It's in the context of a discussion about why PoW-based tokes are a bad idea in terms of burning CPUs and their carbon footprint. The generous interpretation is that he was claiming that this discussion was moot because the bigger issue was that PoW wouldn't actually work as a feature of Bitcoin.
The less generous (but probably accurate) interpretation is that he posted that without reading either the Bitcoin whitepaper itself or the abstract of the whitepaper. IIUC his paper is about how PoW applied to email would either break a lot of the desirable features or the difficulty would be too low to prevent spam.
I'm not sure why this bothers me enough to post about it on HN-- I'd actually prefer it to be true and Bitcoin fanbase never to have existed. Nevertheless, his paper wasn't really relevant to that discussion and I'm not sure why he posted it there.
I'm not op, but as someone who is pro bitcoin, I will readily admit that it has not created a very nice "culture". Most of the fanbase is focused on greed rather than potential good.
>It wouldn't work without greed. Same as any other form of money.
I'm not so sure about that. I've seen plenty of people at the grocery store spending USD in exchange for food who don't appear greedy. I haven't actually ran a survey, though. But I'm mostly confident that USA doesn't run on greed.
> For email uses, a textual encoding of a hashcash stamp is added to the header of an email to prove the sender has expended a modest amount of CPU time calculating the stamp prior to sending the email. In other words, as the sender has taken a certain amount of time to generate the stamp and send the email, it is unlikely that they are a spammer.
I can see exactly why this wouldn't work - nowadays wouldn't spammers have enough processing power to just do this for every spam email? And how does this not slow down email processing for the end-user, sending an email now requires me to brute-force a hash, right?
The idea was it would be adjusted to take a reasonable amount of time for legitimate users, say a second per email. The problem was it didn't predict the use of viruses to misuse computing resources of end users. Actually, nowadays this could even be done in JavaScript and pushed through an ad network.
Ouch, I guess there's a bureaucracy behind the ontology of any proof of work, although spam/email was a good use case but perhaps crypto is a finer expression, so the paper's main thesis is partially right but it's still used as a spam filter so I guess there's a utility there.
Alot of sentiment today thinks proof of work is a waste of energy, but I assert that it can solve a lot more problems beyond its use for "Nakamoto Consensus".
I don't think anything else can solve decentralized rate limiting more effectively than proof of work.
I wrote a short blog post about the use of Proof of work beyond crypto mining [0]
> Alot of sentiment today thinks proof of work is a waste of energy, but I assert that it can solve a lot more problems beyond its use for "Nakamoto Consensus".
When you use "but" it's customary for the following statement to disprove or argue against the previous statement. How does it being applicable to more stuff stop it from being a gigantic waste of energy?
Everything expends energy in order to solve some problem or accomplish some goal. Whether the problem is worth solving or the goal worth pursuing given the required energy is subjective, but beside the point. If it can solve more problems then the expending of energy becomes more justified.
> Whether the problem is worth solving or the goal worth pursuing given the required energy is subjective, but beside the point.
No, it's very much not besides the point - and I'd argue it's one of the core issues with PoW and the reason why people are so appalled by it.
Yes, everything expends energy, but the special property of PoW is that the energy cost is intentional. Therefore it's fundamentally impossible to reduce the energy cost as that would defeat the whole point: If someone manages to find a more efficient way to mine, this is a threat to the network and has to be counteracted by raising the difficulty. Conversely, the amount of energy that can be expended for mining a single block is potentially unbounded, in contrast to other problems ehere the energy actually perform useful work.
This leaves belief whether or not the problem is worth pursuing as the only measure about the energy cost of PoW. And this belief is influenced by all kinds of factors from technical to financial to psychological. But it is generally not influenced by the amount of energy already spent.
This is factually incorrect. I'm not a fan at all of proof of work schemes, but it's important to criticize them correctly.
Energy consumption is not fundamental in any way. Proof of work depends only in the consumption of some resource that has economic value. It doesn't have to require any energy at all.
For example, Chia had a proof of work mechanism that uses disk storage instead of computation. It uses comparably very little energy and the difficulty is not substantially sensitive to energy efficiency because the cost is dominated by space rather than computation.
There are other examples that attempt to use things like spatially distributed network bandwidth as a resource. I'm not a fan of most of these, but the point is that energy is not fundamental.
> Energy consumption is not fundamental in any way. Proof of work depends only in the consumption of some resource that has economic value.
Yes, or in other words: PoW has to waste something valuable. This something doesn't have to be energy, it can also be physical devices + the energy needed to produce/operate them - or whatever else someone can think up.
My actual point was that the amount of cost per unit of work is unbounded - and to my knowledge this is true for all PoW schemes: Otherwise, an attacker could simply invest enough resources to produce more work units than everyone else and capture the network.
Your facts are true, but I disagree with your conclusion. The resource consumption is actually bounded by the economic value of the network, or the value of attacking the network. If the network generates $100 of value (in terms of market cap etc) for each $1 spent to operate it, then the resource consumption if the network is essentially bounded to 1/100 of global GDP. This is also assuming network operators capture 100% of the value of the network, which is too high by at least an order of magnitude for most networks.
Networks with bigger ratios truly are more efficient, even in absurd hypotheticals in which all economic activity is devoted to operating the network. All I'm assuming here is that actors don't put in more than they get out of it.
> If the network generates $100 of value (in terms of market cap etc) for each $1 spent to operate it, then the resource consumption if the network is essentially bounded to 1/100 of global GDP.
I agree with this point - but over the last few years, we have seen how wildly the perceived value of cryptocurrencies can fluctuate. There are a lot of actors who are strongly interested in driving up the value - either through legitimate means, but just as often through fraud, e.g. manipulated exchanges, wash trading, etc.
So the market cap can easily reach fantasy numbers which aren't really justified by economic utility - but because this fantasy valuation represents real money for miners, energy consumption will follow it.
If a hypothetical criminal valued breaking bitcoin at a significantly higher amount than the profit derived from mining, then the criminal would just attack the network and win. Remember that I'm not describing the security of a PoW network, I'm describing energy consumption and only assuming that individual miners will not mine unprofitably.
> Energy consumption is not fundamental in any way.
Isn't the opposite true though? That everything is either directly or indirectly tied to energy?
Cost of disk space vs computing power is just an equation of the energy put into it (mining, manufacturing, marketing, shipping).
Maybe I'm too hungover to think this through. :D
> It uses comparably very little energy and the difficulty is not substantially sensitive to energy efficiency because the cost is dominated by space rather than computation.
I don't see how this would equate in the end. If you want to keep the level of difficulty high enough it would have to go hand in hand with real life resources (= energy).
Granted there are complex externalities in the calculation and computing continuously uses energy while disk space is more of an "expend and forget" type of scenario, but to me that would simply result in malicious actors being able to afford to put more resources into it (buying more disk space) until we're at the level of the same energy expenditure.
I don't think the e-waste is economically relevant. The environmental cost of Chia is much higher than the cost of cleaning up its e-waste. It's also much lower than than the cost would be if Chia were protected purely by energy.
To be more specific, the dominant cost is the opportunity cost of disk space. Producing and using a drive can't be accounted for as "e-waste", otherwise you'd be forced to claim that drive efficiency doesn't matter because more efficient drives produce just as much e-waste.
Yes you're 100% correct about that, but the cost of properly disposing of a failed drive (e-waste) is insignificant for Chia.
The real cost is from buying the drives, which is not e-waste. You'd have to convince me that there are enough unrecoverable nonrenewables in disk drives for this to be a significant "environmental" cost, and I think it clearly is not.
(people use HDDs for chia, not SSDs, but that's not too important)
I don't care about what will be true, I care about what is true now. If electricity were completely environmentally friendly then the conversation would be moot, as PoW would itself be fine.
But that's not the state we're in. Most electricity is not sustainable.
To me the relevant question is, are HDDs _currently_ produced with fewer environmentally harmful externalities than electricity? I strongly believe the answer is yes. Energy is a small part of the inputs to produce an HDD. You'd have to convince me that on average, the non-energy inputs to HDDs have a larger proportion of environmentally negative externalities than energy itself, or that the energy used for HDDs is somehow less green on average than the energy used for PoW.
(small nit: yes, Chia does use HDDs, but plotting is mostly done on SSDs, afaik? and yes, not that important)
I believe mining today in the US is 70-75% sustainable, which is pretty good, if true. (I haven't done a deep dive on this to confirm, seems a bit high).
Personally, I find the notions of reducing energy usage in general quite terrifying.
As we go up the Kardashev scale, our energy needs will keep rising exponentially, and for human civilization to pass the Great Filter we have no other choice but move and move quickly, but of course not too quickly to commit suicide.
Not sure what's the best way to achieve it, but it is very hard to believe we can become a multiplanetary spacefaring civilization on a combination of hydro dams, windmills and solar panels.
My hope is that Bitcoin can stimulate development of clean nuclear, or if we get lucky, maybe even aneutronic fusion.
"waste" is purely subjective. Is it wasteful that televisions exist just because I don't like watching them? What if televisions used more or less resources? Shouldn't the actual quantities matter more than our opinions about the merits of the activity?
It depends on what you value. If you value energy efficiency, Bitcoin is extremely wasteful for sure.
However if you value freedom/decentralization, it isn't. (I know about the debatable parts of decentralization and Bitcoin but you probably got the main idea)
> However if you value freedom/decentralization, it isn't.
Then your passion for freedom has to grow in lockstep with the Bitcoin market cap, because this is what tracks the actual cost per unit of work with Bitcoin.
Also note who has to bear the cost: PoW resource waste is something that affects everyone, even if only a small group perceives it as valuable.
Well a total economic revolution isn't going to happen overnight. It will take many more years if that's going to happen, and where it's going, even with all the scalability and PoW/waste problems, is still in the right direction given today's economic system.
To add to this: we can also harvest energy from processes that would happen anyway. Eg solar power and hydro power. The water is going to flow downhill whether there is an electric generator in the way or not. Same for solar panels - whether we capture it and convert it to electrical energy or not makes little difference for the Earth as a whole. We just get a whole bunch of energy "for free" because we're inserting ourselves into a natural process that's ongoing (we do need the apparatus to capture it though).
Nuclear and fossil fuels are similar, but the timescales involved there are far too long for humans. Ie burning coal does have negative side effects because we aren't creating new coal from the carbon in the atmosphere at comparable rates.
But if something has a fundamentally monotonically increasing cost in terms of energy, when will we reach the point where it no longer worth the tradeoff?
Is taking more energy than Argentina really worthwhile for the few that uses cryptos?
It being a waste is a matter of opinion. There are negative externalities in some cases, but profit and services generated by the use of crypto have value to people.
If the problem is the pollution produced by power generation, then it's disingenuous to single out crypto for criticism. We really should be enforcing accountability and forcing markets to price in the negative externalities. Carbon capture and other technologies are surfacing to allow for that, and within a decade or so we should see widespread implementation. Legislation will arise out of the consensus of voters and mate technology and regulation.
If the problem is that you think crypto is frivolous or implicitly a waste of resources?
It's not a matter of opinion. Crypto provides incredibly little value to the average person vs. its energy usage. It takes an entire tank of gasoline to make a single Bitcoin transaction, don't insult me by telling me it's a matter of opinion that that's a waste.
And Proof of Waste is about more than it's impact on the environment through it's egregious energy use. Even in places that use clean energy, Bitcoin mining is putting a strain on the grid. (I suspect mining had something to do with Texas' grid problems last winter.) Even if you're harnessing off grid energy, you're a leech sucking value out of the economy by being a major contributor to the chip/GPU shortage.
And for what? All to contribute to a system that has greater wealth inequality than the existing financial system. Brilliant stuff.
Is sun radiating energy in all directions also a waste in your terminology? You can call any use of energy “waste” this way.
Would bitcoin mining be better if it would use clean energy? I think you really are mixing two things here: energy production (that can be “good” or “bad” from ethical or evological perspective) and energy consumption that cannot be bad, just inefficient in terms of the return in business value (but it’s for the owners or customers to calculate, not bystanders to judge).
> Would bitcoin mining be better if it would use clean energy?
No, Bitcoin mining should not exist. It serves no demonstrable net-positive value to society.
> I think you really are mixing two things here
I'm not, you seem to be confused. Energy production is produced only because it is economically viable to do so. Bitcoin makes it economically viable to produce most forms of energy, regardless of that specific source's environmental impact. This is harmful consumption of energy. Like leaving the lights on when you're not home, simply because you don't care. Bitcoin is not indifferent, its core function is to increase energy usage. Some people would have you believe Bitcoin's core value is its use as a currency. Its value is as infrastructure that wastes energy for profit, and the collective buy-in and infrastructure created to ensure it remains a store of value.
You could maybe argue this is worth it, if there were absolutely no other way to do it. But there is, and it works much better. Central banking is strictly superior to cryptocurrency for most reasons that the average person cares about. If you don't agree, that's irrelevant, because you're an outlier. Most people want cheap transactional costs, fast transactions, and for their money to have stable value. They couldn't care for a second if the transaction is cryptographically secure as long as it's reasonably insured.
> Energy production is produced only because it is economically viable
Tell that to sun
And what’s bad about leaving the lights on? Is energy a scarce resource or what? Since when is it bad to use it? This is such a strange take you have. We are not talking about water in the desert. We are talking about energy and increased consumption just stimulates more production and decreases cost.
It’s like saying “don’t type stupid comments on your laptop, it’s a waste of your laptop resources”. They are not finite. We can produce more. In so many different ways. Some of which are bad and some are good.
Doesn’t make typing stupid comments bad in no way.
I'm not sure if you're being intentionally daft or what, but obviously we're talking about energy used by humans.
On Earth, the means to capture or produce any energy is a result of economic interest. If you want to capture energy from the sun at scale, there's a cost attached to it.
> And what’s bad about leaving the lights on? Is energy a scarce resource or what?
Yes, captured energy is literally a scare resource. Texas had rolling blackouts last winter. Many places in the developing world have constant rolling blackouts. That's why we charge money for it, that's why we invest money to drill for it, that's why we've invested decades of research and development into improving our ability to capture energy.
The electric company where I live, which is hydro-electricity based has run commercials for as long as I can remember to conserve energy because of its positive impact on the environment. Where the hell do you live that you think energy is infinite and free? The sun?
For all their faults, cryptocurrencies might put payments and the money supply outside political meddling. If most people don’t care about that yet, well, most Americans didn’t care about British rule in 1764.
The fundamental technical problem I see with PoW is that it only seldomly really aligns with the "good guy/bad guy" boundary.
I.e. the basic purpose of PoW is security: Allow desirable actors in, keep malicious actors out. But this implies that "ability to put in more work" is actually a working way to distinguish good actors from bad actors. This is true in very specific cases, like blockchains - but I believe in most cases, this is actually not given, such as emails.
E.g., suppose we're using PoW to secure email: We do away with SPIF and all that and simply require each email to contain some hash that a sender had to bruteforce (just an example: use whatever PoW scheme you want).
If the scheme has a fixed difficulty, spammers can easily defeat it - they just have to rent (or capture) more machines. So you have to dynamically adjust the difficulty to meet some message/time unit quota. Congrats, suddenly the whole network is limitited to some maximum throughput. Alternatively, you can have separate difficulties for each user - but then, you need a way to track individual users, compute individual difficulties, etc. All of this needs some centralized entity again and agents that enforce the rules. If you have all that, why not use traditional rate limit and forgo the energy (or resource) waste?
It provides a Proof-of-Useful-Work algorithm that is resistant to pre-computation and most other weaknesses that would otherwise prevent useful work from being done while achieving Nakamoto Consensus while at the same time managing to convert ~50% of the computation spent into useful work. Additionally the work being done is pretty generally useful and is applicable to a lot of different problems.
I think the space is starting to reach a point of academic maturity and formalisation of the tech stack such that we can start meaningfully trying to solve these types of problems.
I certainly look forward to seeing real problems solved with these algorithms, but right now that work seems to be lost in the noise of crypto.
I'd be curious to hear more about decentralized rate limiting. That sounds like a reasonable problem to solve with PoW. Although it also sounds like a problem I can solve pretty easily today without PoW so idk.
It gets about 50% efficiency compared to the current state of the art for the problem space without compromising any of the security properties that make for a good PoW algorithm. Generally I'm not a fan of PoW and prefer internal resource based consensus algorithms but PoUW algorithms seem rather interesting. I think we are reaching a point of maturity in the space that'll allow these types of self-securing service marketplaces (which really is what PoUW is) to reach their logical conclusion.
Well as an example, it's used in cryptographic key generator functions.
But there aren't many things it solves well. The easiest and most economical solution to "decentralizing rate limiting" is usually centralizing something.
For everyone who is a big fan of crypto, what is the next "big step" after PoS.
I am more than happy to use a cryptocurrency where I can take 1 USD and receive a coin that is worth ~1 USD, without needing the promise that it will be a moonshot "investment," merely a vehicle for value.
Really? Stable-coins as a concept have existed for years, and in practice have blown up in trading volume and circulation the past 2 years.
USDC stable-coin [0]($34 Billion in circulation) is arguably the most trustworthy in terms of having a 1 to 1 exchangeable backing through a regulated centralized custodian (Circle/Coinbase primarily but also BlockFi and other entities that hold USD reserves for exchange).
Many of these entities (as well as "DeFi" decentralized finance platforms that use Ethereum or similar smart contracts to decentralize the process) allow for various forms of deposit and lending accounts that provide a whole range of yields way way above traditional banking deposits. On top of this, some of these custodians add an additional layer of payment ability to these deposit accounts. Crypto.com[1] for example has a Visa debit card that ties into your USDC/stable coin deposits that you can transact from, in theory avoiding needing to use fiat at all. As well as "CD-like" 3-month lockups where you can get 8-12% yield.
There are also many decentralized stable coins that have various forms of over-collateralized crypto-asset reserves backing the coin and algorithms to stabilize the value by buying or selling from these reserves, trading off possible volatility and uncertainty around peg to avoid centralization and KYC and other regulations of 1:1 backed coins.[2]
Proof of Authority is extraordinarily useful but it's not inherently complex by any means (really it's just the old school consensus problems).
I'd argue though that Proof of Authority definitely is the most useful outside of Proof of Stake and the slowly maturing Proof of Useful Work consensus systems. It's simplistic but it perfectly covers the needs of a lot of government systems.
Before these and even before PoS there was FBA consensus which is the true successor of PoW designed by ex-BTC devs who saw the problems with PoW and actually came up with something better rather than just replacing the worst part of PoW with something else.
MIM - Magic Internet Money, a stablecoin that just leans into the meme because the space is big enough to just ignore crypto/blockchain skeptics (and maxis) as you dont need buyin from them anymore to attract billions of dollars for validation. It competes with DAI, same system just natively crosschain (via AnySwap bridging function added to the erc20 class) and potentially maintains better collateral choices. Right now they use yield bearing collateral like liquidity pool shares which earn enough to reduce loan to value ratios and even pay interest on their own. In comparison, DAI was released in a world without onchain distributed asset backed securities and its users eventually picked completely centralized assets like USDC for collateral. This limits that communities’ risk tolerance for raising debt limits.
That part of your question about stablecoins doesn’t have much to do with a Proof of Stake though-a consensus model.
DAI is still an extremely important in decentralized finance. It is simply easier to scale a centralized stable coin than a collateralized one as the collateralized one is less capital efficient. The centralized coin has different risk parameters though, such as a bank run scenario or the fact that USDC funds can be frozen at will by Circle.
I didn't write that anything was wrong with any of the three assets mentioned
I wrote how they compete on collateral choices which lets people predict their growth/issuance trajectory. MIM grows faster than DAI for a variety of reasons that DAI didn’t have when it launched, which is not likely that DAI can replicate now or at least not quickly.
Worth to keep in mind is that USDT is involved in a lot of shady stuff (and run by Bitfinex), USDC is run by a centralized organization (and Coinbase is involved in that too) while DAI is based on algorithmic stability/stableness. Which one is the best choice for the normal user is left as an exercise to the reader.
Today. It is called USDC; but on the Stellar Blockchain. [0]
You will always know that 1 USDC will always be worth 1 USD and you won't have to deal with ridiculously slow transactions or incredibly high gas fees for every operation and it is not using PoW. [0]
There is already nearly $100B worth of stable coins available on the Ethereum blockchain (and other EVM chains such as Polygon): https://defipulse.com/usd.
From an consensus perspective PPoS (Pure Proof of Stake) and PoH (Proof of History) are next steps.
If you want to send around USD you can use UST for example, an algorithmic stablecoin.
This is an honest question, and I'm not trying to pour cold water on DAI. What would happen if DAI had a single centralised source of truth which could be mirrored as needed if people lost faith in the central entity? This is a bit like what Wikipedia has, which is a fully open database that can be mirrored ad infinitum -- but still remains the central source of truth as long as people respect the organisation that runs it. More broadly, does DAI really need to be on a blockchain*? Are there efficient non-blockchain ways to make verifiable stablecoins?
I ask this question because a lot of things that are run on blockchains seem like they're losing more than they're gaining. It makes me suspicious of even DAI.
When I say "fully open database", you might object that this compromises a person's privacy in order to make the database mirror-able. But then again, all blockchains are fully open and public, so there's nothing more to be lost there.
* - By which I mean the Ethereum blockchain, which is inefficient like all blockchains currently are.
Ethereum is going to stop being so inefficient in about six months. The proof-of-stake migration will reduce its energy usage by about 99.95%. So that will make it an efficient way to make verifiable stablecoins.
Does mirroring deal with this? Somebody downloads the database and hosts it somewhere else, a bit like TPB or Sci-hub. I suggested this in my original post. Which host gets "elevated" to be the official source of truth is decided by community concensus.
Then you run into the problem of deciding who is running the authoritative mirror when the existing one goes down. If there's no single authoritative mirror then you could potentially double-spend your money by spending it in different places on different mirrors.
Mirroring doesn't deal with this because there's always a single target, elimination of which disrupts the whole system, since some time will pass until yet another person puts a target on his back, and there is the problem of finding out which one is legitimate in case if there are few successors.
The US government could make a centralized digital currency without a blockchain. That makes way more sense to me than dealing with all the overhead associated with a trustless decentralized ledger.
The "stable" refers to the absence of massive short-term volatility. The purpose of stablecoins is "banking the unbanked" - in other words, allowing people to spend money who don't have bank accounts. At least I think that's what they're for. It allows people to use USD in the wild, wild west.
>The "stable" refers to the absence of massive short-term volatility.
Nope, See my reply, stable refers to pegged to something and thus stable in value to that something.
The absence of massive short-term volatility is not a property of stablecoins its a property of pegging to something without massive short-term volatility.
Stablecoins exist in the Fiat world too. For example the Bahamian dollar is pegged to the US dollar on a one-to-one basis. So its a Fiat USD stablecoin. It doesn't have a long term stable value (buying power) just like the USD does not.
Stablecoins is a synonym for pegged-coin it is stable to the value of something else not stable in buying power.
You could have a gold stablecoin it would have the vale of defined mount of gold and would therefore move in value just like gold.
the moonshot premise is the growth hack - a reason for people to want the coin. anything stable is unlikely to find widespread adoption, unless it’s introduced by central banks, in which case it’s called Central Bank Digital Currency (CBDC)
Proof of work is the only system where you can look at the blockchain data and figure out the consensus. All other systems depends on people agreeing on what is the truth. PoW is not just superior, it's essential for true decentralized crypto.
Delegated Proof of Stake is pretty cool, particularly as its applied in Nano (instant and feeless transactions), if someone manages to combine that with the transaction privacy of Monero that would be awesome in my view.
> Richard Clayton and I claim that PoW doesn't work:
> http://www.cl.cam.ac.uk/~rnc1/proofwork.pdf
It's in the context of a discussion about why PoW-based tokes are a bad idea in terms of burning CPUs and their carbon footprint. The generous interpretation is that he was claiming that this discussion was moot because the bigger issue was that PoW wouldn't actually work as a feature of Bitcoin.
The less generous (but probably accurate) interpretation is that he posted that without reading either the Bitcoin whitepaper itself or the abstract of the whitepaper. IIUC his paper is about how PoW applied to email would either break a lot of the desirable features or the difficulty would be too low to prevent spam.
I'm not sure why this bothers me enough to post about it on HN-- I'd actually prefer it to be true and Bitcoin fanbase never to have existed. Nevertheless, his paper wasn't really relevant to that discussion and I'm not sure why he posted it there.
1: https://www.mail-archive.com/cryptography@metzdowd.com/msg10...
Edit: clarification