monero-project/research-lab#12 wrote:
I believe it's time to seriously review the proof of work algorithm used in Monero in light of the very serious consequences we have all witness with mining centralization in the Bitcoin community.
Some urgency might not be a bad idea, as the window in which we can make such broad and sweeping changes is narrowing.
Shouldn’t you mention my recent revelations as one of the potential the prior art sources of this new found urgency? I mean upstanding open source and all right.
https://www.reddit.com/r/Monero/comments/6r2xsm/is_moneros_anonymity_broken/dl75h7s/?context=3
^^ see the bottom of the yellow highlighted post for mention about blocks+PoW being the problem
Is Monero’s (or All) Anonymity Broken?
^^ summaries here and here
Are DECENTRALIZED, Scalable Blockchains Impossible?
^^ currently not complete, still being written to be more widely published within days
Shocking Crisis Coming to Cryptocurrency (in Sept?)
You’ll probably need my assistance given I’ve been researching, discussing about, and brainstorming the solution to this issue for the past years.
This might be a bit too radical/off topic but I think one issue that might be important to consider in PoW is the competitive exclusion principle: http://en.wikipedia.org/wiki/Competitive_exclusion_principle
I don’t believe this will help because ultimately every possible algorithm you can think of can be made at least an order-of-magnitude or two more efficient on custom hardware (per agreement I had with @tromp on this conclusion). And all 14nm/16nm ASICs are only manufactured in two fabs in the world. Mining is inherently a centralization paradigm in many ways. How could we know if some secret mining hardware (or even just very large economies-of-scale making the lowest-cost miner) is not already mining Monero? Why would they tell us if their motivation is to sustain a honeypot?
Even if you force the miner to have a copy of the entire blockchain, and even make disk or memory accesses a significant component of the computation, it can still be made more efficient with customized hardware. And economies-of-scale will I think always win the efficiency race.
We've investigated this before, mostly around Cuckoo Cycle, and at some point it fell by the wayside.
I intensely investigated different memory hard proof-of-work algorithms (some were my own) and even deeply analyzed @tromp’s Cuckoo Cycle. My conclusion is wider in scope: that proof-of-work is an evolutionary cul-de-sac (just “another failed mutation”).
The issue at the highest-level of abstract (i.e. generative essence) conceptualization is that, “impossible to have a fungible token on a blockchain in which the consensus doesn't become centralized iff the presumption is that the users of the system gain the most value from the system due to its monetary function”.
Do you think "tangle" type configuration (like IOTA) can be suitable and robust enough to fulfill the main function of Money- to be a storage of value that can be deferred through space/time?
They never showed how it converges without centralized servers enforcing that all transacting participants only run the same Monte Carlo strategy. Apparently given significant defection it will not converge on a single longest-chain, i.e. afaics it doesn’t converge decentralized. It also depends on proof-of-work (PoW).
The alternative for a DAG which does converge and doesn’t rely on PoW is Byteball’s Stability Point algorithm, but this has the downsides that I discussed with its creator @tonych last year. It has a peculiarity that afair transaction fees don’t scale with increasing exchange price of the token. More generally, essentially this is a closed set of delegates which decide the longest-chain, thus has the same weakness of TenderMint (and Vitalik’s Casper) in that if more than 33% or 50% (or what ever is the liveness ratio) stop responding then the longest-chain doesn't advance and requires a hard fork to unstuck, i.e. it is deterministic finality of confirmation not probabilistic as is the case for PoW.
@mbarkhau wrote:
Proof-of-Space is a researched concept already.
@catcow wrote:
Huh? Reading and/or writing from a hard disk or SSD does indeed consume electricity. Idle storage that isn’t accessed doesn’t offer any PoW function.
Proof-of-storage is not going to stop customized hardware from being created which operates at orders-of-magnitude higher electrical efficiency. You’re thinking that hard disks are commodities and thus economy-of-scale can’t attain any cost advantages. But commodity disk storage is not designed for maximum electrical efficiency. Rather it is designed for maximizing performance and costs per byte.
The amortization of the hardware cost is not the major cost component of mining. Rather it is the electrical consumption cost that is, especially when a entity has a near monopoly on an orders-of-magnitude advantage. For ASICs, there are only two fabs in the world which can deliver 14nm and they have of course limited output capacity. Ditto for any customized hardware designed to maximize electrical efficiency of hard disk sized space.
@iamsmooth (this is smooth from BCT and Steemit and smooth_xmr from Reddit) wrote:
How is that you figure the lowest-cost marginal miners don’t eventually aggregate more profit and thus more hashrate share over time?
Craig Wright also debunked the microeconomics plausibility of egalitarian mining.
The access to commodity hardware doesn’t help when those with higher economies-of-scale are (probably surreptitiously) continually adding hashrate share because they are more profitable due to their higher electrical efficiency, because as I analyzed in the past, every possible PoW that could be envisioned, can be implemented orders-of-magnitude more efficient with customized hardware.
Good to know you understand why every PoW distributed coin is surreptitiously majority held by those with the most economies-of-scale. We observe now Bitmain preparing to take control for its clients who remain anonymous. Don’t fool yourself into thinking your silly CryptoNight PoW algorithm has been a defense. Rather it is only a way of obfuscating the honeypot reality from fools who can’t read (see above). With the mining surreptitiously centralized, Monero is undoubtedly a honeypot and I challenged you guys to do the rigorous math, but so far nothing from your side but silence.
Implausible. You can only fork off your coin regularly into the PUBLIC CONFIDENCE stampede abyss attempting to do so, as I recently argued.
@onidlo wrote:
I posted a rebuttal at Medium:
@DanielPlante wrote:
Once again you simpletons have not thought this out. Commodity DRAM is designed to balance power consumption with latency and random-access speed to optimize a general purpose computing pattern.
Any algorithm you can think of it is going to be orders-of-magnitude more electrically efficiently implemented by using custom hardware suited to optimize the pattern of access you are advocating.
Even if you dream up a randomizing access pattern similar to Monero’s existing CryptoNight, there are still ways to optimize trading storage for computation. I did this deep analysis already.
General purpose computing commodity hardware can never be as efficient as customized hardware for a specific algorithm.
Fuhgeddaboudit!