Re: [bitcoin-dev] Proposal: Low Energy Bitcoin PoW
>One needs a cost/benefit analysis, not just an account of the cost. For example, if PoW could do calculations that are otherwise useful (maybe solve a queue of standardized math-jobs, such as climate simulations) there would be more benefit, or, let's say the data storage in proof-of-space is useful. Any discussion on whether Proof of Work is suitable for the task needs to recognize that the "waste" is what creates the security. If you manage to make the proof of work useful for tasks external to the protocol, you reintroduce the "nothing at stake" problem in a roundabout way. Useful computation is something people will pay for. If they pay for it, miners can be compensated in such a way that choosing to mine one of the Not-The-Heaviest-Chain's becomes costless. This erodes the security of the network substantially. It is not a matter of coming up with the "right" kind of useful computation that is not subject to these problems. These problems are a natural consequence of it being useful outside the protocol *at all*. Keagan On Tue, May 18, 2021 at 8:24 AM Claus Ehrenberg via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > > Ultimately all currency security derives from energy consumption. > > Everything eventually resolves down to proof-of-work. > This is ideology. Yes, without energy and work, not many things happen. > But the amounts of energy and work to achieve a goal vary widely. Detailed > analysis comparing one alternative with the other in depth is required. > And I would not look for order-of-magnitude improvements, 25% better is > also a big deal, if discovered. > > > * Proof-of-space simply moves the work to the construction of more > storage devices. > One needs a cost/benefit analysis, not just an account of the cost. For > example, if PoW could do calculations that are otherwise useful (maybe > solve a queue of standardized math-jobs, such as climate simulations) there > would be more benefit, or, let's say the data storage in proof-of-space is > useful. > > > * Proof-of-stake simply moves the work to stake-grinding attacks. > Simply not true, there are PoS implementations that are immune to > stake-grinding attacks, and even where not, the possible amount of > computations is limited compared to PoW > > > * The optical proof-of-work simply moves the work to the construction of > more miners. > The idea was to shift from energy to cap-ex. We can get a > financial penalty for misbehavior from three sources: > - cost of energy/labor (PoW) > - cost of capital (PoS) > - cost of cap-ex > There might be a better mix than PoW only. I have written code for mixed > PoW/PoS systems and it works. Adding more cap-ex to the mix can make sense, > but the environmental impact needs to be analyzed, it could also make it > worse than just the use of electricity. At least electricity as such does > not leave waste behind. Mining in orbit with solar power would be totally > acceptable. > > > At least, proof-of-work is honest about its consumption of resources. > Agreed, but we can't be satisfied with that. If we try hard enough we can > do better. > > Cheers > Claus > > On Tue, May 18, 2021 at 8:47 AM ZmnSCPxj via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >> >> > A few things jump out at me as I read this proposal >> > >> > First, deriving the hardness from capex as opposed to opex switches the >> privilege from those who have cheap electricity to those who have access to >> chip manufacturers/foundries. While this is similarly the case for Bitcoin >> ASICS today, the longevity of the PoW algorithm has led to a better >> distribution of knowledge and capital goods required to create ASICS. The >> creation of a new PoW of any kind, hurts this dimension of decentralization >> as we would have to start over from scratch on the best way to build, >> distribute, and operate these new pieces of hardware at scale. While I have >> not combed over the PoW proposed here in fine detail, the more complicated >> the algorithm is, the more it privileges those with specific knowledge >> about it and the manufacturing process. >> > >> > The competitive nature of Bitcoin mining is such that miners will be >> willing to spend up to their expected mining reward in their operating >> costs to continue to mine. Let's suppose that this new PoW was adopted, >> miners will continue to buy these chips in ever increasing quantities, >> turning the aforementioned CAPEX into a de facto OPEX. This has a few >> consequences. First it just pushes the energy consumption upstream to the >> chip manufacturing process, rather than eliminating it. And it may trade >> some marginal amount of the energy consumption for the set of resources it >> takes to educate and create chip manufacturers. The only way to avoid that >> cost being funneled back into more energy consumption is to make the >> barrier to understanding of the manufacturing process sufficiently >> difficult so as to limit the proliferation
Re: [bitcoin-dev] Proposal: Low Energy Bitcoin PoW
> Ultimately all currency security derives from energy consumption. > Everything eventually resolves down to proof-of-work. This is ideology. Yes, without energy and work, not many things happen. But the amounts of energy and work to achieve a goal vary widely. Detailed analysis comparing one alternative with the other in depth is required. And I would not look for order-of-magnitude improvements, 25% better is also a big deal, if discovered. > * Proof-of-space simply moves the work to the construction of more storage devices. One needs a cost/benefit analysis, not just an account of the cost. For example, if PoW could do calculations that are otherwise useful (maybe solve a queue of standardized math-jobs, such as climate simulations) there would be more benefit, or, let's say the data storage in proof-of-space is useful. > * Proof-of-stake simply moves the work to stake-grinding attacks. Simply not true, there are PoS implementations that are immune to stake-grinding attacks, and even where not, the possible amount of computations is limited compared to PoW > * The optical proof-of-work simply moves the work to the construction of more miners. The idea was to shift from energy to cap-ex. We can get a financial penalty for misbehavior from three sources: - cost of energy/labor (PoW) - cost of capital (PoS) - cost of cap-ex There might be a better mix than PoW only. I have written code for mixed PoW/PoS systems and it works. Adding more cap-ex to the mix can make sense, but the environmental impact needs to be analyzed, it could also make it worse than just the use of electricity. At least electricity as such does not leave waste behind. Mining in orbit with solar power would be totally acceptable. > At least, proof-of-work is honest about its consumption of resources. Agreed, but we can't be satisfied with that. If we try hard enough we can do better. Cheers Claus On Tue, May 18, 2021 at 8:47 AM ZmnSCPxj via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > > > A few things jump out at me as I read this proposal > > > > First, deriving the hardness from capex as opposed to opex switches the > privilege from those who have cheap electricity to those who have access to > chip manufacturers/foundries. While this is similarly the case for Bitcoin > ASICS today, the longevity of the PoW algorithm has led to a better > distribution of knowledge and capital goods required to create ASICS. The > creation of a new PoW of any kind, hurts this dimension of decentralization > as we would have to start over from scratch on the best way to build, > distribute, and operate these new pieces of hardware at scale. While I have > not combed over the PoW proposed here in fine detail, the more complicated > the algorithm is, the more it privileges those with specific knowledge > about it and the manufacturing process. > > > > The competitive nature of Bitcoin mining is such that miners will be > willing to spend up to their expected mining reward in their operating > costs to continue to mine. Let's suppose that this new PoW was adopted, > miners will continue to buy these chips in ever increasing quantities, > turning the aforementioned CAPEX into a de facto OPEX. This has a few > consequences. First it just pushes the energy consumption upstream to the > chip manufacturing process, rather than eliminating it. And it may trade > some marginal amount of the energy consumption for the set of resources it > takes to educate and create chip manufacturers. The only way to avoid that > cost being funneled back into more energy consumption is to make the > barrier to understanding of the manufacturing process sufficiently > difficult so as to limit the proliferation of these chips. Again, this > privileges the chip manufacturers as well as those with close access to the > chip manufacturers. > > > > As far as I can tell, the only thing this proposal actually does is > create a very lucrative business model for those who sell this variety of > chips. Any other effects of it are transient, and in all likelihood the > transient effects create serious centralization pressure. > > > > At the end of the day, the energy consumption is foundational to the > system. The only way to do away with authorities, is to require > competition. This competition will employ ever more resources until it is > unprofitable to do so. At the base of all resources of society is energy. > You get high energy expenditure, or a privileged class of bitcoin > administrators: pick one. I suspect you'll find the vast majority of > Bitcoin users to be in the camp of the energy expenditure, since if we pick > the latter, we might as well just pack it in and give up on the Bitcoin > experiment. > > > Keagan is quite correct. > Ultimately all currency security derives from energy consumption. > Everything eventually resolves down to proof-of-work. > > * Proof-of-space simply moves the work to the construction of more storage > devices. > *
Re: [bitcoin-dev] Proposal: Low Energy Bitcoin PoW
Nothing in a dynamic system like PoW mining can be 100% anticipated, for example there might be advanced in manufacturing of chips which are patented and so on. It sounds like your take is that this means no improvements can ever be made by any mechanism, however conservative. We do go into a fair amount of detail about Minimum Effective Hardness in our paper https://assets.pubpub.org/xi9h9rps/0158167859.pdf , which is actually a special case of hardness that we invented for the context of adding an operation to a PoW, and how it applies to random matrix mults. Sent from my iPhone > On May 18, 2021, at 7:58 AM, ZmnSCPxj wrote: > > Good morning Michael, > >> That’s interesting. I didn’t know the history of ASICBOOST. > > History is immaterial, what is important is the technical description of > ASICBOOST. > Basically, by fixing the partial computation of the second block of SHA256, > we could selectively vary bits in the first block of SHA256, while reusing > the computation of the second block. > This allows a grinder to grind more candidate blocks without recomputing the > second block output, reducing the needed power consumption for the same > number of hashes attempted. > > Here is an important writeup: > https://www.mit.edu/~jlrubin/public/pdfs/Asicboost.pdf > It should really be required reading for anyone who dreams of changing PoW > algorithms to read and understand this document. > > There may be similar layer-crossings in any combined construction --- or even > just a simple hash function --- when it is applied to a specific Bitcoin > block format. > >> >> Our proposal (see Implementation) is to phase in oPoW slowly starting at a >> very low % of the rewards (say 1%). That should give a long testing period >> where there is real financial incentive for things like ASICBOOST >> >> Does that resolve or partially resolve the issue in your eyes? > > It does mitigate this somewhat. > > However, such a mechanism is an additional complication and there may be > further layer-crossing violations possible --- there may be an optimization > to have a circuit that occasionally uses SHA256d and occasionally uses oPoW, > that is not possible with a pure SHA256d or pure oPoW circuit. > So this mitigation is not as strong as it might appear at first glance; > additional layers means additional possibility of layer-crossing violations > like ASICBOOST. > > > > > Regards, > ZmnSCPxj > ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Proposal: Low Energy Bitcoin PoW
That’s interesting. I didn’t know the history of ASICBOOST. Our proposal (see Implementation) is to phase in oPoW slowly starting at a very low % of the rewards (say 1%). That should give a long testing period where there is real financial incentive for things like ASICBOOST Does that resolve or partially resolve the issue in your eyes? Sent from my iPhone > On May 18, 2021, at 7:36 AM, ZmnSCPxj wrote: > > Good morning Michael, > >> That’s a fair point about patents. However, note that we were careful about >> this. oPoW only uses SHA3 (can be replaced with SHA256 in principle as well) >> and low precision linear matrix multiplication. A whole industry is trying >> to accelerate 8-bit linear matrix mults for AI so there is already a massive >> incentive (and has been for decades). >> >> See companies like Mythic, Groq, Tesla (FSD computer), google TPU and so on >> for electronic versions of this. Several of the optical ones are mentioned >> in the BIP (e.g. Lightmatter) > > > Please note that ASICBOOST for SHA256d is based on a layer-crossing > violation: SHA256 processes in blocks, and the Bitcoin block header is > slightly larger than one SHA256 block. > > Adding more to a direct SHA3 (which, as a "sponge" construction, avoids > blocks, but other layer-crossing violations may still exist) still risks > layer violations that might introduce hidden optimizations. > > Or more succinctly; > > * Just because the components have (with high probability) no more possible > optimizations, does not mean that the construction *as a whole* has no hidden > optimizations. > > Thus, even if linear matrix multiplication and SHA3 have no hidden > optimizations, their combination, together with the Bitcoin block header > format, *may* have hidden optimizations. > > And there are no *current* incentives to find such optimizations until > Bitcoin moves to this, at which point we are already committed and it would > be highly infeasible to revert to SHA256d --- i.e. too late. > > This is why changes to PoW are highly discouraged. > > > Remember, ASICBOOST was *not* an optimization of SHA256 *or* SHA256d, it was > an optimizations of SHA256d-on-a-Bitcoin-block-header. > ASICBOOST cannot speed up general SHA256 or even general SHA256d, it only > applies specifically to SHA256d-on-a-Bitcoin-block-header. > > Regards, > ZmnSCPxj ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Proposal: Low Energy Bitcoin PoW
That’s a fair point about patents. However, note that we were careful about this. oPoW only uses SHA3 (can be replaced with SHA256 in principle as well) and low precision linear matrix multiplication. A whole industry is trying to accelerate 8-bit linear matrix mults for AI so there is already a massive incentive (and has been for decades). See companies like Mythic, Groq, Tesla (FSD computer), google TPU and so on for electronic versions of this. Several of the optical ones are mentioned in the BIP (e.g. Lightmatter) Sent from my iPhone > On May 18, 2021, at 6:59 AM, ZmnSCPxj wrote: > > Good morning devrandom, > >> On Mon, May 17, 2021 at 11:47 PM ZmnSCPxj: >> >>> When considering any new proof-of-foo, it is best to consider all effects >>> until you reach the base physics of the arrow of time, at which point you >>> will realize it is ultimately just another proof-of-work anyway. >> >> Let's not simplify away economic considerations, such as externalities. The >> whole debate about the current PoW is about negative externalities related >> to energy production. >> >> Depending on the details, CAPEX (R, real-estate, construction, production) >> may have less externalities, and if that's the case, we should be interested >> in adopting a PoW that is intensive in these types of CAPEX. > > Then let us also not forget another important externality: possible > optimizations of a new PoW algorithm that risk being put into some kind of > exclusive patent. > > I think with high probability that SHA256d as used by Bitcoin will no longer > have an optimization as large in effect as ASICBOOST in the future, simply > because there is a huge incentive to find such optimizations and Bitcoin has > been using SHA256d for 12 years already, and we have already found ASICBOOST > (and while patented, as I understand it the patent owner has promised not to > enforce the patent --- my understanding may be wrong). > > Any alternative PoW algorithm risks an ASICBOOST-like optimization that is > currently unknown, but which will be discovered (and possibly patented by an > owner that *will* enforce the patent, thus putting the entire ecosystem at > direct conflict with legacy government structures) once there is a good > incentive (i.e. use in Bitcoin) for it. > > Regards, > ZmnSCPxj ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Proposal: Low Energy Bitcoin PoW
Devrandom is correct to point out that there is nuance to these things and it’s better to look at the details rather than proclaiming that PoW is PoW. (I do agree though w the original point that other ideas often turn out to reduce to PoW despite their convoluted architecture) A note on the key difference between hardware and energy as it relates to centralization: Hardware is easily transferable. If you have low electricity costs, Bitcoin ASICS need to be physically located in proximity to use it. You can’t sell your low power costs on an open liquid market (you can sell your hash rate but that still requires all the miners next to the power plant). Hardware can be sold online freely to anyone anywhere in the world. If a small number of foundries are producing low energy opow hardware (just as there are a small number producing SHA256 ASICS- in fact it would be the same set foundries, somewhat expanded because optical chips use larger, older nodes... for example Global Foundries has a great photonics process at 90nm), they can (and will) still sell the hardware to people all over the world. There is a huge latent demand for BTC mining. Many people currently buying alt coins or even BTC would prefer to invest in mining if they could turn a profit despite their high energy cost. Another clear benefit would be the difficulty of detecting and controlling low energy mining relative to the ASIC-warehouse-next-to-waterfall model used today. You can’t move a waterfall if the local government decides to regulate you. Just some thoughts. Sent from my iPhone > On May 18, 2021, at 5:18 AM, Devrandom wrote: > > > On Mon, May 17, 2021 at 11:47 PM ZmnSCPxj: >> >> When considering any new proof-of-foo, it is best to consider all effects >> until you reach the base physics of the arrow of time, at which point you >> will realize it is ultimately just another proof-of-work anyway. > > Let's not simplify away economic considerations, such as externalities. The > whole debate about the current PoW is about negative externalities related to > energy production. > > Depending on the details, CAPEX (R, real-estate, construction, production) > may have less externalities, and if that's the case, we should be interested > in adopting a PoW that is intensive in these types of CAPEX. > > On Mon, May 17, 2021 at 2:20 PM Keagan McClelland wrote: > >> First it just pushes the energy consumption upstream to the chip >> manufacturing process, rather than eliminating it. And it may trade some >> marginal amount of the energy consumption for the set of resources it takes >> to educate and create chip manufacturers. The only way to avoid that cost >> being funneled back into more energy consumption [...] > > I challenge you to substantiate these assertions. Real-estate and human > cognitive work are not energy intensive and are a major factor in the > expected costs of some alternative PoWs. The expected mining effort is such > that the cost will reach the expected reward, no more, so there is every > reason to believe that energy consumption will be small compared to the > current PoW. > > Therefore, the total associated negative externalities for the alternative > PoWs may well be much lower than the externalities of energy production. > This needs detailed analysis, not a knee-jerk reaction. > ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Proposal: Low Energy Bitcoin PoW
Good morning Michael, > Good morning Michael, > > > Nothing in a dynamic system like PoW mining can be 100% anticipated, for > > example there might be advanced in manufacturing of chips which are > > patented and so on. > > It sounds like your take is that this means no improvements can ever be > > made by any mechanism, however conservative. > > Not at all. > > Small-enough improvements over long-enough periods of time are expected and > anticipated --- that is why there exists a difficulty adjustment mechanism. > What is risky if a large-enough improvement over a short-enough time that > overwhelms the difficulty adjustment mechanism. > ASICBOOST was a massive enough improvement that it could be argued to > potentially overwhelm this mechanism if it was not openly allowed for all > miners. Or to put it in another perspective: * Small improvements to PoW mining are tolerated by Bitcoin. * Such improvements are expected to be common. * Large improvements to PoW mining are potential extinction events for Bitcoin, due to massive centralization risk. * Such improvements are expected to be *rare* but *not* nonexistent. * The number of possible circuit configurations is bounded by physical limits (matter is quantized, excssively-large chips are infeasible, etc.), thus the number of expected optimizations of a particular overall algorithm are bounded. Suppose two manufacturers find two different small improvements to PoW mining. In all likelihood, "the sum is better than its parts" and if the two have a cross-licensing deal, they can outcompete their *other* competition. Further, even if some small competitor violates the patent, the improvement may be small enough that the patent owner may decide the competitor is too small to bother with all the legal fees involved to enforce the patent. Thus, small improvements to PoW mining are expected to eventually spread widely, and that is what the difficulty adjustment mechanism exists to modulate. But suppose a third manufacturer develops an ASICBOOST-level optimization of whatever the PoW mining algorithm is. That manufacturer has no incentive to cross-license, since it can dominate the competition without cross-licensing a bunch of smaller optimizations (that may not even add up to compete against the ASICBOOST-level optimization). And any small competitor that violates patent will be enforced against, due to the major improvement that the large optimization has and the massive monopolistic advantage the ASICBOOST-level optimization patent holder would have. SHA256d-on-Bitcoin-block-header has already uncovered ASICBOOST, and thus the number of possible other large optimizations is that much smaller --- the number of possible optimizations is bounded by physical constraints. Thus, the risk of a black-swan event where a new optimization of SHA256d-on-Bitcoin-block-header is large enough to massively centralize mining is reduced, compared to every other alternative PoW algorithm, which is an important reason to avoid changing PoW as much as possible, without some really serious study (which you might be engaged in --- I am not enough of a mathist to follow your papers). We are more likely to want to change SHA256 for SHA3 on the txid and Merkle trees than on the PoW. Regards, ZmnSCPxj ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Proposal: Low Energy Bitcoin PoW
Good morning Michael, > Nothing in a dynamic system like PoW mining can be 100% anticipated, for > example there might be advanced in manufacturing of chips which are patented > and so on. > > It sounds like your take is that this means no improvements can ever be made > by any mechanism, however conservative. Not at all. Small-enough improvements over long-enough periods of time are expected and anticipated --- that is why there exists a difficulty adjustment mechanism. What is risky if a large-enough improvement over a short-enough time that overwhelms the difficulty adjustment mechanism. ASICBOOST was a massive enough improvement that it could be argued to potentially overwhelm this mechanism if it was not openly allowed for all miners. > > We do go into a fair amount of detail about Minimum Effective Hardness in our > paper https://assets.pubpub.org/xi9h9rps/0158167859.pdf , which is > actually a special case of hardness that we invented for the context of > adding an operation to a PoW, and how it applies to random matrix mults. This certainly helps as well. Regards, ZmnSCPxj ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Proposal: Low Energy Bitcoin PoW
Good morning Michael, > That’s a fair point about patents. However, note that we were careful about > this. oPoW only uses SHA3 (can be replaced with SHA256 in principle as well) > and low precision linear matrix multiplication. A whole industry is trying to > accelerate 8-bit linear matrix mults for AI so there is already a massive > incentive (and has been for decades). > > See companies like Mythic, Groq, Tesla (FSD computer), google TPU and so on > for electronic versions of this. Several of the optical ones are mentioned in > the BIP (e.g. Lightmatter) Please note that ASICBOOST for SHA256d is based on a layer-crossing violation: SHA256 processes in blocks, and the Bitcoin block header is slightly larger than one SHA256 block. Adding more to a direct SHA3 (which, as a "sponge" construction, avoids blocks, but other layer-crossing violations may still exist) still risks layer violations that might introduce hidden optimizations. Or more succinctly; * Just because the components have (with high probability) no more possible optimizations, does not mean that the construction *as a whole* has no hidden optimizations. Thus, even if linear matrix multiplication and SHA3 have no hidden optimizations, their combination, together with the Bitcoin block header format, *may* have hidden optimizations. And there are no *current* incentives to find such optimizations until Bitcoin moves to this, at which point we are already committed and it would be highly infeasible to revert to SHA256d --- i.e. too late. This is why changes to PoW are highly discouraged. Remember, ASICBOOST was *not* an optimization of SHA256 *or* SHA256d, it was an optimizations of SHA256d-on-a-Bitcoin-block-header. ASICBOOST cannot speed up general SHA256 or even general SHA256d, it only applies specifically to SHA256d-on-a-Bitcoin-block-header. Regards, ZmnSCPxj ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Proposal: Low Energy Bitcoin PoW
Good morning devrandom, > On Mon, May 17, 2021 at 11:47 PM ZmnSCPxj: > > > When considering any new proof-of-foo, it is best to consider all effects > > until you reach the base physics of the arrow of time, at which point you > > will realize it is ultimately just another proof-of-work anyway. > > Let's not simplify away economic considerations, such as externalities. The > whole debate about the current PoW is about negative externalities related to > energy production. > > Depending on the details, CAPEX (R, real-estate, construction, production) > may have less externalities, and if that's the case, we should be interested > in adopting a PoW that is intensive in these types of CAPEX. Then let us also not forget another important externality: possible optimizations of a new PoW algorithm that risk being put into some kind of exclusive patent. I think with high probability that SHA256d as used by Bitcoin will no longer have an optimization as large in effect as ASICBOOST in the future, simply because there is a huge incentive to find such optimizations and Bitcoin has been using SHA256d for 12 years already, and we have already found ASICBOOST (and while patented, as I understand it the patent owner has promised not to enforce the patent --- my understanding may be wrong). Any alternative PoW algorithm risks an ASICBOOST-like optimization that is currently unknown, but which will be discovered (and possibly patented by an owner that *will* enforce the patent, thus putting the entire ecosystem at direct conflict with legacy government structures) once there is a good incentive (i.e. use in Bitcoin) for it. Regards, ZmnSCPxj ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Proposal: Low Energy Bitcoin PoW
On Mon, May 17, 2021 at 11:47 PM ZmnSCPxj: > > When considering any new proof-of-foo, it is best to consider all effects > until you reach the base physics of the arrow of time, at which point you > will realize it is ultimately just another proof-of-work anyway. > Let's not simplify away economic considerations, such as externalities. The whole debate about the current PoW is about negative externalities related to energy production. Depending on the details, CAPEX (R, real-estate, construction, production) may have less externalities, and if that's the case, we should be interested in adopting a PoW that is intensive in these types of CAPEX. On Mon, May 17, 2021 at 2:20 PM Keagan McClelland wrote: First it just pushes the energy consumption upstream to the chip > manufacturing process, rather than eliminating it. And it may trade some > marginal amount of the energy consumption for the set of resources it takes > to educate and create chip manufacturers. The only way to avoid that cost > being funneled back into more energy consumption [...] > I challenge you to substantiate these assertions. Real-estate and human cognitive work are not energy intensive and are a major factor in the expected costs of some alternative PoWs. The expected mining effort is such that the cost will reach the expected reward, no more, so there is every reason to believe that energy consumption will be small compared to the current PoW. Therefore, the total associated negative externalities for the alternative PoWs may well be much lower than the externalities of energy production. This needs detailed analysis, not a knee-jerk reaction. ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Proposal: Low Energy Bitcoin PoW
> A few things jump out at me as I read this proposal > > First, deriving the hardness from capex as opposed to opex switches the > privilege from those who have cheap electricity to those who have access to > chip manufacturers/foundries. While this is similarly the case for Bitcoin > ASICS today, the longevity of the PoW algorithm has led to a better > distribution of knowledge and capital goods required to create ASICS. The > creation of a new PoW of any kind, hurts this dimension of decentralization > as we would have to start over from scratch on the best way to build, > distribute, and operate these new pieces of hardware at scale. While I have > not combed over the PoW proposed here in fine detail, the more complicated > the algorithm is, the more it privileges those with specific knowledge about > it and the manufacturing process. > > The competitive nature of Bitcoin mining is such that miners will be willing > to spend up to their expected mining reward in their operating costs to > continue to mine. Let's suppose that this new PoW was adopted, miners will > continue to buy these chips in ever increasing quantities, turning the > aforementioned CAPEX into a de facto OPEX. This has a few consequences. First > it just pushes the energy consumption upstream to the chip manufacturing > process, rather than eliminating it. And it may trade some marginal amount of > the energy consumption for the set of resources it takes to educate and > create chip manufacturers. The only way to avoid that cost being funneled > back into more energy consumption is to make the barrier to understanding of > the manufacturing process sufficiently difficult so as to limit the > proliferation of these chips. Again, this privileges the chip manufacturers > as well as those with close access to the chip manufacturers. > > As far as I can tell, the only thing this proposal actually does is create a > very lucrative business model for those who sell this variety of chips. Any > other effects of it are transient, and in all likelihood the transient > effects create serious centralization pressure. > > At the end of the day, the energy consumption is foundational to the system. > The only way to do away with authorities, is to require competition. This > competition will employ ever more resources until it is unprofitable to do > so. At the base of all resources of society is energy. You get high energy > expenditure, or a privileged class of bitcoin administrators: pick one. I > suspect you'll find the vast majority of Bitcoin users to be in the camp of > the energy expenditure, since if we pick the latter, we might as well just > pack it in and give up on the Bitcoin experiment. Keagan is quite correct. Ultimately all currency security derives from energy consumption. Everything eventually resolves down to proof-of-work. * Proof-of-space simply moves the work to the construction of more storage devices. * Proof-of-stake simply moves the work to stake-grinding attacks. * The optical proof-of-work simply moves the work to the construction of more miners. * Even government-enforced fiat is ultimately proof-of-work, as the operation and continued existence of any government is work. It is far better to move towards a more *direct* proof-of-work, than to add more complexity and come up with something that is just proof-of-work, but with the work moved off to somewhere else and with additional moving parts that can be jammed or hacked into. When considering any new proof-of-foo, it is best to consider all effects until you reach the base physics of the arrow of time, at which point you will realize it is ultimately just another proof-of-work anyway. At least, proof-of-work is honest about its consumption of resources. Regards, ZmnSCPxj ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Proposal: Low Energy Bitcoin PoW
A few things jump out at me as I read this proposal First, deriving the hardness from capex as opposed to opex switches the privilege from those who have cheap electricity to those who have access to chip manufacturers/foundries. While this is similarly the case for Bitcoin ASICS today, the longevity of the PoW algorithm has led to a better distribution of knowledge and capital goods required to create ASICS. The creation of a new PoW of any kind, hurts this dimension of decentralization as we would have to start over from scratch on the best way to build, distribute, and operate these new pieces of hardware at scale. While I have not combed over the PoW proposed here in fine detail, the more complicated the algorithm is, the more it privileges those with specific knowledge about it and the manufacturing process. The competitive nature of Bitcoin mining is such that miners will be willing to spend up to their expected mining reward in their operating costs to continue to mine. Let's suppose that this new PoW was adopted, miners will continue to buy these chips in ever increasing quantities, turning the aforementioned CAPEX into a de facto OPEX. This has a few consequences. First it just pushes the energy consumption upstream to the chip manufacturing process, rather than eliminating it. And it may trade some marginal amount of the energy consumption for the set of resources it takes to educate and create chip manufacturers. The only way to avoid that cost being funneled back into more energy consumption is to make the barrier to understanding of the manufacturing process sufficiently difficult so as to limit the proliferation of these chips. Again, this privileges the chip manufacturers as well as those with close access to the chip manufacturers. As far as I can tell, the only thing this proposal actually does is create a very lucrative business model for those who sell this variety of chips. Any other effects of it are transient, and in all likelihood the transient effects create serious centralization pressure. At the end of the day, the energy consumption is foundational to the system. The only way to do away with authorities, is to require competition. This competition will employ ever more resources until it is unprofitable to do so. At the base of all resources of society is energy. You get high energy expenditure, or a privileged class of bitcoin administrators: pick one. I suspect you'll find the vast majority of Bitcoin users to be in the camp of the energy expenditure, since if we pick the latter, we might as well just pack it in and give up on the Bitcoin experiment. Keagan On Mon, May 17, 2021 at 2:33 PM Bogdan Penkovsky via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Hi Bitcoin Devs, > > We would like to share with you a draft proposal for a durable, low > energy Bitcoin proof of work. > > > > > BIP: ? > Title: Durable, Low Energy Bitcoin PoW > Author: Michael Dubrovsky , Bogdan Penkovsky > > Discussions-To: > Comments-Summary: No comments yet. > Comments-URI: https://github.com/PoWx-Org/obtc/wiki/BIP > Status: Draft > Type: Standards Track > Created: 2021-05-13 > License: BSD-2-Clause >OPL > > > > == Simple Summary == > > Bitcoin's energy consumption is growing with its value (see Figure below). > Although scaling PoW is necessary to maintain the security of the network, > reliance on massive energy consumption has scaling drawbacks and leads to > mining > centralization. A major consequence of the central role of local > electricity > cost in mining is that today, most existing and potential participants in > the > Bitcoin network cannot profitably mine Bitcoin even if they have the > capital to > invest in mining hardware. From a practical perspective, Bitcoin adoption > by > companies like Tesla (which recently rescinded its acceptance of Bitcoin as > payment) has been hampered by its massive energy consumption and perceived > environmental impact. > > [[https://github.com/PoWx-Org/obtc/raw/main/img/btc_energy-small.png]] > > Figure. Bitcoin price and estimated Bitcoin energy consumption. > Data sources: [https://cbeci.org Cambridge Bitcoin Electricity > Consumption Index], [https://www.coindesk.com CoinDesk]. > > We propose a novel proof-of-work paradigm for Bitcoin--Optical > proof-of-work. It > is designed to decouple Bitcoin mining from energy and make it feasible > outside > of regions with low electricity costs. ''Optical proof-of-work'' (oPoW) is > a > modification of Hashcash that is most efficiently computed using a new > class of > photonic processors. Without compromising the cryptographic or > game-theoretical > security of Hashcash, oPoW shifts the operating expenses of mining (OPEX), > to > capital expenses (CAPEX)--i.e. electricity to hardware. oPoW makes it > possible > for billions of new miners to enter the market simply by investing in a > low-energy photonic miner. Shifting to a high-CAPEX PoW has the