However this article claims 29.05 TWh/year, basing it on Digiconomist which is the work of an amateur and known to overestimate by ~2×: http://blog.zorinaq.com/serious-faults-in-beci/
BM1387 has worse performance than 0.10J/GH @ the wall in practice. Bitmain has released 3 BM1387 based miners (S9, T9, R4). Only two are intended for industrial use and should seriously be considered (home mining is dead):
* The S9 is advertised as pulling 0.098 J/GH +10% at the wall on a 93% efficient PSU. 
* The T9 is advertised as pulling 0.126 J/GH + 7% at the wall on a 93% efficient PSU. 
However, measured performance in the field tends to be a better indicator. BlockOperations tested the T-9 and S-9 with wattmeters and discovered that the Batch 16 12TH S-9 burns 1329W at the wall and the 11.5TH T-9 burns 1352W, for an efficiency of 0.111 J/GH and 0.117 J/GH respectively at a fairly cool (60F) room temperature . If the room is hotter (most mines are) the fans spin harder and the efficiency gets a tiny bit worse.
Only the earliest batches of S9s that had fixed frequencies achieved 0.10 J/GH, but they had serious issues with reliability and stability so bitmain switched to variable frequency, which helped the reliability and stability but hurt the efficiency.
Another thing you might want to factor in is that the actual hashrate of the bitcoin network is higher than the network difficulty indicates. Remember, roughly 2% of generated blocks are orphaned and never counted, so you should adjust your estimate upwards somewhat to account for that missing hashrate.
= 15000 GWh/year
= 41 GWh/day
= 1.7 Gwh/hour
= 1.7 GW
Given bitcoin's current throughput that's about 1 exaFLOP equivalent per bitcoin transaction.
There is no wealth being created here, merely a lot of wealth being rapidly redistributed with a great proportion of that literally turned into heat.
This will not end well.
A block adds an extra confirmation to all transactions in the chain, not just those in the given block. The goal is to make the entire chain as difficult to alter as possible, and each added block increases that difficulty.
Of course, that doesn’t rule out that your claim is true, but it does make me wonder whether it does.
I would guess kWh is used because it makes it easier for customers to verify that they aren’t scammed, given that appliances are tagged with Watts. I guess appliances are tagged with Watts and not Joule/s because it is easier to use a single unit than two.
I did try to find out when it was defined but failed, so thanks for digging that fact up!
That is for books and must cover mentions of both Watt’s and Joule’s name and of the unit (and, likely, way more of the names. The units typically are abbreviated), so I don’t think that proves or disproves much about wide use of the units.
The difference before 1860 probably is there because James Prescott Joule was less than a year old when James Watt died in 1819 (at the age of 83)
Edit: https://books.google.com/ngrams/graph?content=kJ%2CkWh%2Ccal... seems to support the claim that “Joule” came up relatively late.
1.7GW lacks a time frame, 15TWh/year is more useful in that context, even if you can just short it down to 1.7GW.
or 1.71ish gigawatts -- https://www.google.com/search?q=15+terawatt+hours+per+year+t...
I'm pretty impressed google handled that conversion. I mathed it out independently but not even wolframalpha got it.
$ units -v "15 TWh/year" "GW"
15 TWh/year = 1.7111933 GW
15 TWh/year = (1 / 0.58438752) GW
Does it achieve any of those words in practice?
“Censorship resistant” - Regulatory authorities are seemingly having as much impact on bitcoin as any other financial instrument.
“Decentralized” - It is not particularly decentralized. The fact that multiple nodes maintain the same log provides very little decentralization of much of anything. Here’s folks representing 90% of the hashing power of bitcoin on a stage: https://mobile.twitter.com/lopp/status/673398201307664384?la... That’s about the same number of people on the board of governors for the US federal reserve, to be fair. But to be fairer, the US dollar is one of 200 or so nation state backed currencies in the world and the federal reserve can’t invalidate transactions that have already occurred using their currency.
“Payment system” - It is not doing very well at that at all. Almost every competing payment system offers more predictable and consumer friendly behavior.
Bitcoin can though. 51% of users could just outright fork and annul whatever transaction they want, no?
In addition, we’ve learned over and over again that non-reversibility is not necessarily even a desirable property to have in a payment system, which is why so many non-cash payment systems have built those in.
Holding and/or transporting large amounts of cash is extremely fraught, especially across borders. US legal authorities regularly seize cash without due process and without meaningful judicial recourse. Most US banknotes are contaminated with cocaine, so it's prima facie laughable that a narcotic-detection-dog alert on a pile of money is seen as sufficient evidence that the money was obtained via the drug trade (thus allowing its seizure) -- yet this is a very common tactic.
The ability to transact in cash is meaningless if governments (and entities authorised by governments, look up "sewer service" or "gutter service") can seize cash without even a pretence of due process.
Provides one of the world’s greatest supplies of irritating quasi-libertarian euphoria, as well, of course.
