Pages:
Author

Topic: [XPM] [ANN] Primecoin Prerelease Announcement - Introducing Prime Proof-of-Work - page 17. (Read 71645 times)

full member
Activity: 224
Merit: 100
Can we use CGMIner for this coin??  And what version.. The CPU only or the GPU??
sr. member
Activity: 422
Merit: 250
Finally something that will actually have real value.
I wouldn't go that far.

I know not yet. But I would like to see a proof of work linked to something like finding new primes and this project is the closest I've seen.
sr. member
Activity: 422
Merit: 250
for a POW algorithm to be useful for blockchain verification it must be

 - hard to derive (for transaction verifiers)
 - controllable difficulty (so as more nodes are added, the difficulty can rise)
 - easy to prove (for relaying nodes)

hash algorithms are good here.  An algorithm with primes sounds like it would be based around the factorising problem (e.g. as used in RSA) - but the question is how Sunny has designed it to be variable - perhaps the difficulty is set by the length of required prime in bits, and the POW is two primes and a factor that meet the difficulty.  This would be very very ASICable compared with scrypt, but I don't think any off the shelf ASIC cores would exist (unlike with SHA256)

Interested to see what Sunny has come up with here.

Will

Here is something which might work. It is based on Pratt certificates (see http://en.wikipedia.org/wiki/Pratt_certificate).

Mining process
The miner attempts to find a large prime n which has the following properties:
  • The most significant 256 bits are equal to the merkle root
  • The prime is large enough to meet the difficulty target
The miner can do this by trying random large integers (the least significant bits are the "nonce") and running many iterations of the Miller-Rabin test. With enough Miller-Rabin iterations, the miner can be quite confident that they actually have a prime.

Proof of work
To generate the proof of work, the miner generates a Pratt certificate for their large prime n. Generation of a Pratt certificate is very hard; it requires the factorisation of n - 1, which is requires exponential time in the size of n. Yet it is easy to verify a Pratt certificate; verification is polynomial time in the size of n. For example, factorisation of a 1024 bit integer is about 7 million times as difficult as a 512 bit integer (according to http://en.wikipedia.org/wiki/General_number_field_sieve), yet it is only 16 times as difficult to verify.

This meets the criteria for a useful proof-of-work: hard to generate, easy to verify, adjustable difficulty and incorporates the merkle root.

Mining pools are more complicated to implement, since integer factorisation is not as trivially parallellisable as hashcash. This might explain why the initial client is solo-mine only.

It also has the property of being sensitive to improvements in factorisation algorithms. This makes it somewhat resistant to ASICs, since algorithm improvements may invalidate ASIC designs, so ASIC developers may not wish to take on the risk.

(Edit: linear -> polynomial)

I'm very excited about this coin. Finally something that will actually have real value.
member
Activity: 78
Merit: 11
Chris Chua
for a POW algorithm to be useful for blockchain verification it must be

 - hard to derive (for transaction verifiers)
 - controllable difficulty (so as more nodes are added, the difficulty can rise)
 - easy to prove (for relaying nodes)

hash algorithms are good here.  An algorithm with primes sounds like it would be based around the factorising problem (e.g. as used in RSA) - but the question is how Sunny has designed it to be variable - perhaps the difficulty is set by the length of required prime in bits, and the POW is two primes and a factor that meet the difficulty.  This would be very very ASICable compared with scrypt, but I don't think any off the shelf ASIC cores would exist (unlike with SHA256)

Interested to see what Sunny has come up with here.

Will

Here is something which might work. It is based on Pratt certificates (see http://en.wikipedia.org/wiki/Pratt_certificate).

Mining process
The miner attempts to find a large prime n which has the following properties:
  • The most significant 256 bits are equal to the merkle root
  • The prime is large enough to meet the difficulty target
The miner can do this by trying random large integers (the least significant bits are the "nonce") and running many iterations of the Miller-Rabin test. With enough Miller-Rabin iterations, the miner can be quite confident that they actually have a prime.

Proof of work
To generate the proof of work, the miner generates a Pratt certificate for their large prime n. Generation of a Pratt certificate is very hard; it requires the factorisation of n - 1, which is requires exponential time in the size of n. Yet it is easy to verify a Pratt certificate; verification is polynomial time in the size of n. For example, factorisation of a 1024 bit integer is about 7 million times as difficult as a 512 bit integer (according to http://en.wikipedia.org/wiki/General_number_field_sieve), yet it is only 16 times as difficult to verify.

This meets the criteria for a useful proof-of-work: hard to generate, easy to verify, adjustable difficulty and incorporates the merkle root.

Mining pools are more complicated to implement, since integer factorisation is not as trivially parallellisable as hashcash. This might explain why the initial client is solo-mine only.

It also has the property of being sensitive to improvements in factorisation algorithms. This makes it somewhat resistant to ASICs, since algorithm improvements may invalidate ASIC designs, so ASIC developers may not wish to take on the risk.

(Edit: linear -> polynomial)
hero member
Activity: 766
Merit: 621
Own ONION
It would be great if we can integrate into the Mersenne prime search, which requires a lot computing powers. This way the miners will do something useful...
http://www.mersenne.org/

It can't use mersenne primes, unless you want only a block per year.

This is not true, one mersenne computation is broken down to many smaller pieces, can be perfectly integrated
sr. member
Activity: 686
Merit: 259
Botnets can be used to mine with CPU as much as they can used to mine with GPUs.
Botnets are on computers of non-tech-savvy users, i.e. usually no or crappy GPU.
Botnet owners, most of the time, aim at gaming users, to get good GPUs.
Most "silent miners" offer GPU mining too nowadays.
sr. member
Activity: 686
Merit: 259
Hard to get excited about a CPU proof of work coin.  How will you defend against botnets ?
Botnets can be used to mine with CPU as much as they can used to mine with GPUs.
hero member
Activity: 1395
Merit: 505
Hard to get excited about a CPU proof of work coin.  How will you defend against botnets ?
newbie
Activity: 32
Merit: 0
I am curious as to why the innovative POW in Primecoin couldn't have been engineered into the the next version of PPcoin.  I feel that the chain is still young enough to allow for such major paradigm shifts even if there had to be some massive POS transaction into the new PP(Prime)Coin version.
hero member
Activity: 583
Merit: 505
CTO @ Flixxo, Riecoin dev
  • Pure proof-of-work, no proof-of-stake (unlike ppcoin), not energy efficient, but with additional potential scientific value derived from proof-of-work energy consumption (energy multiuse)

What kind of scientific value?

I believe he is referring to finding high number prime numbers. Which actually can be quite difficult. Since the spacing of each prime number increases exponentially.
I believe he is referring to finding high number prime numbers. Which actually can be quite difficult. Since the spacing of each prime number increases logarithmically.
FTFY
full member
Activity: 383
Merit: 100
  • Pure proof-of-work, no proof-of-stake (unlike ppcoin), not energy efficient, but with additional potential scientific value derived from proof-of-work energy consumption (energy multiuse)

What kind of scientific value?

I believe he is referring to finding high number prime numbers. Which actually can be quite difficult. Since the spacing of each prime number increases exponentially.
full member
Activity: 154
Merit: 100
CoinTropolis
A alt coin by a respected developer and with a totally unique proof of work scheme, this is going to be huge!

Cause we just neeeeeed more altcoins. Since, there just aren't enough...

We need more innovative alt coins. There have been none since ppc/ nmc in my opinion

Sorry I forgot how innovative DGC and FTC are  Roll Eyes

How cute, an FTC swipe. You do realize Sunny contributed a little code on the FTC hard fork right? Anyway, back to Primecoin.

I deeply respect Sunny's work and commitment to the community.  If more people spent time contributing and less time swiping, we'd be in a far different place. This project is exciting, I'm interested to see what where the community takes this project. +1
full member
Activity: 238
Merit: 119
It would be great if we can integrate into the Mersenne prime search, which requires a lot computing powers. This way the miners will do something useful...
http://www.mersenne.org/

It can't use mersenne primes, unless you want only a block per year.
newbie
Activity: 24
Merit: 0
Sounds great,most innovative coin the year!
sr. member
Activity: 588
Merit: 250
great idea, I like prime numbers, this is the prime number I found: 2232007*2^1490605 - 1‏, ‎448724 digits, lol
It would be great if we can integrate into the Mersenne prime search, which requires a lot computing powers. This way the miners will do something useful...
http://www.mersenne.org/
sr. member
Activity: 588
Merit: 250
great idea, I like prime numbers, this is the prime number I found: 2232007*2^1490605 - 1‏, ‎448724 digits, lol
sr. member
Activity: 266
Merit: 250
this math is a bit above my head, but maybe this HOL is the way to create proof of work? it looks like it breaks the process of finding primes into smaller "proofs of work"? or is this just a way to find primes faster? maybe the steps leading to finding the prime can be used as pow if each step is recorded.
 
https://code.google.com/p/hol-light/

https://en.wikipedia.org/wiki/HOL_Light

Still the first thing that comes to mind is rainbow tables(or even a dictionary type attack but with primes instead of passwords). Even if the proof of work gets hashed by the by value of block headers, something like a rainbow table would be a likely exploit. rainbow tables are used to crack wpa2 and probably other encryption too. A rainbow table for primes should work the same way. then the "miner" armed with the rainbow table would not even have to look for primes unless the prime number target to find a block increased to a prime so large it is unkown. difficulty of a prime can only be changed by looking for a larger unknown prime number. adding difficulty through any other method in the blockchain would just encourage a rainbow table type hack.

One way this would "work" and be unhackable / uncheatable is if the blocks are only rewarded upon finding a completely new and unknown prime. This would make the coin VERY scarce, and the difficulty would be absolutely insane, but that would be pretty damn cool though too. Every coin/block awarded would be a breakthrough in prime number math. with the amount of hashing power the btc community has i would not doubt that we could find a large amount of new primes.

If the object was to only find unknown primes, then any advancement that someone makes that would seem like a cheat would actually be a break though in prime number math. Same thing would have applied to folding if there were more incentive. The software that does the research always has room for improvement. Making sure that improvement is legitimate is the real trick.

still , all pokes to the theory aside, i think this coin should be launched. i dont see any harm of it as long as people dont get too crazy about the new coin and use their life saving to buy a bunch of them. ( which probably happens to some poor dude trying to make a dollar every time a new alt comes out). After a first launch of the coin we can just kick back and watch and see if the exploits surface. If they do, well, then you have more knowledge for improving  primecoin v2.0.


sr. member
Activity: 371
Merit: 252
This sounds great! I'm looking forward to this Optimus Primecoin. Just beware of the Decepticoins.
full member
Activity: 238
Merit: 100
Does Primecoin PoW fairness assume that the distribution of Prime numbers is random?  Hopefully not, because it's not really true: https://en.wikipedia.org/wiki/Prime_number_theorem
hero member
Activity: 2296
Merit: 506
Cryptocasino.com
untill there is a proven working concept - it is all just a hype. make it happen and then announce how awesome it is.
thank you!
Pages:
Jump to: