mining was always intended as a bootstrap, not a means unto itself...

Not so; mining is what fixes the history of transactions and protects the integrity of the entire currency. If you can out-mine everyone else, by even a small margin, you can rewrite recent history in bitcoin, selectively permit transactions between other peers, cause general havoc. The reward for mining was the bootstrap, but mining itself is a critical part of what makes bitcoin work. And this part is principally what's broken, because it uses a hardware-optimisible hash.

this is why it is useful to run a bitcoind and contribute to the network, even if you do not mine. as for contributing with a CPU or GPU it is simply not worth the power cost. buy coins and run nodes; participate in the digital economy!

I'll happily use Bitcoin as a medium of exchange in the same way I would any currency. I just think we need to grow up and look at the project critically; has it met its goals? No. Then like good engineers, try again. Bitcoin was supposed to be different: 1) It was supposed to be outside the control of any individual or group. This is obviously failed, as mining pools have actually had to voluntarily stop growing in order to not pass the 50% margin of dominance over the mining pool. 2) It was supposed to be scaleable by individuals to prevent monopoly; the old myth "if anyone looks like they'll become dominant, we'll all fire up mining rigs and stop them!"-> does this look realistic anymore? 3) It was supposed to be a "free market currency" obeying simple supply and demand, but there is evidence of price fixing and market manipulation by those with enough money to pump and dump the currency when it suits them. 4) It was supposed to be untraceable, but for architectural and simple network-analysis reasons, it's not untraceable to a large enough opponent. If you ask me, this is the reason the NSA hasn't just fired up its sha256 brute-forcing rigs to out-mine everyone and destroy the currency. There are areas where bitcoin has succeeded. It's offering a real alternative to credit cards and conventional banking online, and that's great. But the political, architectural and privacy goals are a flop, and the mining pools who control bitcoin at this point won't back the developers if they try to fix the architecture. It's deadlocked; it needs replacing. And, as big and awesome as bitcoin is, nobody should every have expected us to get P2P anarchic crypto-currency right the first time. On Tue, 15 Oct 2013 03:16:55 -0700 coderman wrote:

On Tue, Oct 15, 2013 at 3:03 AM, Cathal Garvey wrote:

...

.... People focus too much on the "profit" miners make, and not the verifiability and anarchism they are supposed to be providing to the bitcoin network.

this is why it is useful to run a bitcoind and contribute to the network, even if you do not mine.

as for contributing with a CPU or GPU it is simply not worth the power cost.

buy coins and run nodes; participate in the digital economy!

mining was always intended as a bootstrap, not a means unto itself...

On 10/15/13 12:45, coderman wrote:

in some few score years there will be zero coins rewarded for mining blocks - the financial incentive, for what it is currently, merely a transient part of the bootstrap.

https://en.bitcoin.it/wiki/FAQ#If_no_more_coins_are_going_to_be_generated.2C... There will always be the reward of the payment fees for 'mining' the next block. So there will be an incentive to run a 'miner'. And when bitcoin usage grows to the cash flow of a medium sized country, the payout will be better than that of a state lottery. And your lottery ticket is a one time purchase. Guido.

On Tue, Oct 15, 2013 at 11:31:02AM +0100, Cathal Garvey wrote:

4) It was supposed to be untraceable, but for architectural and simple network-analysis reasons, it's not untraceable to a large enough opponent. If you ask me, this is the reason the NSA hasn't just fired up its sha256 brute-forcing rigs to out-mine everyone and destroy the currency.

[...] the political, architectural and privacy goals are a flop, and the mining pools who control bitcoin at this point won't back the developers if they try to fix the architecture.

The mining pools have no protocol policy control. The users have control, if miners change their policy in a protocol incompatible way, they will have created an alt-coin which contains only them and their mining profits will evaporate. See bitcointalk thread on committed coins I posted in previous post for a big discussion of this topic. Its much better than you think, clearly committed-coins are not implemented, but they could be added relatively easily.

It's deadlocked; it needs replacing. And, as big and awesome as bitcoin is, nobody should every have expected us to get P2P anarchic crypto-currency right the first time.

About privacy features its not actually clear if that was intended or not. Some privacy fig leafs are offered in terms of new addresses automatically and no names on addresses. But the entire transaction log is public, clear text for anyone to see. If credit card transaction logs were that public (even with just card numbers and no name) people would be outraged. It also not clear if more privacy would have helped bitcoin to date - too much privacy too early could be inviting regulatory problems. Maybe its better for users to work on privacy themselves, or others to add privacy separately, or privacy features to be added to alt-coins etc. See also zerocoin, and homomorphic encrypted value coins. https://bitcointalk.org/index.php?topic=305791.msg3277431#msg3277431 btw speaking as someone who was fascinated by blind ecash and spent a lot of energy on this list years ago trying with others to figure out someway to make something deployable, I have to say bitcoin is a stellar success. Ever since the digicash betabucks $1m capped coins went out of existence with digicash filing bankruptcy, it became clear to everyone that a single company with a cental server was not going to work. From there we had a lot of interest to solve that deployment and design problem: hashcash distributed mining, Wei Dai's B-money/Nick Szabo's bitgold, Hal Finney's RPOW and finally bitcoin! As well numerous other cool stuff like David Wagner's blind-MAC (implemented by Ben Laurie as Lucre) (chaum patent workaround), Niels Ferguson's single term offline coins (still blindable but with more efficient offline fraud tracing than Chaum's cut-and-choose), Stefan Brands ecash/credentials (multiple attributes, efficient, many features) as well as Sander & Ta-Schma auditable anonymous ecash. Its not clear Satoshi is related to the other ones (other than using hashcash like B-money/bitgold & RPOW), he seemed to not be aware of B-money (or bitgold), but he couldnt pontificate for risk of narrowing the potential authorship :) Then you have open transactions. Anyway for deployed ecash and privacy tech political environment life has literally never looked better - NSA shot themselves in the foot, so public opinion is strongly in their dis-favor, the 9/11 death-pall to security vs privacy arguments finally get swept away. So by all means lets see some work on improving privacy, security, decentralization and scalability of bitcoin via alt-coins or direct protocol work. Adam

2013/10/15 Guido Witmond

I think the politics are playing out perfectly. With cheap ASICS flooding the market, these come in the reach of ordinary people who can run one on a second hand solar panel during the day. Don't bother wasting expensive electricity on it.

Solar panel energy is very expensive in most countries (those that aren't especially sunny)

With millions of people running these, the influence of the cartels diminishes. And I have a (small) chance of winning the jackpot with the payment fees too.

Cartels (or just "the wealthy") have more money to spend on whatever there is to be bought. So it was when Bitcoin were cheap, so it is while ASICS get cheaper, so it will be for the time to come.

Heck, I bet you can get rich selling kits with a solar panel and a ASIC-miner.

That might be true. But many people with startups consider their startup to be the product, to be sold to a big company later on. The world simply is quite bleak. Bitcoin however dodges the bleakness by being a product without judgement on color. It simply is what it is. It tolerates a few employing the rest of humanity as slaves, but also doesn't allow the few to dominate their ability to have free money exchanges. Although it doesn't save the many foolish people, it reserves them the ability to save themselves later. That might be the best we can do right now. Maybe, if we believe the many will stay foolish no matter the incentive, then it is the best we can ever do.

On Tue, Oct 15, 2013 at 11:03:41AM +0100, Cathal Garvey wrote:

The wealthy will always be able to out-mine the poor if it's a straight battle of who-buys-more-hardware.

I dont think that matters so much as that everyone gets the same hashing power per dollar. I had some rant I posted on bitcointalk a while back (first post there) to say using hashcash-scrypt(1) would be better than hashcash-SHA256. (scrypt(1) meaning scrypt(iter=1)). However there are some valid counter arguments. SHA256 is simple and easy to put into silicon blurprints for fabrication replicated multiple times. Even small and seemingly significantly incompetent outfits like butterfly can just about do it. Apparently many more are coming online. Thats good because you could do it yourself with a modest budget and necessary skills. If the mining function was really complex it would create eg $10m or $100m barrier to make a very fast implementation of it, then you hae a real barrier to entry and a mining centralization problem. The not so good part is maybe anyone with the skills will get the chips fabricated and mine them themselves. So it depends on ready market availility from multiple competitors, that question is a bit up in the air at present but there is some evidence of improvements in availability. Dont think mining is a get rich quick scheme, its very easy to lose money at this stage, as its an arms race as the fab tech used quickly catches up to moore's law and then tracks it. Also the miners dont actually have that much power, all they are doing really is ordering transactions, so for double-spends you can chose the first one as valid. A big company or individual who invested millions and is earning big bucks from their mining operation probably doesnt want to commit spending fraud - they'll get sued and lose their investment and freedom. Now if governments or other organized criminals do it, thats a different issue as there is no useful legal sanction at that level. They cant really censor tansactions btw even then see the committed-coins proposal if you want to know how that can be fixed. https://bitcointalk.org/index.php?topic=206303.0

Now that Litecoin's basically GPU only, it's also a little worse than it started, but there's no evidence at this point that it'll go FPGA.

Rumor is there are people working on a litecoin ASIC. Scrypt wasnt even designed to protect against memory-time tradeoffs, nevermind intentional large design mm^2/minimum gatecount. I think if you can make the algorithm complex and dynamic enough, and yet still efficienty verifiable, (and to have no progress so its like a lottery) you should be able to push thing so that whoever does make ASICs is basically making a custom multi-core chip and competing head on with scientific and graphics GPUs. AMD & Nvidia are probably going to win there, or if they dont people will buy your dynamic agile algorithm miners for programmeable scientific uses.

My ideal hash for a 'coin, unrealistic as it is even in theory, is a hash that practically defines the instruction set and architecture of a prototypical CPU, so that translating it into specialised hardware is either impossible, or merely creates a more efficient CPU, which is better marketed as a CPU than a mining rig. In other words, the state-of-the-art in CPUs is exactly the state-of-the-art in CPUcoin mining. :)

I see you had the same idea, and I dont think thats so unrealistic. Making it fast to verify is a bit harder. For example include all 16 AES encryption finalists and 16 SHA3 finalists etc and combine them with data dependent selection of algorithms. This will push the gate count up. Scale that design process a few times and you're there. Mix in some memory (apparently memory is not so fun to put on ASICs, if you need lots of memory per execution instance (whih is not memory cpu tradeable like scrypt) that makes it expensive to ASIC. I do think CPUs are probabl a losing bet should aim for GPUs. Consider they are largely not made but better CPUs can be made for mining than are sold. eg consider a 100 core intel atom. They have the gate-count to do it, its just people would sooner have a faster single thread (via super-scalar design & higher clocks, better cache etc) lower core chip. Most of the silicon on an i7 is wasted in achieving blistering single thread performance, that is a complete waste for mining. https://en.wikipedia.org/wiki/Transistor_count (atom 47mil transistors, and there are multiple 4.7 billion transistor GPUs on the market.) If you succeeded in wedding an algorithm to the intel instruction set, this is what would get built. Its remarkably like a GPU really right? Lots of cores. Clearly if you strip out the intel backwards compat overhead and add SIMD in groups of 16 cores, you can get 2048 cores per chip as that is what AMD is doing in the 7970 (or 7990 two cores!) So be careful what you wish for :) You can always do better in hardware. The harder part is to have a relatively fast verification, but thats probably reasonably doable per scrypt design. Adam

On Tue, Oct 15, 2013 at 01:25:21PM +0100, Cathal Garvey wrote:

So yea, Litecoin's nearly there. Maybe we can make a CPU-hash, maybe

Make something requiring huge LUTs, and in-memory access. That is not ASICable or FPGAble.

not. But at least we can make a hash that either guarantees GPU-only for a few years, or one that's hardcoded to match Moore's Law so it'll always stay ahead of the curve (bearing in mind Bunnie's plausible suggestion that Moore's Law is levelling off: http://www.bunniestudios.com/blog/?p=1863 )

Doubling rate is now 3 years by end of this year instead of 18 months, according to AMD. Moore is dead, long live Moore (in 3d volume integration of molecular components, coming in a couple decades).

On Tue, Oct 15, 2013 at 02:30:22PM +0100, Cathal Garvey wrote:

...

Moore is dead, long live Moore (in 3d volume integration of molecular components, coming in a couple decades).

Well, I'm no singulatarian, but I do think it's naive to expect something as complex and immutable as a block-chain based currency of *any design* to last longer than a decade (or even half that) these

Never mentioned Bitcoin, and I would agree in principle. Due to network effect and apparent good design Bitcoin may last a lot longer than its detractors like to think, but it will fall, eventually.

days, before needing replacement. What you should aim for is relative stability in that term, not the "long term", so that you can transition gently to updated 'coins as they emerge to tackle new technology.

Thankfully we do generally get good advance notice of new technologies. We know that there's progress in Quantum, but we know its not there

I disagree there's palpable progress in QC inasmuch practical computing is concerned, at least in the open literature.

yet. We know there are proof of concept DNA computers, but for now

DNA computers basically don't work.

there's no conceivable architecture for a general-purpose DNA computer; each must be built for the mathematical task to hand (although that doesn't rule out a mental genius creating a sha256-hashing DNA computer and brute-forcing through nigh-infinite parallelism).

You're sampling conformation space of a linear molecule with lots of viscous drag. There is very little infinity in that.

So; design your coins to last as long as they're likely to last. Don't expect or desire them to outlast that. Given the leverage a currency has on an economy, you could even regard a new 'coin as a "budget plan" for the next few years, though god help you if you get it wrong. :)