A Brazilian man used Bitcoin to evade a judge's extortion attempt:
Bitcoin would have helped Cyprus citizens avoid banks confiscating their savings:
Businesses use Bitcoin to avoid fraud, like this $100,000 charged backs twice:
Bitcoin helps people continue to do business online, eg. when alternative PayPal exited an entire country:
Bitcoin helps people have ultimate control on their money, unlike cash when for example a bank blocks a woman from accessing her account:
Bitcoin helps people escape abuse from the DEA using civil forfeiture, eg. when they stole $16,000 from a young black man:
More recently, Bitcoin becomes a safe haven when the military executes a coup:
And hundreds and thousands of other examples...
He was ordered to remove a video from his channel where he practices slander and libel (both crimes in Brazil) against a congresswoman, he refused, the judge ordered the fine, he traded all his money to bitcoin to avoid the execution of the fine.
I wouldn't call it a extortion attempt, if you see his videos you'll see that he openly mocks the justice and expose details of the case that was occurring under "secret of justice", where the parts can't talk about it until it is finished.
You can disagree with the decision, but it wasn't extortion, he practiced slander and libel, was ordered to remove a video, refused, was fined for that.
By moving the fiat money into bitcoin he moved them out of the judgde's control. That in itself proves the usefulness of the coin.
But even then, this isn't the point.
The guy lives in Brazil, so USA laws are completely irrelevant, don't know why you brought up this point, but anyway, he commited a crime, defied a court order and hid his assets, besides that, he boasted that on following videos, in one of them he claimed that slander should be legal, his opinion, perfectly valid, I don't agree, but he did that just because HE knows that he commited slander.
The guy is a piece of work, defending him like he is a noble fighting the big and evil hand of the government is a joke that only ancaps don't laugh at.
Anyway, bitcoin is a libertarian/ancap tool and strategy created to minimize the power of the state, and most of us libertarians believe there are inalienable rights that cannot be superseded by state laws, and this includes freedom of expression. If you are against libertarianism than you should be really afraid of bitcoin, because it was made as a tool to subjugate the state, to evade tax and fuck up with commies. And it's working.
I don't really know why a lot of people act like freedom of expression means that you can say anything without consequences, if there's not a state to enforce law, a lot of stuff that would qualify as freedom of expression would be solved by violence.
He evade taxes, but still enjoy the benefits of the state this is a clear hypocrisy that I see in a lot of the admirers of Ayn Rand.
Also, ancaps that believe that property is a natural right that would exist without a state to protect it are completely delusional.
In your list of examples Bitcoin is the hero that saves individuals from the oppression of a government or regulation, but sometimes it's the bad individuals (e.g. tax evasion) against a government and suddenly it's not so bad if there are ways to seize assets and close their accounts.
You need to get your transactions accepted to the ledger and you need to pay for that to happen as well (I guess whether the mining network is a third party is debatable).
Not mentioning that people will most likely use some sort of intermediary for their digital wallet to begin with.
Currently the best real life "use case" of Bitcoin is digital gold, a form of electronic store of value.
I think this is the biggest problem with cryptocurrencies. Reversible and traceable transactions are a feature of real money, not a bug.
That depends. Having a paper trail of your money in local tax office sometimes means you would be shot in a head and buried in a nearest forest.
When armed insurgency happens (and yes, they do happen) all you see in the news is "Country A" occupied parts of "Country B", but on the ground you would have armed people going full-DAESH on local tax offices to see whom to demand ransom from and that would be law-obeying people with paper trail for their earnings.
Looking at the big picture, this is even worse: the way you don’t have Daesh is by having a strong society which has the resources to fight them off. A society with rampant corruption and black market activity is exactly how you create the conditions for them to thrive!
No, I just forgot cash existed for a second.
For example I can accept my earned money on account in Ukraine, pay taxes here, but can't send it back to an investment account somewhere EU. This just can't be done.
Even more sillier - some time ago it was illegal to merely have an account in foreign bank without obtaining personal license from central bank here.
So yes, there are cheaper ways and there are simpler things and there was people who were sent to GULAG for doing "illegal money transactions".
Luckily trends show that this will happen soon, but other challenges posed in Africa is political stability (e.g. government decides BitCoin mining is illegal or imposes unreasonable taxes due to lack of understanding), lack of competency, and other types of infrastructure.
The only countries I can see that are suitable are South Africa and Namibia.
8.584 / 109613 = 0.00008 = 0.008%
(109613 TWh is the annual world consumption number you used)
P.S.: I think this is a high estimate, because companies like BitFury have access to much more energy efficient asics which they're keeping secret. We should at least re-calculate this using the new DragonMint miner numbers instead of S9.
And you’re a professional bitcoin power consumption analyst then?
The kid who edits Digiconomist is a fresh finance grad with no tech background and who has zero mining experience.
By the way it is important to note that with each block halving in a simplified model (ignoring fees) should reduce the hash power by half.
Proof of Stake might help us here: https://medium.com/@zby/proof-of-stake-can-be-cheaper-than-p... - but it is not entirely clear that there are no holes in the PoS systems design.
But the HN community wants something like "Proof of planting a tree" or something like that...
Take a look at "Proof of Space" and "Proof of Time" by https://chia.network/
Oh, wow, -- lightbulb -- I didn't notice this until I started to write this post. I was going to ruminate about what PoW could we possibly do instead (presuming we need PoW for a good cryptocoin).
Now I'm thinking that this is the correction that will finally level off speculation?
Bitcoin's value is bounded: it can't be worth much more to humanity than the sum of all global financial services (likely worth much less). But its energy consumption is only bounded by the perception of its future value. Hash rate growth is fueled by speculation in continued growth in the bitcoin exchange rate.
At some point the energy consumption may grow fast enough to damper excitement about future gains. Then again, with each halving the inflation rate slows. So it's calibrated to keep increasing.
I wonder if the next Bitcoin community crisis will be different approaches to difficulty or reward. Those seem much more "untouchable" than block size, so hopefully not.
Finance is about 7.3% of U.S. GDP . The U.S. produces about 1,000 gigawatts of energy per year . A first-order estimation thus yields 73 Gigawatts for finance. So about 22 times Bitcoin’s 3.3 gigawatts .
About $1.5 billion of BTC change hands every day . That’s $550 billion a year. U.S. non-cash transaction volume is like $180 trillion a year . So about 330 times the size of the Bitcoin economy.
Bitcoin thus appears about 15 times less efficient than the non-cash status quo. Given finance is less energy intensive than most of the U.S. economy, this is likely a lower-bound estimate. Worryingly, I ran these numbers 2 months ago . If the power estimates are accurate, the Bitcoin network is becoming less efficient. (I assume the variance is explained by measurement error.)
 https://digiconomist.net/bitcoin-energy-consumption#assumpti... ~29 TWh / year
You can make calculations today, but they're somewhat meaningless. The reason is, miners don't mine to secure the system and earn money on transaction fees. They mine to earn from new bitcoins being created.
As such, miners total expenses will approach the rewards in bitcoin, which has been >90% of a miner's income.
Long-term, bitcoin will either die, or it'll switch to a system where miner's primary income is from transaction fees. At that point you'll see cost per volume come down to something much more sensible.
In the short term this transaction cost to volume ratio tends to get worse as the price increase outpaces usage. Bitcoin's price increased over tenfold the past 12 months or so, usage didn't, so you'll get a whole lot more mining expenses (electricity) spread out over not many more transactions. But again, that's only because mining expenses currently are linked to bitcoin rewards for mining which correlate with price increases. Bitcoin is designed to phase that out, so again, this is a temporary situation, whether bitcoin has 100 users or 1 billion, this shouldn't last.
disclaimer: not holding any bitcoins.
How do you figure? Miners mine bitcoins and sell them at the current exchange rate -- not a future one.
Mining to speculate on future price increases make no sense. If you believe the price will rise, just buy bitcoins now (no reason to mine them at a loss).
IMO, the interesting number isn't the cost of mining or the value of the bitcoins in dollars, but the value of goods and services being bought directly with bitcoin. If everybody treats it as an investment and never spends it, or immediately cashes out, then isn't it essentially just a big ponzi scheme?
How many people are there who are willing to use, say, 10k USD of their own money for gambling? How many greater fools?
Then again, some of those "greater fools" could be people holding Bitcoin that they collected from ICOs, so who knows.
As they say, the really tricky part of attempting to profit from the bursting of bubbles is the timing.
What's the difference between "all global financial services" and "the global economy"?
If every asset was publicly traded, and those stocks were all denominated in Bitcoin, wouldn't the value of Bitcoin be the entire global economy?
Or are you talking more pragmatically, where "financial services" is all assets that it's economically valuable to denominate in monetary terms, and there is some set of other assets that are kept "off the books", like an uncapitalized startup, or an employee, or something of that nature?
Like, I would consider "financial services" to be a subset of things that are denominated in the US Dollar, but Bitcoin could potentially be used for that whole set, not just the financial services segment.
Banks use electricity too, in order to keep the literal lights on at their buildings.
With bitcoin, we have electricity consumption per transaction AANNDDD lights in bldgs to provide services like loans, insurance, trading?
It is not an easy problem.
Also, I've never needed to go into a bitcoin bank in order to talk to a bitcoin bank teller, so that the person at the front desk can deposit my Bitcoin check.
So I'd argue that there would be a whole lot less literal lights in a building, because you don't need to handle those in person services like that.
But this is also ignoring the fact that it is a fundamentally different problem that is being solved.
The problem that Bitcoin is trying to solve is a decentralized payment system that can't be censored by a central authority. Let me know when a real life bank can do THAT.
The amount of energy that goes into maintaining accounts will be the same with maintaining wallets.
The fact that any central authority/gang/thief can seize my wallet by simply stealing my password is a bigger problem than a bank holding on to my transactions...a bank I can trust because of rule of law.
Now we'll have to have fraud prevention for bitcoin...which means more additional energy.
It will be too big to fail and we will close a school somewhere to bail out the value of a string of ascii.
The governments of the world could, at great cost to themselves, but not beyond what they could withstand if necessary, I think, destroy bitcoin.
If bitcoin was a superintelligence, I think it would have dealt with that already?
Just because something can be modeled as an intelligent agent in some respects doesn't mean that it has extreme intelligence.
The agent that is bitcoin is only one part of the agent which is the market. People mine bitcoin because they want to, often because they want to profit monetarily. They profit monetarily because people want bitcoin. People want bitcoin for a variety of reasons, but mainly for either speculation, or for ease of certain types of monetary transactions.
If we say that bitcoin wants btc to be mined, what does gold want? Does gold want gold to be mined? I realize that there are of course differences, and important ones, but I'm not sure why they contribute much to bitcoin being modeled as intelligent.
I suppose that the possibility of bitcoin changing as a system in a way that people agree on might change something, but I'm not sure how much.
If bitcoin were truly optimizing for the amount of bitcoin in existence, and was able to modify itself to this end, why wouldn't it remove the block reward halving feature?
No, instead, the rate of bitcoin production mostly aligns with the originally intended schedule. The difficulty is adjusted over time in order to keep the time between blocks relatively constant.
The incentive for miners is not "If you use more computational power, the (expected value of the) amount of bitcoin produced will be greater, and you will get that extra amount.". It is "If you use more computational power, the amount of bitcoin produced will be the same, but you are likely to get a larger proportion of it.".
It doesn't act by incentivizing people to take actions which cause there to be more bitcoin (uh, on the margin I mean). As incentivizing people is the only way that it acts, it therefore doesn't act to maximize the amount of bitcoin produced.
So, it is not an agent acting to maximize the amount of bitcoin produced.
Hm, in that case...
It is true that those holding bitcoin are incentivized to cause the price to increase (though this is also true of other currencies.)
But I'm still not sure how it behaves "acts" particularly intelligently towards that end.
Do you mean maximizing the total value of bitcoin, or the price of 1 bitcoin?
I don't think bitcoin is able to incentivize people to increase the price of one bitcoin if it comes at the cost of them having less value overall (e.g. if there is an action that would lead to everyone having 1/3 as much bitcoin (with the rest becoming unrecoverable) and it also resulted in the price of bitcoin doubling, the people holding bitcoin wouldn't be incentivized to collectively take that action.), so its ability to maximize the price of 1 bitcoin doesn't seem like a goal it could achieve maximally ruthlessly.
Maximizing the total value of bitcoin held...
hm, I'm still not seeing how modeling it as extremely intelligent helps.
By "Optimizing for BTC" do you mean optimizing for the highest number of transactions? You can't mean total BTC outstanding because that's pegged to an equation.
And in terms of the "intelligence" are you referring to the protocol itself, or the human/machine apparatus around it that's trying to make money?
On the face of it, it doesn't seem particularly different the the "emergent superintelligence" optimizing for USD, but I like your idea of looking for emerging fixed incentive structures as a place for AIs to run amok.
Clarification: I should have said "optimizing for value of BTC".
Not protocol, the emergent system that has as its goal the maximization of the value of BTC.
Creating bitcoins is merely a subgoal, developed as a means to propagate more freely between regions controlled by hostile agents.
I don't know the endgame, but consider if the rational decision of any investor becomes, with high confidence, to convert most of their money to bitcoin. What happens to the rest of the economy?
For example, one problem with proof of stake is that private keys only have value while you still hold onto them. Once you sell your coins, your private keys are no longer worth anything, which means you could potentially even sell these keys to an attacker with no risk to yourself.
The attacker of course does have value though, if someone can gather enough private keys together for a specific snapshot in time, they can create an alternate history.
Another big issue with proof of stake is that once you have a certain amount of stake, through diligence you are always guaranteed to preserve that amount of stake. And even further, if you are a validator who approves transactions, your permission is required when someone else wants to buy stake. An attacker who is able to gain enough stake to commit an attack for a short period of time can commit that attack forever.
With PoW, hashrate requires heavy ongoing electricity expenses. Getting to 51% does not mean that you will stay at 51%, and there's little you can do to stop someone else from buying more chips to push you back below 51%.
There are a lot of other fundamental issues with Proof of Stake, and a lot of good reason to believe that it will never be viable in the fully decentralized, fully trustless environment that bitcoin thrives in.
This only works for histories older than the account deposits for stakers, which will likely be 4-6 months. In other words, a person using ethereum's POS will need to turn on their computer once every 4-6 months to sync to the network, while stakeholders still have their deposits locked, to make this attack impossible- However, I agree this is less optimal than POW in a theoretic sense but the issue is pretty negligible.
(for those interested in learning more about this line of argumentation and who want to understand why regular syncing to the network is needed to counter this attack, look up the term "weak subjectivity" on Google.
> An attacker who is able to gain enough stake to commit an attack for a short period of time can commit that attack forever.
No, an attacker's addresses will be known and the protocol will slash their funds for most types of attack. In the cases for more difficult attacks that the protocol cannot slash for, the community can fork the network an exclude the attacker's accounts (something not possible in POW where a miner staging an attack can switch addresses at will.)
The reverse is actually true: If there was a successful 51% attack against bitcoin, the hashrate would drop precipitously (since the value of the currency and mining profitability would drop) and hence the attacker's 51% would skyrocket to an even higher number immediately.
> a lot of good reason to believe that it will never be viable in the fully decentralized, fully trustless environment that bitcoin thrives in.
I'm pretty confident Bitcoiners will clamor for a POS algorithm in a few years, once it gets marginalized by POS coins. But you Bitcoiners are definitely welcome to hobble along with the status quo approach if you like :-)
Forks are always possible but, they’re not the solution, they’re the problem that a blockchain tries to avoid in the first place, because they lead to the issue: which chain do we follow?
If the community were able to organize itself to reach consensus on a given transaction history, we wouldn't need a blockchain in the first place.
The argument is not that we would fork away attacks, the argument is that we can threaten forks to remove the incentive to attack in the first place.
> If the community were able to organize itself to reach consensus on a given transaction history, we wouldn't need a blockchain in the first place.
Well, the idea is that the community can't police every transaction, but they WOULD be able to give input once a year in an emergency situation- And we can show that these "emergency situations" would be infrequent (if they happen at all) due to the fact that an attacker will forfeit large amounts of money with every attack.
That only works if you were already bootstrapped to the network. But if this is your first time joining the network, how can you tell?
Weak subjectivity more or less becomes a proxy for letting the major players decide. If your friend says that they've been on the chain for years and chain 'X' is the true chain, but blockchain.info is saying that chain 'Y' is the true chain, what happens? How can you tell if both seem valid? If a Proof-of-Stake system had an NYA-style agreement to perform a hardfork that benefits major players over individuals, would you be able to fight it?
I think it would be much harder in a Proof-of-Stake system than in a PoW system, because in PoW creating an alternate system costs hundreds of millions of dollars in electricity.
> an attacker's addresses will be known and the protocol will slash their funds for most types of attack
This only works if you can get a transaction through to prove on-chain that the attacker has been double signing. If you can't (which you won't be able to because the attacker has control), you can't slash their funds.
> If there was a successful 51% attack against bitcoin, the hashrate would drop precipitously
The hardware doesn't magically stop existing. It may turn off, but many miners have contracts with electrical companies that require them to use the electricity. But even with that aside, the hardware would merely turn off. Buy some more hardware, and then you can coordinate with the existing honest hardware to resume mining, now outnumbering the 51% attacker.
Another issue with PoS systems: they traditionally have very low participation rates. A 51% attack in a PoS system is often more like a 10% attack, because only 20% of the people are actually staking their coins anyway.
In a market as volatile as modern cryptocurrency (remains to be seen if volatility would drop), it's very expensive to stake your coins for 6 months in a row because that means you can't be doing any trading on those coins, or deploying them as any other form of capital.
Is this really true? There are a ton of factors that mitigate the value/importance of a 51% attack:
1. You still can't spend other people's money. You spend your money twice. Your damage is limited to people who you've transacted with.
2. You can't arbitrarily rewrite history, you can really only play with very recent history. You have to pick a point that you're going back to, and the further back you go the harder it will be to catch up to the original chain. The smaller your margin over 50% the slower the catch-up will be.
3. You're out in the open. Let's say you have 51% power, you still will need hours or days to catch up to the original chain. In that time, people will be able to very clearly see what you are doing and can decide to blacklist your chain. White hats can also bring more computing resources online to make it even harder for you to catch up.
4. During your catch-up period, you need to be able to get your assets out of the blockchain. That's a very specific constraint. If you are trying to buy two boats with the same money, you need to get the first boat off the lot during the time between your first transaction and the moment your fork catches up to the original chain. If the seller of the first boat is watching the blockchain closely, they might even be alerted right when you fork the chain, before you've even caught up. You also need to prevent the seller of the second boat from figuring out what you're up to before you get the second boat off the lot.
5. You're still subject to all existing law enforcement. You still stole a boat.
So who's really at risk? Basically, people doing huge transactions purely within the crypto realm, where the assets can be cleared instantaneously. That's a fairly narrow segment of the market, and those people can use escrow services and other techniques to mitigate their double-spend risk.
Frankly, I think a 51% attack would increase Bitcoin's value, because everyone would see how little value it really gives the attacker. And we'd see all the mitigation strategies we have, which are many. It'd be like the DAO and Parity attacks on ETC, which only seem to have increased confidence, by showing how firewalled those thefts are, and educating people on the choices available to the network for mitigation.
IIRC from the CASPER blog posts, the solution is simply to not let the validators reverse history beyond a certain point. I think that was about 2000 blocks or so. After that point a client won't accept an alternate history.
>An attacker who is able to gain enough stake to commit an attack for a short period of time can commit that attack forever.
Not necessarily. Again, CASPER, an attacker who violates some of the consensus rules will loose their entire stake over time (heavy penalties), so behaving is the most profitable option. To misbehave means to burn a lot of cash.
Since CASPER is based on betting, an attacker may be able to temporarily censor a transaction but they can't censor another validator who is honest without loosing money in the process (they have to bet against and burn the money)
>a lot of good reason to believe that it will never be viable in the fully decentralized, fully trustless environment that bitcoin thrives in.
Honestly, it doesn't need to be. It just needs to be decentralized enough, trustless enough while also providing better value than bitcoin.
This doesn’t solve the boostrap problem: how do new clients know which fork to choose? PoS is an algorithm that takes a chain as input, and outputs who gets to build the next block. The problem, however, is deciding which chain to give this function as input in the first place — deciding who gets to mine the next block in a chain is fairly easy, agreeing on which chain to choose in the first place is the hard part.
> Not necessarily. Again, CASPER, an attacker who violates some of the consensus rules will loose their entire stake over time (heavy penalties), so behaving is the most profitable option.
They will only lose their stake on a fork, that includes the proof of their violation (because stakers have no incentive to include the proof in the chain they control). Which, again, brings us back to the initial issue: how do clients, who want to join the network, decide which fork to follow?
Google "weak subjectivity". In short; they don't. The user supplies initial consensus. It's also fairly okay if the clients come with a baked in blockhash to start from, you only need to update that once every quarter or so to keep it current.
If an attacker would poison a chain, for example by censoring it, the network can fairly easily slash his stake (this is allowed as part of the protocol) and start a new chain. You only need to point the client at it.
That is, an attacker can only operate while they have both the proof-of-stake consensus and the social consensus. If they loose either, they loose everything.
Also, no, you are not guaranteed to stay at 51% forever. Vitalik has explicitly said that if a 51% attack happens, the community is expected to fork, and all of your funds will be isolated and slashed in the fork. If you want to attack again, you then need to collect another 51% of funds. This gets exponentially more difficult.
What he's saying is that people would sell their old private keys and an attacker could then use these to create a fake history of stakers- The existence of this attack is a valid criticism against POS, though one that can be easily prevented by just syncing to the network at regular intervals.
With PoS, the only way to agree on this is through voting (how many nodes present the various different chains — which is fragile, since bringing up additional nodes is cheap), and through centralization (central coordinator telling you which chain to choose — which adds nothing, since the double spend problem is easily solved using a central party).
Fundamentally, PoS solves the wrong problem: the difficult problem is not who gets to extend the chain, it’s deciding which chain to extend in the first place.
To make sure that something is actually at stake and you don't just vote 50 times on 50 different valid forks, anyone can submit proof to the chain (or rather, any fork of the chain) which shows that a certain stake voted for multiple conflicting forks. In that case the stake is destroyed in all of those forks. Part of the stake may be given to the reporter as incentive for such reporting.
The result is that stakers need to pick one fork, and the one with the most votes (weighted by the amount of currency behind them) wins.
This requires that the 50 different chains each use the same private key for the stake.
What if 50 different chains are presented in which no private keys are the same?
Why would an attacker reuse the same private key for a new, but valid, chain?
> [...] anyone can submit proof to the chain which shows that a certain stake voted for multiple conflicting forks.
How does this solve the problem when the miners (who may have mined on multiple chains) are the ones who need to include this proof-of-fraud in the chain? What will make them include a transaction proving they've committed fraud?
The chains share state right up until the fork point. Each fork gets resolved by the signatures linked to stakes that were already established in the last shared block.
> What will make them include a transaction proving they've committed fraud?
A staker/miner can chose to not include proof of his own wrongdoing, but that will not prevent others from creating an alternative fork which does have that proof.
I’m not talking about forks. I’m talking about completely different, but valid, chains.
> A staker/miner can chose to not include proof of his own wrongdoing, but that will not prevent others from creating an alternative fork which does have that proof.
This brings us back to the initial problem: how do we agree on which chain is the canonical one?
Also, what’s the timeout on this event happening? Unless there’s a timeout — at which point a fork changing history is ignored — some transactions in the chain remain unsettled because a fork might appear which invalidates them (because they originated from coins that were staked by a now-proven-fraudulent staker).
Typically block zero is signed by the developer of the client, so there is no such thing as completely different, but valid, chains, as there is always a fork point.
For example: imagine there's a vulnerability in the reference client. With PoS, a payload can compromise nodes and replace their chain with another (valid) chain, leaving everyone wondering which chain is the right one. With PoW, no attacker can alter the chain without invalidating its proof-of-work.
Just consider the number of wire transactions that happen every day in a single country, or internationally. The amount of money handled by those transactions might even be smaller than the total BTC transacted daily, but the number of individual wires is enormous, and each one forms the basis of business transactions or charitable donations or government operations.
Mastercard transacts roughly 200m transactions per day with a total volume of roughly 10 billion USD per day; so 600 times more deals than bitcoin, but with a lot of quite small transactions.
USA fedwire has about 400k transactions per day (because in USA wire transfers aren't much used by ordinary people) with a total volume of roughly 2 trillion USD per day, so 1000 times more than bitcoin in terms of worth.
EU retail payment systems ("wire transfers" in US terms but for consumers, not the very large settlements) have about 14 million transactions per day with a total volume of 100 billion, so something like 50 times more than bitcoin in both number and volume.
So while Bitcoin is a serious factor, it still comprises a small (<0.1%) amount of the global transaction numbers and amounts; and we'd need at least a thousandfold growth in volume if bitcoin is to replace our current infrastructure.
It's only interesting to compare price per transaction.
Ethereum's proof of stake FAQ has responses to that article: https://github.com/ethereum/wiki/wiki/Proof-of-Stake-FAQ
If the costs don’t manifest themselves in the protocol, they will be external costs. Hence, “obscured proof of work”.
In other words, the problem is not that Bitcoin costs us X per unit produced, it is that we value Bitcoin at 8000$ per unit.
Besides, in Casper at least there are internal costs: the locking and potential loss of stake.
I do not know.
And the incentive for miners ... well, Ethereum doesn't need them if it has proof of stake, so that part doesn't matter. They don't dictate the rules of the system.
PoW/Bitcoin has the same dynamics as gold mining under a gold standard. There is a return to spending a marginal resource in bitcoin mining, vs something else. As you add more resources to bitcoin mining, the return becomes low compared to the "something else" options, and no more is invested. You reach some equilibrium.
There's no reason that equilibrium would be the entire economy; most likely, some small fraction of it. But note, network costs scaling with the size of the global economy is not a point in Bitcoin's favor!
Proof of work does, in a way, rely on the entire world spending enough computational work on the blockchain that it becomes infeasible for any one person to spend more. So it does have much of the dynamics of an arms race.
Edit: The same logic explains why the problem will affect most attempts to have an "eco-friendly" PoW Blockchain, like Bram Cohen's proposal:
That just shifts the arms race to something else: in that case, on spending economic resources on faster ways of doing a lookup. Still should reach equilibrium at a stable fraction of the economy and produce the same waste, although perhaps in the form of hyper-optimized DB lookups and the related hardware and labor for it, not energy.
Conversely, if it weren't worth so much, less people would be competing to mine bitcoin, the difficulty would be much lower and the energy used would be less. Not a very useful observation to make though as it doesn't help the problem off high energy usage. Using hard drive space instead should use less energy at the expense of using more chip fabs and more silicon.
If you think about it, if one can transform energy into money, humans will end up capturing all the energy they can to do so.
Bitcoin, with its proof-of-work/Merkle tree, exists solely because this problem cannot be currently solved. Perhaps blame that state of affairs a bit more than those who seek an exit from it?
Yes, and for many other reasons, rooted in the fact that especially since BTC is not really used as a currency, the effort is de-facto wasted and that we should likely be putting the energy to better use.
You know the about the Pacific Island, similar to Easter Island, that depleted all of their resources building massive stone heads?
This is most likely a myth...
How much sugar a BTC buys you on the long term is anybody's guess.
You've very well illustrated the fundamental problem with Bitcoin: it's thought of as a technology, when really it's a financial instrument.
The 'storage' you've described is mechanical, technological - and has nothing to do with the concept of a financial store of value.
A good financial 'store of value' is somewhere you can park some money, and know that you can go back in 50 years (or some time frame) and it will still have value. Hopefully a little more.
BTC is extremely volatile, and because it's not backed by anything - it could go to 0 tomorrow. Probably not - but it could.
Think: will BTC be around in 100 years? Heck, in 10 years?
Will real-estate in London be worth at least something in 100 years? Almost assuredly.
Real-estate is generally a very good store of value though obviously it depends upon which regime that real-estate sits.
BTC is a very interesting thing, but it's not really a currency, and not really a store of value ... so then what is it?
And you will have big costs maintaining that particular store of value (taxes, maintenance, ...)
Bitcoin storage will cost you zero. And yes, it could be worthless in two years.
Ahh - but we can 'guess' - and given how we know the world works, there is a very high likelihood that London property will have value, and probably more than it does today.
BTC - there's a decent chance it could be worthless.
Though BTC does own the 'upper end of value spectrum' - i.e. investing in BTC could make you 1000x richer in 100 years - and London property will never do that - BTC also owns the lower end of the spectrum, i.e. with a range of probabilities at zero, or near zero. Meaning - not a very good store of value.
In fact - as a 'store of value' BTC can't even be remotely considered when there are so many better options.
Speculation? Sure. BTC is might be a good bet actually. Store of value? Bad bet.
With one small caveat: the world is in turmoil at the moment (as usual, more than usual, not sure?), with big events hitting the economy worldwide: climate change, AI, self-driving cars, automation, ... you name it.
What is the chance of any one of those events to nuke your "London Real State in 100 years" strategy? Low. The combined chance of all those forces? Not so low.
What is the chance that real state in London will be wiped out (as a store of value) and bitcoin will not, in 100 years? The balance is tipped on the side of London, but not so much as you would think.
Interesting times ...
BTC can be stolen (have been stolen) and depend of the existence of a complex network of computers and the faith of thousands of people.
The value of everything depends on complex interactions, and a dose of faith.
Various QEs around propelled the fiat to the moon. Add to that various other money making legal and semi legal moves with, and having extra money, as a number, not a value, had to flow somewhere. So it did, one of the speculations being housing, another one Bitcoin, etc.
You don't hope for a "massive crash", but some form of taming the markets and removing liquidity should (we'll see how this will be played out) occur in the next 2-5 years.
At that point of time, Bitcoin, sadly, may be the first in the line of high beta toys to go out of the window as the rest scrape for the exit (BTC network is limited to around 7 TPS or therefore).
Meanwhile, buy the dip, to the moon, etc.
LPT: If you can't disengage that much on emotional level from it, at least hold your btc on an exchange that converts striaght to USD, and make sure you can put your order in asap when things go south.
Hell, the state department spent taxpayer money to promote fracking to the rest of the world.
This is only possible because we allow so much concentration of money and power (and thus they can buy their way around the law and avoid paying for externalities). Concentration of capital is the root of all evil. Modern banking system is built to concentrate capital, and has been dangerously successful in the past century.
Antibiotics lead to resistant bacteria, not viruses.
The only reason anyone would bring up BTC regarding climate change would be to distract from the harm caused by oil, gas, mining, and oceanic shipping companies.
Just because it's not significant doesn't mean we have to forget about it. We can always tackle BTC's problem later.
If Bitcoin continues growing at the rate is has for the past 60 days, each coin will be worth over $1M by 2019-01-07.
(Obviously extremely unlikely, but interesting to think about)
Possible, but use at your own risk.
In which world do journalists live?
I'd be willing to spend 200 to 300 terawatt hours a year to really make crypto work.
Great civilizations are built off:
1/ Rule of Law
2/ Enough electricity to produce nitrogen, steel, and operate telecom.
#1 is worth a lot. Look at India's demonetization and the crisis it caused. [link: https://www.project-syndicate.org/commentary/india-demonetiz...]
https://medium.com/@datarade/sure-bitcoin-assumes-a-lot-of-e... - The banking industry fretting over electricity consumption of bitcoin is out of whack in comparison to the sheer size and volume of bank electricity consumption at a federal and local level.
I'm very okay with a future in which ethereum smart contracts and bitcoin mining consume a 10% of global energy production given the alternatives.
All of this energy is consumed just so that investors can hopefully get a return on investment. It appears rather decadent.
Yes, there are other uses for Bitcoin. They are miniscule in comparison to its use as an investment product.
You can also argue that mining gold is a waste of resources because gold does almost nothing of value.
> Yes, there are other uses for Bitcoin. They are miniscule in comparison to its use as an investment product.
What about gold? Aren't its uses minuscule in comparision to its speculative investment value?
The point is: The market decides. One can argue that Bitcoin characteristics (encrypted, pseudo-anonymous, open source, decentralized, global, scalable, deflationary, stateless, etc.) justify its speculative price.
"Comparing Bitcoin’s energy consumption to other payment systems
To put the energy consumed by the Bitcoin network into perspective we can compare it to another payment system like VISA for example. Even though the available information on VISA’s energy consumption is limited, we can establish that the data centers that process VISA’s transactions consume energy equal to that of 50,000 U.S. households. We also know VISA processed 82.3 billion transactions in 2016. With the help of these numbers, it is possible to compare both networks and show that Bitcoin is extremely more energy intensive per transaction than VISA."
1. I have read that with every VISA transaction, transactions move between no less than 5 separate institutions. What is the net energy used in all of that deliberate inefficiency? All buildings, vehicles, and energy use of people who work for VISA must also be taken into account. And for all other credit cards and payment systems.
2. Bitcoin isn't really a "payment system", so comparing it to VISA is apples to oranges. It is more of a store of value, like a bank. So it would more properly be compared to the net electricity consumption of all banks, including all buildings, armoured trucks and all vehicles used to ship people to and from banks around the world.
Bitcoin is in a competitive market so energy usage will be more relevant to compare against the decentralized services offering identical functionality with alternative algorithms, like litecoin, monereo, ethereum, and so on.
If you care about heating efficiency, spend the money on a heat pump, which will get you 300% efficiency.
Yes, there can be heat pump systems with e.g. underground connections, and pumping heat can be more effective than generating heat; but for pure heating, generating heat, the simplest resistor heater is just as 100% efficient as any complex electronic device, all the electricity spent results in just as much heat.