Hacker News new | past | comments | ask | show | jobs | submit login
Beyond Bitcoin – Part II: Blockchain-based systems without mining [pdf] (iacr.org)
76 points by grey-area on Aug 9, 2016 | hide | past | favorite | 28 comments

This paper describes three alternatives to Bitcoin's proof-of-work: proof of blockchain storage, alternate proofs of work, and proof-of-stake. These ideas have come up many times in Bitcoin before.

1. Proof of blockchain storage: This provides no security on its own but has been suggested many times to prevent SPV mining.

2. Alternate proofs of work: the idea is to have "cheaper" proofs of work. One of the proofs of work is a "super-agent", which would basically make a federated system, not a distributed one. There are also arguments that cheaper proof of work will just mean proportionally more work is done: http://www.truthcoin.info/blog/pow-cheapest/

3. Proof-of-stake: https://download.wpsoftware.net/bitcoin/pos.pdf

There is another interesting idea buried in there: switch from a "lottery" to a "raffle" (their terminology). Or in more standard terms - change from a winner takes all distribution of rewards to a proportional distribution: everybody who mines the next block in the chain get some reward.

I did not see any ideas for how this could be implemented, but it could remove a drive towards centralisation from the current blockchain approach.

Don't mining pools do this already to some extent?

They do; but the proposed system would do the same thing in an entirely non-centralized way.

This would be a good thing because as it is now, there are multi-coins pools that will switch their users' hashing power to other chains depending on how profitable coins are. The concern is that large mining pools have a lot of combined hashing power and some dishonest ones could consider switching that power to specific coins not based on the revenue potential but for other reasons (51% attacks and the like).

What I'd love to see (don't know if this has been explored to some extent yet) would be proof of work but for useful work: think Folding@home or Einstein@home (BOINC stuff in general) in order to mine a blockchain.

It's very hard to do (if it is even possible) in a non-centralized way though. Who submits the work ? who validates it has been performed properly ? and so on.

The http://www.truthcoin.info/blog/pow-cheapest link given above explains why you can incentivise useful processing but it won't stop the 'waste' issue.

You also have the problem of regulating the difficulty if you want consistent rewards. Non-pure math problems aren't going to allow that.

This is Ethereum: "Mining" generates Ethers, but also runs code, potentially powering useful blockchain apps.

The current PoW algorithm in ethereum is ethash and does not perform useful work during coin generation, unless I'm mistaken. You spend ether to fuel useful work.

Also, Ethereum (forked) aim to switch to PoS soon (ETC may not).

Of course you are right, coin generation is a waste. The part where ether is changing hands for useful work is at least somewhat "useful".

Best we can hope for is a future blockchain that emphasizes this kind of work more. A seti@home-coin or cure-cancer-coin is, as you suggested, hard to implement.

The paper is badly written, and so I haven't invested the effort needed to clearly understand what they're proposing, but I see no indication that the authors understand the nature of the difficult problem solved by what we are coming to call Satoshi Consensus. Until they can give a clear description of the problem and why we struggled to solve it unsuccessfully for 15 years (to the point that most of us dismissed Bitcoin when it came out) I don't think it's worth listening to their proposals for solutions.

On page 4 the paper states

"if we outline a scenario in which Bitcoin reaches the same value of the current global fiat money supply, supposing that the energy consumption of global Bitcoin would grow linearly with its value"

This supposition is highly unrealistic, since the scenario will likely play out over many decades, during which there will be many block reward halvings (once every 4 years), which will severely dampen the energy consumption.

Viewed differently, each halving allows the value of bitcoin to double while maintaining the same energy consumption. At least until the reward drops to a level comparable to the transaction fees...

Why do you believe that? The last couple of halvings appeared to have little effect on the global hashrate, and so had little effect on the energy consumption.

The vast majority of Bitcoin mining is done by professionals. I doubt many people buy thousands of dollars worth of hardware to mine simply for fun. Miners are looking to profit.

People will mine the coin up until the point at which it becomes unprofitable. The cost of mining is more or less the cost of electricity (you can amortise the cost of the mining hardware over time). It makes sense to mine when the value of a coin is higher than the cost of the power used in mining it. Electricity cost is proportional to energy consumption. Hence, Bitcoin's energy consumption is proportional to its value.

Bitcoins energy consumption is related to the USD value of bitcoins mined every day, not the value of each individual bitcoin.

Consider the extreme case: Tomorrow, the block reward changes such that only one bitcoin is mined a day @ $600/coin. The hashrate would definitely drop in that case, even though the price stayed the same!

> The last couple of halvings appeared to have little effect on the global hashrate, and so had little effect on the energy consumption.

True, but the system was not at equilibrium--the cost to mine a bitcoin had not yet approached the value gained from selling one, so after the halving most miners were profitable, and the hashrate stayed the same.

Mining hashrate is related ot the value of bitcoin because mining is how you secure the existing bitcoins.

The more valuable bitcoins are, the more incentive there is to secure the system such that they retain their value and security.

> Miners are looking to profit.

This is true in a sense, but a majority of the mining is done by Chinese pools which do sell at a loss to the electricity costs even there. The losses are acceptable because it is used as a way to get currency out of the country.

A majority, you say? Where's your evidence of this, or are you making stuff up?

Bitcoin is certainly one way to get money out of China, but there has never been a shortage of ways to do that:


Chinese capital controls seem to be distorting all kinds of markets. Around here (SoCal) I've heard of Chinese "investors" buying houses at 5-10% over asking sight unseen and not caring about possible depreciation because it's a way to get money out of China. Losses as high as 25% are apparently acceptable to some people looking to get past capital controls.

Well a halving halves as much value you get per kwh of energy spent if the hashrate stays the same. So it will eventually hit a point where a halving will make a lot of miners unprofitable and the overall hashrate will slow down until it reaches a balance again.

This is what the halvings are for, to counteract the increase in hashing as the value of coins goes up.

Can anyone provide a TLDR? All I can see in the conclusion is: "We expect to develop a prototype of a blockchain-based system with the raffle protocol in the near future.". So their alternative to reaching consensus is a raffle protocol? And in raffle protocol section I read "among a set of eligible agents" and "relying on a trusted “global clock” service". Seems quite centralized if you ask me.

Sounds like a hybrid pos with a centralized key giveaway

If you accept that for many uses of publicly verifiable data structures that centralization is actually OK (and actually often a good thing, as it matches well how most democratic societies function), then there are other simpler alternatives to proof-of-work that still give many of the same benefits.

See for examples the append-only logs used in Certificate Transparency (https://www.certificate-transparency.org), and a more generalized hosted form provided by Continusec (https://www.continusec.com) that builds on the same principles. (disclaimer: founder of Continusec)

The difference is that this data structure defines who's rich and who isn't (literally). There is a whole lot more incentive to tamper with such a data structure than basically any other data structure in existence.

mining= energy proof of burn, a way to bootstrap value in a cryptocurrency, at least in bitcoin, see "commodity". "The steady addition of a constant of amount of new coins is analogous to gold miners expending resources to add gold to circulation" it's a feature.

This is regarding first 2 chapters where it compares it with fiat saying it could become 802.4% more costly, right comparison is with gold indeed like in https://www.bitcoin.fr/public/divers/docs/Estimation_de_la_d...

Expect a tldr of chapter 5, will check here back tomorrow if there is any.

Actually I'm happy they are working on an actual prototype.

I wonder how this relates to ethereum's Casper proof of stake mechanism.

Blows my mind how many banks are throwing money at this when they dont understand the least of the underlining technology just because they want their hands on a potential rival fiat digital currency.

No, what they want is a interbank ledger without the need of a clearing house.

TL;DR... see git

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact