Return-Path: Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id EE0D2C0001 for ; Fri, 5 Mar 2021 21:21:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id CD9ED60624 for ; Fri, 5 Mar 2021 21:21:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -0.084 X-Spam-Level: X-Spam-Status: No, score=-0.084 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MALFORMED_FREEMAIL=0.993, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: smtp3.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bQtmhC3gpOI6 for ; Fri, 5 Mar 2021 21:21:24 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-yb1-xb36.google.com (mail-yb1-xb36.google.com [IPv6:2607:f8b0:4864:20::b36]) by smtp3.osuosl.org (Postfix) with ESMTPS id 5447260613 for ; Fri, 5 Mar 2021 21:21:24 +0000 (UTC) Received: by mail-yb1-xb36.google.com with SMTP id n195so3385415ybg.9 for ; Fri, 05 Mar 2021 13:21:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:cc; bh=Jlv860az1+Ns4wXUzEgf30pI1J5QVm7Pwg1+8SwH7EU=; b=ZqjISgiRn7btKo9kJT51NXbxUW0uTEPWUu0ogsd3MUJ7j64Nf5HmCtFQBQCE8b0HiD l9FsKNPOt2g/LRgPvkbAeC7xAttHj6HWFhpV1O5eVRWLLGBL5cwsjhKWeDCIldMuAbKa IhkIZHqYEvNxrBaav395O5oEl8LCrxN3ZK9WU5x1JaIVKblP5i2bNHQD7SwYdh+jJb7t WEpM4vrXt9yoOOmvkto1+4KyeSh6hReKbK43mDFI0o/JAJTkcJlHnR/TJ4zLR1L7sSMA H3PcmnhmCCbmcQMxOOtHPuG3uWVG5IPj6nGDSSX6qjLqhd4woLDS5oUEjNfFcSCAkTxY PdZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:cc; bh=Jlv860az1+Ns4wXUzEgf30pI1J5QVm7Pwg1+8SwH7EU=; b=ERk+EJS3X8sFNEzAmtWJanBn4D0+gcWa/kofQwfzGpsb3bTEpTpq9Jj9NGRWctWCAv TPzVh8YpOQBxJXRF0Jlu3c8tydaBO6054mD4GutOFHErZSIIYjjdSdlOlLwnKMJVfoI4 cSEGQdxsgvjqboqK9dLJAeMfx8l6iHyxCUxv9k/Ql4r3XmQ8KIzAAy9U2fM6Y6tTrRcP 4nCtPr5QMXWKCHwq763k9qPK75KBdUBFRP/YVtGQP7UmnCBUpW8nM1cZxNmgcDA6WBXJ FXLnmQL2a2UFFwNAFJBiQsf1uTYEXMCFLUPv+S54W6glHmT89w+0b/EcMCP5Iw740UjR 8LGw== X-Gm-Message-State: AOAM531ENA+ziS+n5Rh+icjbPbPJ4OZFlyH9c/O2mVwR59Ha7xQd8gHS RfBcvtZma7GUfACY7nTUka2284VKTH18xp8e4rkncw1My50= X-Google-Smtp-Source: ABdhPJzNLZ3weqbNyVJFN8uG3rvHnnA2L7QLqXZw5Daioooqs6O2H0d8hYjdK6jyiV315LXDagfvm2qAyf3PWYOpbO0= X-Received: by 2002:a25:db09:: with SMTP id g9mr17083110ybf.491.1614979283163; Fri, 05 Mar 2021 13:21:23 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Lonero Foundation Date: Fri, 5 Mar 2021 16:21:12 -0500 Message-ID: Cc: Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="0000000000007e1c9905bcd0aad3" X-Mailman-Approved-At: Fri, 05 Mar 2021 22:21:51 +0000 Subject: Re: [bitcoin-dev] BIP Proposal: Consensus (hard fork) PoST Datastore for Energy Efficient Mining X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2021 21:21:26 -0000 --0000000000007e1c9905bcd0aad3 Content-Type: text/plain; charset="UTF-8" Actually I mentioned a proof of space and time hybrid which is much different than staking. Sorry to draw for the confusion as PoC is more commonly used then PoST. There is a way to make PoC cryptographically compatible w/ Proof of Work as it normally stands: https://en.wikipedia.org/wiki/Proof_of_space It has rarely been done though given the technological complexity of being both CPU compatible and memory-hard compatible. There are lots of benefits outside of the realm of efficiency, and I already looked into numerous fault tolerant designs as well and what others in the cryptography community attempted to propose. The actual argument you have only against this is the Proof of Memory fallacy, which is only partially true. Given how the current hashing algorithm works, hard memory allocation wouldn't be of much benefit given it is more optimized for CPU/ASIC specific mining. I'm working towards a hybrid mechanism that fixes that. BTW: The way Bitcoin currently stands in its cryptography still needs updating regardless. If someone figures out NP hardness or the halting problem the traditional rule of millions of years to break all of Bitcoin's cryptography now comes down to minutes. Bitcoin is going to have to eventually radically upgrade their cryptography and hashing algo in the future regardless. I want to integrate some form of NP complexity in regards to the hybrid cryptography I'm aiming to provide which includes a polynomial time algorithm in the cryptography. More than likely the first version of my BTC hard fork will be coded in a way where integrating such complexity in the future only requires a soft fork or minor upgrade to its chain. In regards to the argument, "As a separate issue, proposing a hard fork in the hashing algorithm will invalidate the enormous amount of capital expenditure by mining entities and disincentivize future capital expenditure into mining hardware that may compute these more "useful" proofs of work." A large portion of BTC is already mined through AWS servers and non-asic specific hardware anyways. A majority of them would benefit from a hybrid proof, and the fact that it is hybrid in that manner wouldn't disenfranchise currently optimized mining entities as well. There are other reasons why a cryptography upgrade like this is beneficial. Theoretically one can argue BItcoin isn't fully decentralized. It is few unsolved mathematical proofs away from being entirely broken. My goal outside of efficiency is to build cryptography in a way that prevents such an event from happening in the future, if it was to ever happen. I have various research in regards to this area and work alot with distributed computing. I believe if the BTC community likes such a proposal, I would single handedly be able to build the cryptographic proof myself (though would like as many open source contributors as I can get :) Anyways just something to consider. We are in the same space in regards to what warrants a shitcoin or the whole argument against staking. https://hackernoon.com/ethereum-you-are-a-centralized-cryptocurrency-stop-telling-us-that-you-arent-pi3s3yjl Best regards, Andrew On Fri, Mar 5, 2021 at 4:11 PM Keagan McClelland < keagan.mcclelland@gmail.com> wrote: > It is important to understand that it is critical for the work to be > "useless" in order for the security model to be the same. If the work was > useful it provides an avenue for actors to have nothing at stake when > submitting a proof of work, since the marginal cost of block construction > will be lessened by the fact that the work was useful in a different > context and therefore would have been done anyway. This actually degrades > the security of the network in the process. > > As a separate issue, proposing a hard fork in the hashing algorithm will > invalidate the enormous amount of capital expenditure by mining entities > and disincentivize future capital expenditure into mining hardware that may > compute these more "useful" proofs of work. This is because any change in > the POW algorithm will be considered unstable and subject to change in the > future. This puts the entire network at even more risk meaning that no > entity is tying their own interests to that of the bitcoin network at > large. It also puts the developers in a position where they can be bribed > by entities with a vested interest in deciding what the new "useful" proof > of work should be. > > All of these things make the Bitcoin network worse off. > > Keagan > > On Fri, Mar 5, 2021 at 1:48 PM Lonero Foundation via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >> Also in regards to my other email, I forgot to iterate that my >> cryptography proposal helps behind the efficiency category but also tackles >> problems such as NP-Completeness or Halting which is something the BTC >> network could be vulnerable to in the future. For sake of simplicity, I do >> want to do this BIP because it tackles lots of the issues in regards to >> this manner and can provide useful insight to the community. If things such >> as bigger block height have been proposed as hard forks, I feel at the very >> least an upgrade regarding the hashing algorithm and cryptography does at >> least warrant some discussion. Anyways I hope I can send you my BIP, just >> let me know on the preferred format? >> >> Best regards, Andrew >> >> On Fri, Mar 5, 2021, 10:12 AM Lonero Foundation < >> loneroassociation@gmail.com> wrote: >> >>> Hi, this isn't about the energy efficient argument in regards to >>> renewables or mining devices but a better cryptography layer to get the >>> most out of your hashing for validation. I do understand the arbitrariness >>> of it, but do want to still propose a document. Do I use the Media Wiki >>> format on GitHub and just attach it as my proposal? >>> >>> Best regards, Andrew >>> >>> On Fri, Mar 5, 2021, 10:07 AM Devrandom >>> wrote: >>> >>>> Hi Ryan and Andrew, >>>> >>>> On Fri, Mar 5, 2021 at 5:42 AM Ryan Grant via bitcoin-dev < >>>> bitcoin-dev@lists.linuxfoundation.org> wrote: >>>> >>>>> >>>>> https://www.truthcoin.info/blog/pow-cheapest/ >>>>> "Nothing is Cheaper than Proof of Work" >>>>> on | 04 Aug 2015 >>>>> >>>>> >>>> Just to belabor this a bit, the paper demonstrates that the mining >>>> market will tend to expend resources equivalent to miner reward. It does >>>> not prove that mining work has to expend *energy* as a primary cost. >>>> >>>> Some might argue that energy expenditure has negative externalities and >>>> that we should move to other resources. I would argue that the negative >>>> externalities will go away soon because of the move to renewables, so the >>>> point is likely moot. >>>> >>>> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >> > --0000000000007e1c9905bcd0aad3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Actually I mentioned a proof of space and time hybrid= which is much different than staking. Sorry to draw for the confusion as PoC is more=20 commonly used then PoST.
There is a way to make PoC cryptographic= ally compatible w/ Proof of Work as it normally stands: https://en.wikipedi= a.org/wiki/Proof_of_space
It has rarely been done though given the technological complexity of being both CPU compatible and memory-hard compatible. There are lots of=20 benefits outside of the realm of efficiency, and I already looked into=20 numerous fault tolerant designs as well and what others in the=20 cryptography community attempted to propose. The actual argument you=20 have only against this is the Proof of Memory fallacy, which is only=20 partially true. Given how the current hashing algorithm works, hard=20 memory allocation wouldn't be of much benefit given it is more optimize= d for CPU/ASIC specific mining. I'm working towards a hybrid mechanism= =20 that fixes that. BTW: The way Bitcoin currently stands in its=20 cryptography still needs updating regardless. If someone figures out NP=20 hardness or the halting problem the traditional rule of millions of=20 years to break all of Bitcoin's cryptography now comes down to minutes.= =20 Bitcoin is going to have to eventually radically upgrade their=20 cryptography and hashing algo in the future regardless. I want to=20 integrate some form of NP complexity in regards to the hybrid=20 cryptography I'm aiming to provide which includes a polynomial time=20 algorithm in the cryptography. More than likely the first version of my=20 BTC hard fork will be coded in a way where integrating such complexity=20 in the future only requires a soft fork or minor upgrade to its chain.

In regards to the argument, "As a separate issue,= proposing a hard fork in the hashing algorithm will invalidate the enormous amount of capital expenditure by mining=20 entities and disincentivize future capital expenditure into mining=20 hardware that may compute these more "useful" proofs of work.&quo= t;

A large portion of BTC is already mined through AWS servers and non-asic=20 specific hardware anyways. A majority of them would benefit from a=20 hybrid proof, and the fact that it is hybrid in that manner wouldn't=20 disenfranchise currently optimized mining entities as well.
<= br>
There are other reasons why a cryptography upgrade like this is=20 beneficial. Theoretically one can argue BItcoin isn't fully=20 decentralized. It is few unsolved mathematical proofs away from being=20 entirely broken. My goal outside of efficiency is to build cryptography=20 in a way that prevents such an event from happening in the future, if it was to ever happen. I have various research in regards to this area and work alot with distributed computing. I believe if the BTC community=20 likes such a proposal, I would single handedly be able to build the=20 cryptographic proof myself (though would like as many open source=20 contributors as I can get :)

Anyways just=20 something to consider. We are in the same space in regards to what=20 warrants a shitcoin or the whole argument against staking.

Best regards,=C2=A0 Andrew

On Fri, Mar 5, 2021 at 4:11 PM Keagan McClelland <keagan.mcclelland@gmail.com> wrote:
<= /div>
It = is important to understand that it is critical for the work to be "use= less" in order for the security model to be the same. If the work was = useful it provides an avenue for actors to have nothing at stake when submi= tting a proof of work, since the marginal cost of block construction will b= e lessened by the fact that the work was useful=C2=A0in a different context= and therefore would have been done anyway. This actually degrades the secu= rity of the network in the process.

As a separate issue,= proposing a hard fork in the hashing algorithm will invalidate the enormou= s amount of capital expenditure by mining entities and disincentivize futur= e capital expenditure into mining hardware that may compute these more &quo= t;useful" proofs of work. This is because any change in the POW algori= thm will be considered unstable and subject to change in the future. This p= uts the entire network at even more risk meaning that no entity is tying th= eir own interests to that of the bitcoin network at large. It also puts the= developers in a position where they can be bribed by entities with a veste= d interest in deciding what the new "useful" proof of work should= be.

All of these things make the Bitcoin network = worse off.

Keagan

On Fri, Mar 5, 2021 at 1:48= PM Lonero Foundation via bitcoin-dev <bitcoin-dev@lists.linuxfoundation= .org> wrote:
Also in regards to my other email, I forgot to iterat= e that my cryptography proposal helps behind the efficiency category but al= so tackles problems such as NP-Completeness or Halting which is something t= he BTC network could be vulnerable to in the future. For sake of simplicity= , I do want to do this BIP because it tackles lots of the issues in regards= to this manner and can provide useful insight to the community. If things = such as bigger block height have been proposed as hard forks, I feel at the= very least an upgrade regarding the hashing algorithm and cryptography doe= s at least warrant some discussion. Anyways I hope I can send you my BIP, j= ust let me know on the preferred format?

Best regards, Andrew

<= div dir=3D"ltr" class=3D"gmail_attr">On Fri, Mar 5, 2021, 10:12 AM Lonero F= oundation <loneroassociation@gmail.com> wrote:
Hi, this isn't about= the energy efficient argument in regards to renewables or mining devices b= ut a better cryptography layer to get the most out of your hashing for vali= dation. I do understand the arbitrariness of it, but do want to still propo= se a document. Do I use the Media Wiki format on GitHub and just attach it = as my proposal?

Best regards, = Andrew

On Fri, Mar 5, 2021, 10:07 AM Devrandom <c1.devrandom= @niftybox.net> wrote:
Hi Ryan and Andrew,

On Fri, Mar 5, 2021 at 5:42 AM Ryan Grant via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> = wrote:

=C2=A0 https://www.tru= thcoin.info/blog/pow-cheapest/
=C2=A0 =C2=A0 "Nothing is Cheaper than Proof of Work"
=C2=A0 =C2=A0 on | 04 Aug 2015


Just to belabor this a bit, the paper = demonstrates that the mining market will tend to expend resources equivalen= t to miner reward.=C2=A0 It does not prove that mining work has to expend *= energy* as a primary cost.

Some might argue th= at energy expenditure has negative externalities and that we should move to= other resources.=C2=A0 I would argue that the negative externalities will = go away soon because of the move to renewables, so the point is likely moo= t.=C2=A0

_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
--0000000000007e1c9905bcd0aad3--