I gave it a fast skim to figure out what general class of thing it actually is.
This should be compared with "proof of idle" (https://www.cs.virginia.edu/~shelat/14s-pet/2014/02/11/proof...).
It is an online scheme for resisting sybil attacks in a P2P network where nodes have cryptographic identities which works by periodically forcing all users to do proof of work within a limited time window. Peers that don't respond fast enough are banned from the system (have to create a new identity to join, which is computationally expensive).
The idea is that this get some of the benefits of POW for sybil resistance without spending as much energy.
It doesn't, however, produce a large amount of cumulative work building up over a history. So it's not the sort of thing you'd want to use to protect the history of a ledger directly.
1. Bram Cohen's Proof of Space & Time: https://youtu.be/aYG0NxoG7yw; https://cyber.stanford.edu/sites/default/files/bramcohen.pdf
2. DFINITY VRF-based Threshold Relay: https://youtu.be/o8HHM18PedU (https://en.wikipedia.org/wiki/Verifiable_random_function)
3. Algorand: https://people.csail.mit.edu/nickolai/papers/gilad-algorand-...
These are some of the more interesting ones, but plenty of others.
I.e. the problem is that hashing is wasteful. But we have demand for distributed computing.
Could the work that's being evidenced actually be performing useful computations? Perhaps by structuring a distributed computation platform that accepted standard units of compute work. Like perhaps an Erlang reduction.
With proof of useful work, it's probably significantly harder to find similar problem domains where the validation is fast but the useful work is laborious.
Useful cryptographic problems are usually in the intersection of NP and co-NP.
Current best guess is that NP and co-NP are different.
Thus NP complete problems can't be in co-NP, and thus are probably not cryptographically useful. There's a way to make this argument a bit less vague, but it basically explains why cryptographers have stopped looking at NP complete problems.
There was a cryptosystem based on solving knapsack problems. But they had to patch problems until people stopped paying attention.
Think of the traveling salesman problem for example.
The only way to verify someone's answer is to do all of it yourself too.
And if you're concerned about the environment, don't worry, most of Bitcoin is secured by hydropower right now anyway, and in the foreseeable future will probably migrate to solar power (https://finance.yahoo.com/news/why-california-giving-away-el...).
As for energy consumption, I see no fundamental reason why mining has to stay green. If the valuation should climb high enough that renting a nuclear plant becomes profitable then someone will probably do that.
Even with hydro, the mining spends energy that could have been used for other things.
Finally, what I find most worrysome is the combination of PoW and self-adjusting difficulty. The practical effect seems to be that not just is constant energy required to maintain the system but that energy demand is also steadily growing.
You do a lot of hashing to try and win the 10 minute lottery by finding the magic hash that lets you make the next block.
You win a block reward (or portion of one if you're pooling work with others) that has economic value.
You win transaction fees for the transaction included in the winning block.
If you are generating enough hash power per your operational expenses, these rewards are profitable, even though you don't win every block.
Some may mine unprofitably because they are speculating on the future value of those rewards rather than the immediate value.
Side Effects ->
This scheme increases the security of the global ledger. Making it more viable and bolstering the value of the rewards you're getting above.
If the overall system is valuable to society, that also bolsters the value of the rewards, but also has a value to society approximately equivalent to the value of the system.
Thus, bitcoin, which does consume energy, is currently, in my opinion providing a better monetary solution at lower cost than the system it is disrupting (banks use power, employ people, etc. etc.)
The perception that it is wasteful could only come, to my mind, if one thought bitcoin was not providing value to society, or that bitcoins were going to zero in economic value.
The value is 'potential,' the cost is real.
What evidence or milestones are there to indicate this considerable potential social value panning out is increasingly more or less likely? What exactly is the social value that the average HNer could perceive firsthand, rather than some mythical "unbanked" or whatever?
How long has bitcoin been around, a decade? Has anyone putting it to use in a sustainable, self-perpetuating use case that isn't a dark market or ransomware?
As for "unbanked", I don't even know why you mention it unless you're setting up a strawman to knock down. But here, let me do that for you - people who are unbanked don't have access to financial services b/c they don't have money, b/c they live somewhere that economic norms, institutions, and growth all have problems that make it hard to create wealth. Solve those problems and the banks and finserve folks will come running and those people won't be unbanked anymore. But I have yet to see a good case for how cryptocurrency in its current incarnation will solve those problems.
In the Bitcoin industrial space most of us are of the belief that only the marginal value of the work matters for security.
For example, if you can combine mining the Bitcoin chain and calculating ads for google, and the Bitcoin mining pays $1 and the ad crunching pays $5, then this process is really only providing $1 in security. The reason for this is that the for the security of the chain we care about your lost opportunity to mine one chain vs another, which keeps you working to say on the eventual winning chain so that you get paid that $1.
It's also inaccurate to describe mining as not useful. It makes Bitcoin secure. This is very useful, at least to those of us who use Bitcoin!
From a practical perspective the general constraints on what makes a proof of work good for a system like Bitcoin (e.g. that it must be largely optimization and approximation free and that you can randomly generate instances all with roughly equal hardness and that it be cheap to verify) broadly exclude most classes of work you'd likely call otherwise useful.
This is why attempts to make scientific computation into a proof of work have been difficult-- often the validation cost is equal to the work itself.
>Bitcoin is widely regarded as the first broadly successful ecash
system. An oft-cited concern, though, is that mining
Bitcoins wastes computational resources. Indeed, Bitcoin’s
underlying mining mechanism, which we call a scratch-off
puzzle (SOP), involves continuously attempting to solve computational
puzzles that have no intrinsic utility.
We propose a modification to Bitcoin that repurposes its
mining resources to achieve a more broadly useful goal: distributed
storage of archival data. We call our new scheme
Permacoin. Unlike Bitcoin and its proposed alternatives,
Permacoin requires clients to invest not just computational
resources, but also storage. Our scheme involves an alternative
scratch-off puzzle for Bitcoin based on Proofs-ofRetrievability
(PORs). Successfully minting money with this
SOP requires local, random access to a copy of a file. Given
the competition among mining clients in Bitcoin, this modi-
fied SOP gives rise to highly decentralized file storage, thus
reducing the overall waste of Bitcoin.
Using a model of rational economic agents we show that
our modified SOP preserves the essential properties of the
original Bitcoin puzzle. We also provide parameterizations
and calculations based on realistic hardware constraints to
demonstrate the practicality of Permacoin as a whole.
Edit: It would clearly require some pretty complex network interactions. You can't be able to precompute a proof and send it to another place.
I'm thinking something like every node broadcasting a public key, which every other node then uses to sign an identifier and sends back. From this, you can generate local maps of the network. While nodes could collude to seem close to each other or lie and claim other nodes are far away, there's presumably some density of truth at which you can construct a reliable global map.
Users verify the validity of the chain by making sure those stars exist at those coordinates.
It's hard for any single entity to create a copy of this chain as they would have to map all the stars themselves.
Of course the whole endeavor ends when all the stars have been mapped - but maybe there are so many that this can be viable, and more importantly, cheaper than energy consumption.
EDIT: another idea would be using supernovas, which may actually be infinite since they're constantly exploding. Similar to mapping the stars, users signal the coordinates of the found supernova. Users validate the block based on whether or not it's a supernova - I think there are specific traits which remain in the sky for a long period of time that proves whether there was a supernova there.
As someone commented above, there are studies on "proof of idle", but other systems have bigger drawbacks than PoW.
There are two* major classes of attack which someone could do with the power to mint blocks at will (i.e. a 51% attack):
- discriminatory filtering, where valid transactions are
- double spends, where a transaction appears like it's
been validated for a time but is then rolled back and
* They can also monopolize the rewards of mining, but that's not nearly as bad as the other issues.
The reason bitcoin is so far ahead is because it was the first. Proof of work to secure the blockchain AND also elect a dictator to mine the next block is cute, but I wish they had decoupled it, as they did for example for bitcoin-ng.
What I am far, far more interested in is proof of work for avoiding sybil attacks, or used COLLABORATIVELY by nodes to secure a history, as done in Ripple for example.
So, back to sybil attacks: proof of work, can we trust it?
What are the best ways to make it expensive for an attacker to create multiple identities, yet cheap for everyone else to make one identity?
One is the cumulative time and activity invested by you and those who invited you.
For example, reputation. Maybe making accounts is cheap but reputation comes from random nodes with reputation upvoting you. But then you can spam all those nodes since they're operated by humans.
It seems we have yet to design a system that's truly impervious to sybil attacks. The best we have is tying things to a human real world transaction, eg buying a smart phone, and hoping that whoever made the smart phone also has a service to sign data (they don't) that wasn't compromised.
Any other ideas? Paying for accounts with bitcoins? That at its root is just back to the proof of work arms race and reputation of bitcoin.
Question: is there some sort of service by the Secure Enclave that can sign a piece of data with an HMAC or something to prove that it was signed on a legitimate, non-jailbroken smart device?
Secure distributed ledger, without PoW, without PoS.
The bad side? Not 100% trust-less like blockchains, instead (number chosen by no real reason) only has to trust that majority of 12 witnesses does not collude. The witnesses should have real world identities.
Basically transforming what bitcoin has become, with few mining pools/operators deciding its fate and whom users anyway have to trust - into witnesses which can be replaced.
This is a poor analogy because colluding Bitcoin miners can never steal funds; they just stamp a chain with proof of work, while the Bitcoin P2P network verifies the stamped blocks, and rejects them if they’re invalid. In the case of Byteball, colluding witnesses can steal funds, which becomes increasingly problematic as the value of the currency increases.
Once a transaction has been made you just need SOMEONE to confirm it for the blockchain. In bitcoin, that's the miner that happened to solve the POW. If they don't take your transaction, the next miner will. In Ripple it's effectively the same thing.
I know that it’s not possible for a witness to fake some users signature, and send these funds to themselves, but that’s not the attack we need to worry about. The attack we need to worry about is witnesses colluding to present a false history of transactions, such that the user’s funds (that the miners want) were never sent to that user in the first place, thus remaining the property of the coinbase owner. Since all coins originate as a coinbase, if witnesses go far enough back in time, all coins are theirs.
This is why cryptos as currently implemented will always be fringe and used for the most part illicitly, because as soon they gain a wide enough currency the participants in the system will switch to a more efficient, i.e. centralized system.
If enough people use them that a government or large corp would care, those "enough people"
would form a new government or become the customers a new corp, that facilitates their transactions in a more efficient way.
...and a touch ironic that you seem to be pining for TBTF cryptos when Satoshi himself railed against the TBTF system.
(I don't consider that scenario likely, just possible)
Currency exchange is a solved problem with costs and overhead that is very likely much less than going into the "securing the blockchain" business, even as a side gig.
How much "securing" would they need to do anyway? Just a little to help them sleep at night?
Not to pick on you particularly, but in general there is so much mushiness and hand waving in the coin space about what exactly is the value proposition other than to the person selling you the coin at a profit.
For a while I’ve had a sense that “useful PoW” simply doesn’t make sense, but I was unable to explain why. This article perfectly explains why it doesn’t make sense, albeit using very econ-specific terms. I think it may be possible to explain it in simpler terms, without needing to introduce marginal revenue and cost, but I’m not sure exactly how just yet.
Bitcoin is only as ecologically harmful as the source of the electricity used to run the miners, and it's no more harmful than any other use of electricity. If the world switches over to solar and wind as baseload power, problem solved. If the world doesn't switch away from using coal, that's not Bitcoin's fault. It's not a problem Bitcoin can solve.
That's a tautological statement. My 50,000 watt bulb that I shine inside a closed box is also "no more harmful than any other use of electricity," but the question is whether I should be using that electricity in the first place.
You can argue whether the "wealth" generated is worth carbon dioxide released into the atmosphere, but you can't deny that more carbon dioxide has been released because of BitCoin.
Back to my lightbulb in a box: "If the world switches over to solar and wind my 50,000 watt useless bulb's problem is solved. If the world doesn't switch away from using coal, that's not my fault. It's not a problem I can solve."
Not the same kind of value. You can mine a billion coins tomorrow and society will still be stuck with the same junk it has today. You could mine a billion tons of cobalt tomorrow and give us all nearly free batteries in perpetuity.
Printing a $25 or a $100 note must be an involved process, though.
I don't see any way around this limitation. Eventually the difficulties will be so high, and finding blocks gets harder and harder, keeping it on a traditional power source would not be prudent.
Sure, if you take it out of the context of the rest of my comment. But OP asked if Bitcoin would stop being an ecological disaster, and my point is was that Bitcoin's ecological costs are primarily about the source of the electricity, not the amount of electricity.
Bitcoin mining uses about 170 MWe, continuously. That's really not very much in the grand picture of things. A few medium-sized fields of solar panels isn't an "ecological disaster".
And how does that claim hold up when you compare current level cryptocurrency adoption to the scale of money worldwide?
How does energy usage scale with the number of users in general? Linearly?
You're confusing Bitcoin miners and Bitcoin nodes.
Bitcoin nodes verify transactions. You can run a Bitcoin node off your home PC. It doesn't use much energy.
Bitcoin miners are what use all the energy, and their energy use is driven by the size of the mining rewards not the number of users.
You basically answered a different question, because this doesn't tell me how it scales
I'm sure I'm off a little bit in my understanding, but I thought part of the idea whole blockchain thing was being a decentralised ledger. How does that scale if everyone is on it? Is the energy use better or worse than a centralised bank, by how much, and is it significant?
Instead it tends to gravitate fairly quickly to places that currently have an surplus of energy and therefore extremely cheap power generation.
In the US that is Washington state, near Wenatchee, where the power is the cheapest in the nation:
The reason for that price is that it is all hydro, so no co2 produced. (though depending on how fungible you view power it could be argued otherwise)
But ya, though I agree the amount of power that goes into mining and keeping the blockchain safe is absurd, the crazy competition and economies there have driven most of that to green sources. So yay I guess?
You've misunderstood something about Bitcoin if you think this is true. Bitcoin miners use resources based on the logic of competing with each other for the value of the mining reward, not based on the number of transactions they process. If Bitcoin solved all its scaling problems so that everyone in the world could use Bitcoin, but mining rewards remained constant, the resources the miners expend to collect the reward wouldn't be any different from today.
That's not quite true though is it? They could certainly (for instance) block transactions and generally hold the whole thing to ransom.
You're right, it doesn't have the financial incentive that you could (for instance) steal coin, but you could potentially block all transactions that don't have a considerable fee, for you, or just break stuff. Motives to do that will become more pressing the higher value the network is to nation states.
As more miners join, more power is used. But at the same time, miners could be removed, and hash capacity lowered, and the number of transactions per hour would be still the same.
So: energy used: number of miners. Transaction capacity: block size.
Both things are orthogonal. One number is independent of the other.
Right now the protocol is being updated to increase transactions per hour, and this has little to do with the number of miners.
To resume: if the world's economies ran on Bitcoin, because of some big transaction capacity increase, then the energy used would be about the same, because miners would be about the same.
Energy use in Bitcoin has no correlation with number of transactions processed.
And we'd have to, to keep bad actors from doing similar. It's a terrible idea!
Regardless of whether you think that criticism is valid, downvoting anyone who asks questions about how to address this does not help make their scepticism go away.
PoS have been around for 3 (maybe 4?) years by now.
Proof of Stake is quite genius in the politics of it, and the power needed to run is minimal (you still need to keep your hardware powered on)
Next, please explain how crypto is more of a disaster than the existing monetary system. Does the cryptocurrency mining economy pose more of an ecological threat than the system put in place to secure government fiat money: buildings, employees, vaults, mints, printing presses, armored vehicles, police, (some part of) the military, etc?
We must develop technology to clean our planet regardless of mining waste. Given this and the fact that energy is becoming cleaner by the year I think worrying about mining waste is not rational
This is not the kind of discussion where assertion by belief has any place, on either side of the discussion.
What we need solid estimates of how this technology currently scales, how it might improve, and how it compares to existing electronic currency, and physical cash (taking into account things like embodied energy of coins).
In summary of the motivations of the paper: PoW is currently limited to cryptocurrencies as a security system because of the implicit financial incentive in mining coins. This approach could allow PoW schemes to be widely adopted to secure systems as the overhead is lowered dramatically. Additionally, battery powered devices (ie phones) could make use of PoW without incurring large battery drains. This last bit is particularly interesting and could allow some interesting, distributed P2P systems on cellphones to arise.
The general principle of the paper revolves around asking network members to prove computational power only as much as necessary as the network scales. Because an attacker could easily spoof their MAC / IP address when joining the network, computational tests are periodically distributed to network members. If the test is unsolved in an allotted time period, their network membership is revoked (and the node is blacklisted). The attack referred to in the paper is an attacker adding bad (fake or otherwise) nodes to a system rapidly.
Hope it works.
Determining if you're under attack would seem to be the harder part.
Also, providing a sliding cost on the network might make the miners agree it's more cost effective to step back from this breakneck energy-use-maximization game they're playing.
As academic paper titles go this is pretty normal.
> Can someone summarizes to me the genius behind the idea?
I'm reading quickly, but I think the idea is that the reason we need proof-of-work is to prevent Sybil attacks, that is, a single entity pretending to be 50% of the network via spoofed identities. So you have a concept of persistent identity for each (apparent) member of the network, and you require nodes to solve a computational problem when they join the network and also periodically while they're in the network. This puts relatively little computational load on each participant, but puts a lot of load on a long-term attacker, and even more work on a short-term attacker who's trying to claim a bunch of identities in a hurry.
I'm not sure how much this actually helps Bitcoin, since my impression is that the computational load is what's needed to match the abilities of the legitimate members of the network. I guess the trick is that maybe you can make the block-mining difficulty scale up less aggressively over time, but I'm not following that logic yet.
So if you get rid of that, and maybe add a nominal "reward" for solving the puzzles to remain in the network and give it to all participants, the incentive to build giant mining farms goes away: the only reason to have additional computational power is either to keep up with the network as a whole (not the fastest person in the network) or to actually gain 50% of computational power.
It makes me think people just don't get it. High inefficiency is the _ENTIRE_ point! It gives rarity to the coin. That 10 minute block time is the same as compressing millions of years of geology into 600 seconds. It is fundamentally sound mathematics, and ultimately, that is why it holds its value. It is not meaningless mathematics, people who say that don't understand fully as to what they are talking about, imho.
The bitcoin mining ASICs are extremely efficient at mining bitcoins. You can't mine them with an old GPU and expect to make back more money than you spent on electricity.
But the choice to mine bitcoins at all is (arguably) an inefficient use of resources that could have been used for pretty much anything else. There's no shortage of useful problems to be worked on by supercomputers and the world would be better off if we did that instead of mining cryptocurrencies. But the economic incentives aren't there.
EDIT: Reading your comment again, I think I was a bit quick on the "you're wrong" here. ISo to clarify, I do agree that inefficiency is at the core of the bitcoin mining ecosystem, but it's all about the "we have to spend a bunch of energy that could've done a lot of other things" inefficiency, not an individual "we can use old hardware for this" sort.
Without Bitcoin mining, there is no Bitcoin.
How do you reconcile this statement with the fact that mining is done by a few thousand entities in the whole world, using custom-built hardware?