| [1] | [...] This paper analyzes the flaws in Bitcoin's algorithm which: * effectively make it centralized over time * limit scalability and transaction rate * cause an irresolvable tension over the ideal block data size * induce a Tragedy of the Commons on the economics of funding mining * deny instant confirmations * allow less than 50% Byzantine fault tolerance (due to selfish mining) I propose a new design to resolve all these issues that retains the core principle of a proof-of-work block chain. Monero ...POW ensures permissionless behaviour PoW doesn't insure permissionless nor decentralized if mining is inherently centralizing. In Satoshi's formulation of it and every other one I have seen, it is. Please for example refer to my prior reply to monsterer. Also the upthread post I made about how adding instant transactions via LN (or any transaction rate scaling) forces further centralization. There are many reasons that Satoshi's design is centralizing. One is for example that mining is profitable, thus there is a competition to drive difficulty higher and higher such that EACH transaction costs ~$10 in electricity (which is currently paid by mining the investors as professional miners who have loans from the oligarchy+banksters mine with huge farms near hydropower at $50 per BTC cost and sell all that they mine). Even if no debasement was paid to miners, they have a monopoly on transactions added to blocks, so they can charge what ever transaction fees they want if they control 51% of the hashrate. It begs for a oligarchy on mining to develop (which is the direction it appears to be headed and normally government steps in with regulation to aid the oligarchy). And increasing the transactions per block also forces centralization, thus furthering a trend towards oligarchy control, so saying cost per transaction will fall as transaction rate increases is only true if the resultant oligarchy decides to go for market share first (perhaps as a longer-term strategy of 666 enslavement and world government trend). Also since mining is only done for profit, then pools are required to deal with huge variance of winning a block for typical (non oligarchy) miners. Pools centralize mining, even if we argue that miners can switch pools, the government can more easily target the pools even if miners switch since by definition there will never be as many pools as miners (not even close). There are many flaws in Satoshi's design which make it entirely broken from my view. I can't support Bitcoin (nor Monero). I support things that I feel enthusiastically could work out well for mankind and be successful. Bitcoin will succeed only because it is fitting in well with the existing oligarchy's (e.g. Peter Thiel) plans for world domination (and that includes that an illusion of decentralization will persist long enough for the centralization to finally take hold). It seems like you have hit an impasse, but without knowing the details of the problem I had thought so, but I think I explained in this thread how to break the impasse I thought I had hit. But I reiterate I will go over all the details when I am offline to see if I haven't missed something in my thought process while I am writing here online. First I do agree that Satoshi's design is flawed for the following two reasons: 1) Mining cannot be paid for entirely by fees, so a tail emission is a must. Mining can be paid for by users who must add PoW to submit their transactions. The other reason for tail emission is because otherwise the coin supply is shrinking towards 0 as users lose coins, which will be much more likely once doing microtransactions and more frivolous widescale adoption. The reason is that a fee market cannot properly develop in the absence of a block subsidy. One has either a fixed blocksize with a mining oligarchy and infinite fees or an infinite blocksize where competition between miners drive fees to zero. For layman technophobes, your astute point (which many of us technophiles already aware of and I wrote Spiraling Transactions Fees thread in 2013) is that when the block size is unlimited then anyone can include all the transactions that were excluded by a miner that was trying to force higher transaction fees. But if block size is unlimited then transaction spam can be unlimited, so a mining oligarchy must form to constrain block size. The problem is not due to relative block size (so compression wouldn't fix it), but due to the fact that someone centralized needs to decide which transactions are spam or not (otherwise in decentralization at least in Satoshi's design then all spam transactions are allowed). But you are incorrect to assert that tail emission fixes this. This is a fundamental flaw in Satoshi's design which is not fixed with tail emission. It is fundamental problem of a design that includes blocks. This is one of the flaws that Iota is attempting to correct by eliminating blocks, but then I have conjectured in this thread that Iota has other flaws because it eliminates flaws. This is why crypto gets so frustrating because it seems every design always ends up with centralization, because the CAP theorem can not be avoided! My idea for fixing all of this, has to do with the way the temporal intrablock partitioning is done. [...] There is a cost to censorship which has already been demonstrated in Bitcoin. It is manifested in the opposition to an increase in the blocksize by those miners that are based in China. The reason for this is the latency introduced by the Great Firewall of China puts a centralized data centre in China at a significant disadvantage with respect to say a residential connection in Canada. The irony here is that if Bitcoin had allowed for larger blocks earlier on this situation would not have developed since the Chinese ASIC manufacturers would have been forced to sell their devices for export leading to a much more decentralized Bitcoin mining situation. The lesson from Bitcoin is that a small blocksize can actually lead to mining centralization by accommodating censorship rather than the other way around. Astute, well stated, and agreed. The block size is a double-edge sword no matter which direction it is increased or decreased. Real solutions will change entirely the design. The second factor of PoW that must be taken into account is PoC (Proof of Cold). The key is that in a situation where electricity is used for space heating the marginal cost of mining is zero; however the heat is only valuable if it is decentralized. The key here is that one can easily distribute electricity but not heat forcing decentralization. This in effect gives the small player a very significant cost advantage over the large centralized operation. Heat from electricity is the most inefficient way to heat (better to use wood, gas, or any carbon). Besides Larry Summers' 21 Inc is dreaming up ways to hook users into being slave oligarchy miners by giving them free heaters and cell phones in exchange for using their device to mine on behalf of 21 Inc (last time I looked 21 Inc was already a significant % of the global Bitcoin hashrate and climbing fast). Note I added point #3 as why PoS is MUCH less secure than PoW. Basically this boils down to the same conceptual tradeoff as the post where I replied to ArticMine, in that allowing decentralized participation enables unbounded conditions (which is a flaw) but centralizing participation also leads to another set of flaws. Decentralization is the normal mode of society. It is when the normal oscillating balance between decentralization and top-down control entirely fails in one extreme direction that society enters a Dark Age for 600 years. Without a balance of decentralization and top-down control, nothing functions and everything collapses. We don't want entirely decentralization and no centralization as that is just as bad as entirely centralization, e.g. see the reply I made to ArticMine upthread and how 100% decentralized control over what goes in the block chain means a choice between unbounded spam or oligarchy control. Thus the problem is the lack of balance and Bitcoin flip flops either to too much decentralization forcing too much centralization (a Tragedy of the Commons). Here is that linked post: The reason is that a fee market cannot properly develop in the absence of a block subsidy. One has either a fixed blocksize with a mining oligarchy and infinite fees or an infinite blocksize where competition between miners drive fees to zero. For layman technophobes, your astute point (which many of us technophiles already aware of and I wrote Spiraling Transactions Fees thread in 2013) is that when the block size is unlimited then anyone can include all the transactions that were excluded by a miner that was trying to force higher transaction fees. But if block size is unlimited then transaction spam can be unlimited, so a mining oligarchy must form to constrain block size. The problem is not due to relative block size (so compression wouldn't fix it), but due to the fact that someone centralized needs to decide which transactions are spam or not (otherwise in decentralization at least in Satoshi's design then all spam transactions are allowed). [...] My idea for fixing all of this, has to do with the way the temporal intrablock partitioning is done. I will probably find some flaw in my design too, but I will spend more time thinking about it. Correction: my idea for temporal intrablock partitioning doesn't solve the problem above, but rather it makes block announcements a constant size (and enables instant transactions). The problem above remains and remains for Iota too in the sense that sending unlimited transactions is still an unbounded load on all the full nodes in the system. Remember that market based transaction fees are not a solution to the problem. My proposed solution (ditto for Iota) is again that every transaction has to include a PoW share. Since PoW is unprofitable (or if the PoW share provided is not computing a block solution), then this solution can be employed. However note it works much better in my (and also Iota's) design because in a Satoshi design it is possible your transaction won't get included in the current block so then you need to recompute your PoW share and resubmit your transaction. This is one of the details I was referring to. I think my design doesn't have that problem. Again I don't want to detail it entirely yet. I will get some rest now. Those naive who are contemplating making their own copycoin lack exposure to level of unresolved problems in crypto land, and the intense level of arcane details they would have to become knowledgeable about. Thus my idea for permissionless improvement is to make mining unprofitable by limiting the debasement rate yet requiring each transaction to include a level of PoW difficulty. The goal is to keep the PoW power in the hands of the users so their client software can (perhaps automatically?) redirect to delegate full nodes which are not censoring transactions or otherwise maliciously modifying the protocol (e.g. censoring transactions that don't sign a KYC/666 id number). As I stated in the previous post that if mining is unprofitable then requiring some PoW with each transaction solves the "unbounded transactions spam versus centralized oligarchy mining control tradeoff" pointed out by ArticMine which in Satoshi's design requires contention over the block size choice which thus reduces Satoshi's design to a centralized politics because there is no block size which is ideal. There are at least three design challenges introduced:
If the PoW share difficulty is constant and chosen such that it requires at most only a millisecond to compute on most client computers, then the 100s of milliseconds round trip latency cost of paying a delegate server to compute the PoW is more costly to the user than just computing the PoW share locally on his client. The user doesn't care about the increased electricity cost for computing the PoW on less efficient hardware because the cost is miniscule compared to the value of the transaction. The difficulty can be adjusted as it always is in Satoshi's design as this is orthogonal to the amount of difficulty required for each PoW share. Thus so far my idea has passed the initial process of searching for a flaw. This is promising. |
| [2] | I think you missed my point, which is that if the PoW can be outsourced, then it is always more economical to do it on an ASIC farm near to cheap hydropower. Thus the mining PoW in Iota will trend to professional miners same as for Satoshi's design! They haven't accomplished anything at all on economic centralization (but have accomplished scaling but with other critical flaw I asserted upthread) because the economics of mining remains centralizing! Note as we transition to mobile, battery life is important to users. Not needing to waste battery life on frequent microtransaction PoW computations would be desirable. Even IoT devices are often necessarily low powered. My design will face the same economic reality, but as I said if the latency cost is much higher than the cost to compute the PoW locally, then my design principle holds because in my decentralized, permissionless design the payer signs the PoW thus to outsource it would require a round-trip network communication (and wireless network communications consume battery life also). It will only centralise like that if it becomes profitable enough for any such ASIC farm to do that work, compared to the reward they might achieve mining a coin with a block reward with all that expensive hardware. That is an incorrect conceptualization of the economics. The relative profitability will drive the fees extracted from payers such there is no difference between the two scenarios you contemplated. Thus mining in Iota will centralize the same as for Bitcoin. |