Topic: Transaction Fee Alternative for Bitcoin, Proof of Individual Work (Read 238 times)

Quantum computers are better than normal computers for other things, but factoring large numbers is not (and never will be, imo) one of them.

There is no incentive for a miner to mine free transactions, but we can remove any disincentive.  

Thanks for that, but the reason you would want to include free transactions is to improve BTC utilization in poorer countries, or do you like loosing (so far 62%) of the crypto marketshare to altcoins mainly because they have cheap transaction fees?

Not exactly. Some years ago there weren't enough transactions to fill the block so the choice was either to leave the block not-full or include all transactions in mempool that included transactions with 0 fee. Nowadays the mempool is crowded with transactions and blocks are almost always full so there is no reason to include "free" transactions.

Something similar to what I am thinking has been done before in bitcoin, basically there (used to be?) A portion of every block that was set aside for free transactions.

I like this idea of individual proof of work. Plus it's old school i.e. based on infeasibility of factoring. Problem is it's vulnerable to quantum computers.

Another potential issue is when you try and mix "free" and non-free transactions, miners are always going to favor including the non-free ones in a block so the ones that are "free" are not prioritized and might get ignored. Which would mean that the person that did the individual proof of work wasted cpu. What's the incentive of a miner to include a transaction that doesn't have a fee attached? if there is none then it doesn't seem like this could work.

What stops large farms or botnets from dominating this by hunting through different nonce each set of transaction? Does this impose additional penalty on each node since the factorization has to be done on each transaction when it gets relayed?

Another point that I'd like to highlight is with the block rewards. Would the total supply of the coins be capped or have an increased inflationary trend? The compensation for this has to be adequate to maintain network security while allowing a proportion of the transactions to be essentially free.

Yes the poiw (or ipow) should match  the cost of the transaction fee as best as possible.  It could be possible for this to automatically scale up or down.  One other point I do want to make though is that time is money and you have to take into account PC opportunity cost and the opportunity cost of waiting 8 hours or whatever number to complete your transaction.  People will pay more just to not have to wait, since factoring a large number is non-parallelizable they will have to wait no matter how powerful computer they are using (powerful computers can do it faster though,)

Every year the network should revisit the requirement and make sure that it takes roughly a given timeframe on a decent desktop per kilobyte, say 8 hours for 1kb (so you could run it while you sleep).

Question: won't this mean that no one will use coins to pay transaction fees? ↑

No, this process is designed to take time and so just paying the very small transaction fee will probably almost universally be done, especially for financial transactions which people need done quickly.

The primary way that miners are incentivized to hold the blockchain and provide proof of work (profun work) is the block reward which ever so slightly increases with time to make sure they stay incentivized forever. Miners also earn the small transaction fees. Unless there are 10 million transactions every 7 seconds on the network, the fees collected would be (much) smaller than the block reward.

So the only real reason we need to collect fees for transactions is to prevent spam transactions, people maliciously trying to slow down the network.

Well as an optional alternative to transaction fees (transaction fees are still accepted and are convenient and cheap), we can achieve spam prevention by allowing people to provide thier own proof of work to make spamming impractical.

Factoring a large number (over around 120 digits) is very challenging thing to do even with the technology we have today. In fact it is the proof of work in the CollectBit project. It is so hard that despite decades of research, GPU's and ASIC's have never been created that can do it, and no inventions have even been able to come up with a way it could be done practically. CPU's, the things in your desktop computer, smartphone, or servers can do it however. So what this means is that you can use your desktop to provide this proof of work and bypass paying a fee to post/transact on blockvault.

Here is how it would work: ↑

The network agrees on a difficulty per kilobyte. For example a 1 kb transaction could require factoring a 145 digit number. Each additional kb in the transaction could increase the digit requirement by 1. So for a 10kb transaction it would require factoring a 155 digit number. So this individualized proof of work would only be practical for a transaction smaller than a few kb. If you need to add more data to the blockchain just do it in several transactions.

1.You hash your proposed transaction and a random 6 digit nonce using shake256-1024.

2.Then you convert to base-10 (numbers).

3.Truncate this number to the first 145 digits (or whatever the length needs to be).

4.Factor this number (see DCN mining for more info).

5.Make sure the factorization meets the network requirements, if not go back to step 1 and pick a different nonce until it does.

The network requirements not only specifies the digit length of the number to factor, but also the requirements of the prime factors themselves. In CollectBit, we determined that the prime factorization must be only 2 prime factors, the smaller of the two must be at least 36% of the digit requirement. We should use this requirement here too, 36% was chosen because a GPU can ECM to 34%, and we don't want GPU's hunting for easy to factor numbers and not have to use CPU's.

For example if we are factoring a 145 digit number then the prime factorization must be exactly 2 factors and the length of the smallest factor must be greater than or equal to 0.36*145 so 52.2 rounded up to 53 digits. This makes sure that the factorization you perform as the proof of work really took you some time to complete.

Every year the network should revisit the requirement and make sure that it takes roughly a given timeframe on a decent desktop per kilobyte, say 8 hours for 1kb (so you could run it while you sleep).