and not directly comparable to decentralised proof-of-burn mining. But yes, it's still interesting that coin-burning was "in the ideasphere" already!
legendary
Activity: 1358
Merit: 1003
Ron Gross
1. Interesting

2. Should be moved to the alt currencies forum.

3. Can you tl;dr the benefits over proof of stake?

4. The idea of "Coin-burning as a tool for transition between cryptocurrencies" first appeared, I believe, in the so called "Dacoinminster' Second Bitcoin Whitepaper". If you borrowed the idea from there, credit and reference is due. In fact, I think you should refer to it regardless.
jr. member
Activity: 33
Merit: 7
Readers of this section of the forum may be interested in my proposal for a new core mining protocol for cryptocurrency, "proof of burn" - a potential alternative to proof of work and proof of stake (though perhaps closer in spirit to the latter), with many interesting properties and economic consequences.

        https://en.bitcoin.it/wiki/Proof_of_burn

Comments and feedback welcome.
Jump to: