Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: BTC-like cryptocurrency with arbitrary tradeable computation in proofs of work
by
gmaxwell
on 20/02/2012, 03:32:08 UTC
Quote from: Alex Coventry on February 19, 2012, 07:40:01 PM
Could you explain the economic advantages of this attack in more detail, please?  It is certainly economically deleterious for the blockchain as a whole, but it also seems deleterious for the attacker, in that with the current price/reward structure, they lose at least 5 NooShares per block (probably 10.)  

I'll try to find some time in the next couple days to elaborate on my thoughts... I'll also clean up the stuff I wrote before I realized the optimization attack would be an issue.

(it may also be better to describe it as running arbitrary stochastic algorithms — not just MCMC, because it can run things that people wouldn't generally think of as MCMC at all too.)

Quote
Code:
-65NS/block to schedule the transaction+
  50NS for winning the block +  
   5NS for reporting the best result +
   5NS for including the best result in the blockchain
--------------------------------------------------------------------
  -5NS
You could keep the last 5NS from them by requiring the report to occur in a block secured by the standard proof of work.  (I designed the pricing/reward structure specifically with this attack in mind, and should probably be explicit about that in section 2.4.)

What made me sad about this is that it ultimately means the system can't subsist entirely on 'useful' work— that there will always be substantial busywork overhead because useful work (potentially optimization-attack work) must always net destroy coins or it will be economically beneficial to produce such work in order to gather the resulting coins.  This may indeed still leave the system attractive vs something like litecoin (where the reduced security model relative to bitcoin may be tolerable simply because of the different nature of use) but still ultimately limits its effectiveness over a more straight forward pay-for-computation model...

There are advantages over straight pay-for-computation, in that you've removed some of the risks (e.g. risk I'll pay for computation, and they won't do it— or the risk that I'll do computation and they won't pay— the risk that I ask for N units and they really do M), etc... though there are other ways to solve these problems.

In any case— even if your system goes bust as a blockchain technology— all the LUA sandbox, best-solution-prize, turning random solutions into distinguished points, stuff could be applied to create an interesting distributed computation tool.

Then again, who knows: Other than people paying for bitcoin mining remote pay for idle time computation has basically gone nowhere. I probably had UID 10 on CPUshare... but the usage and tools just didn't seem to materialize. I'm shocked that someone hasn't added password/wpa cracking kernels to the RPC bitcoin miners, since they could all also are very agreeable to distinguished point POW, and run great on GPUs.... but it just hasn't happened.

... more after I've had a chance to think for a bit longer