Hacker News new | past | comments | ask | show | jobs | submit login
Blockchains Considered Harmful: Is Brute-Force Processing Replacing Good Design? (sigarch.org)
142 points by jcbeard on Nov 1, 2017 | hide | past | favorite | 126 comments

Hi. I'm Vinay Gupta, the release coordinator for the Ethereum launch.

Firstly, nobody believes that Proof of Work is here to stay - it's bleeding money from the currencies that use it at an astonishing rate, and as soon as Proof of Stake (or other algorithms) can replace it, they will. PoW is a direct financial drag on these economies, and it will not last long. Bitcoin will probably take longer to clean up its act than Ethereum, but that's largely for political reasons, not technical ones. Technically, it should be a lot easier to do than Ethereum, in fact. (It helps not being nearly Turing complete.)

Secondly, brute force is how things begin. The Unix philosophy has always suggested using brute force first: premature optimization is the root of all evil, as they say. We are at the very earliest stages of designing global public heterogeneous parallel supercomputers, and we should not be surprised that the early approaches are brute force.

It won't be that way for long.

> nobody believes that Proof of Work is here to stay

I do. I prefer to call it "Proof of Burn" instead of "Proof of Work". With Proof of Burn you can assure that it's difficult to create fake blocks because the attacker must burn even more petrol barrels that the good people.

Also, with Proof of Burn you get protection against an explosion of too many hard forks. If you have a hard fork in a Proof of Burn coin, the miners must select one chain to mine (or split the resources), so usually only one chain survives. In a Proof of Stake coin, after a hard fork the miners can continue mining in both chains.

>Also, with Proof of Burn you get protection against an explosion of too many hard forks. If you have a hard fork in a Proof of Burn coin, the miners must select one chain to mine (or split the resources), so usually only one chain survives. In a Proof of Stake coin, after a hard fork the miners can continue mining in both chains.

That's not what happened with the Bitcoin Cash fork though -- it resulted in "sloshing" between the two networks as miners would congregate in the currently-most-profitable network. That makes it so at any given time, one of the networks is easy to attack.

Look at the block creation and hash rates for BTC vs BCH:

https://fork.lol/blocks/time https://fork.lol/pow/hashrate

That is a contentious hard fork with a rule change, completely different from a normal fork caused by an orphan race. With proof of stake there is no marginal cost to playing multiple forks, ultimately opening up the network to a flood of competitive same-rule forks that have to be resolved using "weak subjectivity."

Adding layers of complexity like Ethereum's Casper to solve the incentive incompatibilities caused by the nothing at stake and long range attacks do not address the fundamental issues, as consensus then require users to agree on a list of bonded validators (for which there is no switching cost). "Phone a friend" consensus is objectively weaker as a security model compared to POW which just requires users to validate the rules and calculate the chain with the most work.

POW is secure because it requires energy from outside the system to be provably burned. It's thermodynamically sound in that respect. /u/nullc recently described POS as a logical tautalogy which I think captures the issue well. If chains were a car, Bitcoin would be fueled by gas and a POS coin would be fueled by the leather on the seats. You're not going to get very far.

> It's thermodynamically sound

Due to the algorithms being inefficient

If that is resolved then the entire history will be suspect

And any thermodynamically similar future will have to compete on constants and exponents

Or you could regulate the hardware, 'this blockchain is only compatible with, and so calculated on, a gateway lt1700 with exactly 640k of ram' ;P

>> It's thermodynamically sound

> Due to the algorithms being inefficient

This is by design, when the hardware gets better Bitcoin network starts requiring even more work, so being "efficient" is actually what is not desired here. See: https://en.bitcoin.it/wiki/Difficulty

You seem to have a deeply intuitive knowledge of blockchain tech, and you've posted with a throwaway. I'm assuming you are a well known member of the community.

At risk of being petty, no, they don't and aren't. See sibling thread: they're not disputing the core point I raised (that PoW schemes are not immune to being weakened by forks), but changed the topic to different one and seem to have copy-pasted general arguments in favor PoW. (It's copypasta because they have a cryptic reference to a poster on a different forum, /u/nullc that doesn't help us find the argument here without searching their history on reddit [I guess.])

It doesn’t sound like you’re disagreeing with my claim that forks under PoW (at least of a specific kind) can make the branches vulnerable to attack as soon as the hash power sloshes away; your comment is only speaking to PoS and a different kind of Bitcoin fork that doesn’t match the BCH one.

No, I am disagreeing with you. You are claiming that the hashpower oscillations between BTC and BCH contradict the GP's comment, when in fact you have you missed exactly what I and the GP have said:

>the miners must select one chain to mine

I am pointing out that the "sloshing" is in fact perfect evidence that they are only mining one chain at a time, or splitting their hashpower to varying proportions. This is completely normal and healthy miner behavior, they are simply greedy actors looking for the most profit. They cannot however mine both chains with their full hashpower for free (as you can with PoS), and this is an essential understanding when analyzing the security model of a consensus algorithm.

Also, the oscillations are most commonly exploitable only when the difficulty adjustments happen very quickly (see: BCH's EDA), so if 70% of the hashpower left, even if 16% of the remaining hashpower was malicious, the efficacy of a 51% will be handicapped by the disproportionately high difficulty.

Sorry if I’m being dense here, but I don’t actually see how you’re disputing that the threshold for attacking a single fork has (in the example) fallen from 51% of all bitcoin-capable miners, to 16%.

I don’t care whether sloshing is “normal healthy behavior”. I care whether a fork has become easy to attack. You seem to focus on every topic but that one.

I guess you are missing the entire point of this conversation. It is about the marginal cost of participating on multiple chains with PoW. You can point out oscillations as much as you like, it doesn't change the marginal cost. You are pointing out something that is entirely orthogonal.

Your point was different from my point. I entered the thread to dispute that PoW schemes aren't weakened by forks. Here's the exchange where I came in[1]:

Original comment: "Also, with Proof of [Work] you get protection against an explosion of too many hard forks..."

My reply: "That's not what happened with the Bitcoin Cash fork though ... any given time, one of the networks is easy[er than 51%] to attack."

If you're not disputing that point, then you're not refuting my objection to that original comment.

[1] https://news.ycombinator.com/item?id=15606486

IMO PoW scarcity is only more important to the future of cryptocurrency than global speed and cost of exchange if: You are already heavily invested in PoW coins.

Proof of Work (PoW) is inherent inferior to Proof of Stake (PoS). PoW is just the most simple way to archive consensus through cryptoeconomic incentives and that is why first blockchains implemented it.

It is not true that on PoS you can mine multiple forked chains without being penalized. On the chain that "wins" you can be penalized for mining multiple chains which is clearly bad behavior.

The main problems of PoS that Casper, the Ethereum implementation, is trying to solve are "Nothing at Stake" and "Long Range Attacks". Both problems are being tackled right now and close to be solved.

You don't give any support for your initial thesis, nor does the post you're responding to.

Make a technical or economic argument.

Meanwhile: http://www.truthcoin.info/blog/pow-cheapest/

What does "close to being solved" mean? These types of problems are either solved or not.

> It is not true that on PoS you can mine multiple forked chains without being penalized.

You're confusing multiple branches competing for being the most-cumulative-difficulty branch, with multiple distinct cryptocurrencies resulting from a hardforking code change.

Penalization only applies to the first case, but the parent was talking about the latter case. E.g. a miner could mine both ETH and ETC once both adopt PoS.

True. OP said hard forks and I talked about natural forks.

I don't see any problem in hard forks and being able to stake on multiple chains. Let people hard fork as much as they want and decide, later on, which chains hold value.

>decide, later on, which chains hold value

How? Who decides?

This is really where every PoS algorithm seems to break down. The whole idea of blockchain is to build a decentralized consensus, and PoS just handwaves it away.

>Who decides?

Every user of the system.


Mostly by taking in consideration the differences of the software from both chains.

Counterpoint, on the thermodynamics of PoW: https://download.wpsoftware.net/bitcoin/asic-faq.pdf

What is stopping Proof of Stake from taking over? Nobody has worked out a good way to do it yet?

Could Bitcoin realistically replace its Proof of Work protocol with Proof of Stake later while maintaining the same blockchain?

No one has yet created a Proof of Stake system that offers the same guarantees that Proof of Work offers. In fact, there are arguments that it's not possible [1]

You can implement any feature you want in Bitcoin, but for a feature like this (hard fork), you need to convince all users to upgrade. I think it's really unlikely you could sell a switch that drastic in Bitcoin land, especially considering the current unknowns.

[1] https://download.wpsoftware.net/bitcoin/pos.pdf

They can't even increase the block size, how would they introduce this?

The max block size for bitcoin went from 1mb to 4mb in August of 2017. The ONLY reason it took so long is that the courtesy signaling that core put in for miners was used as a veto as part of this anti-bitcoin effort to try and increase centralization. Please at least familiarize yourself with the oppositions arguments before stating conclusions like this.

8 years to change the value of a constant!

Remember that Bitcoin is about distributed consensus and for the change to apply a vast majority of users need to approve. Take any other software and see how many people still use old versions (e.g. Microsoft Office). In Bitcoin that wouldn't be acceptable for the change to work.

> Nobody believes that Proof of Work is here to stay...

Why not? PoW is a classic case of Worse Is Better:


Because it's insanely expensive to operate a PoW blockchain. We literally set things on fire to generate electricity for these global brute force algorithms. Proof of Stake uses game theory (you will avoid cheating if cheating costs you money) to replace expensive raw computing power.

It seems likely that it is exactly that expense which make bitcoin and other PoW blockchains successful.

The proof-of-stake algorithms can disincentivize cheating within the blockchain, but I haven't seen any that have the type of external cost that PoW blockchains have. The fact that so many people are investing so much power in bitcoin vs. other currencies is likely much of what gives it so much value.

PoW coins have a multi-year headstart, and Bitcoin didn't have any truly interesting decentralized competition until Ethereum. Ethereum is moving to PoS, I presume because being able to more cheaply and quickly execute smart contracts is deemed more valuable than artificial scarcity. A sentiment with which I could not agree more.

The problem then becomes how do you determine the 'real' Ethereum. For Bitcoin, it is generally understood as the blockchain with the most proof of work.

With proof of stake, what's the disincentive to participate in all forks, or even a large number of alternate histories. If there are multiple Ethereum blockchains using PoS, how can I as a new user determine which one is 'the' Ethereum?

The one with the most utility (connected services, ability to spend, and other infrastructure).

Ethereum is going to PoS as a mechanism to reduce liquidity and increase the coins price. Nothing more. The entire history of ethereum is full of a lot of... less than ideal decisions like this.

Whether or not that's true, I literally have code sitting on the shelf waiting for it be cheap enough to run on ETH, and I think PoS will make it cheap enough.

Ethereum is moving to PoS because it would greatly help with scaling. Once Ethereum has Casper, they can start thinking about implementing sharding allowing on-chain scaling.

it's insanely expensive to mine gold, but we do that too. there are shared delusions about what we are willing to trade our labor for. it doesn't have to make sense.

Yes, and we'll also eradicate the rainforest for profit even though that might spell doom for the ecosystem of the planet. Only because everyone does something doesn't mean it's a good thing to do.

You know how much energy goes into TV? Video games? Driving on vacations? Flights to Thailand? Concrete for skate parks? I don't understand the obsession about blockchain energy use when a significant amount of energy is used on other more frivolous pursuits without question.

Every single thing you mentioned benefits from increases in efficiency that drive down the cost of these pursuits, making them accessible to more people.

Sure, but that's side-stepping my point.

IF it were insanely expensive, nobody would mine. That you don't value the results, doesn't change the economic value of the activity you don't like.

A few years back anybody with a decent home PC could mine BTC, nowadays the barrier for entry pretty much requires a truckload of Nvidia products (or customized ASICs) and subsidized electricity.

Fast forward a few years ahead. Do you see more or fewer miners participating in such ecosystem?

PoW as it’s currently implemented encourages centralization.

> We literally set things on fire to generate electricity for these global brute force algorithms.

Who's "we"? Because I don't. People who mine do. They do it by their own free will. It's their resources they spend.

If you want to talk about setting things on fire for no reason, let's talk about smoking. Google tells me more than a billion people smoke. I'll argue that the maintenance of a decentralized, publicly accounted money system is more useful than people inhaling tobacco smoke.

> It's their resources they spend.

It's the global commons: carbon and other pollution from electricity generation, fossil fuel extraction. Manufacturing and building wind farms and solar arrays also have an environmental impact.

If you want to compare Bitcoin deflation to substance addiction, I'll agree with you all day long.

Worth noting that the vast majority of bitcoin is mined from hydroelectric power.

Ironically for the ether pumpers on this thread, the primary crypto currency that is powered by burning coal and oil is ethereum.

Do you have numbers to support this. Because, as they say in the industry: if all we have is opinions, let's go with mine.

It has to be, otherwise there is an arbitrage opportunity : hydroelectric power is the cheapest there is.

Well, I hadn't really looked in to it before, but a bit of a search proves your both right.

Forbes says "The largest share of the miners are located in China, close to the border with Tibet where cheap hydropower is relatively abundant."[1]


Better in the sense that you can make money with it. Still decidedly worse for society, as the OP elaborated.

What if you having a personal near-guarantee that this weird asset you hold onto stays deflationary _isn't_ the most important problem for blockchains to solve?

Currencies' value lies in their usefulness as a means of exchange. Cheaper operation of the network and faster verification of transactions make for a better currency.

And the more powerful Ethereum-like blockchains that remain on a Proof of Work system are too expensive to perform their most interesting possible duties. Cost and speed improvements are essential for making the next leap forward.

It makes absolutely zero sense to bend to holders' "I must have a guaranteed deflationary asset, or I will complain to all my libertarian friends" desires. There are so many more important things to do with blockchain tech, including more globally important ways to create wealth.

EDIT: "You" is not the parent thread. I'm just expanding on what the parent said.

I'm with you, only I kind of wonder how many people actually see them as actual currencies. In any case I don't think that prospect is what is fueling the current hype.

I remember an article a while back that was arguing that Bitcoin is currently undecided whether it wants to be a currency or an asset. Currently, coins seem to be treated mostly as assets and I don't see indicators of that changing anytime soon.

IMO the problem with Bitcoin as an asset, over the long term, is that its proponents' nearest comparison is gold. Gold has at least _some_ intrinsic value, and more importantly it has millenia of history as both an asset and a means of exchange. If Bitcoin doesn't get off of Proof of Work, it's entirely plausible that it will be superseded by a Proof of Stake coin that has more utility.

Which is not even to mention my most cryptocurrency-controversial belief: Gold is the only deflationary asset that might not flash-crash into non-existence as a hoarder favorite.

Name the most prominent cryptographer that is in favor of PoS, in my research, very few who have studied this science for decades think it's possible.

What's it going to take to make it work?

I know no cryptographers that have studied PoW for "decades" in the context of cryptocurrencies. Even Bitcoin itself is less than decade old.

Adam Back came up with the idea of PoW with BitGold I beleive

Proof of work isn't a big concern if the hard problems are also economically valuable to solve; there are myriad such problems.

No they aren't.

For a PoW to be valuable it needs to be cheap to verify. Hard problems usually aren't.

What? Any NP-complete problem is "cheap" to verify vs. to solve. You're telling me there are no economically valuable NP-complete problems?

If there are, why has no one built a coin around it unstead of using untold watts to calculate hashes?

They did, like protein folding.

Part of it is that if its going to be a currency, its not particularly appealing that some group gets arbitrary benefits from the act of mining, for free. The government has the power to force such a currency on us, but otherwise, unless the economically valuable activity is globally valuable, its a difficult proposition to justify.

umm, generating a block whose hash starts with N consecutive zeroes (e.g. 000000009A8C3...) seems to be exactly that - an NP hard problem that's trivial to verify in polynomial time.

yes, but it's not useful in someway outside of the blockchain, which was the thrust of GP's argument.

Isn't the entire NP class hard to solve, cheap to verify? Im sure some economically valuable problem can boil down to an NP problem...

Most solutions to NP problems are cheap to verify.

What you want are "moderately hard functions": functions that are neither easy nor excessively hard.

If a proof of work solution is economically valuable to solve, the hashrate will just increase to the point where it's just marginally profitable again.

There's nothing cheaper than proof of work: http://www.truthcoin.info/blog/pow-cheapest/

The real reason Eth and others are going with proof of stake is that it locks up coins and thus dries up liquidity... this is a way to pump the coin price.

It doesn't provide the same level of security as Proof of Work, and the idea that Proof of work is somehow bad because it uses electricity is nonsense.

That's like saying we need to stop digging gold up out of the ground because its expensive, and we should just trade paper receipts for virtual gold.

The above post is not an actual technical argument (notice its logic is circular) and is just the type of typical FUD pumping of Ethereum you get from ethereum people.

I was with you, till your second paragraph and how the Unix philosophy has always suggested using brute force first. I don't believe this is so, can you provide any such evidence? Unix has never had such a philosophy.

I can’t speak for anyone else, but the move to use shell builtins rather than spawning processes for say `true` (as the most extreme example) could easily be considered an example of Unix having started with brute force and having become more elegant.

Totally agree. Bitcoin is version 1 of blockchain tech. Absolutely impressive, but certainly not the last word. It would be as if everyone stopped working on cars after the Model T was introduced.

I agree, there are much better consensus methods than Proof of Work. It's just that PoW is by far the most simple to implement. If you just take a peak at the ecosystem, especially around 2013-2015, it seems like every "altcoin" project had created their own consensus system. Of course, many of these were terrible.. but it's a good sign that this space has been trying to get away from regular ol' PoW since people started really finding out about Bitcoin.

Peercoin invented the core basis of the PoS algorithm in 2012 that was used throughout the 2013 and 2014 altcoin craze. This is still being used today in various projects, in augmented forms. Some projects tried to incentivize not just holding coins, but also making transactions (PoSV/proof of stake velocity, IIRC). Some projects tried making it so that you must burn coins to create blocks (proof of burn). And some projects tried doing genuinely useful computations instead of plain proof of work, such as doing protein unfolding (I think this was Curecoin?)... And then Dash invented the dBPF algorithm which is used by numerous coins today beyond just Dash and is similar to PoS but with a set number of stakers. (usually elected through an election on the blockchain)

If you look beyond Bitcoin there is a ton of innovation taking place in this space, and there has been for some time now. A lot of it is mired in scams, trolls, shills, and FUD.. but there is some genuinely awesome innovation happening in this space to drive forward consensus algorithms.

(source: co-founder of Qtum, a project in this space)

> I agree, there are much better consensus methods than Proof of Work.

It's like saying that there are better grammar parsing methods than binary search. Blockchain is not a consensus protocol.

> “Proof-of-Work” exists because money is being created. It is, then, impossible to “create a new form of money” without invoking Proof-of-Work.

> Satoshi’s design insight was to channel that inevitable work into a cumulative process, to optimally stablize a peer-to-peer clock in a cartel-resistant way.

– Paul Sztorc http://www.truthcoin.info/blog/pow-cheapest/

How is something cartel-resistant that requires that entities must accumulate more and more capital (mining power) to still be able to participate?

Mining profitability is an equation with many variables. If the value of the reward climbs faster than mining technology advances, we might see mining open to regular people again.

Also, the traditional cartel action of limiting supply to inflate price would not work in Bitcoin due to auto-adjusting difficulty.

And yet, in some sense, cartels are exactly what we have, in the form of mining pools.

less than perfect decentralization is still more decentralization than a monopoly. in this case the competition is a monopoly (eg fiat)

Anything that isn’t a monopoly is, “more decentralized than a monopoly.”


At Proof-of-Stake the "Proof-of-Work" is the value lost by stacking up tokens and not having them being productive otherwise. This value could be around 4% per year, same as having them on a safe invest.

The good thing is that you have to "work less" (just 4%) but if you are a malicious actor you lose all your stake (100%). In conventional PoS you can only lose what you invest, that is why PoS is so expensive.

It always bothered me how computer engineers who try to conserve energy and optimize all the time were excited by the wasteful Bitcoin implementation only because they see a potential in it to increase their wealth. It's like glorifying random sort because we haven't invented the bubble sort yet!

If you're talking history, I don't think that's quite fair. The whole hash-based algorithm was just the most mathematically simplistic way to make the idea work. It still is.

If you're talking present-day, yeah, mostly Bitcoin hoarders don't want to see any change that might make their currency start functioning like a currency instead of fake gold.

PoW sticks because as a consensus backbone because it's 1.) easy to understand and implement and 2.) it's guarantees distribution of updates to the distributed state. IMO there are better ways to trustlessly secure distributed state but like all things there's a trade-off. The dirty secret of blockchain tech is that it can't scale - not without supplementary protocols. Even when you get it to scale you still have to deal with the storage of the blockchain. Bandwidth constrains the size of the blocks, which in turn constrains the amount of transactions. Turn up the block creation frequency (a la ETH) and you solved one problemt (Tx throughput) but created another (chain size).

I am fundamentally opposed to PoW because it wastes so many resources, but, for now, it's the most viable way to secure a chain. PoS is doomed to centralization and relies too much on game theory and incentives for my tastes. just my 2 cents

This person is effectively arguing that all of Bitcoins problems would be solved by just using a centralized system.

This is correct, but it misses the point.

The whole point of crytocurrencies is to order transactions WITHOUT a centralized system.

There are many centralized systems already. If you want the benefits and tradeoffs of those, just go use one of them.

The people who do NOT like those tradeoffs will stay with crytocurrencies.

He also argues that those lofty ambitions come with a hefty bit of externalized cost - insanely high energy consumption - that is currently conveniently ignored but is harmful in the long run - for everyone, no matter if they use cryptocurrencies or not.

It's not externalized costs though. It's just regular costs.

People aren't stealing that energy (well, MOST miners aren't) . They are paying real money for it.

How is spending money to buy something and then using that thing (energy in this case) an externality?

Is me leaving the lights on at my house an externality? I don't think so. Im the one paying the costs.

If you don't want to pay for crytocurrencies, you don't have to buy them.

In many parts of the world (and particularly the United States), electrical power is generated through ways that are rather unfriendly to the environment, especially when load is unexpectedly higher. Causing higher demand and, thus, more pollution, is a negative externality that the miner is pushing off onto the rest of the public.

(Yes, some exceptions apply, like buying power from system operators that are primarily based around hydro or wind power.)

> especially when load is unexpectedly higher

Interestingly, this is actually the opposite situation for bitcoin mining.

Bitcoin miners are usually located right next to massive solar power plants, or hydro generators.

This way, the bitcoin miners use the excess energy, that nobody else was going to use, and they use this "free/excess" energy because it is cheaper.

There is no reason at all to run your bitcoin miner during peak capacity, when electricity prices are high. You just shut off the miners, and start them back up again during the night or something.

Bitcoin mining could even be considered a POSITIVE externality, in some situations, such as when power production is so high, that the power plants sell it for negative dollars (ie, the extra power disrupts the grid, so they need to get rid of it.).

Please define "insane"? Those who oppose PoW and think it uses "too much" energy never give a reason. Seems to be based in basic "we should all be poor hunter gatherers" marxism to me.

Mining is profitable, bitcoin is valuable enough to make it so, and it is valuable because it is doing jobs that people want to pay for it.

By definition, economically, it is not insane in the least.

It seems like eventually the big banks will come up with a cryptocurrency clearing market that works on trust and not proof of work.

That's not a crypotocurrency though. That's called "having a database".

I agree with this and also fundamentally believe that trust is a feature in systems and not a bug.

Building systems that work without trust (supposedly) is of very limited social utility since increasing trust is what makes for a healthy society and healthy economy.

Fortunately for you, there are numerous centralized trust money systems already. And if you want you should just go use one of those.

The rest of us who disagree should have the option of not using them though.

Of course individuals have the option to use whatever system best suits them. I am thinking more about how far blockchain can actually scale.

Technical people assume that a system without trusted intermediaries is a universal good because it is logically superior (I have certainly thought this myself) but that does not jibe with how most people feel and act.

The majority of people value trust to the extent that they will trust in things that seem absurd objectively simply because it makes them feel good. For them a system without trust is a negative.

If the key feature of blockchain is a negative for the majority of the population that does not bode well for widespread adoption.

Not to be all "both sides tho," but I think you're both right. I code on blockchain stuff from time to time, and it's both really awesome for the decentralized no-trust part and straight-up nonsense for entire categories of problems that would be better solved off-chain. The hype machine is crazy and driving things toward the blockchain that absolutely don't belong there. ("Uh, do you need a blockchain, or do you just need to cryptographically sign something, and you've never thought about cryptography before today?") There are still some very interesting untapped possibilities that aren't better-served by any centralized system yet.

Oh, yeah definitely. Blockchains are for if you care about decentralized systems. And you pay a whole lot to get that one feature.

If you don't care about that one feature, decentralized blockchains are strictly worse on a number of metrics.

Nice article. It is unfortunately woefully light, if not completely absent of alternatives. Yes, it is a massive waste of energy, but the ability to both prove and simultaneously detract counterfeits is brilliant as far as the creation of a store of value is considered. In the long run, I believe, that the optimization of ASICS + slowly decreasing power in the hands of a much larger set of miners will be the long-term winning factor defining legitimacy for POW algorithms. Until then the one who can burn energy faster and cheaper (a baseline commodity to begin with) will win.

Do we have that much of a long run, especially at current projected levels of waste, never mind use?

One thing governments could do is this:

- Create a digital token system that can be exchanged and accounted freely via a centralized server.

- Give it a name. Don't even call it a currency, let people use it as money if they want to.

- Give a limited amount to any citizen who wants some. Or maybe sell it, whatever. Just figure out a way people can get some. It can't be so hard.

- Promise there will never be more than some fixed amount in total.

Only governments could do something like that because despite everything, most people trust them about money.

It'd be kind of a mixed between the different money systems.

> - Create a digital token system that can be exchanged and accounted freely via a centralized server.

This is a database

> - Give it a name. Don't even call it a currency, let people use it as money if they want to.

A token that is used as currency is currency

> - Give a limited amount to any citizen who wants some. Or maybe sell it, whatever. Just figure out a way people can get some. It can't be so hard.

How will the token have value if everyone receives it for free?

> - Promise there will never be more than some fixed amount in total.

No one will fall for this again. Governments always print money to fund its own projects

> Only governments could do something like that because despite everything, most people trust them about money.

Bitcoin's price goes up because people don't want to trust government with money

> No one will fall for this again. Governments always print money to fund its own projects

But if the total amount of money was publicly visible, things could be different. For better or worse, people build trust from the past. If they see that the government has not raised to the total amount for many years, they may believe it won't do it either during many more years.

Kind of with treasure bonds. Despite the high level of debt most countries are in, investors keep believing the countries will pay back, because they have been for so long.

Vinay Gupta thinks "nobody believes PoW is here to stay". Other commenters think "PoS might be impossible & no prominent cryptographer has some out in support of it".

It's worth reminding people of the null hypothesis: Perhaps blockchains don't work.

I don't like proof of stake because a large stake holder could be threatened privately by a third party into corrupting the whole system. With proof of work you need to spend a lot of money very publicly for a long time to break it.

Proof-of-Work gives the token value because something was lost in order to create it

What you’ve described is labor theory of value and I don’t think it makes sense.

It always puts me off when an article has "Considered Harmful" in the title.

I have to imagine some nonzero percentage of new CH essays are authored by people who agree (i.e. have seen https://meyerweb.com/eric/comment/chech.html and the like) but proceed anyway, since the clickbait nature of doing so surely gives a boost exceeding the loss from those who are put off.

If you ever come across a new one send it to: https://twitter.com/cons_harmful ;)

"considered harmful" meme is tired and cliched, please retire.

"considered harmful" considered harmful

""considered harmful" considered harmful" _considered harmful_

> The underlying technology of blockchains to achieve distributed consensus has been touted as a solution to many challenges in decentralized systems.

I hate blockchain hype and I hope the whole bubble around it dies soon, but even I can tell, judging from the title of the article and just the very first paragraph, that the author doesn't know a shit about how the thing works or why it is designed the way it is.

Blockchain does not solve consensus problem. It's a timestamping service. Not a consensus solver.

And then the author draws dumb statements about what blockchain is from all over the place. Why the hell would anybody think "proof of work" is a "solution to denial-of-service attacks"?

Your comment comes off as pretty angry, yet I don't really get the faults you're pointing out in the original article.

> Blockchain does not solve consensus problem. It's a timestamping service. Not a consensus solver.

Certainly Bitcoin seems to be a distributed consensus system. Is your complaint that it takes a whole system on top to provide the consensus aspect, which might be considered separate from the blockchain structure?

> Why the hell would anybody think "proof of work" is a "solution to denial-of-service attacks"?

Isn't it? You can exchange QoS for non-malicious users for protection from DoS.

>> Blockchain does not solve consensus problem. It's a timestamping service.

> Certainly Bitcoin seems to be a distributed consensus system.

It is not. Bitcoin only tells which of the pair of documents was earlier (a document describes a single transaction). It doesn't allow to negotiate a value. If you swapped producing the proof of work with sending the transaction to a trusted third party for adding a timestamp, Bitcoin would work just as well. Go read "trusted timestamping" topic, Wikipedia has a good description.

>> Why the hell would anybody think "proof of work" is a "solution to denial-of-service attacks"?

> Isn't it?

What service does blockchain protect against availability disruption? How?

Still not sure what you're saying. What do you mean by "negotiate"? Because there are certainly rules for resolving conflicts. As long as we're using Wikipedia, the article for consensus in computer science explicitly mentions Bitcoin.

Proof of work can be used to protect against denial of service. If you provide a web service, you can choose to require proof of work before serving a client to make the client commit some proportional amount of effort.

> Still not sure what you're saying. What do you mean by "negotiate"?

OK, then what do you mean by "consensus"?

> As long as we're using Wikipedia, the article for consensus in computer science explicitly mentions Bitcoin.

Yes, and wrongly, too. Especially that the specific problem of establishing consensus that the Wikipedia page talks about has, since its very first paper, the impossibility proof at 1/3 of the participants, compared to 1/2 for Bitcoin (which means that Bitcoin is something different than consensus with Byzantine faults).

> The consensus problem requires agreement among a number of processes (or agents) for a single data value. Some of the processes (agents) may fail or be unreliable in other ways, so consensus protocols must be fault tolerant or resilient. The processes must somehow put forth their candidate values, communicate with one another, and agree on a single consensus value.

This seems to me to be exactly what Bitcoin does, where the "value" is the sum of all facts asserted on the blockchain.

Wikipedia page is about a very concrete problem described in a specific paper. Have you read the paper?

Then, Bitcoin does not allow to choose "the sum of all facts asserted on the blockchain", not any more than a typical DHT or a gossip protocol in a peer-to-peer network. In fact, there is nothing resembling the end state as in "we now terminate the protocol with this value as the outcome", which is required by definition of any type of "consensus" term.

Also, have you tried, as I said two comments ago, swapping sealing transactions using proof-of-work with a trusted third party that provides unique timestamps for the transactions? Have you read what timestamping is?

What paper are you even talking about? You might even be right, but you are a poor communicator.

Well, I sort of assumed that since you voice your opinion about consensus as defined in computer science, you at least should know what it is. I talk about Leslie Lamport's (plus Shostak and Pease) original publication about Byzantine generals problem, from 1982.

Why is that a dumb statement? Wasn't that the whole point of hashcash (my understanding is that bitcoin's proof of work is just hashcash with SHA-256 instead of SHA-1)?

Maybe not DoS persay but I assume they meant anti-spam, which isn't totally inaccurate.

This is the author's area of expertise, so I wouldn't dismiss him just based on an article. However, this article could have been one sentence and says very little that is worth the entire read.

> This is the author's area of expertise, so I wouldn't dismiss him just based on an article.

Oh. Then I call him highly incompetent. I thought it was just a professor from barely related field talking about something he wasn't supposed to be versed in.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact