
Proof of burn: An alternative method for distributed consensus - ghgr
https://en.bitcoin.it/wiki/Proof_of_burn
======
al2o3cr

        (regarding the true randomness source) I believe there
        would be no trouble propagating this to all nodes, by
        out-of-band means if necessary.
    

Similarly, surviving on a deserted island is easy - I believe you'll have no
trouble finding a can opener and plenty of canned food.

If your solution to a distributed consensus problem _starts_ with "assume all
parties cooperate and agree on a continually-updating feed of data", it's not
exactly compelling.

Also, there's no need to make up words like "remurrage" \- economics already
has "deflation" for when HODLing currency returns a positive amount.

~~~
contravariant
Similarly they write:

>There are in fact some further issues, to do with making sure it's not cheap
for a miner to re-exhibit their proof (of having performed a suitably
substantial burn a suitably long time ago) on multiple competing chains.
Details to follow.

which kind of seems like a major omission, as this is the _one thing_ a proof
of X should protect against.

~~~
DennisP
Seems like that could be defended with Casper's approach: use security
deposits, slash them for burn reuse, and reward anyone who provides proof of
reuse.

~~~
runeks
The problem is that the miners -- whose fraud is proven with a transaction --
have the responsibility of including this transaction in the chain they
control. Which means the only solution is to fork: now we have two or more
chains (any number of valid chains which includes this proof can exist) -- how
do we reach consensus on which to follow?

Before the fraud, the miners were allegedly responsible for reaching
consensus. And when they commit fraud, it's assumed that the network can reach
consensus without the miners (on a single, valid chain which includes the
proof of miner fraud). If everyone except the miners were able to reach
consensus on a single chain in the first place, why did we need the miners?

~~~
DennisP
Aren't you assuming the miners are all working together in a coalition? You're
pretty much screwed anyway if that's the case.

------
wildbunny
I did a bunch of analysis on proof of burn, and came to the conclusion that it
cannot work in practice because it relies on transactions in order to burn,
which themselves are subject to consensus.

You can read my detailed analysis here:
[https://bitcointalk.org/index.php?topic=1182677.0](https://bitcointalk.org/index.php?topic=1182677.0)

Cheers, Paul.

~~~
barbegal
And the same applies to proof of stake. You need some form of external
randomness to give you security. Of course many people have tried to come up
with schemes where randomness can be created fairly by a group of people who
don't necessarily trust each other [1]. Unfortunately all these schemes
require at least half the participants to be honest so are vulnerable to
trivial Sybil attacks. And the only way we know how to prevent Sybil attacks
is to use proof of work or some sort of centralised system: leaving us back
where we started.

I am convinced it can be mathematically proven that Proof of Stake/Burn
algorithms don't work (without some sort of external randomness) but I don't
have the mathematical skill to produce the proof.

[1]
[https://eprint.iacr.org/2017/216.pdf](https://eprint.iacr.org/2017/216.pdf)

~~~
timjver
Doesn't the Proof of Stake algorithm protect against Sybil attacks by trusting
participants based on how much they are staking?

~~~
ufo
The issue is in a lower level than that. A proof of stake system will want to
randomly choose who gets to mine the next block, weighted by how much everyone
is staking. But making this choice depends on everyone agreeing on a source of
randomness, which is what the previous posts were talking about.

------
brndnmtthws
I'm not entirely convinced that cryptocurrencies require fee incentives to
stay secure. Most people using a currency aren't interested in the 'value' of
a transaction, but rather, they want to perhaps pay a vendor or simply hold a
balance. The miners (or stakeholders, in proof of stake) act in order to earn
a profit, and may not actually act in the best interests of currency users
(including holders and vendors). Miners and stakers are, in a way, just
siphoning off profits, and it might be true that actors in the system would
still behave honestly without the mining/staking incentives.

I wrote a blog post about this: [https://medium.com/@brndnmtthws/questioning-
assumptions-do-c...](https://medium.com/@brndnmtthws/questioning-assumptions-
do-cryptocurrencies-need-fees-827c8f825e34)

~~~
kneel
You can't have a decentralized, secure network without fees.

PoS doesn't work by itself, anyone who tells you otherwise doesn't understand
the underlying security of a decentralized blockchain.

A saw a nice rant on twitter the other day about this very subject:
[https://twitter.com/hugohanoi/status/951762596255838209](https://twitter.com/hugohanoi/status/951762596255838209)

You CAN have a PoS network built on top of a PoW network(LN) but there will
still be fees.

~~~
jessriedel
This is not a useful rant. 90% of it is bad and completely unconvincing
argument by analogy.

> Everything in our world ultimately translates back to energy, at the lowest
> level. You are energy. I am energy. Blockchain is energy.

The remaining 10% could plausibly be gesturing at a real argument, but it's
way too vague and hand-wavy. It repeatedly says PoS is impossible, but then
ends up admitting that it boils down to complicated questions about the
stability of certain equilibrium.

~~~
kneel
>90% of it is bad and completely unconvincing argument by analogy.

What analogy?

~~~
krinchan
The idea that somehow the law of conservation of energy applies to the
security of block chains, or computing in general. The fact that tweets 1-20
come from a cryptocurrency developer is terrifying, because it reads like a
speculator trying to drive down Ethereum. I get what the developer is trying
to say, but it all falls apart once they tie "electricity expended in Proof of
X directly maps to amount of ledger security".

Tweets 21+ are actually reasonable and well thought out. It's that whole
nonsense in the first 20 that just poisons the whole thread.

I completely agree that PoS assumes that bad actors are at best a group of
Chaotic Evil backstabbers and that there'd never be a massive organization of
Lawful Evil people rewriting the block chain. Furthermore, it doesn't account
for a group of possibly Chaotic Good miners "correcting" a coin heist by
rewriting the block chain. It is the stance of a majority of cryptocurrency
participants that such a power is corrupting and that no matter what, the
block chain must stand immutable.

~~~
kneel
>"electricity expended in Proof of X directly maps to amount of ledger
security"

That is absolutely true, this subtlety seems to be lost amongst all the hype.

Try to manipulate the BTC ledger, it's technically possible but not really
affordable/feasible.

~~~
krinchan
Reduced, the assertion made is: Because Proof of Stake requires less energy
and is less secure than Proof of Work, all block chains are secure if and only
if computing blocks requires a large investment of energy.

I don't think Proof of Stake is sufficient evidence to make that assertion.
The source makes me even more skeptical, as they are invested in Proof of
Work's continued dominance.

------
sillysaurus3
Aha.

When I was thinking of how to set up a distributed marketplace, I came up with
Proof of Burn myself.

The idea would be that you want sellers to pay something to participate in the
market, but it's not fair for them to pay it to a central authority. So the
solution is to burn some coins.

I should really put together the rest of the ideas into a whitepaper or
something... There's a way to do a distributed marketplace in a fair and
reliable way. There are a few people trying to do that currently, but most of
them seem hung up on some weird design decisions.

Mainly you want to be able to see how many orders a seller has "in flight" at
any given time. If 30 orders are placed, and the seller hasn't processed any
of them, it's a good sign they're going to welch with the coins. The fact that
certain currencies are publicly viewable (BTC for example) allows buyers to
have those insights into sellers' activities in a distributed fashion.

~~~
contrarian_
> The idea would be that you want sellers to pay something to participate in
> the market

What? Why would you want to do that beyond covering expenses for scam
prevention?

~~~
sillysaurus3
Trust level. If you see a seller advertise 1 teddybear for sale, and you know
they burned 3 teddybears worth of coins just to offer you that first
teddybear, you can be pretty certain they're not going to run off with your
money.

On the other hand, if a new seller didn't spend anything, they could run off
with your coins on the first transaction.

This isn't just theoretical; it's the central problem in most darknet markets.

~~~
lifeisstillgood
And if they are participating just to build a sufficient level of trust before
doing a runner, then you are saying there must be a ratio of "trust to stake"
\- maybe 1:1 at first maybe increasing - it would be interesting to know what
market makers in stock exchanges run at - 1:10 or more?

------
em3rgent0rdr
Another green method for distributed consensus:
[https://en.wikipedia.org/wiki/Proof-of-
space](https://en.wikipedia.org/wiki/Proof-of-space)

Basically anything which is cheap to verify but costly to prove could be used.

Proof of burn and proof of stake both ultimately destroy resources. But what
if the proof is something that can be used by humanity? Like proof of charity?
So instead of sending the coins to an unspendable address, you send the coins
to an address which is a charity, such as the Pineapple Fund? Of course such a
charity would need to have strict controls on it such that it doesn't funnel
misuse the money (such as mining for itself), but actually performs charity.

~~~
em3rgent0rdr
Brainstorming about ways to prevent misuse of the coins used for mining.
Having the charity be operated by humans might be problematic (cause as we all
know humans are corruptible). So might be better to have the charity be
operated algorithmically, ideally via a smart contract. And dumber algorithms
might be better since complexity provides more opportunities to exploit.

Since people seem to like the idea of basic income, what if the charity
address was exactly that...a basic income provider, which would evenly send
out received coins to every real human who registered their own basic income
address?

------
wyldfire
Proof of burn is leveraged by Counterparty [1]. Counterparty is a colored-coin
system that uses Bitcoin. You can create tokens in it just like Ethereum.

Bitcoin's enormous popularity and ensuing transaction fee growth has made
counterparty much less useful IMO.

[1]
[https://en.wikipedia.org/wiki/Counterparty_(technology)#Use-...](https://en.wikipedia.org/wiki/Counterparty_\(technology\)#Use-
cases)

------
viach
I think proof of burn could work in case of 2 blockchains - first is powered
by good old proof of work, second is using proof of stake. Proof of stake
validators could burn coins in 1st blockchain and reference these transactions
from the 2nd. Actually, there could be > 1 proof of stake blockchain
parasitising on a shared proof of work blockchain. Oh ok, seems like a white
paper just born...

~~~
lucb1e
But if your good blockchain depends on a bad one (i.e. burning real-world
resources), how is it ever going to require burning less real-world resources
than only having a bad one? If you propose to just burn less, then any
attacker is going to attack the weaker chain.

~~~
viach
Yes, there is still burning of electricity, in this scheme, but the number of
dependent PoS blockchain can be many times > 1\. So that we burn real energy
once and build many energy efficient blockchains on top of it.

------
miguelrochefort
Such a currency would destroy PoW coins, putting an end to the environment
impact of mining.

------
eximius
Does this have any benefits whatsoever over Proof of Stake?

(I admit, I couldn't finish reading. The writing style was awful and seemed
technically incompetent, though that's probably an unfair assessment from the
_style_.)

------
Ceezy
I m confused why would burn your proof of work coin? Proof of work is slow
energy ineficient, does it changes that?

~~~
em3rgent0rdr
> "why would burn your proof of work coin?"

You burn your coin to prove that you endured some cost.

Why do you have to prove that you endured some cost? So there is a cost to
mining. Why does there need to be a cost to mining? To disincentivize
dishonest mining.

> "Proof of work is slow energy ineficient, does it changes that?"

While it doesn't change the proof of work, it does allow that wasted money to
be shared by multiple proof-of-burn chains. Remember, it is not the individual
coins which are energy inefficient, it is mining which is energy inefficient.
There isn't a limit to the number of coins which can be stored in a block,
though, so there isn't really a large energy cost of an individual coin.

------
libeclipse
> ...that is, sent them to a verifiably unspendable address.

How would you accomplish something like this?

~~~
em3rgent0rdr
maybe by sending to an address which couldn't be possibly generated. Such as
maybe address 0 (or another address which could be provable to not be able to
be generated).

