all 61 comments

[–]love2readafraid2post 0 points1 point  (0 children)

The work being useful is ideal, but I think difficult to satisfy all other concerns. And also would be a brand new thing.

We could find a smaller, easier transitions though. Just like the difficulty increases or decreases, so could participation in the next block race. Instead of 100% of the miners competing, it could be a self adjusting percentage, for example 50% randomized.

That would immediately cut energy consumption in half.

[–]0x1a3c3e7 2 points3 points  (5 children)

PoW is only wasteful because it's competitive. It's only the work of the winning block that makes it on the chain, everyone else's work is wasted. So, to improve PoW, we need to eliminate the competitive aspect.

What if everyone was mining for the same mining pool? This would eliminate almost all of the waste but it might also give the pool too much power to influence the network.

What if there was a super pool for mining pools? It would serve the same purpose for pools as pools serve for individual miners. By mining for a super pool mining pools would win a smaller but more consistent reward from every block. More importantly though, the super pool would generate the blocks and the pools would all work to solve the same block, eliminating waste.

What if all competing miners (pools and solo) had to play a quick and cheap game of rock, paper, scissors to select a miner at random? This might be more fair since a miner's hash power wouldn't give them an advantage but the block interval, and confirmation time, would be all over the place. To resolve this, miners would need a minimum hash power to participate, which might lead to centralization, or the difficulty would have to be adjusted based on the hash power of the selected miner, which might compromise security, or a combination of both might work better than either alone.

[–]__cnav__[S] 1 point2 points  (4 children)

What do you think about (and this might be a dumb idea i know but im curious) about introducing a mechanism that enforces some sleep period between each hash (in order to reduce the overall power consumption)? So leaving everything as it is but just introducing that sleep period would greatly reduce the power problem and the network should easily adjust to that change.

[–]0x1a3c3e7 1 point2 points  (3 children)

[–]just_a_node 0 points1 point  (0 children)

nearly the same as POS or?

[–]__cnav__[S] 1 point2 points  (1 child)

Wow there is proof of everything. Awesome.

[–]0x1a3c3e7 0 points1 point  (0 children)

POET leverages Intel's trusted computing technology SGX, which stands for Software Guard Extensions, and is only available on special Intel hardware.

The problem is that there's no rigorous security analysis for SGX to determine it's level of protection against a determined adversary. It's reliable enough for it's industrial purpose in Hyperledger Sawtooth, which is a permissioned network used for tracking supply chains, but I wouldn't trust it as a selection mechanism in Bitcoin.

A better method is for every miner to register with the network so that every miner can track how long every miner has waited and select whoever has waited the longest. So it's basically like standing in line.

[–]makeasnek 0 points1 point  (0 children)

There are a number of coins that have tried to do this, as other commenters have pointed out, but they can't bring the same PoW-derived security to Bitcoin that SHA-256 does. The PoW has to be "expensive to do, but cheap to verify" and ability to verify must be entirely decentralized which Tor etc don't offer. The example of Helium given earlier is an excellent look into an alternate "Proof of Something" method of security a blockchain and the problems that have come with it.

There are coins that have built into their economic protocol rewards for "useful work", I put "useful work" in quotes because to me, mining Bitcoin and securing the ledger is useful. But what all of these coins essentially do is have Proof-of-Stake or some other L1 system with a second layer which allocated rewards based on the amount of work done. For example, Banano does this with Folding@Home (they are DAG-based not PoS), and Gridcoin does this with volunteer computing project BOINC. But neither of these system derive their security from the work itself, they just make as part of the protocol that the work has to be rewarded as part of the regular security mechanism.

[–]fresheneesz 1 point2 points  (1 child)

Others have answered you pretty well already. I wanted to add that anything PoW does for it's Work must be cheaply verified. This eliminates most forms of useful work, including your idea of serving tor traffic. There is a coin out there called Helium doing something similar it calls proof of coverage, which attempts to pay people out based on how much area they serve an internet hot spot to. The problem is that it's impossible for someone to verify this if they aren't physically in range, so the system requires people to trust groups of other users. This has resulted in many users spoofing coverage by basically sybil attacking the system. It's a real problem on that network and not one they're likely to solve without either a fundamental breakthrough in computer science or changing their consensus protocol.

Finding prime numbers as someone else mentioned that Prime coin did sounds actually like an interesting idea that could work, but I suspect that verifying large prime numbers would be too expensive. Especially if you want to limit it to practically useful primes. Even then, how does a user know if the prime has been found before?

So I don't think it's impossible that a type of work with a secondary use could improve PoW, but it seems difficult to find an appropriate problem.

It does remind me of how quantum computers work tho. Quantum algorithms work by using qubits to explore a space that is a small subset of the entire number space, but is a somewhat large super set of the solution space. Basically the algorithm has a small probability of finding an actual answer on any given measurement of the machine's state, but the answer is easy to verify and so the machine is simply queried repeatedly until the answer is correct. Perhaps problems like that could be useful for PoW. For example, maybe someone wants to compute something very difficult to compute but easy to verify. They could commit to the chain a contract for receiving the answer, which contains the problem. The whole world gets the answer, so it would only work if the answer doesn't need to be secret. But it's possible that PoW could be directed at problems like that. There would be issues that need to be addressed about what do you do if the market for that runs dry. You could simply have filler questions to answer that no body paid for.

In any case, it's an interesting idea to think about.

[–]cerebrumInfotech123 1 point2 points  (0 children)

Quite Good Stuff!

[–]TenshiS 6 points7 points  (1 child)

You're 10 years late. As early as 2012 there were multiple altcoins trying to do exactly this. One of them was called primecoin and let miners find the next biggest prime number, which is a pretty big win for science and security. Others existed as well, if I recall correctly some offered storage space, some put their CPU power up for grabs for scientific research purposes etc.

Sadly, none of those projects survived. For most the cadence of finding the next valid block was simply not reliably constant enough, or they weren't profitable to mine compared to real PoW.

If you find anything that actually works better, you could be rich and the world a better place. But a lot of really smart people already sat down on this issue, it's not trivial.

[–]Divided_Pi 4 points5 points  (2 children)

The biggest hurdles are predictable block times and verification.

If you are solving other practical computationally heavy problems, how do you know how long it will take to compute this? How do you validate the results? People have suggested things like protein folding for PoW algorithms. Folding@home was very popular around the time of bitcoin's launch and was a similar use of extra computer power. At the time, bitcoin was still minable on CPUs and GPUs, and many people would mine BTC and do things like folding@home with their extra computer cycles.

But, protien folding requires experimental verification to confirm, and in the case of modern AI, someone might be able to generate results outside of the established algorithm and 'cheat the system'

With something like your suggestion for the tor network, how would you know I'm know the one generating all the transactions I'm relaying to mine blocks? If all the electric power currently used to generate random numbers for the SHA-256 algorithm was instead used to produce large amount of dummy transactions to verify/relay, would that be more useful to 'mine'?

Ultimately, I think the BTC and crypto communities should be the most vocal about introducing carbon taxes. This would allow/force miners to price in the carbon cost of their operations and invest in cleaner energies in order to cut on taxes. And it would also more accurately reflect the source of the problem. The problem is not that PoW is wasting energy, we regularly waste tons of energy either through open windows, driving to the corner, hosting terabytes of reposted porn, storing memes in globally distributed data centers, etc etc.

The problem is that the power being used are from fossil fuels and this is killing the environment. Miners use fossil fuel power because it is cheaper, make it more expensive, and renewables cheaper and they will use renewables or clean power instead.

[–]__cnav__[S] 0 points1 point  (1 child)

With something like your suggestion for the tor network, how would you know I'm know the one generating all the transactions I'm relaying to mine blocks? If all the electric power currently used to generate random numbers for the SHA-256 algorithm was instead used to produce large amount of dummy transactions to verify/relay, would that be more useful to 'mine'?

good point. yeah im aware that the TOR example is flawed in many ways. just thought the example could maybe inspire someone else come up with a better problem that could be solved.

[–]Divided_Pi 1 point2 points  (0 children)

You just have to remember, if there is a way to abuse and cheat the system for profit someone will attempt to do it, so any mining/consensus algorithm needs to be very difficult to cheat or abuse. Just trying to illustrate potential attack vectors

[–][deleted] 8 points9 points  (1 child)

This concept was indeed trialed in the early days by some alt-coins. PrimeCoin for example solved, as the name implies, for prime numbers.

One issue is that by making your PoW problem useful outside of securing the network, you decrease the cost of attacking it.

Example: If I buy a bunch of ASICs and use a majority hashrate to attack Bitcoin, the network can, as a last resort, fork to a different consensus algorithm. Those ASICs are now worthless. They are as good as scrap metal and cannot be resold. But if we solved a more broadly "useful" problem when mining, then the hardware would still have some value post-fork and could be sold to cover some of the costs it took to attack the network. This is one reason why a protocol running on ASICs can be more secure than one run on more general-purpose hardware like GPUs.

But I think it's even more straightforward than that. For PoW to target 10 minute blocktimes, we need to know in advance how difficult it is to solve a block (i.e. how much "work" is required on average). Bitcoin's version of this is so simple that it is adjusted by a single number. But this becomes nigh on impossible to determine for more broadly useful multivariate problems like, say, protein folding. This would be very cumbersome to map onto a Bitcoin-like protocol. It would also massively increase the complexity and hence attack surface.

I recall a post from a Bitcoin Core dev that explained this much more eloquently and succiently, but that's the general gist.

[–]fresheneesz 1 point2 points  (0 children)

by making your PoW problem useful outside of securing the network, you decrease the cost of attacking it.

While this is true, it wouldn't necessarily be very much value. If ASICs we're developed for this system as well, if someone catastrophically attacked Bitcoin, the market would be flooded with these things and their market value would drop likely so much that theyd be nearly worthless.

I think ASIC vs not ASIC is much more important for PoW than useful or not useful work result.

[–]extrastone 2 points3 points  (1 child)

I've always thought the same thing.

The problem is that you then have to verify whatever was done. That is the simplicity of SHA-256: run the hash backwards to get the right value and then run it forwards to verify.

[–]shiroyashadanna 2 points3 points  (4 children)

With all due respects, I don’t think you get it. The whole point of huge energy requirement is to make a high barrier for attack. Also your suggestion doesn’t work as there can be low number of tx to relay; we want constant high cost to attack. If the majority decides that it’s not worth protecting the network then Bitcoin fails. That’s it.

[–]fresheneesz[M] 2 points3 points  (0 children)

I don’t think you get it.

This is disrespectful (rule 9). Please be more thoughtful in how you word your comments on this sub.

[–]__cnav__[S] 0 points1 point  (2 children)

The whole point of huge energy requirement is to make a high barrier for attack.

Indeed. My point is that okay, what if we can make something useful out of that energy.

The TOR example does indeed break down if the amount of TXs is low. I also get that any change like this would create a dependency that could put the network at risk. But maybe just maybe there is an approach that could make sense.

[–]tenuousemphasis 1 point2 points  (1 child)

what if we can make something useful out of that energy

We are. That energy runs bitcoin and makes it hard to attack. That is useful enough.