Pages:
Author

Topic: Spin-offs: bootstrap an altcoin with a btc-blockchain-based initial distribution - page 10. (Read 53636 times)

legendary
Activity: 2968
Merit: 1198
But would this be ethical?  It sounds like Smooth might be inclined to say "no."  But like you implied, creating ASICs ahead of time would require a huge investment that might become wortheless if the experiment failed.  

I'm not making an ethical judgement here, I'm just saying that people will view this largely the same as a premine, because it is.

The DRK example keeps coming up because of the alleged extreme instamine of supposedly 50%. You could in some sense do a spin-off and then instamine so many coins (say 50% of the remainder) that that the spun-off coins become insignificant, or at least much less significant.

This has little to do with the spin-off technique though. There are all kinds of crappy things you can do with a coin after the spin off.
legendary
Activity: 2968
Merit: 1198

And as I said, it is still likely to be questioned if the developer is uniquely "well-prepared" to mine and ends up mining a disproportionate amount because others are unaware of it or not uniquely well-prepapred (sometimes compounded by a low starting difficulty and bad difficulty adjustment algorithms that give a huge advantage to all miners -- but especially developers -- who get in early).


I think our goals in this thread should be to establish the spin-off technique so that any mining shenanigans become transparent (e.g., by promoting the use of the blockhash timestamp in the header file).  Once this is done, I don't see how mining can be controlled any further.  The developers could say they didn't mine upon launch, but they could do so anyways without anyone knowing.  And I still question whether this would even matter.  

Do you disagree?

I'm not sure which part you are asking about. I think the mining marketplace and the developer's role in that marketplace could matter, but I also agree that is not really relevant to this thread.
donator
Activity: 1218
Merit: 1079
Gerald Davis
One quick question though (before I study your post in more detail): for pay2PubKey, can we not hash the pubKeys down to 20 bytes and only store the hash in the snapshot.bin file?  I actually thought that was your suggestion, but I must have misinterpreted.  I think this should work for both SCV and FCV because in both cases the verifier will be able to extract the pubKey.  If they can look up the pubKey in snapshot.bin, I don't see why they can't look up the pubKey hash instead.

Yes it would be possible, I think I just wasn't clear.  The PubKey is not recorded in the parent tx input, so for SCV some form of PubKey recovery will be needed.  ECDSA does support PubKey recovery, Bitcoin just doesn't use it in transactions (why Satoshi why? Smiley ).  Given a signed bitcoin transaction, the PubKey can be recovered, hashed and compared to the ledger.  The more I think about it there is probably no reason to not do this way (and just store other outputs as raw scripts).

I wouldn't separate out the entries which are a hash of the PubKey pulled from the UXTO from the entries which are a PubKeyHash from the UXTO (i.e. Section A & Section B).

For example the output script for tx 0e3e2357e806b6cdb1f70b54c3a3a17b6714ee1f0e68bebb44a74b1efd512098, output 0 is:
0496b538e853519c726a2c91e61ec11600ae1390813a627c66fb8be7947be63c52da7589379515d 4e0a604f8141781e62294721166bf621e73a82cbf2342c858ee OP_CHECKSIG

If we take the HASH160 (which is RIPEMD-160(SHA-256(PubKey)) we get
119b098e2e980a229e139a9ed01a469e518e6f26

If this is the only output for that PubKey it can be represented in the ledger under "section A" as
119b098e2e980a229e139a9ed01a469e518e6f26 000000012A05F200


In essence we have created a Pay2PubKeyHash entry from each Pay2PubKey output in the UXTO, making Section B redundant.

So two final questions.
1) Does it make sense to store PubKeyHashes and ScriptHashes separately over a more universal IdentifierHash?
2) Does it make sense to decode native multisig outputs into "templates" instead of storing them as raw scripts (Section E)?  They represent only 0.03% of all outputs (hope to get the time to parse and determine % of value this weekend).

There is no right answer just trying to think ahead to what makes sense and what is gained or lost over one option compared to another.  The answers of those questions determine how to update your format.
legendary
Activity: 1162
Merit: 1007

Pay2PubKey and native multisig outputs use PubKeys not PubKeyHashes and they are 33 or 65 bytes not 20 bytes.  Only ScriptHashes and PubKeyHashes are 20 bytes.  You could either handle this by treating compressed (33 bytes ea) and uncompressed (65 bytes ea) PubKeys as a separate type ("tag" in your format) or by just parsing the first byte (0x2 or 0x3 = compressed = 32 bytes follow, 0x4 = uncompressed = 64 bytes follow).


Thanks D&T.  I thought the native multi-sig section was incomplete Smiley

One quick question though (before I study your post in more detail): for pay2PubKey, can we not hash the pubKeys down to 20 bytes and only store the hash in the snapshot.bin file?  I actually thought that was your suggestion, but I must have misinterpreted.  I think this should work for both SCV and FCV because in both cases the verifier will be able to extract the pubKey.  If they can look up the pubKey in snapshot.bin, I don't see why they can't look up the pubKey hash instead.  


EDIT: What you describe here is what I was hoping to do for Pay2PubKey (to make it consistent with Pay2PubKeyHash and Pay2ScriptHash):

An alternative idea is to recognize that complex scripts (including native multisig) have different properties and thus treat them differently.  Pay2PubKeyHash, Pay2PubKey, Pay2ScriptHash make up the majority of the outputs (>99.9%) and they have a single identifying characteristic (as hash or key).  To normalize them and reduce the size, a hash could be taken of the  PubKeys for formats 2 & 8 4?.  This would make all 4 formats (1-4)  representable by a single hash and value.   Then store all other outputs as raw scripts. The good news is there are less than 30,000 valid outputs (unspent and spent) which are not Pay2PubKeyHash, Pay2PubKey or Pay2ScriptHash.  This represents the tail end (~1%) of the distribution and w/ P2SH it is likely to get smaller as a % of the UXTO.  Having those templates in a raw form is less of a concern.
donator
Activity: 1218
Merit: 1079
Gerald Davis
A couple corrections:  

In the description for Section C, drop the word "addresses" as there is no address to represent a complex output script (other than P2SH).  You also need to add an element to represent "m" (the number of signatures), "n" can be implicitly determined by the number of PubKeys.   This is pretty easy to achieve as native multisig (not be confused w/ P2SH) is limited to m<=2 and n <= 3 resulting in only five combinations possible (1 of 1, 1 of 2, 1 of 3, 2 of 2, 2 of 3).

Pay2PubKey and native multisig outputs use PubKeys not PubKeyHashes and they are 33 or 65 bytes not 20 bytes.  Only ScriptHashes and PubKeyHashes are 20 bytes.  You could either handle this by treating compressed (33 bytes ea) and uncompressed (65 bytes ea) PubKeys as a separate type ("tag" in your format) or by just parsing the first byte (0x2 or 0x3 = compressed = 32 bytes follow, 0x4 = uncompressed = 64 bytes follow).  The good news is that 99.9%+ of spendable outputs fit one of 7 standard templates.  By also having an unknown type and standard for storing arbitrary scripts (type 0 = unknown) you can store all possible claimants.

Something like this:

Code:
Type Description               UXTO Template                                                             Record_Length Storage_Format
-----------------------------------------------------------------------------------------------------------------------------------------
  0  Unknown                   -none-                                                                    variable      0x00
  1  Pay2PubkeyHash            OP_DUP OP_HASH160   OP_EQUALVERIFY OP_CHECKSIG             29 bytes      0x01
  2  Pay2PubKey                 OP_CHECKSIG                                                42|74 bytes   0x02
  3  Pay2ScriptHash (P2SH)     OP_HASH160 OP_EQUAL                                       29 bytes      0x03
  4  Native Multisig (1 of 1)  OP_1 OP_1 OP_CHECK_MULTISIG                              0x08
  5  Native Multisig (1 of 2)  OP_1 OP_2 OP_CHECK_MULTISIG             0x04
  6  Native Multisig (2 of 2)  OP_2 OP_2 OP_CHECK_MULTISIG             0x05
  7  Native Multisig (1 of 3)  OP_1 OP_3 OP_CHECK_MULTISIG   0x06
  8  Native Multisig (2 of 3)  OP_2 OP_3 OP_CHECK_MULTISIG   0x07

A couple notes
1) Yes 1 of 1 "multisig" is a valid output.  It can probably be combined with Pay2PubKey entries as the input format of both are identical.
2) It may be better to break the types down to separate uncompressed and compressed.  With multisig they can be mixed so there are multiple combinations (i.e. for x of 3: UUU, UUC, UCC, CCC).
3) Scripts are limited to 10,000 bytes so for type 0 that puts an upper bound on the length of unknown scripts.  In practice scripts are much smaller on average.
4) Unknown (type 0) could be broken out to identify more discrete templates.

All unspendable outputs can be dropped.  Outputs matching the following templates are unspendable (either by design or error) and can be dropped from the snapshot.bin.  There is no reason to keep them anymore than spent output but it doesn't make much difference as there are less than 2K outputs currently in the blockchain.
Code:
 

OP_DUP OP_HASH160 OP_0 OP_EQUALVERIFY OP_CHECKSIG
OP_IFDUP OP_IF OP_2SWAP OP_VERIFY OP_2OVER OP_DEPTH
OP_RETURN
OP_RETURN


An alternative idea is to recognize that complex scripts (including native multisig) have different properties and thus treat them differently.  Pay2PubKeyHash, Pay2PubKey, Pay2ScriptHash make up the majority of the outputs (>99.97% by total created outputs lets see how it holds up by value) and they have a single identifying characteristic (as hash or key).  To normalize them and reduce the size, a hash could be taken of the PubKeys for formats 2 & 4.  This would make all 4 formats (1-4)  representable by a single hash and value.  

All other outputs could just be stored as raw scripts.  While it may not be the most efficient, remember they make up 0.03% of outputs and that will probably shrink due to P2SH, so how you handle the top 4 templates is going to determine the bulk of the snapshot ledger size.

Code:
0x04E  // single identify claimants (>99.97% of outputs, Pay2PubKeyHash, Hash(Pay2PubKey), Pay2ScriptHash)
 //all identifiers in sorted order

0xB4 // complex script outputs (to include native multisig - upper limit is ~30,000 entries)



As a side note it would have been useful if Bitcoin (or any derived coin) had moved all scripting to the tx inputs and kept all outputs as just script hashes (i.e. vs OP_HASH160 OP_EQUAL).  It would make transactions smaller by removing excess opcodes, and more importantly by shifting the "weight" of the tx to the input it would reduce the size of the UXTO (which records the set of outputs.  As a side benefit it would make things like snapshot.bin easier and lighter.  Case in point the current UXTO spends ~35 bytes per output.  If it could be reduced to a output hash (20 bytes), and value stored as varint (4 bytes average) it would reduce the size of UXTO by roughly a third.  Bitcoin could move towards a system like that by soft fork (make non P2SH output non-standard after certain point) and the UXTO would be normalized over time as non-P2SH outputs are spent and replaced with P2SH ones.  Just something for future altcoin developers to consider.
legendary
Activity: 1162
Merit: 1007
Refining the format of snapshot.bin

DeathAndTaxes showed that over 99.9% of unspent outputs (by count) remain claimable if the snapshot.bin file is a uniform list of {{hash1, balance1}…{hashN, balanceN}}.  This file format works for Simplified Claim Verification (SCV) and Full Claim Verification (FCV).  

I updated the file format proposal for snapshot.bin below.  I know D&T discussed further compression, but I'd propose that this be done as part of the client installation procedure or during snapshot.bin transport, rather than further compressing snapshot.bin itself.  For this reason, I typically used 64-bit fields even when smaller data types would be work.  

I continued to break snapshot.bin into Sections based on output type.  This isn't strictly necessary as pubKeys and redeemScripts are all hashed to a consistent bit length, but I thought it might still be useful.  

Code:
// File header:
version (1 byte)  blockheight_of_snapshot (8 bytes) blockheight_when_live (8 bytes)  num_bytes_H (8 bytes)  header data   // total of num_bytes_H of header data

// File body:

// Section A: Wealth data for pay2PubKeyHash (sorted by hash):
tagA=0x4E (1 byte)  num_bytes_A (8 bytes)  pubkeyhash_1 (20 bytes)  balance_1 (8 bytes)  …  pubkeyhash_N (20 bytes)  balance_N (8 bytes)  // total of num_bytes_A of records here

// Section B: Wealth data for pay2PubKey (sorted by hash):
tagB=0xB2 (1 byte)  num_bytes_B (8 bytes)  hash_of_pubkey_1 (20 bytes)  balance_1 (8 bytes)  …  hash_of_pubkey_N (20 bytes)  balance_N (8 bytes)  // total of num_bytes_B of records here

// Section C: Wealth data for native multisig (sorted by hash):
tagC=0xA7 (1 byte)  num_bytes_C (8 bytes)  hash_of_pubkeysInCanonicalOrder_1 (20 bytes) balance_1 (8 bytes)  …  hash_of_pubkeysInCanonicalOrder_N (20 bytes)  balance_N (8 bytes)  // total of num_bytes_C of records here

// Section D: Wealth data for pay2ScriptHash (sorted by hash):
tagD=0x24 (1 byte)  num_bytes_D (8 bytes)  hash_of_redeemScript_1 (20 bytes)  balance_1 (8 bytes)  …  hash_of_redeemScript_N (20 bytes)  balance_N (8 bytes)  // total of num_bytes_D of records here

// Section E: Wealth data for other types of outputs:
tagE=0xB4 (1 byte)  num_bytes_E (8 bytes)  should we record the unspent outputs that don't fit into Sections A - D verbatim here, just in case?


The file header for snapshot.bin needs to contain the blockheader of the snapshot block in order for SCV to work.  I also propose that it contains every blockheader between the snapshot and the agreed-upon block where the coin "goes live."  This acts as a time stamp that proves to the world that the developers couldn't have possibly begun mining earlier than the date when, e.g., Block 314,000 was found.

Code:
// File header:
version (1 byte)  blockheight_snapshot (8 bytes)   blockheight_whenLive (8 bytes)  num_bytes_H (8 bytes)  header data   // total of num_bytes_H of header data

// Header data:
Blockheader_for_snapshotBlock (80 bytes)  Blockheader_for_snapshotBlock+1 (80 bytes) … Blockheader_for_whenLiveBlock-1 (80 bytes)   Blockheader_for_whenLiveBlock (80 bytes)
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Do you really think Aethereum will beat Ethereum? I think they won't even if ethereum keeps 100% dev premine.

I think this thread is where I would find the most pro-BTC allocation people. If you guys don't do it, I don't think anyone will.

Like D&T said, this is an experiment.  It is not clear yet what will happen.  

Regarding the statement "if you guys don't do it, I don't think anyone will," well…it depends.  I think we need to fully define the technique, develop a tool to make the snapshot.bin files, and then assist with a reference launch of a potentially interesting alt coin.  

If the technique works and the spin-off thrives, and if there is a clear mechanism for developers to earn even a small profit, then I think spin-offs will proliferate and threaten alt-coins launched with non-spinoff distributions.  Remember, once the reference launch is complete and working, it should be quite easy to port that part of the code to new alt-coins to create additional clones.  

On the other hand, if we learn that the technique doesn't work for some reason, then probably no one will bother with them.  

In either case, we will learn something important. 

haha...maybe....
we're pretty far out on the bleeding edge.

Bitcoin itself is an experiment...

Altcoins are an experiment based on an experiment.

And THIS could be said to be experiment based on an experiment based on an experiment...so we might not
have enough meaningful data...but will be interesting to see what happens with aEthereum.
Hopefully you'll be ready in time. Smiley
legendary
Activity: 1162
Merit: 1007
Do you really think Aethereum will beat Ethereum? I think they won't even if ethereum keeps 100% dev premine.

I think this thread is where I would find the most pro-BTC allocation people. If you guys don't do it, I don't think anyone will.

Like D&T said, this is an experiment.  It is not clear yet what will happen.  

Regarding the statement "if you guys don't do it, I don't think anyone will," well…it depends.  I think we need to fully define the technique, develop a tool to make the snapshot.bin files, and then assist with a reference launch of a potentially interesting alt coin.  

If the technique works and the spin-off thrives, and if there is a clear mechanism for developers to earn even a small profit, then I think spin-offs will proliferate and threaten alt-coins launched with non-spinoff distributions.  Remember, once the reference launch is complete and working, it should be quite easy to port that part of the code to new alt-coins to create additional clones.  

On the other hand, if we learn that the technique doesn't work for some reason, then probably no one will bother with them.  

In either case, we will learn something important.  
donator
Activity: 1218
Merit: 1079
Gerald Davis
You would lead a snapshot/fork effort to re-launch their coin with 100% bitcoin?

I don't think he said he would do it, just that it could happen.  Open Source projects can be modified and redistributed that is simply a reality.  

Well they have to be modified and distributed by humans, not fairies. You still have to make your site #1 on google for that search term, you still have to have people talking to media to explain your project, etc.

Do you really think Aethereum will beat Ethereum? I think they won't even if ethereum keeps 100% dev premine.

Well that is the experiment.  Honestly I don't think anything will come out of ethereum (or clones) so the spinoff concept might outlive them both.

Quote
My opinion is that everyone here is a bitcoin whale and that the "fairness" / "legitimacy" argument is a red herring. I think the average joe would be ok with getting 10 coins in a project with a dedicated dev team over 12.5 coins in a project that is fighting the core devs and trying to maintain a fork.

If true then you have nothing to worry about.  Of course you ignore the optimal scenario where the innovative altcoin uses the spinoff concept from the beginning and thus clones have nothing to offer.  The spinoff has the superior tech, the first mover advantage, and the increased liquidity and distribution created by the snapshot block.
legendary
Activity: 1162
Merit: 1007
I should preface these next comments by saying that we've certainly made progress.  With something like Darkcoin, there were questions that the developers may control 50% of the supply (at least that was the rumour a few weeks ago).  Using the spin-off technique with the blockhash timestamp in snapshot.bin means there may be some argument about whether the developers control 0.02% or 1%.  So the "problem" is 10 - 100 X smaller with a spin-off than a regular launch.  This fact, coupled with the requirement that all bitcoin holders can make a claim in proportion to their bitcoin holdings, suggests to me that spin-offs would generally appear more legitimate than a mine-from-zero or IPO'd coin.  


And as I said, it is still likely to be questioned if the developer is uniquely "well-prepared" to mine and ends up mining a disproportionate amount because others are unaware of it or not uniquely well-prepapred (sometimes compounded by a low starting difficulty and bad difficulty adjustment algorithms that give a huge advantage to all miners -- but especially developers -- who get in early).


I think our goals in this thread should be to establish the spin-off technique so that any mining shenanigans become transparent (e.g., by promoting the use of the blockhash timestamp in the header file).  Once this is done, I don't see how mining can be controlled any further.  The developers could say they didn't mine upon launch, but they could do so anyways without anyone knowing.  And I still question whether this would even matter.  

Do you disagree?


But like Cypherdoc said, the developers can still benefit based on the asymmetry of their information.  They can be highly-prepared to mine coins upon launch and they can purchase coins from bitcoin holders who are happy to sell this "free money" for cheap.  

I was thinking the same thing -- they might even create some ASICs ahead of time if they really believe in the new scheme.

But would this be ethical?  It sounds like Smooth might be inclined to say "no."  But like you implied, creating ASICs ahead of time would require a huge investment that might become wortheless if the experiment failed.  
sr. member
Activity: 1582
Merit: 253
You would lead a snapshot/fork effort to re-launch their coin with 100% bitcoin?

I don't think he said he would do it, just that it could happen.  Open Source projects can be modified and redistributed that is simply a reality. 

Well they have to be modified and distributed by humans, not fairies. You still have to make your site #1 on google for that search term, you still have to have people talking to media to explain your project, etc.

Do you really think Aethereum will beat Ethereum? I think they won't even if ethereum keeps 100% dev premine.

I think this thread is where I would find the most pro-BTC allocation people. If you guys don't do it, I don't think anyone will.

My opinion is that everyone here is a bitcoin whale and that the "fairness" / "legitimacy" argument is a red herring. I think the average joe would be ok with getting 10 coins in a project with a dedicated dev team over 12.5 coins in a project that is fighting the core devs and trying to maintain a fork.
donator
Activity: 1218
Merit: 1079
Gerald Davis
You would lead a snapshot/fork effort to re-launch their coin with 100% bitcoin?

I don't think he said he would do it, just that it could happen.  Open Source projects can be modified and redistributed that is simply a reality. 
sr. member
Activity: 1582
Merit: 253
Peter R: What % do you think is "safe" for an altcoin developer to use?

The point I was trying to make is that only 0% is "safe."  With any other distribution, there will be questions about legitimacy.  If there are too many questions, the technology (should it actually be useful) may be at risk of getting scooped by clone launched with a more efficient distribution.   

Really? I think you're imagining shitty altcoins and not real crypto-equity innovation.

Consider zerocoin. Suppose they went with pure POS and so had 100% preallocation.
Their tech was the result of tons of work in advanced crypto research. Also suppose their codebase is unique and getting a dev up to speed is not a small undertaking. Suppose they allocated 90% to bitcoin and 10% into a trust that paid for development.

You would lead a snapshot/fork effort to re-launch their coin with 100% bitcoin?

What if there were 10 such projects, each with unique technology that is clearly providing value and which was clearly the result of a lot of work? Would you fight all those dev teams at once?
sr. member
Activity: 365
Merit: 251
If I was going to launch an alt-coin, I would use a true spin-off.  Since I was the one who picked the mining algorithm and controlled the launch date, I'd have my miners fired up and ready to go right at launch.  By mining when difficult was low, and perhaps by purchasing coins dumped for cheap, I bet a developer could accrue 0.1 - 1% of the money supply for a low cost.
Let's not forget that some coins don't have mining in the Bitcoin sense. For example, Nxt has no block reward, no inflation, no way to create new coins. Processing transactions only brings in transaction fees, and they are likely to be low in the early stages. What's more, being a proof-of-stake currency, you get the transaction fees in proportion to the coins you stake, and you are starting off with none. So you are kind of screwed on that account.

The main way you would acquire the new Nxt/Bitcoin spin-off coins is by buying from someone selling their Bitcoin claim. Ironically, the more people like your alt-coin, the higher the price, the harder to acquire it cheap, and the less money you make. Even their indifference, not bothering to sell, makes it harder to acquire cheap coins.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
I suppose if an alt was pre-mined it wouldn't make sense to try to create a "dual" distribution,
and we can just go with a bitcoin based distribution.   Sorry, I'm late to the party as usual.  Wink


But like Cypherdoc said, the developers can still benefit based on the asymmetry of their information.  They can be highly-prepared to mine coins upon launch and they can purchase coins from bitcoin holders who are happy to sell this "free money" for cheap.   

I was thinking the same thing -- they might even create some ASICs ahead of time if they really believe in the new scheme.
legendary
Activity: 996
Merit: 1013

The spin-off technique is only a tool.  

Exactly.
So you shouldn't have any qualms about spinning off Monero.
legendary
Activity: 2968
Merit: 1198

If I was going to launch an alt-coin, I would use a true spin-off.  Since I was the one who picked the mining algorithm and controlled the launch date, I'd have my miners fired up and ready to go right at launch.  By mining when difficult was low, and perhaps by purchasing coins dumped for cheap, I bet a developer could accrue 0.1 - 1% of the money supply for a low cost.  The beauty here is that there will be no questions about the legitimacy of the distribution.  Every detail would be completely transparent.


Instamining where the developer has some major advantage is definitely questioned and there are some well known if somewhat successful (and likely a large number of less successful and less known) examples that are questioned.

Buying from people who don't place the same value on it is likely to be viewed as more legitimate.

Lol, after I wrote that post I was worried it would be mis-interpretted because I don't think I was clear.  What I mean is that the developers could begin mining upon launch and could be well-prepared to do so efficiently.  The only "advantage" the developer might have is that he's likely the one paying his coin's launch the most attention.  

For example, the snapshot.bin file could be based on the unspent outputs at Block #310,000.  However, it could be agreed that the coin "launches" at Block #314,000 (giving everyone ~one month to make sure there's nothing "funny" about the snapshot.bin file).  It would be agreed that the blockhash for Block #314,000 gets encoded in the snapshot.bin header and when this data is known, the coin goes "live." This type of launch mechanism allows everyone to know the launch details ahead of time, yet delays the launch until a certain event happens on the bitcoin blockchain.  Once the event happens (Block #314,000 is found), it becomes every-miner-for-himself.  The only advantage the developer has is that he is probably paying closer attention and will likely be ready to mine the moment this event occurs.  

And as I said, it is still likely to be questioned if the developer is uniquely "well-prepared" to mine and ends up mining a disproportionate amount because others are unaware of it or not uniquely well-prepapred (sometimes compounded by a low starting difficulty and bad difficulty adjustment algorithms that give a huge advantage to all miners -- but especially developers -- who get in early).

But it is hard to argue with actually buying coins from a seller, although I guess even in that case there could be shenanigans. For example, the developer could be deceptive about plans for future investment, to scoop up cheap coins before revealing investment plans. Sort of a reverse pump-and-dump.

Quote
If there are threads announcing the launch details months in advance, and even CoinDesk runs a story on it, then in my opinion the developers have done their due diligence in making the announcement.  If they happen to mine most the coins for the first few weeks because few others bothered, then I don't see how that would be interpreted as a problem.  

I agree with this extreme example in theory but I can't think of a single coin in practice that has been launched this way, with months of notice and press coverage. (I guess Etherium counts, though it hasn't been launched yet.)

In practice what often happens is an announcement post is made and the thread gets quickly buried if it isn't among the most widely followed (and replied).


legendary
Activity: 1162
Merit: 1007

If I was going to launch an alt-coin, I would use a true spin-off.  Since I was the one who picked the mining algorithm and controlled the launch date, I'd have my miners fired up and ready to go right at launch.  By mining when difficult was low, and perhaps by purchasing coins dumped for cheap, I bet a developer could accrue 0.1 - 1% of the money supply for a low cost.  The beauty here is that there will be no questions about the legitimacy of the distribution.  Every detail would be completely transparent.


Instamining where the developer has some major advantage is definitely questioned and there are some well known if somewhat successful (and likely a large number of less successful and less known) examples that are questioned.

Buying from people who don't place the same value on it is likely to be viewed as more legitimate.

Lol, after I wrote that post I was worried it would be mis-interpretted because I don't think I was clear.  What I mean is that the developers could begin mining upon launch and could be well-prepared to do so efficiently.  The only "advantage" the developer might have is that he's likely the one paying his coin's launch the most attention.  

For example, the snapshot.bin file could be based on the unspent outputs at Block #310,000.  However, it could be agreed that the coin "launches" at Block #314,000 (giving everyone ~one month to make sure there's nothing "funny" about the snapshot.bin file).  It would be agreed that the blockhash for Block #314,000 gets encoded in the snapshot.bin header and when this data is known, the coin goes "live." This type of launch mechanism allows everyone to know the launch details ahead of time, yet delays the launch until a certain event happens on the bitcoin blockchain.  Once the event happens (Block #314,000 is found), it becomes every-miner-for-himself.  The only advantage the developer has is that he is probably paying closer attention and will likely be ready to mine the moment this event occurs.  

So there is no way to "pre-mine" or "insta-mine" without getting caught.  Once the coin is running, it will be clear to everyone (to within a few minutes) when it was launched.  If the launch date is, for example, 3 months prior to the first Reddit or bitcointalk thread, then that's obviously a red flag.  If there are threads announcing the launch details months in advance, and even CoinDesk runs a story on it, then in my opinion the developers have done their due diligence in making the announcement.  If they happen to mine most the coins for the first few weeks because few others bothered, then I don't see how that would be interpreted as a problem.  
legendary
Activity: 1162
Merit: 1007
"Clams" is highly suspect upon first glance.

DO NOT LOAD YOUR BITCOIN WALLETS INTO ANY SOFTWARE THAT YOU DO NOT UNDERSTAND. 

With a properly-executed spin-off, there is no reason that a user would be required to import his private keys (wallet file) into a spin-off client.  Claiming a spin-off can be done using either bitcoin OP_RETURN transactions or bitcoin-signed messages, all from your existing wallet software.
legendary
Activity: 2968
Merit: 1198

If I was going to launch an alt-coin, I would use a true spin-off.  Since I was the one who picked the mining algorithm and controlled the launch date, I'd have my miners fired up and ready to go right at launch.  By mining when difficult was low, and perhaps by purchasing coins dumped for cheap, I bet a developer could accrue 0.1 - 1% of the money supply for a low cost.  The beauty here is that there will be no questions about the legitimacy of the distribution.  Every detail would be completely transparent.


Instamining where the developer has some major advantage is definitely questioned and there are some well known if somewhat successful (and likely a large number of less successful and less known) examples that are questioned.

Buying from people who don't place the same value on it is likely to be viewed as more legitimate.
Pages:
Jump to: