It is an online scheme for resisting sybil attacks in a P2P network where nodes have cryptographic identities which works by periodically forcing all users to do proof of work within a limited time window. Peers that don't respond fast enough are banned from the system (have to create a new identity to join, which is computationally expensive).
The idea is that this get some of the benefits of POW for sybil resistance without spending as much energy.
It doesn't, however, produce a large amount of cumulative work building up over a history. So it's not the sort of thing you'd want to use to protect the history of a ledger directly.
One of the holy grails in cryptocurrency research is figuring out a PoW alternative the provides similar security at reduced energy cost. A few other examples:
Forget using POW to secure a ledger. It's comically bad because of the wasteful arms race which now makes each transaction take as much energy as a household does in a day(!)
The reason bitcoin is so far ahead is because it was the first. Proof of work to secure the blockchain AND also elect a dictator to mine the next block is cute, but I wish they had decoupled it, as they did for example for bitcoin-ng.
What I am far, far more interested in is proof of work for avoiding sybil attacks, or used COLLABORATIVELY by nodes to secure a history, as done in Ripple for example.
So, back to sybil attacks: proof of work, can we trust it?
What are the best ways to make it expensive for an attacker to create multiple identities, yet cheap for everyone else to make one identity?
One is the cumulative time and activity invested by you and those who invited you.
For example, reputation. Maybe making accounts is cheap but reputation comes from random nodes with reputation upvoting you. But then you can spam all those nodes since they're operated by humans.
It seems we have yet to design a system that's truly impervious to sybil attacks. The best we have is tying things to a human real world transaction, eg buying a smart phone, and hoping that whoever made the smart phone also has a service to sign data (they don't) that wasn't compromised.
Any other ideas? Paying for accounts with bitcoins? That at its root is just back to the proof of work arms race and reputation of bitcoin.
Question: is there some sort of service by the Secure Enclave that can sign a piece of data with an HMAC or something to prove that it was signed on a legitimate, non-jailbroken smart device?
If new coins are distributed as block rewards, then collectively, miners will spend (nearly) the monetary value of those coins in competition to solve as many blocks as possible. In other words, any gains in marketcap will translate to increased mining efforts. Paul Sztorc has written a lot more about this in http://www.truthcoin.info/blog/pow-cheapest/
For a while I’ve had a sense that “useful PoW” simply doesn’t make sense, but I was unable to explain why. This article perfectly explains why it doesn’t make sense, albeit using very econ-specific terms. I think it may be possible to explain it in simpler terms, without needing to introduce marginal revenue and cost, but I’m not sure exactly how just yet.
I'm in the process of auditing new low-power Po* algos for a crypto system I'm researching. This paper needs a way better abstract. The math is incomprehensible without knowing what it's end goal is. The paper uses acronyms (ex "Good ID") before explaining what they are. Overall a poorly written paper. The work maybe revolutionary, but what good is that if it's so difficult to understand. People forget that the purpose of a paper is to communicate your idea to other people. If it doesn't do that effectively then no matter how awesome the work is, you've failed.
Bitcoin mines are in western China and Oregon precisely for the abundant and cheap hydro power. That's not so bad, ecologically speaking.
Bitcoin is only as ecologically harmful as the source of the electricity used to run the miners, and it's no more harmful than any other use of electricity. If the world switches over to solar and wind as baseload power, problem solved. If the world doesn't switch away from using coal, that's not Bitcoin's fault. It's not a problem Bitcoin can solve.
I know this place is crawling with cryptocurrency fanboys, but this is a serious issue for many sceptics.
Regardless of whether you think that criticism is valid, downvoting anyone who asks questions about how to address this does not help make their scepticism go away.
First, please show that cryptocurrency is an ecological "disaster" is the first place.
Next, please explain how crypto is more of a disaster than the existing monetary system. Does the cryptocurrency mining economy pose more of an ecological threat than the system put in place to secure government fiat money: buildings, employees, vaults, mints, printing presses, armored vehicles, police, (some part of) the military, etc?
There's ecological disaster regardless of mining, I haven't done any math on the issue but I believe mining waste is a very small part of the overall polution in the world.
We must develop technology to clean our planet regardless of mining waste. Given this and the fact that energy is becoming cleaner by the year I think worrying about mining waste is not rational
There is something thoroughly logical about this approach to the unfortunate waste implicit in Proof of Work (PoW) schemes.
In summary of the motivations of the paper: PoW is currently limited to cryptocurrencies as a security system because of the implicit financial incentive in mining coins. This approach could allow PoW schemes to be widely adopted to secure systems as the overhead is lowered dramatically. Additionally, battery powered devices (ie phones) could make use of PoW without incurring large battery drains. This last bit is particularly interesting and could allow some interesting, distributed P2P systems on cellphones to arise.
The general principle of the paper revolves around asking network members to prove computational power only as much as necessary as the network scales. Because an attacker could easily spoof their MAC / IP address when joining the network, computational tests are periodically distributed to network members. If the test is unsolved in an allotted time period, their network membership is revoked (and the node is blacklisted). The attack referred to in the paper is an attacker adding bad (fake or otherwise) nodes to a system rapidly.
“Consequently, if the network is attacked, our scheme guarantees security, with algorithmic costs that are commensurate with the cost of the attacker. Conversely, in the absence of attack, algorithmic costs are small.”
Well, in theory, you could simply alter the number of 0's required for any particular proof. Under attack? More 0's required in the hash. Not under attack? No 0's required.
Determining if you're under attack would seem to be the harder part.
So now we have click-baity academic papers? Can someone summarizes to me the genius behind the idea? Because as far as my math goes, it is not theoretically possible.
As academic paper titles go this is pretty normal.
> Can someone summarizes to me the genius behind the idea?
I'm reading quickly, but I think the idea is that the reason we need proof-of-work is to prevent Sybil attacks, that is, a single entity pretending to be 50% of the network via spoofed identities. So you have a concept of persistent identity for each (apparent) member of the network, and you require nodes to solve a computational problem when they join the network and also periodically while they're in the network. This puts relatively little computational load on each participant, but puts a lot of load on a long-term attacker, and even more work on a short-term attacker who's trying to claim a bunch of identities in a hurry.
I'm not sure how much this actually helps Bitcoin, since my impression is that the computational load is what's needed to match the abilities of the legitimate members of the network. I guess the trick is that maybe you can make the block-mining difficulty scale up less aggressively over time, but I'm not following that logic yet.
When I read this: "This shortcoming is highlighted by recent studies showing that PoW is highly inefficient with respect to operating cost and ecological footprint." The moment we try and do away with this inefficiency we are going against the entire solution of what bitcoin was going for: how to use all of the inefficient computer parts laying around the globe for something useful?
It makes me think people just don't get it. High inefficiency is the _ENTIRE_ point! It gives rarity to the coin. That 10 minute block time is the same as compressing millions of years of geology into 600 seconds. It is fundamentally sound mathematics, and ultimately, that is why it holds its value. It is not meaningless mathematics, people who say that don't understand fully as to what they are talking about, imho.
You're misinterpreting what people mean by "inefficient" in this context.
The bitcoin mining ASICs are extremely efficient at mining bitcoins. You can't mine them with an old GPU and expect to make back more money than you spent on electricity.
But the choice to mine bitcoins at all is (arguably) an inefficient use of resources that could have been used for pretty much anything else. There's no shortage of useful problems to be worked on by supercomputers and the world would be better off if we did that instead of mining cryptocurrencies. But the economic incentives aren't there.
EDIT: Reading your comment again, I think I was a bit quick on the "you're wrong" here. ISo to clarify, I do agree that inefficiency is at the core of the bitcoin mining ecosystem, but it's all about the "we have to spend a bunch of energy that could've done a lot of other things" inefficiency, not an individual "we can use old hardware for this" sort.
[+] [-] nullc|8 years ago|reply
I gave it a fast skim to figure out what general class of thing it actually is.
This should be compared with "proof of idle" (https://www.cs.virginia.edu/~shelat/14s-pet/2014/02/11/proof...).
It is an online scheme for resisting sybil attacks in a P2P network where nodes have cryptographic identities which works by periodically forcing all users to do proof of work within a limited time window. Peers that don't respond fast enough are banned from the system (have to create a new identity to join, which is computationally expensive).
The idea is that this get some of the benefits of POW for sybil resistance without spending as much energy.
It doesn't, however, produce a large amount of cumulative work building up over a history. So it's not the sort of thing you'd want to use to protect the history of a ledger directly.
[+] [-] SkyMarshal|8 years ago|reply
1. Bram Cohen's Proof of Space & Time: https://youtu.be/aYG0NxoG7yw; https://cyber.stanford.edu/sites/default/files/bramcohen.pdf
2. DFINITY VRF-based Threshold Relay: https://youtu.be/o8HHM18PedU (https://en.wikipedia.org/wiki/Verifiable_random_function)
3. Algorand: https://people.csail.mit.edu/nickolai/papers/gilad-algorand-...
These are some of the more interesting ones, but plenty of others.
[+] [-] EGreg|8 years ago|reply
The reason bitcoin is so far ahead is because it was the first. Proof of work to secure the blockchain AND also elect a dictator to mine the next block is cute, but I wish they had decoupled it, as they did for example for bitcoin-ng.
What I am far, far more interested in is proof of work for avoiding sybil attacks, or used COLLABORATIVELY by nodes to secure a history, as done in Ripple for example.
So, back to sybil attacks: proof of work, can we trust it?
What are the best ways to make it expensive for an attacker to create multiple identities, yet cheap for everyone else to make one identity?
One is the cumulative time and activity invested by you and those who invited you.
For example, reputation. Maybe making accounts is cheap but reputation comes from random nodes with reputation upvoting you. But then you can spam all those nodes since they're operated by humans.
It seems we have yet to design a system that's truly impervious to sybil attacks. The best we have is tying things to a human real world transaction, eg buying a smart phone, and hoping that whoever made the smart phone also has a service to sign data (they don't) that wasn't compromised.
Any other ideas? Paying for accounts with bitcoins? That at its root is just back to the proof of work arms race and reputation of bitcoin.
Question: is there some sort of service by the Secure Enclave that can sign a piece of data with an HMAC or something to prove that it was signed on a legitimate, non-jailbroken smart device?
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] tromp|8 years ago|reply
[+] [-] qznc|8 years ago|reply
[+] [-] runeks|8 years ago|reply
For a while I’ve had a sense that “useful PoW” simply doesn’t make sense, but I was unable to explain why. This article perfectly explains why it doesn’t make sense, albeit using very econ-specific terms. I think it may be possible to explain it in simpler terms, without needing to introduce marginal revenue and cost, but I’m not sure exactly how just yet.
[+] [-] alistproducer2|8 years ago|reply
[+] [-] kanzure|8 years ago|reply
https://download.wpsoftware.net/bitcoin/asic-faq.pdf
https://download.wpsoftware.net/bitcoin/pos.pdf
https://download.wpsoftware.net/bitcoin/alts.pdf
[+] [-] ubaltaci|8 years ago|reply
[+] [-] ForHackernews|8 years ago|reply
[+] [-] bmcusick|8 years ago|reply
Bitcoin is only as ecologically harmful as the source of the electricity used to run the miners, and it's no more harmful than any other use of electricity. If the world switches over to solar and wind as baseload power, problem solved. If the world doesn't switch away from using coal, that's not Bitcoin's fault. It's not a problem Bitcoin can solve.
[+] [-] vanderZwan|8 years ago|reply
Regardless of whether you think that criticism is valid, downvoting anyone who asks questions about how to address this does not help make their scepticism go away.
[+] [-] kristofferR|8 years ago|reply
[+] [-] mtrycz|8 years ago|reply
PoS have been around for 3 (maybe 4?) years by now.
Proof of Stake is quite genius in the politics of it, and the power needed to run is minimal (you still need to keep your hardware powered on)
[+] [-] clarkmoody|8 years ago|reply
Next, please explain how crypto is more of a disaster than the existing monetary system. Does the cryptocurrency mining economy pose more of an ecological threat than the system put in place to secure government fiat money: buildings, employees, vaults, mints, printing presses, armored vehicles, police, (some part of) the military, etc?
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] tomfitz|8 years ago|reply
[+] [-] antocv|8 years ago|reply
[+] [-] kronos29296|8 years ago|reply
[+] [-] jack_pp|8 years ago|reply
We must develop technology to clean our planet regardless of mining waste. Given this and the fact that energy is becoming cleaner by the year I think worrying about mining waste is not rational
[+] [-] chairmanwow|8 years ago|reply
In summary of the motivations of the paper: PoW is currently limited to cryptocurrencies as a security system because of the implicit financial incentive in mining coins. This approach could allow PoW schemes to be widely adopted to secure systems as the overhead is lowered dramatically. Additionally, battery powered devices (ie phones) could make use of PoW without incurring large battery drains. This last bit is particularly interesting and could allow some interesting, distributed P2P systems on cellphones to arise.
The general principle of the paper revolves around asking network members to prove computational power only as much as necessary as the network scales. Because an attacker could easily spoof their MAC / IP address when joining the network, computational tests are periodically distributed to network members. If the test is unsolved in an allotted time period, their network membership is revoked (and the node is blacklisted). The attack referred to in the paper is an attacker adding bad (fake or otherwise) nodes to a system rapidly.
[+] [-] chj|8 years ago|reply
Hope it works.
[+] [-] falcolas|8 years ago|reply
Determining if you're under attack would seem to be the harder part.
[+] [-] empath75|8 years ago|reply
[+] [-] csomar|8 years ago|reply
[+] [-] geofft|8 years ago|reply
As academic paper titles go this is pretty normal.
> Can someone summarizes to me the genius behind the idea?
I'm reading quickly, but I think the idea is that the reason we need proof-of-work is to prevent Sybil attacks, that is, a single entity pretending to be 50% of the network via spoofed identities. So you have a concept of persistent identity for each (apparent) member of the network, and you require nodes to solve a computational problem when they join the network and also periodically while they're in the network. This puts relatively little computational load on each participant, but puts a lot of load on a long-term attacker, and even more work on a short-term attacker who's trying to claim a bunch of identities in a hurry.
I'm not sure how much this actually helps Bitcoin, since my impression is that the computational load is what's needed to match the abilities of the legitimate members of the network. I guess the trick is that maybe you can make the block-mining difficulty scale up less aggressively over time, but I'm not following that logic yet.
[+] [-] russdpale|8 years ago|reply
It makes me think people just don't get it. High inefficiency is the _ENTIRE_ point! It gives rarity to the coin. That 10 minute block time is the same as compressing millions of years of geology into 600 seconds. It is fundamentally sound mathematics, and ultimately, that is why it holds its value. It is not meaningless mathematics, people who say that don't understand fully as to what they are talking about, imho.
[+] [-] wlesieutre|8 years ago|reply
The bitcoin mining ASICs are extremely efficient at mining bitcoins. You can't mine them with an old GPU and expect to make back more money than you spent on electricity.
But the choice to mine bitcoins at all is (arguably) an inefficient use of resources that could have been used for pretty much anything else. There's no shortage of useful problems to be worked on by supercomputers and the world would be better off if we did that instead of mining cryptocurrencies. But the economic incentives aren't there.
EDIT: Reading your comment again, I think I was a bit quick on the "you're wrong" here. ISo to clarify, I do agree that inefficiency is at the core of the bitcoin mining ecosystem, but it's all about the "we have to spend a bunch of energy that could've done a lot of other things" inefficiency, not an individual "we can use old hardware for this" sort.
[+] [-] ricardobeat|8 years ago|reply
How do you reconcile this statement with the fact that mining is done by a few thousand entities in the whole world, using custom-built hardware?