Hacker News new | comments | ask | show | jobs | submit login

Hi. I'm Vinay Gupta, the release coordinator for the Ethereum launch.

Firstly, nobody believes that Proof of Work is here to stay - it's bleeding money from the currencies that use it at an astonishing rate, and as soon as Proof of Stake (or other algorithms) can replace it, they will. PoW is a direct financial drag on these economies, and it will not last long. Bitcoin will probably take longer to clean up its act than Ethereum, but that's largely for political reasons, not technical ones. Technically, it should be a lot easier to do than Ethereum, in fact. (It helps not being nearly Turing complete.)

Secondly, brute force is how things begin. The Unix philosophy has always suggested using brute force first: premature optimization is the root of all evil, as they say. We are at the very earliest stages of designing global public heterogeneous parallel supercomputers, and we should not be surprised that the early approaches are brute force.

It won't be that way for long.

> nobody believes that Proof of Work is here to stay

I do. I prefer to call it "Proof of Burn" instead of "Proof of Work". With Proof of Burn you can assure that it's difficult to create fake blocks because the attacker must burn even more petrol barrels that the good people.

Also, with Proof of Burn you get protection against an explosion of too many hard forks. If you have a hard fork in a Proof of Burn coin, the miners must select one chain to mine (or split the resources), so usually only one chain survives. In a Proof of Stake coin, after a hard fork the miners can continue mining in both chains.

>Also, with Proof of Burn you get protection against an explosion of too many hard forks. If you have a hard fork in a Proof of Burn coin, the miners must select one chain to mine (or split the resources), so usually only one chain survives. In a Proof of Stake coin, after a hard fork the miners can continue mining in both chains.

That's not what happened with the Bitcoin Cash fork though -- it resulted in "sloshing" between the two networks as miners would congregate in the currently-most-profitable network. That makes it so at any given time, one of the networks is easy to attack.

Look at the block creation and hash rates for BTC vs BCH:

https://fork.lol/blocks/time https://fork.lol/pow/hashrate

That is a contentious hard fork with a rule change, completely different from a normal fork caused by an orphan race. With proof of stake there is no marginal cost to playing multiple forks, ultimately opening up the network to a flood of competitive same-rule forks that have to be resolved using "weak subjectivity."

Adding layers of complexity like Ethereum's Casper to solve the incentive incompatibilities caused by the nothing at stake and long range attacks do not address the fundamental issues, as consensus then require users to agree on a list of bonded validators (for which there is no switching cost). "Phone a friend" consensus is objectively weaker as a security model compared to POW which just requires users to validate the rules and calculate the chain with the most work.

POW is secure because it requires energy from outside the system to be provably burned. It's thermodynamically sound in that respect. /u/nullc recently described POS as a logical tautalogy which I think captures the issue well. If chains were a car, Bitcoin would be fueled by gas and a POS coin would be fueled by the leather on the seats. You're not going to get very far.

> It's thermodynamically sound

Due to the algorithms being inefficient

If that is resolved then the entire history will be suspect

And any thermodynamically similar future will have to compete on constants and exponents

Or you could regulate the hardware, 'this blockchain is only compatible with, and so calculated on, a gateway lt1700 with exactly 640k of ram' ;P

>> It's thermodynamically sound

> Due to the algorithms being inefficient

This is by design, when the hardware gets better Bitcoin network starts requiring even more work, so being "efficient" is actually what is not desired here. See: https://en.bitcoin.it/wiki/Difficulty

You seem to have a deeply intuitive knowledge of blockchain tech, and you've posted with a throwaway. I'm assuming you are a well known member of the community.

At risk of being petty, no, they don't and aren't. See sibling thread: they're not disputing the core point I raised (that PoW schemes are not immune to being weakened by forks), but changed the topic to different one and seem to have copy-pasted general arguments in favor PoW. (It's copypasta because they have a cryptic reference to a poster on a different forum, /u/nullc that doesn't help us find the argument here without searching their history on reddit [I guess.])

It doesn’t sound like you’re disagreeing with my claim that forks under PoW (at least of a specific kind) can make the branches vulnerable to attack as soon as the hash power sloshes away; your comment is only speaking to PoS and a different kind of Bitcoin fork that doesn’t match the BCH one.

No, I am disagreeing with you. You are claiming that the hashpower oscillations between BTC and BCH contradict the GP's comment, when in fact you have you missed exactly what I and the GP have said:

>the miners must select one chain to mine

I am pointing out that the "sloshing" is in fact perfect evidence that they are only mining one chain at a time, or splitting their hashpower to varying proportions. This is completely normal and healthy miner behavior, they are simply greedy actors looking for the most profit. They cannot however mine both chains with their full hashpower for free (as you can with PoS), and this is an essential understanding when analyzing the security model of a consensus algorithm.

Also, the oscillations are most commonly exploitable only when the difficulty adjustments happen very quickly (see: BCH's EDA), so if 70% of the hashpower left, even if 16% of the remaining hashpower was malicious, the efficacy of a 51% will be handicapped by the disproportionately high difficulty.

Sorry if I’m being dense here, but I don’t actually see how you’re disputing that the threshold for attacking a single fork has (in the example) fallen from 51% of all bitcoin-capable miners, to 16%.

I don’t care whether sloshing is “normal healthy behavior”. I care whether a fork has become easy to attack. You seem to focus on every topic but that one.

I guess you are missing the entire point of this conversation. It is about the marginal cost of participating on multiple chains with PoW. You can point out oscillations as much as you like, it doesn't change the marginal cost. You are pointing out something that is entirely orthogonal.

Your point was different from my point. I entered the thread to dispute that PoW schemes aren't weakened by forks. Here's the exchange where I came in[1]:

Original comment: "Also, with Proof of [Work] you get protection against an explosion of too many hard forks..."

My reply: "That's not what happened with the Bitcoin Cash fork though ... any given time, one of the networks is easy[er than 51%] to attack."

If you're not disputing that point, then you're not refuting my objection to that original comment.

[1] https://news.ycombinator.com/item?id=15606486

IMO PoW scarcity is only more important to the future of cryptocurrency than global speed and cost of exchange if: You are already heavily invested in PoW coins.

Proof of Work (PoW) is inherent inferior to Proof of Stake (PoS). PoW is just the most simple way to archive consensus through cryptoeconomic incentives and that is why first blockchains implemented it.

It is not true that on PoS you can mine multiple forked chains without being penalized. On the chain that "wins" you can be penalized for mining multiple chains which is clearly bad behavior.

The main problems of PoS that Casper, the Ethereum implementation, is trying to solve are "Nothing at Stake" and "Long Range Attacks". Both problems are being tackled right now and close to be solved.

You don't give any support for your initial thesis, nor does the post you're responding to.

Make a technical or economic argument.

Meanwhile: http://www.truthcoin.info/blog/pow-cheapest/

What does "close to being solved" mean? These types of problems are either solved or not.

> It is not true that on PoS you can mine multiple forked chains without being penalized.

You're confusing multiple branches competing for being the most-cumulative-difficulty branch, with multiple distinct cryptocurrencies resulting from a hardforking code change.

Penalization only applies to the first case, but the parent was talking about the latter case. E.g. a miner could mine both ETH and ETC once both adopt PoS.

True. OP said hard forks and I talked about natural forks.

I don't see any problem in hard forks and being able to stake on multiple chains. Let people hard fork as much as they want and decide, later on, which chains hold value.

>decide, later on, which chains hold value

How? Who decides?

This is really where every PoS algorithm seems to break down. The whole idea of blockchain is to build a decentralized consensus, and PoS just handwaves it away.

>Who decides?

Every user of the system.


Mostly by taking in consideration the differences of the software from both chains.

Counterpoint, on the thermodynamics of PoW: https://download.wpsoftware.net/bitcoin/asic-faq.pdf

What is stopping Proof of Stake from taking over? Nobody has worked out a good way to do it yet?

Could Bitcoin realistically replace its Proof of Work protocol with Proof of Stake later while maintaining the same blockchain?

No one has yet created a Proof of Stake system that offers the same guarantees that Proof of Work offers. In fact, there are arguments that it's not possible [1]

You can implement any feature you want in Bitcoin, but for a feature like this (hard fork), you need to convince all users to upgrade. I think it's really unlikely you could sell a switch that drastic in Bitcoin land, especially considering the current unknowns.

[1] https://download.wpsoftware.net/bitcoin/pos.pdf

They can't even increase the block size, how would they introduce this?

The max block size for bitcoin went from 1mb to 4mb in August of 2017. The ONLY reason it took so long is that the courtesy signaling that core put in for miners was used as a veto as part of this anti-bitcoin effort to try and increase centralization. Please at least familiarize yourself with the oppositions arguments before stating conclusions like this.

8 years to change the value of a constant!

Remember that Bitcoin is about distributed consensus and for the change to apply a vast majority of users need to approve. Take any other software and see how many people still use old versions (e.g. Microsoft Office). In Bitcoin that wouldn't be acceptable for the change to work.

> Nobody believes that Proof of Work is here to stay...

Why not? PoW is a classic case of Worse Is Better:


Because it's insanely expensive to operate a PoW blockchain. We literally set things on fire to generate electricity for these global brute force algorithms. Proof of Stake uses game theory (you will avoid cheating if cheating costs you money) to replace expensive raw computing power.

It seems likely that it is exactly that expense which make bitcoin and other PoW blockchains successful.

The proof-of-stake algorithms can disincentivize cheating within the blockchain, but I haven't seen any that have the type of external cost that PoW blockchains have. The fact that so many people are investing so much power in bitcoin vs. other currencies is likely much of what gives it so much value.

PoW coins have a multi-year headstart, and Bitcoin didn't have any truly interesting decentralized competition until Ethereum. Ethereum is moving to PoS, I presume because being able to more cheaply and quickly execute smart contracts is deemed more valuable than artificial scarcity. A sentiment with which I could not agree more.

The problem then becomes how do you determine the 'real' Ethereum. For Bitcoin, it is generally understood as the blockchain with the most proof of work.

With proof of stake, what's the disincentive to participate in all forks, or even a large number of alternate histories. If there are multiple Ethereum blockchains using PoS, how can I as a new user determine which one is 'the' Ethereum?

The one with the most utility (connected services, ability to spend, and other infrastructure).

Ethereum is going to PoS as a mechanism to reduce liquidity and increase the coins price. Nothing more. The entire history of ethereum is full of a lot of... less than ideal decisions like this.

Whether or not that's true, I literally have code sitting on the shelf waiting for it be cheap enough to run on ETH, and I think PoS will make it cheap enough.

Ethereum is moving to PoS because it would greatly help with scaling. Once Ethereum has Casper, they can start thinking about implementing sharding allowing on-chain scaling.

it's insanely expensive to mine gold, but we do that too. there are shared delusions about what we are willing to trade our labor for. it doesn't have to make sense.

Yes, and we'll also eradicate the rainforest for profit even though that might spell doom for the ecosystem of the planet. Only because everyone does something doesn't mean it's a good thing to do.

You know how much energy goes into TV? Video games? Driving on vacations? Flights to Thailand? Concrete for skate parks? I don't understand the obsession about blockchain energy use when a significant amount of energy is used on other more frivolous pursuits without question.

Every single thing you mentioned benefits from increases in efficiency that drive down the cost of these pursuits, making them accessible to more people.

Sure, but that's side-stepping my point.

IF it were insanely expensive, nobody would mine. That you don't value the results, doesn't change the economic value of the activity you don't like.

A few years back anybody with a decent home PC could mine BTC, nowadays the barrier for entry pretty much requires a truckload of Nvidia products (or customized ASICs) and subsidized electricity.

Fast forward a few years ahead. Do you see more or fewer miners participating in such ecosystem?

PoW as it’s currently implemented encourages centralization.

> We literally set things on fire to generate electricity for these global brute force algorithms.

Who's "we"? Because I don't. People who mine do. They do it by their own free will. It's their resources they spend.

If you want to talk about setting things on fire for no reason, let's talk about smoking. Google tells me more than a billion people smoke. I'll argue that the maintenance of a decentralized, publicly accounted money system is more useful than people inhaling tobacco smoke.

> It's their resources they spend.

It's the global commons: carbon and other pollution from electricity generation, fossil fuel extraction. Manufacturing and building wind farms and solar arrays also have an environmental impact.

If you want to compare Bitcoin deflation to substance addiction, I'll agree with you all day long.

Worth noting that the vast majority of bitcoin is mined from hydroelectric power.

Ironically for the ether pumpers on this thread, the primary crypto currency that is powered by burning coal and oil is ethereum.

Do you have numbers to support this. Because, as they say in the industry: if all we have is opinions, let's go with mine.

It has to be, otherwise there is an arbitrage opportunity : hydroelectric power is the cheapest there is.

Well, I hadn't really looked in to it before, but a bit of a search proves your both right.

Forbes says "The largest share of the miners are located in China, close to the border with Tibet where cheap hydropower is relatively abundant."[1]


Better in the sense that you can make money with it. Still decidedly worse for society, as the OP elaborated.

What if you having a personal near-guarantee that this weird asset you hold onto stays deflationary _isn't_ the most important problem for blockchains to solve?

Currencies' value lies in their usefulness as a means of exchange. Cheaper operation of the network and faster verification of transactions make for a better currency.

And the more powerful Ethereum-like blockchains that remain on a Proof of Work system are too expensive to perform their most interesting possible duties. Cost and speed improvements are essential for making the next leap forward.

It makes absolutely zero sense to bend to holders' "I must have a guaranteed deflationary asset, or I will complain to all my libertarian friends" desires. There are so many more important things to do with blockchain tech, including more globally important ways to create wealth.

EDIT: "You" is not the parent thread. I'm just expanding on what the parent said.

I'm with you, only I kind of wonder how many people actually see them as actual currencies. In any case I don't think that prospect is what is fueling the current hype.

I remember an article a while back that was arguing that Bitcoin is currently undecided whether it wants to be a currency or an asset. Currently, coins seem to be treated mostly as assets and I don't see indicators of that changing anytime soon.

IMO the problem with Bitcoin as an asset, over the long term, is that its proponents' nearest comparison is gold. Gold has at least _some_ intrinsic value, and more importantly it has millenia of history as both an asset and a means of exchange. If Bitcoin doesn't get off of Proof of Work, it's entirely plausible that it will be superseded by a Proof of Stake coin that has more utility.

Which is not even to mention my most cryptocurrency-controversial belief: Gold is the only deflationary asset that might not flash-crash into non-existence as a hoarder favorite.

Name the most prominent cryptographer that is in favor of PoS, in my research, very few who have studied this science for decades think it's possible.

What's it going to take to make it work?

I know no cryptographers that have studied PoW for "decades" in the context of cryptocurrencies. Even Bitcoin itself is less than decade old.

Adam Back came up with the idea of PoW with BitGold I beleive

Proof of work isn't a big concern if the hard problems are also economically valuable to solve; there are myriad such problems.

No they aren't.

For a PoW to be valuable it needs to be cheap to verify. Hard problems usually aren't.

What? Any NP-complete problem is "cheap" to verify vs. to solve. You're telling me there are no economically valuable NP-complete problems?

If there are, why has no one built a coin around it unstead of using untold watts to calculate hashes?

They did, like protein folding.

Part of it is that if its going to be a currency, its not particularly appealing that some group gets arbitrary benefits from the act of mining, for free. The government has the power to force such a currency on us, but otherwise, unless the economically valuable activity is globally valuable, its a difficult proposition to justify.

umm, generating a block whose hash starts with N consecutive zeroes (e.g. 000000009A8C3...) seems to be exactly that - an NP hard problem that's trivial to verify in polynomial time.

yes, but it's not useful in someway outside of the blockchain, which was the thrust of GP's argument.

Isn't the entire NP class hard to solve, cheap to verify? Im sure some economically valuable problem can boil down to an NP problem...

Most solutions to NP problems are cheap to verify.

What you want are "moderately hard functions": functions that are neither easy nor excessively hard.

If a proof of work solution is economically valuable to solve, the hashrate will just increase to the point where it's just marginally profitable again.

There's nothing cheaper than proof of work: http://www.truthcoin.info/blog/pow-cheapest/

The real reason Eth and others are going with proof of stake is that it locks up coins and thus dries up liquidity... this is a way to pump the coin price.

It doesn't provide the same level of security as Proof of Work, and the idea that Proof of work is somehow bad because it uses electricity is nonsense.

That's like saying we need to stop digging gold up out of the ground because its expensive, and we should just trade paper receipts for virtual gold.

The above post is not an actual technical argument (notice its logic is circular) and is just the type of typical FUD pumping of Ethereum you get from ethereum people.

I was with you, till your second paragraph and how the Unix philosophy has always suggested using brute force first. I don't believe this is so, can you provide any such evidence? Unix has never had such a philosophy.

I can’t speak for anyone else, but the move to use shell builtins rather than spawning processes for say `true` (as the most extreme example) could easily be considered an example of Unix having started with brute force and having become more elegant.

Totally agree. Bitcoin is version 1 of blockchain tech. Absolutely impressive, but certainly not the last word. It would be as if everyone stopped working on cars after the Model T was introduced.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact