Hacker News new | past | comments | ask | show | jobs | submit login
Proof of work algorithm in Monero based on random code execution (github.com)
65 points by maxfan8 28 days ago | hide | past | favorite | 88 comments



I did an analysis of this PoW at my line of work and I would say that it is really complicated. Unnecessarily so, I have to add.

I also have a comment about ASIC resistance.

There are tools that allow to customize hardware upon programs it will execute, [1] is an example of one such tool, there are some others.

[1] http://openasip.org/tta.html

If you write a RandomX code generator and interpreter and customize the CPU hardware using tools like one above you will get an optimized version of the hardware. Take a look at [2] for a results of such codesign attempts for Fourier transform. The optimization in energy efficiency can be as high as 100+ times over general purpose processors and on par and exceeding ASIC implementation.

[2] https://www.researchgate.net/publication/321700396_Codesign_...

One would duly note that RandomX employs floating point instructions in some parts of hashing process. I will respond that floating point operations can be expressed as operations on fixed point values and these hardware parts can (and will) be shared with other computations. Basically, the codesign tool will implement for you a split (FP)ALU. This will also increase energy efficiency over GPU and general purpose CPUs which have different paths for FP and integer computations and usually do not share ALU parts between these.

To comclude, first, RandomX is needlessly complicated. Second, I think that ASIC version can be attained without writing everything in Verilog by hand, you may stick with C reference implementation for most of the work. And, last but not least, the gain in hashes per joule from ASIC implementation can be much higher than 2-5 times over CPU or GPU.


What do you mean by "needlessly" complicated? The whole point is to make it very complicated, as that is the main mechanism by which they achieve resistance to ASIC designs for it. How is that "needless"? Even if you say that an ASIC can still be built, the point it to make those ASICs much harder and more expensive to build. That coupled with regular change of PoW scheme (as is done in Monero) means that it is just economically unviable to develop ASICs for Monero.


Likely they mean a combination of:

- could be replaced with something with less moving parts that has the same properties

- it's difficult to analyse because it has so many moving parts so there might be a fatal hiding somewhere

Simple is good when you're looking to confirm the security of something. This likely counts even more for a cryptocurrency.


Confirm what security though? The only security property of a proof of work scheme is that a new N-proof cannot be created with less than N new (non-sharable) operations of a general-purpose computer, which is a vulnerablity that most current proof-of-work schemes already have in the form of specialized ASICs (hence TFA). RandomX may be even worse in this regard, but a significant amount of complexity is very much needful.


> Confirm what security though?

For PoW, the important property seems to be that there's no shortcut to doing the hard work e.g. I could ask you to sum all the numbers from 1 to N for a very high number of N to prove you've done some work, but the flaw there is that a shortcut exists where where you only have to calculate (n(n+1))/2 to get the final answer in a fraction of the time.

> significant amount of complexity is very much needful

I think you're using the word complexity in a different way to the way I was using it. I'm guessing you probably mean "is difficult to calculate the result without taking a shortcut" and not "is conceptually simple to understand and analyse for flaws by a human". Ideally, you want both to be true but that won't be the case for all PoW processes.


> that there's no shortcut to doing the hard work

Yes, and current proof-of-work schemes allow shortcuts to avoid doing at least the intruction-dispatch portion of said work, by using a GPU or ASIC that shares dispatch work across multiple proofs in parallel.

> complexity

I meant the latter type ("is difficult to understand or analyse") actually. That is to say, I suspect that trying to achieve the former will necessarily result in the latter, although it would of course be nice if it didn't.


I also performed analysis of this algorithm as part of a work engagement, and came to similar conclusions to you (that it's not nearly as ASIC resistent as the authors claim).

Notably there was (and still somewhat is, but less so [1]) very low data dependency between the generated instructions, which enables ahead-of-time preprocessing on a CPU to get effective execution on a bunch of independent compute units / datapaths (on an FPGA/ASIC), saturating all of them during a significant amount of time.

[1] - https://github.com/tevador/RandomX/pull/118


So I guess you're referring to section 4.2 in the X41 audit report https://github.com/hyc/RandomxAudits/blob/master/Report-X41-...

We already responded to the points you raised. https://github.com/hyc/RandomxAudits/blob/master/Comment-X41...


Comparing an FFT ASIC to a random code "ASIC" is.... well, just wrong.


Why do you think so?

In TTA you have static schedule for what is achieved dynamically in x86 CPU, consuming energy. You can have much wider issue there, you can better utilize parts, allocating, for example, more shifters than is available on CPUs/GPUs.

You may not be so lucky to achieve 800x energy efficiency gain, but getting ten times better than CPU is achievable.


Yep. His comment completely misses the point, and everything he mentions about codesign tools is irrelevant.


This PoW is rather complex and takes nontrivial amounts of time and memory to verify. It accepts these downsides in an attempt to achieve "ASIC resistance", which means limiting the potential efficiency gains of custom chips to a small factor like 2x or 3x. This should make their design and manufacture economically unattractive, with long ROI times. And thus allow commodity hardware to remain competitive.


This just another cat and mouse that just proves how flawed PoW is. It will always favor people who have access to cheap power thus consolidating the chain in the hands of few powerful people.


So there is a computer virus cat-and-mouse game, where viruses always get better, and antivirus software and new computer languages always get better. So what in your logic, does that somehow display "how flawed" computers in general are? We are still going to use them because we need them, and some people are still going to keep using PoW until that is the only viable method to achieve a decentralized trustless ledger.


There are decentralized ledgers that do not use PoW or PoS see for example XRPL.org/consensus.html

"Trust less" however is a matter of definition. You allays need to trust "something" outside of you control like for example the majority of validator nodes or miners or those in control of the mining pools etc. and on a lower level thous in control of the internet hardware like undersea cables and thous in control or power grids etc. etc. You need to trust them all that they don't turn off the nodes or collude and disconnect the nodes form each other etc.

However you need no trust to verify that what they already did so far on the ledger/chain is correct you can locally check that and verify for yourself that the current state of the ledger is correct (sill need to trust the code ofc but you could theoretically write you own code to do the verification).

