
BitTorrent Inventor Bram Cohen Will Start His Own Cryptocurrency - tgragnato
https://torrentfreak.com/bittorrent-inventor-bram-cohen-will-start-his-own-cryptocurrency-170424/
======
wmf
Primary source if anyone's interested:
[https://cyber.stanford.edu/sites/default/files/bramcohen.pdf](https://cyber.stanford.edu/sites/default/files/bramcohen.pdf)
[https://www.youtube.com/watch?v=aYG0NxoG7yw&feature=youtu.be](https://www.youtube.com/watch?v=aYG0NxoG7yw&feature=youtu.be)

Of course, the Internet doesn’t remember that he worked on cryptocurrency
almost 20 years ago (with Zooko of ZCash) before he started BitTorrent.
Pepperidge Farm remembers.

~~~
ecesena
Does anyone have more details on slide 9 "Proof of time: Modular roots"?

> In group of order 2^k, square k-1 times to find a square root

I don't want to say anything stupid, but I don't know if this is trivially
true, for instance in [the multiplicative group of] a field of char 2, square
is linear and so it's square root.

Edit: to clarify, in a field of char 2 the multiplicative group has order
2^q-1, which can't be 2^k. I'm just giving this as an example of a group where
square root is fast.

~~~
tromp
getting the square root of x from k-1 squarings means (x^(2^(k-1))) ^ 2 = x,
or x^(2^k) = x. so x has multiplicative order (2^k)-1, which is the order of
GF(2^k) under multiplication.

~~~
gizmo686
But the group has order 2^k. Since the powers of x (for any group element x)
form a group themselves, Lagrange's theorme tells us that the order of x must
divide 2^k. This should mean that it is impossible for x to have order
(2^k)-1. If fact, it means that x^(2^k)=1.

Further, if you are given the value y=x^2, then _no_ power of y will give you
x.

~~~
tromp
The finite field GF(2^k) has order (number of elements) 2^k, but its
multiplicative group has the (2^k)-1 nonzero elements, and thus order (2^k)-1,
which squares [pun intended] with the fact that x^(2^k-1) = 1.

------
cbisnett
“Sometimes people have this misapprehension that Bitcoin is a democracy. No
Bitcoin is not a democracy; it’s called a 51% attack for a reason. That’s not
a majority of the vote, that’s not how Bitcoin works.”

So I get that he's trying to get at the fact that it's not a large majority,
but 51% is a majority.

~~~
astrodust
Technically 50.0001% should be sufficient, but that doesn't sell as well in
the press.

It's odd that it wasn't architected to require a super-majority of 60-66% from
the outset. That would make it more resilient.

~~~
mquander
Can you think of a plausible architecture that would satisfy that constraint?
I'm not an expert but it's not obvious to me how to do it.

~~~
astrodust
You can define your consensus requirements when designing your system. The
default is simply majority rules, though in degenerate cases (e.g. two nodes)
you can have conflict.

If instead it'd been defined as requiring a two-thirds majority then that's
how consensus would be achieved. The system would simply halt until that came
about.

~~~
SirensOfTitan
The 51% attack works because you can use the majority of CPU hash power to
write a longer chain faster than the rest of the network.

I don't quite follow what you mean here: longest chain wins is a central tenet
of cryptocurrency design, and even if you did something with consensus in the
product a majority could still hardfork away from that design. Am I missing
something here?

~~~
hujun
the value of 51% is something I failed to understand , wouldn't the attack
also works even the attacker has less than 50%, but bigger than any other
individual miner? for example if there are 3 miners in total, A has 40%, B and
C has 30% each, wouldn't A still able to write a longer chain faster than B or
C?

~~~
hujun
"A is working on one chain but B and C are working together on another chain,
so the A chain has 40% and the B/C chain has 60%."

but if B and C are working together, it implies there is some sort of
relationship between them so they could be coordinated together(e.g. owned by
same org), this not the case I am trying to use here; my case is really 3
independent miners

~~~
wmf
The default behavior of Bitcoin is for all miners to cooperate even if they
are independent.

------
gkfasdfasdf
It would be interesting to know more about how to make mining dependent on
space and not cpu. Seems like you could use cpu to compress and create more
space, thus pinning it back to cpu?

~~~
sigil
There is such a thing as a Memory Hard Function (MHF). cperciva's scrypt was
designed to be one, and was subsequently proven to be maximally memory hard.

[https://eprint.iacr.org/2016/989.pdf](https://eprint.iacr.org/2016/989.pdf)

Litecoin uses scrypt.

~~~
cperciva
Litecoin doesn't use scrypt. It uses a nerfed variant of scrypt which is not
memory hard.

~~~
sigil
Thanks for the correction. I have no idea why they would do that, do you?
Isn't memory hardness the entire point?

------
Kinnard
How is this going to be better than scrypt PoW which is designed to be more
decentralized by requiring a lot of memory?

~~~
wmf
Scrypt (the version that cryptocurrencies use) is broken, but if you compare
memory-hard PoW such as Cuckoo Cycle against proof of space we can assume that
most people have more unused storage space than unused RAM and thus space is a
cheaper resource, possibly leading to more decentralization.

~~~
mintplant
> Scrypt is broken

Broken how?

~~~
tromp
Proof of Work demands cheap verification, but Hashcash with scrypt requires as
much memory and time for verification as a single solution attempt.

So while scrypt itself is not broken, its feasibility in a proof of work
system with a serious memory footprint (e.g. exceeding a single DRAM chip) is.

------
TheAceOfHearts
Forgive my ignorance here, but it seems like everyone and their grandmother
has been starting their own cryptocurrency lately... Why is this noteworthy?
I'll admit that I'm still largely ignorant as to why so many people consider
cryptocurrencies to be such a big deal.

~~~
notliketherest
Pump and dump. Coins with a higher market cap feed the buying of coins with a
lower market cap. As the founder of a coin you have all the initial coins
since you were the only one mining (if your coin is premined, even better).
Once your coin starts gaining traction, you pump up the price and then dump.
Cha-ching.

~~~
freehunter
This is the answer. Everyone wanted to make "... but on the Internet" because
there was money in it. Then everyone wanted to make "Facebook, but for..."
because they could get money. Now everyone wants to make cryptocurrency or do
blockchain stuff because people are still willing to spend money on it.

It's the hot new thing, there's a frontrunner but not an established winner,
and investors are still willing to give people money for it.

------
polyomino
Worth noting, there is already a coin called burstcoin that does what he's
proposing.

~~~
ozten
This is addressed in the Youtube page's comment section by Bram Cohen

"Burstcoin is busted. For proofs of work you can throw any random bullshit
together and it will be a functioning proof of work. Proofs of space aren't
like that.﻿"

~~~
polyomino
That quote is unsubstantiated. Burstcoin has been working fine for years.

