My only beef with this system is the proof of work, which leads to an arms race in electricity consumption. Proof of stake is better, and frankly, distributed timestamps don't need a race to solve a problem every time something has to be timestamped.
For currency, it would actually be nicer to have a system that treats trust/credit/reputation as the scarce resource. It would help people who aren't rich in the traditional sense nevertheless organize and help each other, and would allow people to "create their own currency" in communities, or the equivalent of that, that they aren't able to do now.
I keep hearing about prof of stake. I'm very interested in it, however I haven't found an explanation that clearly explains to me how it works. I've looked at the Wiki article and read a little about Peercoin. Do you know of any article, video or source that may help explain exactly how proof of stake works?
If any coins make it you can see at watching the marketcap of the coins at http://coinmarketcap.com
It sounds like it should be, but it isn't, lacking PoW, there's no reason not to create many possible blocks and without central check-pointing the whole thing falls apart. The problem with proof of stake is that nothing is at stake.
The "blocks are never final" idea is what I believe has led to some of the proposed 51% attacks on the bitcoin network.
Question: Does proof of work have to be a near 'lottery' system? Obviously it needs to be asymmetric, but are there other good options than hash collision?
As for "lottery", I believe the answer is yes and no. The basic point is to raise the cost of "faking" a confirmation, and how you do that is completely up to you - e.g. captchas are a great example! That said, the random part of the non-deterministic process provides a lot of really nice properties for a distributed system - fairness claims, etc. That said, this is a deep topic (with lots of caveats) in its own right.
There are indeed other proof-of-work algorithms.
Probably the first one is Primecoin, which asks for
a Cunningham chain of prime-numbers.
My own Cuckoo Cycle, asking for a cycle in a huge graph, is another example, in which a single proof attempt takes hundreds of MB of memory, but verification is instant and takes no memory.
They seem to have thought that the hex representation of the hash matters when mining, when really we're talking about large integers. If you just do the former "look for a hash with two 0 at the start", you end up with almost no granularity in the difficulty needed. You end up in the situation where 0000 is too easy, but 00000 is too hard. Bitcoin uses integers, and can therefor adjust the target difficulty down to an arbitrary number of digits if required.
Seems to be a common misconception when people have been told a simplified version of what is going on.
The closest analogy would be people setting up water sprinklers in their home. Sure it helps keep the whole town safe, but the reason they do it is for their own protection.
Similarly, in theory there are some other blockchain applications that give each miner a gain just from mining. For example, imagine that scientific communities around the world built a blockchain that checked folded proteins for applications in medicine. In order to compactly represent this they use a proof of work algorithm that solves these protein problems. The blockchain allows them to quickly share paths that do (or do not!) bear fruit in a specific direction, but it also coordinates search efforts along various veins of discovery.
These are just two examples I thought of in the span of 5 minutes, I'm sure there are countless ways of using blockchains, PoW algorithms, and cryptographic techniques for communication, synchronization, and commerce.
Wouldn't a rational actor free ride instead of mining? Also, the total hash rate needs to be high enough to prevent 51% attacks, so there's no guarantee that your cost of mining would be smaller than your benefit. A blockchain that doesn't pay miners seems to have an equilibrium where trolls 51% it into oblivion (as has already happened with some scamcoins AFAIK).
If you have > 51% hashing power for a long period of time then you could theoretically choose an arbitrary block some time in the past (the further back you go the more difficult and time consuming it will be) and begin mining from that block. Including (or making up) whatever transactions you want as you go. Eventually you will have a longer chain than the "main" block and unless manual intervention is made you will orphan all of the other blocks and be able to rewrite history.
What the 51% attack lets you do is remove transactions, which lets you double-spend. And of course there may be other benefits too. For example, if someone is using the blockchain for purposes other than sending money to people (e.g. notarizing a document, proxy transactions that represent movement of physical goods, etc) then removing transactions may be beneficial without double-spending.
Double-entry accounting means that for each transaction, there will be two (sometimes more) entries in the ledger (set of accounts) - one on the "credit" side, and one on the "debit" side. For example, when you withdraw $100 from your bank account, from the bank's perspective it is crediting an Asset (Cash) and debiting a Liability (Customer Accounts), so a credit entry of $100 would go into the Cash "account" and a debit entry of $100 would go into the Customer Accounts "account".
Triple-entry accounting implies that a third entry would go... somewhere else in the ledger; but OP isn't describing a classic set-of-accounts ledger.
+ cash $100
- bankaccount $100
I guess that is somehow deserving of downvotes...
Blockchains build off the general concept by introducing proof of work and consistent design to handle forks (longest blockchain wins)
So you need to create some incentive in form of a valuable reward that is purely informational, can be verified independently by anyone, contains all necessary information in the blockchain and does not consume enormous amount of bandwidth/time/energy in order to be verified. This could only be a fungible cryptographic token and this token must be rare. This does not guarantee that it will be valuable, but fungibility and scarcity are necessary to start with.
This token must be created in a way that can't be counterfeited and can be independently verified using only the blockchain data (because one can only trust what's in the blockchain). So far it was proof-of-work that provided scarcity. I don't think there is a drastically different way to solve this problem.
given your analysis, how will miners be compensated once we hit 21M bitcoins? others have asserted higher miner fees. if they are right, this seems to negate one of bitcoin's supposed benefits -- negligible transaction fees -- precluding certain applications like microtransactions.
not attacking bitcoin, just trying to understand its true applications.
thanks for your help!
Miner fees are irrelevant if one does not have the coins to begin with. The chain will be maintained by competing miners only if they are incentivized with initial distribution of a limited supply of units. If all units belong to just one guy, then why anyone should mine anything? If you need coins, you can just buy them from him. But why would they have any value then?
> how will miners be compensated once we hit 21M bitcoins?
We will never "hit" 21M bitcoins. We will slowly approach lower and lower inflation until it becomes zero. But we will notice how miners receive bigger and bigger portion of income from the fees. There will be more demand for on-chain transactions which will increase competition among users and fees will go up. To increase income, miners will be eager to increase the block size limit thus allowing more throughput and as a side effect making fees stabilize at some level. The process will be slow that no one will be shocked by the adjustment of the reward. At the same time, all known events of the future are already priced in. Miners already know that in 3 years they will have 2x smaller reward.
Think of the process this way: miners want to maximize their revenue, users want to minimize their costs. If on-blockchain transactions become too expensive, users will use some clearing houses thus depriving miners from extra fees. Therefore miners will be eager to process more transactions at the current or slightly lower prices to collect those fees. But by allowing more transactions, they reduce competition between users thus preventing the fees from growing further. The system will stabilize at an intersection of 1) affordable bandwidth for miners (so they do not lose too much money on side blocks), 2) optimal fees for users to pay and miners to earn. If bandwidth/CPU is infinite, miners would collect trillions of transactions costing a 0.0001 of a penny and users would enjoy microtransactions right on the blockchain. But we have some real-world limitations that shift equilibrium somewhere to lower throughput and higher fees.
Two questions: Currently, bitcoin transactions don't have any transaction fees. In this case, where are these 'mined' coins coming from? Is it by adding a transaction from 'the ether' to the miner?
Also, if there are transaction fees but the person who verifies the block adds their own fee to the block, what's stopping them from verifying that Alice and Bob have offered the miner a transaction fee of 100 BTC instead of 1 BTC?
 No relation to the company of the same name.
If you have more than one currency installed on your computer you might use 100GB or more for them. It fits, but it's starting to become a significant % of a typical hard disk. (Although presumably people with lots of wallets are not typical and have larger disks.)
An offline live-CD or USB key has no need to store the entire blockchain if you just want to store coins and keep them safe.
(I'm aware of light clients that work with a server, but that's not the standard.)
You can store the wallet cold on a usb key, certainly, but that's not the use case here. The use case here is a usb-key you boot ONLY for bitcoin, and nothing else. No web browser, no nothing, just the bitcoin client.
This is recommended if you are on windows, or if you aren't certain you can secure your computer (most people can't).
Whether someone has coded such a client I don't know, but it's not a difficult problem, and does not require a server.
PNY has a 32gb usb key for $13 (about 0.029btc).
There are really two parts to the Blockchain:
1. Header, which includes the hash of the contents and other metadata like the previous node in the chain, etc.
2. Contents, which is what the miner chose to validate when the block was mined. In Bitcoin, this includes a set of transactions (a step from a graph of inputs and outputs).
The contents could potentially be pruned by only keeping track of unspent transaction outputs, but this removes the ability to validating the headers (ie. hashing all the transactions to check if the header metadata matches) except for the fact that there are other headers on top of it.
The set of blockchain headers will continue to grow, unless there is a new genesis block—this is like a forced snapshot of the current state of the relevant content of the network. In Bitcoin, it would include all the current unspent transaction inputs.
There are several blockchain technologies like Mastercoin which attempt to completely decouple the notion of a content specification from the blockchain headers themselves. That means you could conceivably send all kinds of garbage that would get happily signed by the miner but the contents would be ignored by any client that is not interested in it.
(Disclaimer: This is written off the top of my head and I gotta run, so it may be somewhat inaccurate.)
That said, as a reference, a Bitcoin transaction today is anywhere between ~160~1000 bytes, and the full block chain is on the order of tens of GBs. Is that a problem? It can be. To address this, Bitcoin uses Merkle trees and "Simple Payment Verification" (SPV) -- worth looking into, if you're interested.. long discussion on its own. I'll just note that SPV changes what you can say about integrity/security of the transaction.
Bitcoin has to become much, much more successful (think hundreds of millions of users) for the blockchain size to ever become a problem.
It's a fully-deterministic algorithm. It would be quite useless if it were not. I believe what the author is trying to say is that it's not predictable.
I haven't worked out exactly how to do this (specifically: if the problems posed to the miners are not random, what is to prevent a miner from posing a problem to which they already know the answer?), it's just an idea.
more rumination at https://en.bitcoin.it/wiki/Intrinsic_worth_brainstorming#pse...