
Proof of Work Without All the Work - federicoponzi
https://arxiv.org/abs/1708.01285
======
nullc
I think the title and abstract of this are not very clear.

I gave it a fast skim to figure out what general class of thing it actually
is.

This should be compared with "proof of idle"
([https://www.cs.virginia.edu/~shelat/14s-pet/2014/02/11/proof...](https://www.cs.virginia.edu/~shelat/14s-pet/2014/02/11/proof-
of-idle.html)).

It is an online scheme for resisting sybil attacks in a P2P network where
nodes have cryptographic identities which works by periodically forcing all
users to do proof of work within a limited time window. Peers that don't
respond fast enough are banned from the system (have to create a new identity
to join, which is computationally expensive).

The idea is that this get some of the benefits of POW for sybil resistance
without spending as much energy.

It doesn't, however, produce a large amount of cumulative work building up
over a history. So it's not the sort of thing you'd want to use to protect the
history of a ledger directly.

~~~
SkyMarshal
One of the holy grails in cryptocurrency research is figuring out a PoW
alternative the provides similar security at reduced energy cost. A few other
examples:

1\. Bram Cohen's Proof of Space & Time:
[https://youtu.be/aYG0NxoG7yw;](https://youtu.be/aYG0NxoG7yw;)
[https://cyber.stanford.edu/sites/default/files/bramcohen.pdf](https://cyber.stanford.edu/sites/default/files/bramcohen.pdf)

2\. DFINITY VRF-based Threshold Relay:
[https://youtu.be/o8HHM18PedU](https://youtu.be/o8HHM18PedU)
([https://en.wikipedia.org/wiki/Verifiable_random_function](https://en.wikipedia.org/wiki/Verifiable_random_function))

3\. Algorand: [https://people.csail.mit.edu/nickolai/papers/gilad-
algorand-...](https://people.csail.mit.edu/nickolai/papers/gilad-algorand-
eprint.pdf)

These are some of the more interesting ones, but plenty of others.

~~~
thruflo22
Proof of useful work?

I.e. the problem is that hashing is wasteful. But we have demand for
distributed computing.

Could the work that's being evidenced actually be performing useful
computations? Perhaps by structuring a distributed computation platform that
accepted standard units of compute work. Like perhaps an Erlang reduction.

~~~
SkyMarshal
I would dispute the assertion that hashing is wasteful. That implies it's
inefficient or you're not getting something of equal value in return for what
you're paying. But in PoW you spend energy and get in return the security of a
global public accounting ledger, which has considerable potential social
value, easily comparable to the cost of it. It should not even be surprising
that such a thing has great cost, given that economics is certain of only two
things - incentives matter and there's no free lunch. There's no free lunch in
blockchain. (well, maybe there is, but it would take a considerable CS
breakthrough).

And if you're concerned about the environment, don't worry, most of Bitcoin is
secured by hydropower right now anyway, and in the foreseeable future will
probably migrate to solar power ([https://finance.yahoo.com/news/why-
california-giving-away-el...](https://finance.yahoo.com/news/why-california-
giving-away-electricity-132012579.html)).

~~~
canoebuilder
_which has considerable potential social value, easily comparable to the cost
of it._

The value is 'potential,' the cost is real.

What evidence or milestones are there to indicate this considerable potential
social value panning out is increasingly more or less likely? What exactly is
the social value that the average HNer could perceive firsthand, rather than
some mythical "unbanked" or whatever?

How long has bitcoin been around, a decade? Has anyone putting it to use in a
sustainable, self-perpetuating use case that isn't a dark market or
ransomware?

~~~
SkyMarshal
It's been around less than a decade and jury is still out whether it will even
succeed or not yet, hence why I wrote "potential". But assuming it does prove
sound and reliable over the long term, then its best value is as a hedge
against governments screwing up their currency, like Venezuela and other
distressed economies. There are already US dollar black markets in those
places, and new cryptocurrency black markets are starting to form now too.

As for "unbanked", I don't even know why you mention it unless you're setting
up a strawman to knock down. But here, let me do that for you - people who are
unbanked don't have access to financial services b/c they don't have money,
b/c they live somewhere that economic norms, institutions, and growth all have
problems that make it hard to create wealth. Solve those problems and the
banks and finserve folks will come running and those people won't be unbanked
anymore. But I have yet to see a good case for how cryptocurrency in its
current incarnation will solve those problems.

------
tromp
If new coins are distributed as block rewards, then collectively, miners will
spend (nearly) the monetary value of those coins in competition to solve as
many blocks as possible. In other words, any gains in marketcap will translate
to increased mining efforts. Paul Sztorc has written a lot more about this in
[http://www.truthcoin.info/blog/pow-
cheapest/](http://www.truthcoin.info/blog/pow-cheapest/)

~~~
qznc
If a cryptocurrency becomes too big to fail, then it seems inevitable that
nation-states and large corporations will mine it at a loss.

~~~
russdpale
If it is solar powered, I don't see how it will be mined at a loss? Power is
the number one cost, and we have a free unlimited supply of it.

~~~
tylersmith
PoW wouldn't work if power was free or unlimited.

~~~
tempay
It would, just the hardware/admin/maintenance costs would dominate instead.

------
alistproducer2
I'm in the process of auditing new low-power Po* algos for a crypto system I'm
researching. This paper needs a way better abstract. The math is
incomprehensible without knowing what it's end goal is. The paper uses
acronyms (ex "Good ID") before explaining what they are. Overall a poorly
written paper. The work maybe revolutionary, but what good is that if it's so
difficult to understand. People forget that the purpose of a paper is to
communicate your idea to other people. If it doesn't do that effectively then
no matter how awesome the work is, you've failed.

------
kanzure
Here's some "lore" around proof-of-work and why it must burn external
resources:

[https://download.wpsoftware.net/bitcoin/asic-
faq.pdf](https://download.wpsoftware.net/bitcoin/asic-faq.pdf)

[https://download.wpsoftware.net/bitcoin/pos.pdf](https://download.wpsoftware.net/bitcoin/pos.pdf)

[https://download.wpsoftware.net/bitcoin/alts.pdf](https://download.wpsoftware.net/bitcoin/alts.pdf)

------
ubaltaci
For those who interested in the topic. Nem uses something called proof of
importance
[https://www.nem.io/NEM_techRef.pdf](https://www.nem.io/NEM_techRef.pdf)

------
ForHackernews
Would this make it possible to implement a cryptocurrency that wasn't an
ecological disaster?

~~~
bmcusick
Bitcoin mines are in western China and Oregon precisely for the abundant and
cheap hydro power. That's not so bad, ecologically speaking.

Bitcoin is only as ecologically harmful as the source of the electricity used
to run the miners, and it's no more harmful than any other use of electricity.
If the world switches over to solar and wind as baseload power, problem
solved. If the world doesn't switch away from using coal, that's not Bitcoin's
fault. It's not a problem Bitcoin can solve.

~~~
the8472
If the world's economies ran on bitcoin we would need a stupendous amount of
energy to keep the miners running. That energy not being spent on something
else is a huge opportunity cost since many problems could be solved if there
were just enough spare energy..

~~~
bmcusick
> If the world's economies ran on bitcoin we would need a stupendous amount of
> energy to keep the miners running.

You've misunderstood something about Bitcoin if you think this is true.
Bitcoin miners use resources based on the logic of competing with each other
for the value of the mining reward, not based on the number of transactions
they process. If Bitcoin solved all its scaling problems so that everyone in
the world could use Bitcoin, but mining rewards remained constant, the
resources the miners expend to collect the reward wouldn't be any different
from today.

~~~
Nursie
I think you're underestimating the issue with attackers, if the world ran on
bitcoin, attacking it becomes much more attractive, so use must indeed use
more energy. It must use enough to make attacking bitcoin very unattractive.

~~~
bmcusick
No, sorry, that's not how Bitcoin works either. If the whole world used
Bitcoin and the market cap of Bitcoin was over a trillion dollars, a 51%
attacker could still only double-spend its own transactions. As long a public
key crypto is secure, you cannot just re-write arbitrary Bitcoin balances into
your own wallet even if you had 100% of the mining power. Therefore the
incentive to attack Bitcoin is only as big as your own Bitcoin holdings, not
the value of the entire market cap.

~~~
Nursie
>> Therefore the incentive to attack Bitcoin is only as big as your own
Bitcoin holdings, not the value of the entire market cap.

That's not quite true though is it? They could certainly (for instance) block
transactions and generally hold the whole thing to ransom.

You're right, it doesn't have the financial incentive that you could (for
instance) steal coin, but you could potentially block all transactions that
don't have a considerable fee, for you, or just break stuff. Motives to do
that will become more pressing the higher value the network is to nation
states.

------
chairmanwow
There is something thoroughly logical about this approach to the unfortunate
waste implicit in Proof of Work (PoW) schemes.

In summary of the motivations of the paper: PoW is currently limited to
cryptocurrencies as a security system because of the implicit financial
incentive in mining coins. This approach could allow PoW schemes to be widely
adopted to secure systems as the overhead is lowered dramatically.
Additionally, battery powered devices (ie phones) could make use of PoW
without incurring large battery drains. This last bit is particularly
interesting and could allow some interesting, distributed P2P systems on
cellphones to arise.

The general principle of the paper revolves around asking network members to
prove computational power only as much as necessary as the network scales.
Because an attacker could easily spoof their MAC / IP address when joining the
network, computational tests are periodically distributed to network members.
If the test is unsolved in an allotted time period, their network membership
is revoked (and the node is blacklisted). The attack referred to in the paper
is an attacker adding bad (fake or otherwise) nodes to a system rapidly.

------
chj
“Consequently, if the network is attacked, our scheme guarantees security,
with algorithmic costs that are commensurate with the cost of the attacker.
Conversely, in the absence of attack, algorithmic costs are small.”

Hope it works.

~~~
empath75
The network will be under attack constantly.

~~~
KirinDave
Blockchain tech has a lot of potential uses outside of currency. In those
fields, the likelihood of a constant foreverwar amongst the contributors is
way lower.

Also, providing a sliding cost on the network might make the miners agree it's
more cost effective to step back from this breakneck energy-use-maximization
game they're playing.

------
csomar
So now we have click-baity academic papers? Can someone summarizes to me the
genius behind the idea? Because as far as my math goes, it is not
theoretically possible.

~~~
geofft
> _So now we have click-baity academic papers?_

As academic paper titles go this is pretty normal.

> _Can someone summarizes to me the genius behind the idea?_

I'm reading quickly, but I think the idea is that the reason we need proof-of-
work is to prevent Sybil attacks, that is, a single entity pretending to be
50% of the network via spoofed identities. So you have a concept of persistent
identity for each (apparent) member of the network, and you require nodes to
solve a computational problem when they join the network and also periodically
while they're in the network. This puts relatively little computational load
on each participant, but puts a lot of load on a long-term attacker, and even
more work on a short-term attacker who's trying to claim a bunch of identities
in a hurry.

I'm not sure how much this actually helps Bitcoin, since my impression is that
the computational load is what's needed to match the abilities of the
_legitimate_ members of the network. I guess the trick is that maybe you can
make the block-mining difficulty scale up less aggressively over time, but I'm
not following that logic yet.

~~~
geofft
Thinking harder I guess the only reason that mining difficulty is so
competitive is that there's a reward for mining, given to just the miner, so
the arms race is profitable (much as, say, the arms race for microsecond-level
tech improvements is profitable to HFT because even if two algorithms make the
same decision only one gets the purchase in first).

So if you get rid of that, and maybe add a nominal "reward" for solving the
puzzles to remain in the network and give it to _all_ participants, the
incentive to build giant mining farms goes away: the only reason to have
additional computational power is either to keep up with the network as a
whole (not the fastest person in the network) or to actually gain 50% of
computational power.

------
russdpale
When I read this: "This shortcoming is highlighted by recent studies showing
that PoW is highly inefficient with respect to operating cost and ecological
footprint." The moment we try and do away with this inefficiency we are going
against the entire solution of what bitcoin was going for: how to use all of
the inefficient computer parts laying around the globe for something useful?

It makes me think people just don't get it. High inefficiency is the _ENTIRE_
point! It gives rarity to the coin. That 10 minute block time is the same as
compressing millions of years of geology into 600 seconds. It is fundamentally
sound mathematics, and ultimately, _that_ is why it holds its value. It is not
meaningless mathematics, people who say that don't understand fully as to what
they are talking about, imho.

~~~
wlesieutre
You're misinterpreting what people mean by "inefficient" in this context.

The bitcoin mining ASICs are extremely efficient _at mining bitcoins_. You
can't mine them with an old GPU and expect to make back more money than you
spent on electricity.

But the choice to mine bitcoins at all is (arguably) an inefficient use of
resources that could have been used for pretty much anything else. There's no
shortage of useful problems to be worked on by supercomputers and the world
would be better off if we did that instead of mining cryptocurrencies. But the
economic incentives aren't there.

EDIT: Reading your comment again, I think I was a bit quick on the "you're
wrong" here. ISo to clarify, I do agree that inefficiency is at the core of
the bitcoin mining ecosystem, but it's all about the "we have to spend a bunch
of energy that could've done a lot of other things" inefficiency, not an
individual "we can use old hardware for this" sort.

~~~
Nursie
When you look at it from that angle, Bitcoin becomes a very interesting hack
on economic incentives (and how they don't always map to useful real-world
activity)

~~~
jstanley
Whether you think Bitcoin mining has real-world utility or not depends
entirely on whether you think Bitcoin has real-world utility or not.

Without Bitcoin mining, there is no Bitcoin.

~~~
Nursie
Certainly, but whether you think bitcoin has any real-world utility, bitcoin-
mining certainly has economic incentives.