For the most part you only need trust less verification of the past/present and reasonable certainty that there will be correct forward progress. However BTC for example can not deliver that because although you can verify the past/present state you have no way to assure that you will not see a different and longer chain later on that is also verifiable and correct and thus would change "your assumed correct past state".


> "Trust less" however is a matter of definition.

Well yes, and you are stretching that definition really far, if you are presenting Ripple as a "trustless" platform. They are very far from Satoshi's cypherpunk vision (which while is perhaps extreme in some ways, a lot of people really like, and most importantly, it actually works in practice, in PoW chains). Ripple's "trustlessness" is about as trustless as the SWIFT network.

> you have no way to assure that you will not see a different and longer chain later on that is also verifiable and correct and thus would change "your assumed correct past state".

Yes, you do, you wait for 6 confirmations. This has been, i fact, working in practice for all of the history of Bitcoin. This principle, in the context of the Bitcoin network has historically had less outage time than any one of the world's stock exchanges or banks.


I have never even mentioned Ripple. Ripple is a company like Google or Apple. They have have a service called RippleNet which is kinda like SWIFT. Nothing about that is relevant to what I said because I did not talk about Ripple and also not about RippleNet. The XRPL is NOT controlled by that company or any company. Again XRPL.org/consensus.html if you are interested in how the XRPL works.

>Yes, you do, you wait for 6 confirmations.

That exactly what I said. You can not rely on the present state even if you can validate it and "know" it's "correct" it doesn't have to be the longest correct chain. Waiting 6 blocks may be the real world workaround but it does not change that fact. Also 6 blocks is arbitrary why not 7? or 21? Longer is obviously better but there is no certainty it just gets exponentially more certain the longer you wait.

>Bitcoin network has historically had less outage time than any one of the world's stock exchanges or banks.

That's kinda a nonsense statement, the bitcoin network can not really have an outage because as long as there is one miner it technically still running. Or if large part of the network go offline it still keeps going for the rest there could be accidental forks and very long block times and what not but it can't be down. Since transaction take forever anyway because you need to wait many blocks, no one relies on it "being there" every second of the day. Its not like an stock exchange where at any second data has to be processed and any delay is "downtime". You just send your Tx into the network and it has plenty time to spread and eventually be included in the next block.

BTW the XRPL went online (completely centralized back then) in 2013 and since has never had any outages. In the early days there where some time synchronization problems which resulted in larger block times but they where still an order of magnitude shorter than bitcoins median block time.


The point is that it encourages centralisation, and where mining is centralised, miners can play games like blacklisting wallets if they want to. Particularly if, say, most of the mining capacity ends up somewhere with an authoritarian government that might take an interest.

(I am willing to admit here I don't know enough about monero in particular to grok whether the mining blacklist thing would work on that chain. I'm pretty sure it could for BTC)


Blacklisting addresses is not possible in Monero due to the use of stealth addresses, so this particular concern doesn't exist.

It is definitely a major flaw in Bitcoin and all other transparent blockchains.


> And thus allow commodity hardware to remain competitive. This would make the system more robust, at the expense of increasing the power consumption. Is that correct? Doesn't seem really eco-friendly.


Everything about proof-of-work systems is not eco-friendly, and involves burning power 24/7, up to as much power as the produced cryptocurrency is worth. This seems perverse in a world where we're trying to cut down on energy use in almost every other area.

(no doubt someone will be along in a minute to tell me that cryptocurrency mining somehow uses "spare" electricity and burning the same amount of power as a mid-sized country isn't actually a problem at all!)


Nope! The[0] blockchain necessarily has use on the order of half the (non-dedicated) power generation capability it's host civilization in order to achieve proper security; otherwise the other half of said power could used to mount a 51% attack. It's less in practice, both because it's not worth that much to attack, and because it's not fully secure, but in theory, a Kardashev 3 civilization would need a Kardashev 2.97 or so energy expenditure to secure it's blockchain.

0: and it is a definite article, like the internet. There by definition can't be more than one at any given time.


PoW doesn't run on "power" in general, but on electricity. It can be trivial to convert some forms of power into electricity, but not all. One particular form of power which could seen as "wasteful" is that of burning fuels to create heat. A mining chip is a 100% efficient electricity to heat converter. If the cost of useful mining chips could become small enough, it would never make sense to use a traditional burner for heating a space, but using mining equipment would be preferable because you could recover some of the cost of the energy used to heat the space in potential mining rewards.

This is the goal we should aim for: As we're approaching the upper limit of Moore's Law, mining equipment will have a much longer lifetime and focus on reducing the cost of production could turn households and other buildings into data furnaces. It may not even be necessary for mining to be profitable - as long as there is there is a large enough ROI for users of such data furnace to cover its initial cost and eventually reduce their heating bill.

> 0: and it is a definite article, like the internet. There by definition can't be more than one at any given time.

Technically multiple chains can and do exist at any time because there is no "given time" - time is relative. Two miners at two ends of the earth may both produce a valid block at a given time (say, in UTC), but the nodes in proximity to them will receive their blocks at different times, due to distance and the fundamental speed limit of information transmission. The multiple chain conflict lasts until the next block is produced. Such conflicts could last for multiple blocks in a row, but with a probability which rapidly declines with number of blocks.


> Two miners at two ends of the earth may both produce a valid block at a given time

Er, no, I mean you can't have more than one (distinct) live blockchain standard; eg if you have Bitcoin and Litecoin, one of them must be using less than 50% of the available hashing capacity (because otherwise it would add up to >100%), and therefore not be secure[0].

Good point about some power use having beneficial side effects (heating) in addition to the actual work though.

0: because if it ever actually needed the security - was more valuable to attack than the majority chain - then the miners on the majority chain would have a economic incentive to attack the minority chain and gain more from attacking than they lost from undefended attacks on the majority chain.

Obviously it's possible to have two blockchains in practice, just like it's possible to have two internets in practice, but there's a constant pressure to drain applications from the minority (quasi-)singleton into the majority singleton until the minority goes defunct from lack of use.


This seems empirically false as for example Bitcoin Cash is gaining more applications and usage compared to Bitcoin to a larger degree than it's 3% hashrate would suggest.

There have even been reorg attempts that have been defended by miners that support the minority chain, making it a bit more difficult to determine how secure a chain really is.


I'm fascinated by this idea of a civilization harnessing the power output of an entire galaxy to facilitate the movement of small green pieces of (virtual) paper.


... Thank you so much for reminding me that there's a non-negligible chance that someone would actually be stupid enough to do that.


The system trends towards consuming the same cost of power as the mining rewards, so increasing the efficiency of mining doesn't actually decrease power consumption, it just increases the overall hash rate


It doesn't necessarily affect the total power consumption, just the more democratic distribution of it. Where many more small players can be in the game, instead of consolidating all of the mining in a hands of a few centralized miners.


"Commodity hardware being competitive" isn't a desirable thing either? Remember when Ethereum caused a run on desirable GPUs? Miners were buying them by the truckload and locking them away in datacenters, where they basically computed hash collisions and made heat.

Personally I'd rather miners use ASICs for their hash collision wankery and leave the consumer markets alone. But I'd really like to see miners cease to exist because crypto comes with a huge environmental cost and so many externalities.


We should reject PoW algorithms as generally destructive. When I say destructive, I mean they cause more global harm than they purport to alleviate.

PoW should have been set aside as soon as it was generally understood that the network's energy consumption might be unbounded.


> We should reject

Who is "we"?

You can't "set aside" something which a free market has chosen to accept. If you're upset about PoW, invent a superior replacement which the market would prefer over PoW.

However, I suspect you cannot. I'm doubtful that such thing can exist. Bitcoin is now an essential commodity because there is no replacement for it when it comes to saving money or evading warrantless (illegal) surveillance. The central banks and governments around the world caused this, and they aren't capable of reversing it.


> Who is "we"?

Presumably society.

> You can't "set aside" something which a free market has chosen to accept.

We have set aside CFCs even though they were accepted by the free market. They were harmful to the environment, creating the ozone hole.

Similarly, PoW mining has an enormous and well-documented ecological cost.

> If you're upset about PoW, invent a superior replacement which the market would prefer over PoW. > However, I suspect you cannot. I'm doubtful that such thing can exist.

PoS exist.

> Bitcoin is now an essential commodity because there is no replacement for it when it comes to saving money or evading warrantless (illegal) surveillance.

All transactions and account balances in Bitcoin are public. From meta data and corresponding networks one can figure out where and who the people are (NSA does this too). It is not very private at all.

> The central banks and governments around the world caused this, and they aren't capable of reversing it.

I doubt that it is a essential commodity and suspect you are overestimating the economic importance of Bitcoin.


> Presumably society.

Which society?

> We have set aside CFCs even though they were accepted by the free market. They were harmful to the environment, creating the ozone hole.

Some regulations can be enforced. It's going to be a different story attempting to regulate something which can be hidden trivially with encryption, has no physical presence, and can be stored in ones head to prevent seizure.

> All transactions and account balances in Bitcoin are public. From meta data and corresponding networks one can figure out where and who the people are (NSA does this too). It is not very private at all.

This is true for plain use of Bitcoin, but there are ways of evading chain analysis, and you can also swap out your Bitcoin for Monero for spending.

> I doubt that it is a essential commodity and suspect you are overestimating the economic importance of Bitcoin.

It may not be essential to you, but there are plenty who consider it so, and these will only grow as people further distrust their governments and central banks.


> It's going to be a different story attempting to regulate something which can be hidden trivially with encryption

Regulate on/off ramps. Watch it wither on the vine. Job done.


How does regulation work for illegal drugs, prostitution, or other black markets, which can overall amount to double-digit percentages of economies?

Bitcoin only needs the black market to be a huge success. If it can avoid any surveillance ramps, that is ideal. It doesn't need to be everywhere.

IMO, the surveillance on/off ramps are going to have a hard problem ahead of them, of their own making. Black markets are only going to accept "cleaned" bitcoins because they won't put themselves at risk of being surveilled. The "cleaned" bitcoins will not be usable on AML exchanges. The "unclean" bitcoin can be cleaned through CoinJoins and such, at the risk of whoever obtained them in their unclean state, but once cleaned, they'll be back on the black markets.

Trading fiat currencies for Bitcoin will happen mainly in person, with cash, to avoid the surveillance.

You will be able to tell, to an extent, whether bitcoin are clean or unclean through their transaction history - a clean coin will be one which originates as the output of a CoinJoin. All transactions on the black markets will be a CoinJoin of some kind.

For most purposes, this won't matter because the majority of trade will be conducted over the Lightning Network, which has sender anonymity, and will very likely get receiver anonymity in the near future. Node operators can use Tor to avoid being surveilled - and the transport protocol used is fully end-to-end encrypted and authenticated.

Since the majority of trade will be happening on the black markets, exchanges which built their castles in KYC land will eventually fail. Nobody will care for "unclean" bitcoin if they are too heavily regulated. There will probably be a premium on clean bitcoin due to the risk involved in anybody who decides to wash unclean bitcoin.

Savers will not care if they have to resort to black markets to protect their wealth from theft or seizure. As long as they can find some local black market vendors who'll trade them for some other goods or fiat cash.

For governments to attempt to stamp out the black markets, the solution involved will be much worse than anything you could imagine being caused by Bitcoin - complete totalitarianism is the only way it could be enforced, and your open internet will be finished long before then. Careful what you wish for.


> How does regulation work for illegal drugs, prostitution, or other black markets, which can overall amount to double-digit percentages of economies?

Very few people want bitcoin for itself, most are in it purely to get rich through speculation, and even those who use it to transact will find it less attractive if it can't easily be converted.

Your Heath-Robinson process of money laundering there is hilarious, and reads like a how-to for lengthy jail terms.


> Very few people want bitcoin for itself, most are in it purely to get rich through speculation, and even those who use it to transact will find it less attractive if it can't easily be converted.

From an outside perspective, it might seem that way. There is a plentiful, and growing crowd who understand Bitcoin as a means of saving and avoiding state interference in their finances. Conversion of fiat to Bitcoin is highly desirable because people want to save over long periods. The conversion of Bitcoin back to Fiat is less desirable because it is trading good money for bad money. People only do the latter when they have a liquidity crisis. The bulk of bitcoin users are HODLers, as can be seen through the UTXO ages on the blockchain. Market speculators are a minor subset of bitcoiners.

> Your Heath-Robinson process of money laundering there is hilarious, and reads like a how-to for lengthy jail terms.

I wasn't talking about money laundering at all. What are you reading? Not sure you know what money laundering means. I'm referring to people taking their legitimate earnings and storing them in Bitcoin for the purpose of avoiding devaulation by inflation and illegal surveillance without warrant.

People pay their income taxes when they earn (Usually with no choice because it will be deducted fromn their wage via a PAYE scheme). They also pay their sales taxes when the purchase any items from outside of the black markets. The Bitcoin saver who merely interacts with this black market as a means of exchanging fiat money for bitcoin is not engaging in illegal activity. It is the black market vendors who provide the services who are.

Consider this: You go to a shop and purchase an item which costs $0.99 (inc. sales tax). The owner of that shop decides to pocket the sales tax and does not pass it on to the tax authority. Have you engaged in illegal activity by purchasing this item? It has nothing to do with you whether the shop owner pays his sales tax - you paid yours.

Ok, it might be possible to dodge sales taxes by purchasing within black markets, but the black market doesn't necessarily provide all the commodities one would want. The most common use case will be converting back to fiat cash to use at local stores, where every purchase has a sales tax.

If money laundering is a concern, then a government would really want to deregulate bitcoin and encourage its use in paying taxes. By utilizing the blockchain and its auditability, they could largely automate the process of tax collection and save significant amounts of money. People will still be paying their income taxes via PAYE, but the process can be fully automated by every participant involved (employer, employee and tax authority).

By attempting to overregulate, they push most of the activity underground, where they are no longer collecting sales taxes on the transactions.


> I wasn't talking about money laundering at all.

All that stuff about clean coins, joins and mixers. Money laundering.

> The bulk of bitcoin users are HODLers

Who are doing so because they expect the price in fiat to go up, so regulating on/off ramps would likely kill that.


> All that stuff about clean coins, joins and mixers. Money laundering.

The use of a CoinJoin does not imply money laundering. Launderers can and do use these tools. Merely using the tool does not make you a launderer. If you are suspected of laundering, you can prove your money movements to a law enforcement body which offers a warrant to search them. This is how things should be. Innocent until proven guilty.

CoinJoins are necessary to evade warrantless surveillance, because transactions on the blockchain can be linked to your person when the state obtains parts of that information from KYC exchanges. Since you have a right to secure against unreasonable searches, you have a right to thwart these efforts to illegally monitor your financial activity.

> Who are doing so because they expect the price in fiat to go up, so regulating on/off ramps would likely kill that.

They expect the price to go up because they understand the subjective value of commodities, Gresham's law, and human self-interest. It has nothing to do with regulation. Bitcoin will grow with or without state involvement because it solves real problems that governments and others have created. More people are becoming aware of this, and Bitcoin has propelled some of the issues into the spotlight. The role of the state could slow down or accelerate Bitcoin adoption, but it cannot stop the inevitable - particularly when their own policy of infinite inflation is the major driver of Bitcoin adoption.

As said above, a government would be unwise to attempt to push the activity underground, where they can no longer monitor and collect taxes on it. If the regulatory burden on exchanges ends up making it more difficult for me to obtain bitcoin through a KYC exchange than via the black market, then I will end up doing the latter, and by doing the latter, I might then potentially increase my interaction with the black market (reduced sales tax), hide my earnings (less income tax), hide my profits (less capital gains tax), hide my wealth (bye bye inheritance tax). Isn't going well for the government, who will see a reduced tax income.

The government just wants people to pay taxes. It shouldn't really care much about whether people are using dollars or bitcoin - only that Bitcoin can potentially make it easier for people to dodge tax. The best option for a government is to make it easier to use bitcoin for legitimate services than the black market so as to discourage black market involvement.

A government should be working on ways for it to utilize Bitcoin for the purpose of tax collection, and then encourage its widespread use in retail and in PAYE, such that it can have an almost live view of the economy and can see who is paying their taxes. Any delays in mobilizing such systems will ensure that superior, more privacy preserving systems will instead be adopted, and will give limited benefits to the government.


> The use of a CoinJoin does not imply money laundering.

Cleaning coins and obscuring their origins between black market and AML compliant exchanges does though. You described a great way to get jail time.

> you have a right to thwart these efforts to illegally monitor your financial activity.

Good luck with that, but it seems that you actually don't, nearly every country now has a variety of monetary controls and monitors flows of cash with a warrant or otherwise. Merely disguising money flows is often enough to get you investigated. See also things like "structuring", a crime involving moving money in such a way as to avoid checks, which is illegal even if no other crime is committed.

The rest of your post is just more nonsense. If people found they couldn't exchange cryptocurrencies for fiat, HODL would be a thing of the past, and black market uses would also drop because people don't want bitcoin for itself. BTC is dead without conversion being available.


There is nothing illegal about keeping your own money private, and requiring that a lawful warrant be issued for you to reveal your full financial activity. The warrant must also be issued with probable cause. It's questionable whether merely using a CoinJoin is probable cause - and given how prolific CoinJoins will be for perfectly legal uses, I can see many magistrates requiring more than just a CoinJoin to issue warrants. Different jurisdictions may have a different opinion, and will see their economies suffer as a result.

In the USA, you are protected from government overreach of your possessions by the fourth amendment. Some places have already declared bitcoin to be property.

> The rest of your post is just more nonsense. If people found they couldn't exchange cryptocurrencies for fiat, HODL would be a thing of the past, and black market uses would also drop because people don't want bitcoin for itself. BTC is dead without conversion being available.

If you have no background in Austrian economics it may sound like nonsense. Mainstream economics thinks that economies are influenced top-down. The outside perspective ignores that the majority of hodlers have a very low time preference and treat Bitcoin as a long term saving, perhaps even a pension strategy. No early adopters ever expected Bitcoin to grow as rapidly as it did, but many held on anyway. They don't intend to convert back to fiat because they have a firm belief that they won't need to - enough people will desire Bitcoin in the long run that they won't have much trouble acquiring services or goods in exchange for Bitcoin in future, and their purchasing power may be increased too. (So far, has increased beyond their wildest imagination, before governments have even decided what they want to classify it as. Regulation never had anything to do with it.)

Your belief that Bitcoiners can't wait to convert back to dollars is absurd. If you take a look at the value of a dollar relative to Bitcoin[1], then it's quite clear that HODLers aren't merely investing in bitcoin, they're divesting in dollars. Bitcoin is the escape route from a failing fiat system, and some are just ahead of the curve.

While there is a market for exchange, the market will be filled, whether it is KYC exchanges or black markets. People will mostly chose the one which is cheapest, which is currently the KYC exchanges. Increased red tape will increase the costs of exchange, and the black market will fill the gap.

[1]:https://i.imgur.com/GgPNbyx.png


In the USA you are under constant financial scrutiny, and yes, subject to enforcement on things like structuring. You're a fool if you think otherwise

I am familiar with Austrian economics. It's widely regarded as bullshit, and its adherents generally immature financial larpers with bizarre, extreme views like "inflation is theft".


> Who is "we"?

Us, those not yet in your choir, I presume.

The market can set aside things (un)perfectly well if they turn out not to be adequately useful or worth it, in whatever sense of those words. Driving opinion by means of internet comments can be a perfectly valid, if rather useless, part of such consensus forming.

Whatever your ideology surely you can agree on the basic fact that most active use of BTC is still of a rather transient nature. In and out. This means participants generally (outside of passive saving-speculating) have little inherent need for high prices and the astronomical energy use that goes along.

Coiners of course want practically useful solutions, just not quite as much as they want to get richer.


> Us, those not yet in your choir, I presume.

Glad you purport to speak on everyone's behalf. The misuse of the pronoun "we" is so prevalent that it affects the way people understand the world. "We" is a collective pronoun, but the collective it refers to must have a boundary. In this case, the boundary must be, at maximum, the people reading this thread. At minimum, you are using the plural pronoun when you should be using the singular, because "We" just means "I".

> Whatever your ideology surely you can agree on the basic fact that most active use of BTC is still of a rather transient nature. In and out. This means participants generally (outside of passive saving-speculating) have little inherent need for high prices and the astronomical energy use that goes along.

Saving isn't transient. It's a long term goal. The speculating that goes along with it is just a natural market phenomenon. People want to earn by betting on short term future demand.

> Coiners of course want practically useful solutions, just not quite as much as they want to get richer.

I'm not all that fussed about getting richer. I'd rather not get poorer though, which is the effect which will be achieved by storing my earnings in dollars, because there is a deliberate and permanent policy of dollar devaluation outside of my control.

Saving is a practical solution, and the only one that Bitcoin needs. People will develop other practical solutions for spending and trading bitcoin because they themselves want to increase their bitcoin holdings, and they want to incentivize others to spend their Bitcoin so that they have the opportunity to obtain more.


Ah yes, the tired old free-marketeer. You're the reason we need regulations over self-destructive things. Society gets to make that call sometimes.

Or, if you really think not, would you instead be interested in buying some of this oil that will cure not only your aging but also your wife problems? I extract it from a snake, and I think you'll see the benefits of it immediately. (p.s. The oil also makes you immune to covid and meetings!)


> Ah yes, the tired old free-marketeer. You're the reason we need regulations over self-destructive things. Society gets to make that call sometimes.

Fortunately, Bitcoin fixes this. "Society" has no ability to seize bitcoin or censor its transactions. Soon enough, it won't be able to even detect them.

The mob does not always make the right decisions, especially when they have nothing at stake. Public servants usually have nothing at stake and it is very easy to be wrong when spending other people's money as opposed to your own.

> Or, if you really think not, would you instead be interested in buying some of this oil that will cure not only your aging but also your wife problems? I extract it from a snake, and I think you'll see the benefits of it immediately. (p.s. The oil also makes you immune to covid and meetings!)

I'm all for people being able to sell these non-products, and for people to buy these non-products if they wish for them. While they might not have any meaningful real effect, they can often have a placebo effect which can be beneficial to the purchaser. People are, and should be free to make their own judgements with their money. You can't shelter everyone all the time. If some are no longer able to make sound judgements, they should have support from relatvies with their finances rather than the government.

The current governments around the world are a great example of snake oil salesmen. They've managed to sell everyone an iatrogenic "lockdown" which is harmful their health, with claims that it is for their benefit, with no evidence. Who regulates the government? Who is going to hold these policymakers to account for the excess preventable deaths they've caused which are a result of the lockdowns, as opposed to the mostly unpreventable deaths which were a cause of nature (if we assume the virus is of natural origin)?

There is a cure for Statism at least. It is called Bitcoin.


>> "Society" has no ability to seize bitcoin or censor its transactions.

Chinese society likely could censor, given the prevalence of mining in that country and their government's love of interference.

And various governments can and have seized bitcoin. This is a fairy tale.


> Chinese society likely could censor, given the prevalence of mining in that country and their government's love of interference.

What are they censoring? All transactions? They can only do self-harm in this manner because they must expend large amounts of electricity, perpetually, in order to keep up their censorship, and they don't know what they're censoring. This is assuming that they do indeed have the ability to 51% attack Bitcoin, and that the rest of the world is unable to use the nuclear option of changing their software clients to bypass the 51% attack. (Mining is not the ultimate arbiter of the correct chain - individuals are the ultimate arbiter via their choice of software client). A nuclear option would make all of their hardware immediately useless and eliminate any influence over Bitcoin they may have.

> And various governments can and have seized bitcoin. This is a fairy tale.

They can seize Bitcoin if you leave your private keys on an unencrypted machine, or if you leave your 12 word written phrase lying around at home.

They can't seize your seed phrase or passphrase from your head, which can deterministically generate your bitcoin wallet on any machine. They can't seize it from an encrypted disk either, unless you reveal to them the keys to decrypt it.

In the UK they may be able to force you to hand over keys for decryption or threaten you with 2 years of jail time. Not in the USA.

The point was that, Bitcoin can be made unseizable because it is merely information. This is very unlike dollars, gold, or other physical commodities which can be seized by force, or threat of force, which has been done before - EO 6102. An attempt to try and emulate EO 6102 for Bitcoin would result in a very different outcome.


A country with a majority of miners can censor transactions from addresses it chooses to blacklist. Just as miners can choose to include transactions with fees they like, so can they exclude transactions from addresses they are under pressure to exclude.

Authorities in more countries than the UK have seized bitcoin. You make the classic mistake of looking at where the system is hardest and declaring it secure, instead of looking at where it is softest, the user and their systems.

They can't seize fiat if they don't know where I buried it either. Bitcoin is no more secure than that.

Like I said, these are fairy tales you tell yourself about security.


> They can't seize fiat if they don't know where I buried it either. Bitcoin is no more secure than that.

They don't need to seize fiat because they can just print it. They can't print Bitcoin.

And you are right in regards to users being the weak point. Anybody who genuinely cares for the security of their money will use a brain wallet, or at least a 24-word seed phrase coupled with a brain-passphrase.

The latter technique can be used to create "decoys". You can use the same 24-word seed with multiple passphrases, with each being a distinct wallet. If you keep a small amount in the wallet with no passphrase, it may appear to anybody who seizes your 24-words that you only have a small amount of money - but unless they can torture all of your passphrases out of you, they will not necessarily be able to seize all of your money. And since they cannot know how many copies of your 24-word phrase you have made, they cannot know for sure that seizing the copies they find will prevent you from accessing your coins.


Yep, that's how everyone wants to spend their time and effort these days, in an age of pervasive, easy and free banking... memorizing multiple seed phrases so their anti-state opsec is up to scratch. Better pray you don't screw up on page 63, subsection 5 of the "Big book of keeping your bitcoins safe" or whoops! There go your life savings with no recourse.

Do you coiners ever step back and listen to yourselves?


Banking isn't as pervasive as you think. There are millions unbanked in the USA. Globally, billions.

The level of OpSec suggested is a necessary minimum against an equivalent of EO6102 whereby the government would attempt to seize your bitcoin, presumably so it can issue its own fractionally backed alternative, purporting to be equivalent in value. Fortunately there's a case in recent history which people are all to familiar with and unlikely to fall for the same trick again. Nobody is going to trade in their bitcoin for another government shitcoin, unless they are forced.

If they don't know you have it, and the only place it is stored is in your head, then they can't seize it, and they have no probable cause to commit violence against you.

Personally, I couldn't care less what everyone else does. I only care that my own bitcoin are safe. I'll happily share my knowledge so that other people can secure their money too, but if they don't care, I can't hold their hands for them.

Pretty sure people will take an interest when the dollar begins to hyperinflate and their 401k becomes worthless.

I'm not sure where you get the impression that the dollar is safe. It's an experimental currency which has been around less than 50 years, and over that time it looks less and less likely to have a long term survival.


Bitcoin is not banking the unbanked in any meaningful way, that's just another fairytale.

And the currencies of the western world are going to crash to nothing, while somehow enough internet infrastructure will remain that you and your coiner bros can become the new kings!

At this point you're basically praying for the apocalypse so you can feel superior. It's hilarious.


Nobody is praying for an apocalypse. On the contrary, there have been people sounding the alarm on the reckless policy of the Fed for decades, but since it falls on deaf ears and any reformation of the Fed seems increasingly unlikely, anybody who realizes that kicking the can down the road is not a solution to anything has no real option other than to opt-out of the fiat system and Bitcoin or Gold are the only real alternatives. Bitcoin has several advantages over gold which would make it more desirable if there were a shift back to hard money.

You seem to think that the dollar crashing will crash civilization. There are dozens of cases of hyperinflation hitting over the past century, particularly since the end of the Bretton Woods agreement - they cause temporary turmoil, and those most affected are the poorest, but recovery happens fairly quickly provided the government steps out of the way and deregulates to allow the economy to repair itself.

If you don't want to be one of those most affected by hyperinflation, it might make sense to have a plan in the event that the USD hyperinflates - since there's nothing to suggest it will be any different to other currencies. I'm not necessarily trying to predict the future, but I'm planning ahead for a potential scenario. To me one that looks increasingly plausible and is merely a question of when, not if.

Part of that planning includes being able to transact if there are disturbances in internet infrastructure. This is why you can transmit and receive Bitcoin over satellite and radio already. The internet will quickly heal because there will be a financial incentive to provide it - earning bitcoin in exchange for the provision of bandwith.

Also, in regards to coiners becoming kings - it is likely that people with significant bitcoin holdings will keep a low profile, else they put a target on their heads. Extravagant displays of wealth seem unlikely and foolish.

There will be no apocalypse because the replacement for the dollar is being built already and it will simply absorb the fallout when the dollar fails. There will be some havoc caused, but the transition will likely happen in steps, with the 2017 bull run being an example of one such step - where a large influx of new users happens at once, followed by a bear market, followed by another bull run which exceeds the previous one.

You don't have to have a backup plan and you can believe everything that your government and "experts" spoon feed you, that's fine too.


> here have been people sounding the alarm on the reckless policy of the Fed for decades

Yes, and they've been wrong for decades, over and over and over again.



This is a totally absurd argument.


Someone should make a PoW algorithm based on useful things like game theory; for example a chess bot competing against other chess bots, the top winner forges the block and gets the rewards. This is still not extremely useful, but better than just hashing useless strings.

Ideally, PoW algorithms should be focused on real science and/or economic problems.


If the work proof additionally became useful, it would develop a secondary market, and the difficulty would reset to that new cost. In other words, the useful problem solving would just obfuscate cost. It misses the point of proof of work, which is to display a costly signal that market participants will understand.


Or do a PoW on training AI, you get both buzzwords in one (infinite money), and it actually accomplishes something.



There is already a PoW that helps with protein folding.

As for „should” - you may not be aware of this, but telling someone they „should” do something if you don’t plan to help is a bit offensive.


>> but telling someone they „should” do something if you don’t plan to help is a bit offensive.

I disagree with this very strongly. How is sharing good ideas offensive?

Even if some people already knew about this, not everyone did and sharing these ideas could only help society.

That would be like telling Elon Musk to shut up when he came up with the idea for the Hyperloop but didn't implement himself... Elon just didn't have the time.

I'm no Elon but I also don't have the time because I'm working on a DEX which I think is a better use of my skills. The fact that I'm no Elon gives me even more incentive to share my ideas.

I don't have many followers, so if I implement my idea, nobody will use it (no matter how good it is); I won't be able to generate enough hype. On the other hand, if some rich person from HN sees my idea and implements it, then it will be more likely to succeed (just because of network effects). I can contribute more to society by giving my idea to someone else than implementing it myself.

You severely underestimate the power of network effects and capital.

I don't have much capital so even the best ideas in my own hands are essentially worthless. If I implement it, even if it's very good and the best of its kind, I guarantee almost 100% that nobody will be interested in it. Nobody will accept that it's the best of its kind. The media ignore it, companies will not encourage their employees to discus it with each other, etc...


Total sidenote but someone should start a cryptocurrency that is proof of Storage-space(does that exist?), where you have to allocate space to mirror the content of the Internet Archive. Is there a way that could work? (I know almost nothing about cryptocurrency)


There are a ton of them. THey don't pay enough for people to take seriously though. Amazon does it way better right now.


There's a ton of filecoins mirroring the internet archive?


Filecoin certainly needs that. I'm not sure if Filecoin has it yet.


There's a half dozen of those in existence for a good while now.


Proof of work is anyway bad idea (work for nothing), unless the work is something useful.


The work is useful. It randomly selects a participant out of potentially billions or more to commit the next block, but only the next block, and no others to the blockchain. This ensures the chain remains fair because any potentially malicious actor cannot sustain an attack involving malicious blocks for long - it costs them too much electricity.

There is no known alternative system which is capable of randomly selecting a participant out of the entire pool of participants. Every other "solution" works by limiting the participation, because it is impossible for a network wide agreement at this scale to be done (would require every node communicating with every other node in the network and having a unanimous agreement on who has the legitimate authority to commit the next block).

Any system which doesn't require work to be done to prove that the correct participant was selected is vulnerable to Sybil attacks, where people control more network nodes in attempt to gain more leverage over others. The idea of staking some money doesn't fix this either, because proof-of-stake has the "nothing at stake" problem where stakers aren't actually spending money because they're guaranteed to get it back for being honest. Running many nodes is also fairly cheap and has the "not much at stake" problem. Only proof-of-work has the "much at stake" problem because the irreversible spending of money on electricity happens prior to any reward which may be received, like a lottery.

You might consider Bitcoin as a whole to be a bad idea. However, with recent "printing" in the tune of trillions of dollars, and with Bitcoin providing an inviolable fix for inflation, I think it might just be worth the effort - at least for anybody sensible who wants to save money for the future.

In terms of Monero, which doesn't fix inflation, it is useful for evading unwarranted financial surveillance. I suspect this will be fine for some time to come, but there will be eventually be enough privacy features on Bitcoin to make it unnecessary. For now: save in Bitcoin, spend in Monero.


The work is useful only in the context of it being useful to preserve and propagate the distributed, trustless consensus. If you don't give a crap about distributed consensus, it's not useful.

>> However, with recent "printing" in the tune of trillions of dollars, and with Bitcoin providing an inviolable fix for inflation

The "printing" of money is a useful feature of national currencies, which can temporarily support an economy in peril, or be used to keep currency values approximately stable. I wouldn't want to be in a country where currency was like Bitcoin, it is deliberately less useful.

By the way, your cryptocurrency ecosystem also appears to have a money printer, in the form of Tether, which is run purely for the benefit of its owners. But sure, that's far better!

>> I think it might just be worth the effort - at least for anybody sensible who wants to save money for the future.

If you have enough money that a small amount of inflation is going to affect you, you don't keep it in cash, you invest. That's not what money is for.


> The work is useful only in the context of it being useful to preserve and propagate the distributed, trustless consensus. If you don't give a crap about distributed consensus, it's not useful.

So you don't care about Bitcoin, but you want to leech of the electricity being used to secure it in order to perform something which you think is useful? Right.

> The "printing" of money is a useful feature of national currencies

Theft is never a useful feature. There is always a loser. Money printing is theft - it is stealing wealth from those who have money saved, those who earn low wages, and those who own property. The beneficiaries of the printed money are those who first receive it - the government, the banks, the corporations who take loans from those banks. It increases wealth inequality. All of this is achieved without democratic consent - taxation without representation. Truly evil.

> which can temporarily support an economy in peril

The economy is in peril because nobody has credit, only debt. Bitcoin is credit. If you are sensible and accumulate credit, you don't need to bailed out when the unexpected inevitably occurs. The ability of your government/central bank to print money is what created their failure to begin with. If they had credit, they wouldn't need to print. The printing begets more printing. It can only go one way, which is for the printing to keep accelerating until it can no longer be sustained and hyperinflation makes the currency worthless.

They could attempt to reverse the process by reducing the currency supply during prosperous times, but you won't see it, because the people involved have self-interest and super high time preferences and are not able to think in the long term. Printing money is truly kicking the can down the road - an experiment which will end in disaster.

> or be used to keep currency values approximately stable

There is absolutely nothing "stable" about the dollar. Bitcoin is absolutely stable because 1BTC=1BTC, regardless of time and place. Its value relative to other commodities has more or less consistently increased over its 11 year lifetime. The value of the dollar is always changing. In its short 49 year lifetime, it has consistently lost value relative to other commodities. The value of other commodities changes in response to devaluation of the dollar. The trick you've fell for is to believe that they're adjusting the quantity of dollars to account for changes in other commodities - the reversal of cause and effect.

> By the way, your cryptocurrency ecosystem also appears to have a money printer, in the form of Tether, which is run purely for the benefit of its owners. But sure, that's far better!

Who is "your"? Cryptocurrency means nothing to me - I've called out these scams as much as anyone. Only Bitcoin matters. Tether has nothing to do with Bitcoin. It has something to do with companies which trade with Bitcoin and no more. Bitcoin is much bigger than any of these transient schemes which attempt to attach themselves to its brand. Bitcoin will survive all of these attempts to weaken it and these schemes will all be forgotten about.

> If you have enough money that a small amount of inflation is going to affect you, you don't keep it in cash, you invest.

Inflation affects everyone, whether it is a small or large amount. You still lose a proportional amount of purchasing power. You might argue that people with smaller amounts of money are harder hit that those with lots of money, because they don't have as large safety net if unexpected circumstances arise. Additionally, low earners do not see their wages increase in tandem with the inflation - it usually lags, reducing their purchasing power over time.

Also, "investing" is increased risk taking, where saving is intended to be a low risk method of retaining purchasing power over time. Low earners often cannot afford to take these risks, especially when their limited options for investing are markets full of fraudsters, and whose potential returns are still highly dependent on the monetary policy of the central bank.

Keeping earnings in cash is not an option for dollars, but it is for Bitcoin. This is the game changer. People are now able to make long term savings without making risky investments. They can ensure that they have a safety net for unexpected circumstances, and then better plan for the future.

> That's not what money is for.

The value of all commodities is subjective. Money is merely one kind of commodity. Its use is whatever the owner wishes it to be used for. Saving (accumulating capital) is a perfectly good use case for sound money.


> So you don't care about Bitcoin, but you want to leech of the electricity being used to secure it in order to perform something which you think is useful? Right.

No, I want the world's energy and carbon footprint to reduce, rather than have people with a decentralisation fetish invent new ways to incentivise thrashing.

> Theft is never a useful feature. There is always a loser. Money printing is theft

Yeah never mind, you're clearly very deep down this particular rabbit hole and nothing anyone says is going to change that. Best of luck, but I'm glad your views aren't all that prevalent.

> Tether has nothing to do with Bitcoin

Tether has everything to do with the bitcoin markets and the price of bitcoin, which is the only thing basically anyone is interested in.


> No, I want the world's energy and carbon footprint to reduce, rather than have people with a decentralisation fetish invent new ways to incentivise thrashing.

Then any way to dismantle the existing consume-everything-to-make-a-profit economy, which is caused by archaic and inefficient monetary systems, should be good, right?

How much energy is wasted / burned because of our existing monetary policies?

cryptocurrency PoW is bajillions times more efficient than, i dunno, exerting currency dominance by shows of military power or shipping goods all over the world because its "cheaper" to make things here and sell things there.


> Then any way to dismantle the existing

any way? No, and particulary one that, for instance, encourages competitive.burning of power for profit and uses the power demands of a small country to service the transactional needs of a town.

>How much energy is wasted / burned because of our existing monetary policies?

Probably quite a lot. But then they do so much more than cryptocurrency can, so the comparison is nonsense.

"bajillions" being code for "I have no idea at all" renders your argument at the end there pretty moot.


>Tether has everything to do with the bitcoin markets and the price of bitcoin, which is the only thing basically anyone is interested in.

Tether has become the proverbial suitcase of IOUs. The GP is outraged about the government stealing money through inflation, when the Tether printing press has been merrily siphoning actual USD out of the markets, a half billion at a time.


> No, I want the world's energy and carbon footprint to reduce

I take it you're OK with nuclear energy then?

If Bitcoin were fully powered by nuclear or other clean or renewable energy, I'm sure you'd find something else to complain about, no?


It would still be a massive drain in a world that's trying to cut down its energy footprint. There really isn't such thing as "spare" power when the world burns as much coal and gas as it does right now.

Adding a currency that relies on the competitive waste of power to the mix is a hideous idea.


But doesn't Bitcoin have the 'problem' of not being legal tender? i.e. why would people choose to buy Bitcoin, giving loads of money to existing Bitcoin owners, when it's not so hard to create a brand-new cryptocurrency?


It's not work for nothing, because it gives you consensus and reliability. Maybe you meant to say that there's better solutions...


Ok it's wrong to say "nothing". But I don't really see consensus nor reliability in crypto currencies. Specially the consensus seems to be missing, if you look this phenomena far enough.


Having a proof of work function that did something useful outside of minting new blocks would be awful for a cryptocurrency.


Why?


Does this enable using PoW to run something like Ethereum VM/contracts?


The security of proof of work algorithm depends on the execution not having an economical value (and actually cost a mostly fixed amount of work).


Good point. Does that consider that case where the economic value of running the PoW is part of the network itself, as say running an Ethereum app? For the miners the PoW wouldn't be valuable, but instead of burning computation time the byproduct could be useful part of the network.


With Ethereum contracts the cost of validation is expensive, and for proof of work you need a function that is expensive to run, but cheap to verify (the inverse of SHA-256 is such a function).

The main concern against proof of stake is what you just described actually: it doesn't cost money to create, but as the value of staking is part of the cryptocurrency, a malicious party could get and stake of a lot of that cryptocurrency, create a leveraged short contract to protect itself, then reverse the transaction.

Another example would be using protein folding for cancer research for example, which sounds a noble cause, but it creates an incentive for drug companies to be miners, and could lead to even bigger centralization of mining than what is already happening.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: