Topic: "Surprisingly, Tail Emission Is Not Inflationary" -- A post by Peter Todd - page 4. (Read 2760 times)

I think it is, but tail supply supporters seems to think that for some reason, fees alone are not good enough. I don't know why, because fees can be collected from the mainchain, from LN, from the Merged Mining, so if you add all of that, it should be enough. Unless there are no transactions at all in the whole Bitcoin network, but then, it is a different kind of problem.

In the past, attacking was easier, because it was easier to reorganize a chain. Imagine you sent 10,000 BTC to buy pizza, and the block reward was 50 BTC. Then, you needed 200 blocks to have it well-covered by coinbase transactions. Of course, there were many reasons, why less confirmations were enough at that time, including the fact that the whole network was in its infancy, and everyone knew it.

They can, because of the DAO hard fork. Also, ETH is based on hard-forks, so anything can change at any time, and you cannot really control it. Imagine that you use ETH and you don't want some changes, what then? In Bitcoin, you have soft-forks, so changes are backward-compatible, in ETH, you are forced to upgrade, and if you don't, then you are landing in another network.

It is not an instant change. It takes time to lower the difficulty. Imagine that the price is $1 again, what then? Then, the chain would simply stop, as more and more miners would turn their machines off. If you have 80 zero bits, it would take two months, instead of two weeks, to reach 78 zero bits. That means, if you want to go from 80 to 32 bits, you need 48 bits to be shifted, so that means 48/12=4 years of constant difficulty falling, to reach the minimal value. And if it would drop by more than 75%, then it would take even longer. Also, that means if you want to transact at all, then it is needed to constantly use Merged Mining to produce the same next block again and again, until reaching the mainnet difficulty. So, some kind of sidechain is needed to recover from a situation, where only CPU miners would handle all of that. And you know, what does it mean: hodlers would be forced to invest into mining, to protect their coins.

But it is. You can clone the whole code, modify it, and publish it. It is not BSV, where the license says explicitly that you cannot use it anywhere else.

That's the point: you can make a new version, but then, you have to convince miners to use it. Or invest in mining and use it alone. For example, if you want to enable free transactions, you have to convince some miner to change node settings, or you have to start mining, and change it in your own node.

There are countless places, where people have cloned the whole source code. Many bitcoiners have such copy, and most altcoin creators also have it, if it is based on BTC.

For "something else" it doesn't matter, because altcoins have separate rules, so if they want tail supply, they can discuss it in their own channels.

well they should have thought of that in the first place. i thought the block reward and transaction fees pay for security. that's not good enough?



well i don't know. its been so long since bitcoin was $1. but if it was $1, then i don't think it needs as much security as if it was higher price like $20,000.


there are tokens on ethereum that are run on a smart contract. they cannot be changed. for better or worse. but it does form a guarantee that things cannot be changed. you don't get that guarantee with bitcoin. not unless it runs on a smart contract or something similar.



saying that bitcoin's security depends on bitcoins price doesn't sound so appealing. because that would mean if bitcoin price goes down then my bitcoin is not as secure as it used to be. and i need the price to go back up to have it be more secure.


that's assuming the code is available for inspection and modification. that doesn't necessarily have to be the case for something that never changes. as long as people trust it and use it, they might not necessarily have access to the source code. for bitcoin they do but maybe not something else.

No, you are the first who asked, but not the only one who cares. I was surprised that you mentioned me in your description at all, and I wonder, what else could be in part two.

Actually, you are the first and the only one who cares (no merits, tho ) but it is ok, having one audience makes a huge difference, I'll do this in few hours, just for you 

P.S.
For other potential audiences: Part 1

@aliashraf

Still waiting for your summary of the Part 2 "less important, miscellaneous proposals for tackling the tail emission problem" - Part 1 really hit the spot

But that's why tail supply was proposed in the first place: as a payment for security. So, if you will have 21 million coins, and if you will have a consensus rule that 100% coins should be sent as fees, and then miners should collect those coins, and create outputs in the coinbase transaction, then you will have your fixed supply, but that kind of coin would be useless. And guess what: it is a perfect soft-fork.

By running a node. It is really that simple, because Bitcoin is not ruled by miners.

It is crucial, because if 1 BTC is worth $1 or even less, then the whole security is very low. You can see many altcoins with tail supply, and they have much lower security, because they have much lower difficulty (or no difficulty at all, when it comes to Proof of Stake, where the whole chain can be overwritten by getting enough signatures, and no additional work is needed).

No, you can enforce that only with immutable blockchain, because immutable code still allows for example soft-forks, or just tracing the chain by another chain ("a coin in a coin" model).

I thought the whole topic is about tail subsidy, so also about securing the blockchain with no basic block reward. And that is directly related to how many goods and services each miner can buy for a given amount, mined in a coinbase transaction. If you can buy one sandwich for 1 BTC, then guess what, the whole security will be much lower, even if you will get 100% coins as fees.

You don't have to believe, you can simply read about previous soft-forks that are backward compatible. So, even if someone didn't upgrade the software, it is not enough to reach immutability. Can you stop Segwit by not upgrading? Can you stop Taproot by not upgrading? Of course you cannot stop it, because those changes are compatible. And some soft-forks or no-forks that can introduce tail supply are also unstoppable, when it comes to writing some data to the blockchain. So, the only barrier is the human factor.

Also, read about evil soft forks by Peter Todd, you will quickly see that any rules can be introduced in this way, including tail supply: https://petertodd.org/2016/forced-soft-forks
Surprisingly, Peter Todd wrote about unlimited supply in 2016.

ok, I never said I wanted to enforce a price on bitcoin. as far as running a full node, that's not enforcing anything beyond a shadow of a doubt. it's just casting your one single vote. I didn't ask "how do you HELP enforce..." I asked "how do you enforce..."

whether 1 btc can buy a house is immaterial and irrelevant to this discussion. we're talking about how to enforce the 21 million btc limit without trusting people. the only way you can do that is with immutable code. hence a smart contract. or some other type of code that cannot be altered. there are downsides to a setup like that but that's what you have to accept to get immutability.

and we're not talking about gold. we're talking about bitcoin.


well I don't believe you about that. you can make an entire codebase immutable if you want to. so that a single bit of it could never be changed. and it would have to run the same way for all time. if you really want to enforce a 21 million bitcoin limit, you could do it then. because then no one could ever change it. no matter what.

By running a full node. You can enforce 21 million coins limit, but you cannot enforce that 1 BTC will be worth more than one dinner.

That would not change anything, because no kind of contract will enforce that for 1 BTC you can buy a house.

You can say that about all monetary systems, including gold. Starving people cannot eat gold, the same with other popular coins.

There is no such thing as "writing a coin in the way to make it change-resistant". To reach that, you have to block coin flow, so that all coins should be assigned to all owners from the start, and the whole blockchain should be fully deterministic. But that level of change-resistance would make it useless. Because guess what: if Bitcoin would have P2PK and absolutely no other features, and no Script at all, then it would be still possible to introduce things like tail supply.

Right. I can agree with that. But the problem is, how do you enforce the original "economic policy"? Bitcoin is not immutable code, it's not a smart contract. So you can never really enforce bitcoin except through people. And people can make decisions that go against the original economic policy. it is probably unlikely to happen in the immediate future but who knows what could happen someday. Bitcoin is not unchangeable, it can be changed. Some people think of that as a strength but in this particular case, it's a weakness. As Greg suggests by his use of the word "immoral". Maybe bitcoin should have been written as a smart contract so that it could never be changed.

Agree, just perhaps for him, as in my experience, anyone I've properly helped get on with Bitcoin always wants proof for themself that it works... from a 15-yr old kid (now 18 and still asks if we should try again) to a 44 yr old who isn't convinced that simply being able to access the wallet, or sign a message, proves it works.

Maybe it's the case that I don't explain well enough, but I almost kind of get that compulsion to just "test and see if it works".

That said, we're also probably more interested in the larger amounts of dormant coins -- and anyone holding that would probably broadcast as a last resort.

And yet, even after 100 years, you have no way of knowing that coins which haven't moved in that time are lost. I am unconvinced that it fees alone are not enough to maintain the security of the network, then fees + any coins which haven't moved in 100 years would be either. It might delay things, but as Gregory pointed out on first page of this thread, it is entirely possible for coin loss to be come so inconsequentially small that you would essentially just be back to relying on fees only, albeit with a delay of a couple of decades (as truly lost coins from the first several years of bitcoin's life were added to the block reward, provided they hadn't already been moved or stolen by some entity breaking the ECDLP).

There is no reason to do a small transaction "to make sure things work" - if you inherit a private key, you can tell exactly which addresses and which coins it will unlock without having to broadcast anything to the network.

You say you have "many such addresses which would be classified as stale" but you don't even know how "stale" would be defined. It might be something where if funds were not moved from an address in one generation, say 100 years. So given that, none of your addresses would be considered stale. I think it's reasonable to expect someone that inherits bitcoin from someone else would attempt to do at least a small transaction to make sure things work.

Proposing breaking 21 million coins limit is very controversial. For me, it is an attack. On Reddit, it was marked as "contentious hard fork" and removed. On mailing list, it was accepted somehow, despite that more serious things were almost rejected, because they were considered "incomplete", even if the base layer is in fact complete, and can be used to form a complete test network. Here, this topic is widely discussed on bitcointalk, when it should be rejected instantly, and turned into a discussion about making it without touching fixed coin supply.

When it comes to the long term security, it should be obvious that any idea of inflating supply is malicious, and should be instantly rejected, and replaced by N other proposals to solve the same problem. But for some reason, it is not the case, and the whole discussion is still ongoing. So, I cannot take it seriously, if it is "contentious by the rules". And I cannot treat Peter Todd seriously talking about a contentious hard fork, when he also told us that soft forks are superior, and they can be used to upgrade things regularly (he also told us about evil soft forks, but for some reason, his tail supply proposal is a hard fork).

1) because this topic is no longer serious
2) because there are promising proposals, like vjudeu's idea of no-fork sidechains, so they are complete enough to be implemented as a test network, and then we will see, what will happen next
3) because my brain works in a P2P way, where everything is connected with everything else
4) because people asked questions, and I just provided some answers, and some links, this is quite natural

That's why things should be moderated, by cutting offtopic, moving posts, and cleaning things up. But because this topic is not serious at all, maybe it is easier to let the whole mess happen inside, to not let it spread outside of this topic. Because this proposal is about drama and nothing else, and everyone knows about that from the start. Surprisingly, Reddit handled it in the best way, by removing that completely, because Peter Todd proposed a hard fork, so it should be rejected only for that reason everywhere, as long as there are alternative ways (and it is publicly known that the same thing can be done without any hard fork, even evil soft fork can handle that better than some hard fork).

See above: this topic was never serious, exactly like this one: https://bitcointalksearch.org/topic/bitcoin-mining-using-sha-256-5404222

Yes, but it is complete, nothing new was added, no new questions appeared, when it comes to sidechains, so it seems people should see some working code, to talk more about it.

So, why 1 sat/vb? Why don't they have it at 10 sat/vb? This should supposedly drop some of their short term profit and rise their long term profit. What did change in v0.8.2 and they lowered the limit from 50,000 sat/kb to 10,000 sat/kb? Let alone in earlier versions. Answer: Demand.

If the miners decided the minimum relay fee, it wouldn't be called "relay fee". The full nodes decide that, hereby the users. If you run bitcoin-cli getpeerinfo you might see some peers who've set their minfeefilter to 0.00000000. I'm connected with one.

So why is no miner currently announcing they will process 0.5 sat/vbyte transactions and making a greater profit right now?

There's more at play here other than "maximizing short term profits". Such a mindset would lead to a race to the bottom - if one miner sets their limit to 0.5 sats/vbyte to cash in on transactions in which 1 sat/vbyte is too expensive, then another miner might set their limit to 0.2 sats/vbyte for the same reason. And then yet another to 0.1 sats/vbyte, and so on, until every is sending transactions which only pay a couple of sats in fees. Miners have a collective incentive not to drop their minimum fee rate and cash in in the short term so as not to jeopardize their future profits.

This is incredibly inaccurate way of doing things, certainly nowhere near good enough to be used to calculate tail emission, since "stale" addresses are absolutely not lost. I have many such addresses which would be classified as stale and I can guarantee you they are not. How would this deal with the scenario where a few thousand "lost" bitcoin on a stale address suddenly becomes active again? You say to subtract the two totals, be left with a negative number and have to have negative tail emission? And how does that solve the problem of not enough block reward to maintain the security of the network, if you are now not only having no tail emission for a few hundred or even thousand blocks, but even forcing miners to burn all the fees from those blocks as well?

that's because it IS bad. what if you applied that same logic to some other money supply like the us dollar? if they didn't replace lost money, eventually there would only be one person or a small group of people with "all the money" however much that was.

why is that exactly?  i think people think that as more bitcoins are lost it makes their bitcoin go up in price but i'd argue that is just makes bitcoin less usable and available to people as a way to transfer digital cash.

the algorithm is to add up all the coins in burn addresses, OP_RETURN outputs and stale addresses. stale addresses are a bit tricky but the longer a particular address hasn't been used then you would count a larger percentage of its balance. that gives you a total lost amount for the current block. subtract the previous block's total lost amount and you get the tail emission amount for the current block.
 

in my algorithm i described above, it could happen that something we thought was a burn address turned out to have coins spent from it. or some stale address that hadnt been used in a long time suddenly transferred some coins out. then for that particular block, the total lost amount could potentially be less in value than the previous block's total lost amount. could be. which in that case would mean the tail emission amount for the current block could become negative in value. this negative value would need to be brought back to 0 by burning transaction fees for as long as necessary.

i keep hearing in this thread people saying having a tail emission is equivalent to stealing satoshis from every single bitcoin address. stealing from everyone. that's a strange way to look at it. don't we want bitcoin to be useable by as many people as possible? if so then having bitcoin go up in price forever and ever shouldn't necessarily be the driving force.

What do you mean? Proposing something doesn't make it an attack to be or not to be well-prepared for.
It is so disappointing watching you being distracted from the focal point: The zero subsidy security dilemma.

Nope. None of this is considered a preparation.
Even your favorite #2 scenario is not an answer, and surprisingly you already know why, just check your own posts above thread. So, why in the hell you should get distracted? It looks more like a tit-for-tat practice, someone says something, and you find yourself somehow obligated to follow the conversation.

As a matter of fact, the whole microSatoshi, nanoSatoshi, picoSatoshi, … stuff discussed in the latest posts is totally irrelevant and absurd, still you continue following the game as well as others. You showed good insight when you joined @vjudue in bringing forward the only solution to the zero-subsidy dilemma: merge mining  side-chains, which relates this issue to the more general problems such as scaling, mass adoption, and centralization.

Apparently, not enough. 1 sat/vb is incredibly cheap for median-size transactions. If that becomes expensive, full nodes may change their local settings.

And they would set that pay rate, if there wasn't a need to pay less. But, there's competition. Miners who announce they will process 5 sat/vb transactions, will have a greater profit, because there's more demand for 5 sat/vb. And they can confirm this, just by adjusting the limit.

I'm sure some do, it's just the full nodes that don't relay them to avoid DDoS.

The nodes have no incentive to change it? The nodes are the users. Those who pay the MIN_RELAY_TX_FEE.

Why not? You can use multiple outputs. If you have one digit, and you want to represent 2.3, then you can store 2.0 in one output, and 0.3 in another output. And here, by taking one byte, you will have 64-8=56 bits. It should be accurate enough.

Names will be invented as needed. In the past, there was no name for the smallest on-chain unit. Initially, in the code you had just "coins (1 BTC) and "cents" (as 0.01 BTC), because there was no need for smaller units. So, if there will be such need, then some names will be invented. And you can always use kilosatoshi (1000 sats) or megasatoshi (0.01 BTC), then total supply is just 2,100 terasatoshis.

Obviously in the script. You can use " OP_DROP" inside outputs, or " OP_DROP" inside inputs. Also, you can use other opcodes, like OP_ADD, to sum amounts, and do other calculations on them. If you use it inside outputs, then it would be fully compatible with existing system. And when it will be inside inputs, it will be delayed to the moment of spending (and could be invalid, that would mean such coins could be just unspendable).

The first problem is that you can never know, how many Bitcoin are actually lost forever. Some might just not be moving it and it’s not even lost, some could be recovered in the future, then they’re not lost forever. It’s impossible to track this accurately, literally impossible. It can only be based on an estimation that has no real data, which is problematic when you want to introduce a rate of new coins that want to balance out coins being lost. Either it will be too much or not enough. If it’s too much you’re debasing the currency, if it’s not enough it didn’t prevent all coins being lost. But in any scenario you’re adding drawbacks to Bitcoins properties.

Also it’s not a constant and probably fluctuating, but we can’t even possibly know. What i think is that coin loss will slow down dramatically over time, and it will take so long till all would be lost, that it doesn’t matter for humanity anymore. Some coins are just secured too well, to be lost in a scenario that would matter. If something like coin loss abruptly reaches a critical level for whatever reason, people in the future can propose solutions to it, because a tail emission would not even be enough in any such scenario.

Tail emission also ignores factors as market value, distribution/ cost of mining. Or the effect debasement has on later holders too, also just giving miners new coins doesnt guarantee they will hit the market in the future and be distributed. Because if miners settle their bills in Bitcoin in the future these coins only reach asic producers and energy providers. So you risk a cantillon effect, where money isn’t even distributed to newcomers anymore. The less relevant fiat becomes, the more strong this effect will be.