Firstly, nobody believes that Proof of Work is here to stay - it's bleeding money from the currencies that use it at an astonishing rate, and as soon as Proof of Stake (or other algorithms) can replace it, they will. PoW is a direct financial drag on these economies, and it will not last long. Bitcoin will probably take longer to clean up its act than Ethereum, but that's largely for political reasons, not technical ones. Technically, it should be a lot easier to do than Ethereum, in fact. (It helps not being nearly Turing complete.)
Secondly, brute force is how things begin. The Unix philosophy has always suggested using brute force first: premature optimization is the root of all evil, as they say. We are at the very earliest stages of designing global public heterogeneous parallel supercomputers, and we should not be surprised that the early approaches are brute force.
It won't be that way for long.
I do. I prefer to call it "Proof of Burn" instead of "Proof of Work". With Proof of Burn you can assure that it's difficult to create fake blocks because the attacker must burn even more petrol barrels that the good people.
Also, with Proof of Burn you get protection against an explosion of too many hard forks. If you have a hard fork in a Proof of Burn coin, the miners must select one chain to mine (or split the resources), so usually only one chain survives. In a Proof of Stake coin, after a hard fork the miners can continue mining in both chains.
That's not what happened with the Bitcoin Cash fork though -- it resulted in "sloshing" between the two networks as miners would congregate in the currently-most-profitable network. That makes it so at any given time, one of the networks is easy to attack.
Look at the block creation and hash rates for BTC vs BCH:
Adding layers of complexity like Ethereum's Casper to solve the incentive incompatibilities caused by the nothing at stake and long range attacks do not address the fundamental issues, as consensus then require users to agree on a list of bonded validators (for which there is no switching cost). "Phone a friend" consensus is objectively weaker as a security model compared to POW which just requires users to validate the rules and calculate the chain with the most work.
POW is secure because it requires energy from outside the system to be provably burned. It's thermodynamically sound in that respect. /u/nullc recently described POS as a logical tautalogy which I think captures the issue well. If chains were a car, Bitcoin would be fueled by gas and a POS coin would be fueled by the leather on the seats. You're not going to get very far.
Due to the algorithms being inefficient
If that is resolved then the entire history will be suspect
And any thermodynamically similar future will have to compete on constants and exponents
Or you could regulate the hardware, 'this blockchain is only compatible with, and so calculated on, a gateway lt1700 with exactly 640k of ram' ;P
> Due to the algorithms being inefficient
This is by design, when the hardware gets better Bitcoin network starts requiring even more work, so being "efficient" is actually what is not desired here. See: https://en.bitcoin.it/wiki/Difficulty
>the miners must select one chain to mine
I am pointing out that the "sloshing" is in fact perfect evidence that they are only mining one chain at a time, or splitting their hashpower to varying proportions. This is completely normal and healthy miner behavior, they are simply greedy actors looking for the most profit. They cannot however mine both chains with their full hashpower for free (as you can with PoS), and this is an essential understanding when analyzing the security model of a consensus algorithm.
Also, the oscillations are most commonly exploitable only when the difficulty adjustments happen very quickly (see: BCH's EDA), so if 70% of the hashpower left, even if 16% of the remaining hashpower was malicious, the efficacy of a 51% will be handicapped by the disproportionately high difficulty.
I don’t care whether sloshing is “normal healthy behavior”. I care whether a fork has become easy to attack. You seem to focus on every topic but that one.
Original comment: "Also, with Proof of [Work] you get protection against an explosion of too many hard forks..."
My reply: "That's not what happened with the Bitcoin Cash fork though ... any given time, one of the networks is easy[er than 51%] to attack."
If you're not disputing that point, then you're not refuting my objection to that original comment.
It is not true that on PoS you can mine multiple forked chains without being penalized. On the chain that "wins" you can be penalized for mining multiple chains which is clearly bad behavior.
The main problems of PoS that Casper, the Ethereum implementation, is trying to solve are "Nothing at Stake" and "Long Range Attacks". Both problems are being tackled right now and close to be solved.
Make a technical or economic argument.
You're confusing multiple branches competing for being the most-cumulative-difficulty branch, with multiple distinct cryptocurrencies resulting from a hardforking code change.
Penalization only applies to the first case, but the parent was talking about the latter case. E.g. a miner could mine both ETH and ETC once both adopt PoS.
I don't see any problem in hard forks and being able to stake on multiple chains. Let people hard fork as much as they want and decide, later on, which chains hold value.
How? Who decides?
This is really where every PoS algorithm seems to break down. The whole idea of blockchain is to build a decentralized consensus, and PoS just handwaves it away.
Every user of the system.
Mostly by taking in consideration the differences of the software from both chains.
Could Bitcoin realistically replace its Proof of Work protocol with Proof of Stake later while maintaining the same blockchain?
You can implement any feature you want in Bitcoin, but for a feature like this (hard fork), you need to convince all users to upgrade. I think it's really unlikely you could sell a switch that drastic in Bitcoin land, especially considering the current unknowns.
Why not? PoW is a classic case of Worse Is Better:
The proof-of-stake algorithms can disincentivize cheating within the blockchain, but I haven't seen any that have the type of external cost that PoW blockchains have. The fact that so many people are investing so much power in bitcoin vs. other currencies is likely much of what gives it so much value.
With proof of stake, what's the disincentive to participate in all forks, or even a large number of alternate histories. If there are multiple Ethereum blockchains using PoS, how can I as a new user determine which one is 'the' Ethereum?
Fast forward a few years ahead. Do you see more or fewer miners participating in such ecosystem?
PoW as it’s currently implemented encourages centralization.
Who's "we"? Because I don't. People who mine do. They do it by their own free will. It's their resources they spend.
If you want to talk about setting things on fire for no reason, let's talk about smoking. Google tells me more than a billion people smoke. I'll argue that the maintenance of a decentralized, publicly accounted money system is more useful than people inhaling tobacco smoke.
It's the global commons: carbon and other pollution from electricity generation, fossil fuel extraction. Manufacturing and building wind farms and solar arrays also have an environmental impact.
Ironically for the ether pumpers on this thread, the primary crypto currency that is powered by burning coal and oil is ethereum.
Forbes says "The largest share of the miners are located in China, close to the border with Tibet where cheap hydropower is relatively abundant."
Currencies' value lies in their usefulness as a means of exchange. Cheaper operation of the network and faster verification of transactions make for a better currency.
And the more powerful Ethereum-like blockchains that remain on a Proof of Work system are too expensive to perform their most interesting possible duties. Cost and speed improvements are essential for making the next leap forward.
It makes absolutely zero sense to bend to holders' "I must have a guaranteed deflationary asset, or I will complain to all my libertarian friends" desires. There are so many more important things to do with blockchain tech, including more globally important ways to create wealth.
EDIT: "You" is not the parent thread. I'm just expanding on what the parent said.
I remember an article a while back that was arguing that Bitcoin is currently undecided whether it wants to be a currency or an asset. Currently, coins seem to be treated mostly as assets and I don't see indicators of that changing anytime soon.
Which is not even to mention my most cryptocurrency-controversial belief: Gold is the only deflationary asset that might not flash-crash into non-existence as a hoarder favorite.
What's it going to take to make it work?
For a PoW to be valuable it needs to be cheap to verify. Hard problems usually aren't.
Part of it is that if its going to be a currency, its not particularly appealing that some group gets arbitrary benefits from the act of mining, for free. The government has the power to force such a currency on us, but otherwise, unless the economically valuable activity is globally valuable, its a difficult proposition to justify.
The real reason Eth and others are going with proof of stake is that it locks up coins and thus dries up liquidity... this is a way to pump the coin price.
It doesn't provide the same level of security as Proof of Work, and the idea that Proof of work is somehow bad because it uses electricity is nonsense.
That's like saying we need to stop digging gold up out of the ground because its expensive, and we should just trade paper receipts for virtual gold.
The above post is not an actual technical argument (notice its logic is circular) and is just the type of typical FUD pumping of Ethereum you get from ethereum people.
Peercoin invented the core basis of the PoS algorithm in 2012 that was used throughout the 2013 and 2014 altcoin craze. This is still being used today in various projects, in augmented forms. Some projects tried to incentivize not just holding coins, but also making transactions (PoSV/proof of stake velocity, IIRC). Some projects tried making it so that you must burn coins to create blocks (proof of burn). And some projects tried doing genuinely useful computations instead of plain proof of work, such as doing protein unfolding (I think this was Curecoin?)... And then Dash invented the dBPF algorithm which is used by numerous coins today beyond just Dash and is similar to PoS but with a set number of stakers. (usually elected through an election on the blockchain)
If you look beyond Bitcoin there is a ton of innovation taking place in this space, and there has been for some time now. A lot of it is mired in scams, trolls, shills, and FUD.. but there is some genuinely awesome innovation happening in this space to drive forward consensus algorithms.
(source: co-founder of Qtum, a project in this space)
It's like saying that there are better grammar parsing methods than binary
search. Blockchain is not a consensus protocol.
> Satoshi’s design insight was to channel that inevitable work into a cumulative process, to optimally stablize a peer-to-peer clock in a cartel-resistant way.
– Paul Sztorc http://www.truthcoin.info/blog/pow-cheapest/
Also, the traditional cartel action of limiting supply to inflate price would not work in Bitcoin due to auto-adjusting difficulty.
The good thing is that you have to "work less" (just 4%) but if you are a malicious actor you lose all your stake (100%). In conventional PoS you can only lose what you invest, that is why PoS is so expensive.
If you're talking present-day, yeah, mostly Bitcoin hoarders don't want to see any change that might make their currency start functioning like a currency instead of fake gold.
I am fundamentally opposed to PoW because it wastes so many resources, but, for now, it's the most viable way to secure a chain. PoS is doomed to centralization and relies too much on game theory and incentives for my tastes. just my 2 cents
This is correct, but it misses the point.
The whole point of crytocurrencies is to order transactions WITHOUT a centralized system.
There are many centralized systems already. If you want the benefits and tradeoffs of those, just go use one of them.
The people who do NOT like those tradeoffs will stay with crytocurrencies.
People aren't stealing that energy (well, MOST miners aren't) . They are paying real money for it.
How is spending money to buy something and then using that thing (energy in this case) an externality?
Is me leaving the lights on at my house an externality? I don't think so. Im the one paying the costs.
If you don't want to pay for crytocurrencies, you don't have to buy them.
(Yes, some exceptions apply, like buying power from system operators that are primarily based around hydro or wind power.)
Interestingly, this is actually the opposite situation for bitcoin mining.
Bitcoin miners are usually located right next to massive solar power plants, or hydro generators.
This way, the bitcoin miners use the excess energy, that nobody else was going to use, and they use this "free/excess" energy because it is cheaper.
There is no reason at all to run your bitcoin miner during peak capacity, when electricity prices are high. You just shut off the miners, and start them back up again during the night or something.
Bitcoin mining could even be considered a POSITIVE externality, in some situations, such as when power production is so high, that the power plants sell it for negative dollars (ie, the extra power disrupts the grid, so they need to get rid of it.).
Mining is profitable, bitcoin is valuable enough to make it so, and it is valuable because it is doing jobs that people want to pay for it.
By definition, economically, it is not insane in the least.
Building systems that work without trust (supposedly) is of very limited social utility since increasing trust is what makes for a healthy society and healthy economy.
The rest of us who disagree should have the option of not using them though.
Technical people assume that a system without trusted intermediaries is a universal good because it is logically superior (I have certainly thought this myself) but that does not jibe with how most people feel and act.
The majority of people value trust to the extent that they will trust in things that seem absurd objectively simply because it makes them feel good. For them a system without trust is a negative.
If the key feature of blockchain is a negative for the majority of the population that does not bode well for widespread adoption.
If you don't care about that one feature, decentralized blockchains are strictly worse on a number of metrics.
- Create a digital token system that can be exchanged and accounted freely via a centralized server.
- Give it a name. Don't even call it a currency, let people use it as money if they want to.
- Give a limited amount to any citizen who wants some. Or maybe sell it, whatever. Just figure out a way people can get some. It can't be so hard.
- Promise there will never be more than some fixed amount in total.
Only governments could do something like that because despite everything, most people trust them about money.
It'd be kind of a mixed between the different money systems.
This is a database
> - Give it a name. Don't even call it a currency, let people use it as money if they want to.
A token that is used as currency is currency
> - Give a limited amount to any citizen who wants some. Or maybe sell it, whatever. Just figure out a way people can get some. It can't be so hard.
How will the token have value if everyone receives it for free?
> - Promise there will never be more than some fixed amount in total.
No one will fall for this again. Governments always print money to fund its own projects
> Only governments could do something like that because despite everything, most people trust them about money.
Bitcoin's price goes up because people don't want to trust government with money
But if the total amount of money was publicly visible, things could be different. For better or worse, people build trust from the past. If they see that the government has not raised to the total amount for many years, they may believe it won't do it either during many more years.
Kind of with treasure bonds. Despite the high level of debt most countries are in, investors keep believing the countries will pay back, because they have been for so long.
It's worth reminding people of the null hypothesis: Perhaps blockchains don't work.
I hate blockchain hype and I hope the whole bubble around it dies soon, but
even I can tell, judging from the title of the article and just the very first
paragraph, that the author doesn't know a shit about how the thing works or
why it is designed the way it is.
Blockchain does not solve consensus problem. It's a timestamping service.
Not a consensus solver.
And then the author draws dumb statements about what blockchain is from all
over the place. Why the hell would anybody think "proof of work" is
a "solution to denial-of-service attacks"?
> Blockchain does not solve consensus problem. It's a timestamping service. Not a consensus solver.
Certainly Bitcoin seems to be a distributed consensus system. Is your complaint that it takes a whole system on top to provide the consensus aspect, which might be considered separate from the blockchain structure?
> Why the hell would anybody think "proof of work" is a "solution to denial-of-service attacks"?
Isn't it? You can exchange QoS for non-malicious users for protection from DoS.
> Certainly Bitcoin seems to be a distributed consensus system.
It is not. Bitcoin only tells which of the pair of documents was earlier (a
document describes a single transaction). It doesn't allow to negotiate
a value. If you swapped producing the proof of work with sending the
transaction to a trusted third party for adding a timestamp, Bitcoin would
work just as well. Go read "trusted timestamping" topic, Wikipedia has a good
>> Why the hell would anybody think "proof of work" is a "solution to denial-of-service attacks"?
> Isn't it?
What service does blockchain protect against availability disruption? How?
Proof of work can be used to protect against denial of service. If you provide a web service, you can choose to require proof of work before serving a client to make the client commit some proportional amount of effort.
OK, then what do you mean by "consensus"?
> As long as we're using Wikipedia, the article for consensus in computer science explicitly mentions Bitcoin.
Yes, and wrongly, too. Especially that the specific problem of establishing
consensus that the Wikipedia page talks about has, since its very first paper,
the impossibility proof at 1/3 of the participants, compared to 1/2 for
Bitcoin (which means that Bitcoin is something different than consensus with
This seems to me to be exactly what Bitcoin does, where the "value" is the sum of all facts asserted on the blockchain.
Then, Bitcoin does not allow to choose "the sum of all facts asserted on the
blockchain", not any more than a typical DHT or a gossip protocol in
a peer-to-peer network. In fact, there is nothing resembling the end state as
in "we now terminate the protocol with this value as the outcome", which is
required by definition of any type of "consensus" term.
Also, have you tried, as I said two comments ago, swapping sealing
transactions using proof-of-work with a trusted third party that provides
unique timestamps for the transactions? Have you read what timestamping is?
Oh. Then I call him highly incompetent. I thought it was just a professor from
barely related field talking about something he wasn't supposed to be versed