Discussion:
[Bitcoin-development] Long-term mining incentives
Thomas Voegtlin
2015-05-11 16:28:46 UTC
Permalink
The discussion on block size increase has brought some attention to the
other elephant in the room: Long-term mining incentives.

Bitcoin derives its current market value from the assumption that a
stable, steady-state regime will be reached in the future, where miners
have an incentive to keep mining to protect the network. Such a steady
state regime does not exist today, because miners get most of their
reward from the block subsidy, which will progressively be removed.

Thus, today's 3 billion USD question is the following: Will a steady
state regime be reached in the future? Can such a regime exist? What are
the necessary conditions for its existence?

Satoshi's paper suggests that this may be achieved through miner fees.
Quite a few people seem to take this for granted, and are working to
make it happen (developing cpfp and replace-by-fee). This explains part
of the opposition to raising the block size limit; some people would
like to see some fee pressure building up first, in order to get closer
to a regime where miners are incentivised by transaction fees instead of
block subsidy. Indeed, the emergence of a working fee market would be
extremely reassuring for the long-term viability of bitcoin. So, the
thinking goes, by raising the block size limit, we would be postponing a
crucial reality check. We would be buying time, at the expenses of
Bitcoin's decentralization.

OTOH, proponents of a block size increase have a very good point: if the
block size is not raised soon, Bitcoin is going to enter a new, unknown
and potentially harmful regime. In the current regime, almost all
transaction get confirmed quickly, and fee pressure does not exist. Mike
Hearn suggested that, when blocks reach full capacity and users start to
experience confirmation delays and confirmation uncertainty, users will
simply go away and stop using Bitcoin. To me, that outcome sounds very
plausible indeed. Thus, proponents of the block size increase are
conservative; they are trying to preserve the current regime, which is
known to work, instead of letting the network enter uncharted territory.

My problem is that this seems to lacks a vision. If the maximal block
size is increased only to buy time, or because some people think that 7
tps is not enough to compete with VISA, then I guess it would be
healthier to try and develop off-chain infrastructure first, such as the
Lightning network.

OTOH, I also fail to see evidence that a limited block capacity will
lead to a functional fee market, able to sustain a steady state. A
functional market requires well-informed participants who make rational
choices and accept the outcomes of their choices. That is not the case
today, and to believe that it will magically happen because blocks start
to reach full capacity sounds a lot like like wishful thinking.

So here is my question, to both proponents and opponents of a block size
increase: What steady-state regime do you envision for Bitcoin, and what
is is your plan to get there? More specifically, how will the
steady-state regime look like? Will users experience fee pressure and
delays, or will it look more like a scaled up version of what we enjoy
today? Should fee pressure be increased jointly with subsidy decrease,
or as soon as possible, or never? What incentives will exist for miners
once the subsidy is gone? Will miners have an incentive to permanently
fork off the last block and capture its fees? Do you expect Bitcoin to
work because miners are altruistic/selfish/honest/caring?

A clear vision would be welcome.
i***@national.shitposting.agency
2015-05-11 16:52:10 UTC
Permalink
Post by Thomas Voegtlin
My problem is that this seems to lacks a vision. If the maximal block
size is increased only to buy time, or because some people think that 7
tps is not enough to compete with VISA, then I guess it would be
healthier to try and develop off-chain infrastructure first, such as the
Lightning network.
If your end goal is "compete with VISA" you might as well just give up
and go home right now. There's lots of terrible proposals where people
try to demonstrate that so many hundred thousand transactions a second
are possible if we just make the block size 500GB. In the real world
with physical limits, you literally can not verify more than a few
thousand ECDSA signatures a second on a CPU core. The tradeoff taken
in Bitcoin is that the signatures are pretty small, but they are also
slow to verify on any sort of scale. There's no way competing with a
centralised entity using on-chain transactions is even a sane goal.
Gavin Andresen
2015-05-11 17:29:02 UTC
Permalink
I think long-term the chain will not be secured purely by proof-of-work. I
think when the Bitcoin network was tiny running solely on people's home
computers proof-of-work was the right way to secure the chain, and the only
fair way to both secure the chain and distribute the coins.

See https://gist.github.com/gavinandresen/630d4a6c24ac6144482a for some
half-baked thoughts along those lines. I don't think proof-of-work is the
last word in distributed consensus (I also don't think any alternatives are
anywhere near ready to deploy, but they might be in ten years).

I also think it is premature to worry about what will happen in twenty or
thirty years when the block subsidy is insignificant. A lot will happen in
the next twenty years. I could spin a vision of what will secure the chain
in twenty years, but I'd put a low probability on that vision actually
turning out to be correct.

That is why I keep saying Bitcoin is an experiment. But I also believe that
the incentives are correct, and there are a lot of very motivated, smart,
hard-working people who will make it work. When you're talking about trying
to predict what will happen decades from now, I think that is the best you
can (honestly) do.
--
--
Gavin Andresen
Thomas Voegtlin
2015-05-12 12:35:02 UTC
Permalink
Thank you for your answer.

I agree that a lot of things will change, and I am not asking for a
prediction of technological developments; prediction is certainly
impossible. What I would like to have is some sort of reference scenario
for the future of Bitcoin. Something a bit like the Standard Model in
Physics. The reference scenario should not be a prediction of the
future, that's not the point. In fact, it will have to be updated
everytime technological evolutions or code changes render it obsolete.

However, the reference scenario should be a workable path through the
future, using today's technologies and today's knowlegde, and including
all planned code changes. It should be, as much as possible, amenable to
quantitative analysis. It could be used to justify controversial
decisions such as a hard fork.

Your proposal of a block size increase would be much stronger if it came
with such a scenario. It would show that you know where you are going.
Post by Gavin Andresen
I think long-term the chain will not be secured purely by proof-of-work. I
think when the Bitcoin network was tiny running solely on people's home
computers proof-of-work was the right way to secure the chain, and the only
fair way to both secure the chain and distribute the coins.
See https://gist.github.com/gavinandresen/630d4a6c24ac6144482a for some
half-baked thoughts along those lines. I don't think proof-of-work is the
last word in distributed consensus (I also don't think any alternatives are
anywhere near ready to deploy, but they might be in ten years).
I also think it is premature to worry about what will happen in twenty or
thirty years when the block subsidy is insignificant. A lot will happen in
the next twenty years. I could spin a vision of what will secure the chain
in twenty years, but I'd put a low probability on that vision actually
turning out to be correct.
That is why I keep saying Bitcoin is an experiment. But I also believe that
the incentives are correct, and there are a lot of very motivated, smart,
hard-working people who will make it work. When you're talking about trying
to predict what will happen decades from now, I think that is the best you
can (honestly) do.
Gavin Andresen
2015-05-12 16:10:53 UTC
Permalink
Added back the list, I didn't mean to reply privately:

Fair enough, I'll try to find time in the next month or three to write up
four plausible future scenarios for how mining incentives might work:

1) Fee-supported with very large blocks containing lots of tiny-fee
transactions
2) Proof-of-idle supported (I wish Tadge Dryja would publish his
proof-of-idle idea....)
3) Fees purely as transaction-spam-prevention measure, chain security via
alternative consensus algorithm (in this scenario there is very little
mining).
4) Fee supported with small blocks containing high-fee transactions moving
coins to/from sidechains.

Would that be helpful, or do you have some reason for thinking that we
should pick just one and focus all of our efforts on making that one
scenario happen?

I always think it is better, when possible, not to "bet on one horse."
https://blog.bitcoinfoundation.org/a-scalability-roadmap/
It might be wrong. I welcome other people to present their road maps.
[answering to you only because you answered to me and not to the list;
feel free to repost this to the list though]
Yes, that's exactly the kind of roadmap I am asking for. But your blog
post does not say anything about long term mining incentives, it only
talks about scalability. My point is that we need the same kind of thing
for miners incentives.
--
--
Gavin Andresen
Dave Hudson
2015-05-12 16:21:40 UTC
Permalink
I think proof-of-idle had a potentially serious problem when I last looked at it. The risk is that a largish miner can use everyone else's idle time to construct a very long chain; it's also easy enough for them to make it appear to be the work of a large number of distinct miners. Given that this would allow them to arbitrarily re-mine any block rewards and potentially censor any transactions then that just seems like a huge security hole?


Cheers,
Dave
1) Fee-supported with very large blocks containing lots of tiny-fee transactions
2) Proof-of-idle supported (I wish Tadge Dryja would publish his proof-of-idle idea....)
3) Fees purely as transaction-spam-prevention measure, chain security via alternative consensus algorithm (in this scenario there is very little mining).
4) Fee supported with small blocks containing high-fee transactions moving coins to/from sidechains.
Would that be helpful, or do you have some reason for thinking that we should pick just one and focus all of our efforts on making that one scenario happen?
I always think it is better, when possible, not to "bet on one horse."
https://blog.bitcoinfoundation.org/a-scalability-roadmap/ <https://blog.bitcoinfoundation.org/a-scalability-roadmap/>
It might be wrong. I welcome other people to present their road maps.
[answering to you only because you answered to me and not to the list;
feel free to repost this to the list though]
Yes, that's exactly the kind of roadmap I am asking for. But your blog
post does not say anything about long term mining incentives, it only
talks about scalability. My point is that we need the same kind of thing
for miners incentives.
--
--
Gavin Andresen
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
Bitcoin-development mailing list
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Pedro Worcel
2015-05-12 21:24:41 UTC
Permalink
Disclaimer: I don't know anything about Bitcoin.
​2) Proof-of-idle supported (I wish Tadge Dryja would publish his
proof-of-idle idea....)
3) Fees purely as transaction-spam-prevention measure, chain security via
alternative consensus algorithm (in this scenario there is very little
mining).

I don't understand why you would casually mention moving away from Proof of
Work, I thought that was the big breakthrough that made Bitcoin possible at
all?

Thanks,
Pedro
Fair enough, I'll try to find time in the next month or three to write up
1) Fee-supported with very large blocks containing lots of tiny-fee
transactions
​​
2) Proof-of-idle supported (I wish Tadge Dryja would publish his
proof-of-idle idea....)
3) Fees purely as transaction-spam-prevention measure, chain security via
alternative consensus algorithm (in this scenario there is very little
mining).
4) Fee supported with small blocks containing high-fee transactions moving
coins to/from sidechains.
Would that be helpful, or do you have some reason for thinking that we
should pick just one and focus all of our efforts on making that one
scenario happen?
I always think it is better, when possible, not to "bet on one horse."
https://blog.bitcoinfoundation.org/a-scalability-roadmap/
It might be wrong. I welcome other people to present their road maps.
[answering to you only because you answered to me and not to the list;
feel free to repost this to the list though]
Yes, that's exactly the kind of roadmap I am asking for. But your blog
post does not say anything about long term mining incentives, it only
talks about scalability. My point is that we need the same kind of thing
for miners incentives.
--
--
Gavin Andresen
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Bitcoin-development mailing list
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Adam Back
2015-05-12 23:48:06 UTC
Permalink
I think its fair to say no one knows how to make a consensus that
works in a decentralised fashion that doesnt weaken the bitcoin
security model without proof-of-work for now.

I am presuming Gavin is just saying in the context of not pre-judging
the future that maybe in the far future another innovation might be
found (or alternatively maybe its not mathematically possible).

Towards that it would be useful to try further to prove this one way
or another (prove that proof of stake cant work if that is generically
mathematically provable).

Adam
Post by Pedro Worcel
Disclaimer: I don't know anything about Bitcoin.
Post by Gavin Andresen
2) Proof-of-idle supported (I wish Tadge Dryja would publish his
proof-of-idle idea....)
3) Fees purely as transaction-spam-prevention measure, chain security via
alternative consensus algorithm (in this scenario there is very little
mining).
I don't understand why you would casually mention moving away from Proof of
Work, I thought that was the big breakthrough that made Bitcoin possible at
all?
Thanks,
Pedro
Post by Gavin Andresen
Fair enough, I'll try to find time in the next month or three to write up
1) Fee-supported with very large blocks containing lots of tiny-fee
transactions
2) Proof-of-idle supported (I wish Tadge Dryja would publish his
proof-of-idle idea....)
3) Fees purely as transaction-spam-prevention measure, chain security via
alternative consensus algorithm (in this scenario there is very little
mining).
4) Fee supported with small blocks containing high-fee transactions moving
coins to/from sidechains.
Would that be helpful, or do you have some reason for thinking that we
should pick just one and focus all of our efforts on making that one
scenario happen?
I always think it is better, when possible, not to "bet on one horse."
https://blog.bitcoinfoundation.org/a-scalability-roadmap/
It might be wrong. I welcome other people to present their road maps.
[answering to you only because you answered to me and not to the list;
feel free to repost this to the list though]
Yes, that's exactly the kind of roadmap I am asking for. But your blog
post does not say anything about long term mining incentives, it only
talks about scalability. My point is that we need the same kind of thing
for miners incentives.
--
--
Gavin Andresen
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Bitcoin-development mailing list
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Bitcoin-development mailing list
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Gavin Andresen
2015-05-13 15:41:16 UTC
Permalink
Post by Adam Back
I think its fair to say no one knows how to make a consensus that
works in a decentralised fashion that doesnt weaken the bitcoin
security model without proof-of-work for now.
Yes.
Post by Adam Back
I am presuming Gavin is just saying in the context of not pre-judging
the future that maybe in the far future another innovation might be
found (or alternatively maybe its not mathematically possible).
Yes... or an alternative might be found that weakens the Bitcoin security
model by a small enough amount that it either doesn't matter or the
weakening is vastly overwhelmed by some other benefit.

I'm influenced by the way the Internet works; packets addressed to
74.125.226.67 reliably get to Google through a very decentralized system
that I'll freely admit I don't understand. Yes, a determined attacker can
re-route packets, but layers of security on top means re-routing packets
isn't enough to pull off profitable attacks.

I think Bitcoin's proof-of-work might evolve in a similar way. Yes, you
might be able to 51% attack the POW, but layers of security on top of POW
will mean that won't be enough to pull off profitable attacks.
--
--
Gavin Andresen
Pedro Worcel
2015-05-13 20:05:55 UTC
Permalink
Thank you for your response, that does make sense. It's going to be
interesting to follow what is going to happen!
Post by Gavin Andresen
Post by Adam Back
I think its fair to say no one knows how to make a consensus that
works in a decentralised fashion that doesnt weaken the bitcoin
security model without proof-of-work for now.
Yes.
Post by Adam Back
I am presuming Gavin is just saying in the context of not pre-judging
the future that maybe in the far future another innovation might be
found (or alternatively maybe its not mathematically possible).
Yes... or an alternative might be found that weakens the Bitcoin security
model by a small enough amount that it either doesn't matter or the
weakening is vastly overwhelmed by some other benefit.
I'm influenced by the way the Internet works; packets addressed to
74.125.226.67 reliably get to Google through a very decentralized system
that I'll freely admit I don't understand. Yes, a determined attacker can
re-route packets, but layers of security on top means re-routing packets
isn't enough to pull off profitable attacks.
I think Bitcoin's proof-of-work might evolve in a similar way. Yes, you
might be able to 51% attack the POW, but layers of security on top of POW
will mean that won't be enough to pull off profitable attacks.
--
--
Gavin Andresen
Thomas Voegtlin
2015-05-13 09:49:13 UTC
Permalink
Post by Gavin Andresen
Fair enough, I'll try to find time in the next month or three to write up
1) Fee-supported with very large blocks containing lots of tiny-fee
transactions
2) Proof-of-idle supported (I wish Tadge Dryja would publish his
proof-of-idle idea....)
3) Fees purely as transaction-spam-prevention measure, chain security via
alternative consensus algorithm (in this scenario there is very little
mining).
4) Fee supported with small blocks containing high-fee transactions moving
coins to/from sidechains.
Would that be helpful, or do you have some reason for thinking that we
should pick just one and focus all of our efforts on making that one
scenario happen?
I always think it is better, when possible, not to "bet on one horse."
Sorry if I did not make myself clear. It is not about betting on one
single horse, or about making one particular scenario happen. It is not
about predicting whether something else will replace PoW in the future,
and I am in no way asking you to focus your efforts in one particular
direction at the expenses of others. Various directions will be explored
by various people, and that's great.

I am talking about what we know today. I would like an answer to the
following question: Do we have a reason to believe that Bitcoin can work
in the long run, without involving technologies that have not been
invented yet? Is there a single scenario that we know could work?

Exotic and unproven technologies are not an answer to that question. The
reference scenario should be as boring as possible, and as verifiable as
possible. I am not asking what you think is the most likely to happen,
but what is the most likely to work, given the knowledge we have today.

If I was asking: "Can we send humans to the moon by 2100?", I guess your
answer would be: "Yes we can, because it has been done in the past with
chemical rockets, and we know how to build them". You would probably not
use a space elevator in your answer.

The reason I am asking that is, there seems to be no consensus among
core developers on how Bitcoin can work without miner subsidy. How it
*will* work is another question.
Tier Nolan
2015-05-13 10:14:06 UTC
Permalink
Post by Thomas Voegtlin
The reason I am asking that is, there seems to be no consensus among
core developers on how Bitcoin can work without miner subsidy. How it
*will* work is another question.
The position seems to be that it will continue to work for the time being,
so there is still time for more research.

Proof of stake has problems with handling long term reversals. The main
proposal is to slightly weaken the security requirements.

With POW, a new node only needs to know the genesis block (and network
rules) to fully determine which of two chains is the strongest.

Penalties for abusing POS inherently create a time horizon. A suggested
POS security model would assume that a full node is a node that resyncs
with the network regularly (every N blocks). N would be depend on the
network rules of the coin.

The alternative is that 51% of the holders of coins at the genesis block
can rewrite the entire chain. The genesis block might not be the first
block, a POS coin might still use POW for minting.

https://blog.ethereum.org/2014/11/25/proof-stake-learned-love-weak-subjectivity/
Alex Mizrahi
2015-05-13 10:31:47 UTC
Permalink
Post by Tier Nolan
With POW, a new node only needs to know the genesis block (and network
rules) to fully determine which of two chains is the strongest.
But this matters if a new node has access to the globally strongest chain.
If attacker is able to block connections to legitimate nodes, a new node
will happily accept attacker's chain.

So PoW, by itself, doesn't give strong security guarantees. This problem is
so fundamental people avoid talking about it.

In practice, Bitcoin already embraces "weak subjectivity" e.g. in form of
checkpoints embedded into the source code. So it's hard to take PoW purists
seriously.
Tier Nolan
2015-05-13 11:29:23 UTC
Permalink
Post by Alex Mizrahi
But this matters if a new node has access to the globally strongest chain.
A node only needs a path of honest nodes to the network.

If a node is connected to 99 dishonest nodes and 1 honest node, it can
still sync with the main network.
Post by Alex Mizrahi
In practice, Bitcoin already embraces "weak subjectivity" e.g. in form of
checkpoints embedded into the source code. So it's hard to take PoW purists
seriously.
That isn't why checkpoints exist. They are to prevent a disk consumption
DOS attack.

They also allow verification to go faster. Signature operations are
assumed to be correct without checking if they are in blocks before the
last checkpoint.

They do protect against multi-month forks though, even if not the reason
that they exist.

If releases happen every 6 months, and the checkpoint is 3 months deep at
release, then for the average node, the checkpoint is 3 to 9 months old.

A 3 month reversal would be devastating, so the checkpoint isn't adding
much extra security.

With headers first downloading, the checkpoints could be removed. They
could still be used for speeding up verification of historical blocks.
Blocks behind the last checkpoint wouldn't need their signatures checked.

Removing them could cause a hard-fork though, so maybe they could be
defined as legacy artifacts of the blockchain. Future checkpoints could be
advisory.
Alex Mizrahi
2015-05-13 12:26:17 UTC
Permalink
This post might be inappropriate. Click to display it.
Gavin
2015-05-13 13:24:04 UTC
Permalink
Checkpoints will be replaced by compiled-in 'at THIS timestamp the main chain had THIS much proof of work.'

That is enough information to prevent attacks and still allow optimizations like skipping signature checking for ancient transactions.

I don't think anybody is proposing replacing checkpoints with nothing.

--
Gavin Andresen
Post by Alex Mizrahi
1. User wants to accept Bitcoin payments, as his customers want this.
2. He downloads a recent version of Bitcoin Core, checks hashes and so on. (Maybe even builds from source.)
3. Let's it to sync for several hours or days.
4. After wallet is synced, he gives his address to customer.
5. Customer pays.
6. User waits 10 confirmations and ships the goods. (Suppose it's something very expensive.)
7. Some time later, user wants to convert some of his bitcoins to dollars. He sends his bitcoins to an exchange but they never arrive.
He tries to investigate, and after some time discovers that his router (or his ISP's router) was hijacked. His Bitcoin node couldn't connect to any of the legitimate nodes, and thus got a complete fake chain from the attacker.
Bitcoins he received were totally fake.
Bitcoin Core did a shitty job and confirmed some fake transactions.
User doesn't care that if his network was not impaired, Bitcoin Core would have worked properly.
The main duty of Bitcoin Core is to check whether transactions are confirmed, and if it can be fooled by a simple router hack, then it does its job poorly.
If you don't see it being a problem, you should't be allowed to develop anything security-related.
If a node is connected to 99 dishonest nodes and 1 honest node, it can still sync with the main network.
Yes, it is good against Sybil attack, but not good against a network-level attack.
Attack on user's routers is a very realistic, plausible attack.
Imagine if SSL could be hacked by hacking a router, would people still use it?
Fucking no.
A 3 month reversal would be devastating, so the checkpoint isn't adding much extra security.
WIthout checkpoints an attacker could prepare a fork for $10.
With checkpoints, it would cost him at least $1000, but more likely upwards of $100000.
That's quite a difference, no?
I do not care what do you think about the reasons why checkpoints were added, but it is a fact that they make the attack scenario I describe above hard to impossible.
Without checkpoints, you could perform this attack using a laptop.
With checkpoints, you need access to significant amounts of mining ASICs.
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Bitcoin-development mailing list
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Tier Nolan
2015-05-13 13:28:44 UTC
Permalink
Post by Alex Mizrahi
He tries to investigate, and after some time discovers that his router (or
his ISP's router) was hijacked. His Bitcoin node couldn't connect to any of
the legitimate nodes, and thus got a complete fake chain from the attacker.
Bitcoins he received were totally fake.
Bitcoin Core did a shitty job and confirmed some fake transactions.
I don't really see how you can protect against total isolation of a node
(POS or POW). You would need to find an alternative route for the
information.

Even encrypted connections are pointless without authentication of who you
are communicating with.

Again, it is part of the security model that you can connect to at least
one honest node.

Someone tweated all the bitcoin headers at one point. The problem is that
if everyone uses the same check, then that source can be compromised.
Post by Alex Mizrahi
WIthout checkpoints an attacker could prepare a fork for $10.
With checkpoints, it would cost him at least $1000, but more likely
upwards of $100000.
Post by Alex Mizrahi
That's quite a difference, no?
Headers first mean that you can't knock a synced node off the main chain
without winning the POW race.

Checkpoints can be replaced with a minimum amount of POW for initial sync.
This prevents spam of low POW blocks. Once a node is on a chain with at
least that much POW, it considers it the main chain.,
Alex Mizrahi
2015-05-13 14:26:52 UTC
Permalink
Post by Tier Nolan
I don't really see how you can protect against total isolation of a node
(POS or POW). You would need to find an alternative route for the
information.
"Alternative route for the information" is the whole point of weak
subjectivity, no?

PoS depends on weak subjectivity to prevent "long term reversals", but
using it also prevents "total isolation" attacks.

The argument that PoW is better than PoS because PoS has to depend on weak
subjectivity, but PoW doesn't is wrong.
Any practical implementation of PoW will also have to rely on weak
subjectivity to be secure against isolation attack.
And if we have to rely on weak subjectivity anyway, then why not PoS?
Post by Tier Nolan
Again, it is part of the security model that you can connect to at least
one honest node.
This is the security model of PoW-based consensus. If you study
PoW-consensus, then yes, this is the model you have to use.

But people use Bitcoin Core as a piece of software. They do not care what
security model you use, they expect it to work.
If there are realistic scenarios in which it fails, then this must be
documented. Users should be made aware of the problem, should be able to
take preventative measures (e.g. manually check the latest block against
sources they trust), etc.
Post by Tier Nolan
The problem is that if everyone uses the same check, then that source can
be compromised.
Yes, this problem cannot be solved in a 100% decentralized and automatic
way.
Which doesn't mean it's not worth solving, does it?

1. There are non-decentralized, trust-based solutions: refuse to work if
none of well-known nodes are accessible.
Well-known nodes are already used for bootstrapping, and this is another
point which can be attacked.
So if it's impossible to make it 100% decentralized and secure, why not
make it 99% decentralized and secure?

2. It is a common practice to check sha256sum after downloading the
package, and this is usually done manually.
Why can't checking block hashes against some source become a common
practice as well?


Also it's worth noting that these security measures are additive.
Isolating a node AND hijacking one of well-known nodes AND hijacking a
block explorer site user checks hashes against is exponentially harder than
defeating a single measure.
Jorge Timón
2015-05-13 23:46:04 UTC
Permalink
Post by Alex Mizrahi
But this matters if a new node has access to the globally strongest chain.
If attacker is able to block connections to legitimate nodes, a new node
will happily accept attacker's chain.
If you get isolated from the network you may not get the longest valid
chain. I don't think any other consensus mechanism deals with this
better than Bitcoin.
Post by Alex Mizrahi
So PoW, by itself, doesn't give strong security guarantees. This problem is
so fundamental people avoid talking about it.
In practice, Bitcoin already embraces "weak subjectivity" e.g. in form of
checkpoints embedded into the source code. So it's hard to take PoW purists
seriously.
Checkpoints are NOT part of the consensus rules, they're just an
optimization that can be removed.
Try keeping the genesis block as your only checkpoint and rebuild: it
will work. You can also define your own checkpoints, there's no need
for everyone to use the same ones.
In a future with committed utxo the optimization could be bigger, but
still, we shouldn't rely on checkpoints for consensus, they're just an
optimization and you should only trust checkpoints that are buried in
the chain. Trusting a committed utxo checkpoint from 2 years ago
doesn't seem very risky. If the code is not already done (not really
sure if it was done as part of auto-prune), we should be prepared for
reorgs that invalidate checkpoints.
So, no, Bitcoin does NOT rely on that "weak subjectivity" thing.
Jorge Timón
2015-05-14 00:11:47 UTC
Permalink
Post by Gavin Andresen
I think long-term the chain will not be secured purely by proof-of-work. I
think when the Bitcoin network was tiny running solely on people's home
computers proof-of-work was the right way to secure the chain, and the only
fair way to both secure the chain and distribute the coins.
See https://gist.github.com/gavinandresen/630d4a6c24ac6144482a for some
half-baked thoughts along those lines. I don't think proof-of-work is the
last word in distributed consensus (I also don't think any alternatives are
anywhere near ready to deploy, but they might be in ten years).
Or never, nobody knows at this point.
Post by Gavin Andresen
I also think it is premature to worry about what will happen in twenty or
thirty years when the block subsidy is insignificant. A lot will happen in
the next twenty years. I could spin a vision of what will secure the chain
in twenty years, but I'd put a low probability on that vision actually
turning out to be correct.
I think is very healthy to worry about that since we know it's
something that will happen.
The system should work without subsidies.
Post by Gavin Andresen
That is why I keep saying Bitcoin is an experiment. But I also believe that
the incentives are correct, and there are a lot of very motivated, smart,
hard-working people who will make it work. When you're talking about trying
to predict what will happen decades from now, I think that is the best you
can (honestly) do.
Lightning payment channels may be a new idea, but payment channels are
not, and nobody is using them.
They are the best solution to scalability we have right now,
increasing the block size is simply not a solution, it's just kicking
the can down the road (while reducing the incentives to deploy real
solutions like payment channels).

Not worrying about 10 years in the future but asking people to trust
estimates and speculations about how everything will burn in 2 years
if we don't act right now seems pretty arbitrary to me.
One could just as well argue that there's smart hard-working people
that will solve those problems before they hit us.

It is true that the more distant the future you're trying to predict
is, the more difficult it is to predict it, but any threshold that
separates "relevant worries" from "too far in the future to worry
about it" will always be arbitrary.
Fortunately we don't need to all share the same time horizon for what
is worrying and what is not.
What we need is a clear criterion for what is acceptable for a
hardfork and a general plan to deploy them:

-Do all the hardfork changes need to be uncontroversial? How do we
define uncontroversial?
-Should we maintain and test implementation of hardfork whises that
seem too small to justify a hardfork on their own (ie time travel fix,
allowing to sign inputs values...) to also deploy them at the same
time that other more necessary hardforks?

I agree that hardforks shouldn't be impossible and in that sense I'm
glad that you started the hardfork debate, but I believe we should be
focusing on that debate rather than the block size one.
Once we have a clear criteria, hopefully the block size debate should
become less noisy and more productive.
Aaron Voisine
2015-05-14 00:48:41 UTC
Permalink
Post by Jorge Timón
increasing the block size is simply not a solution, it's just kicking
the can down the road (while reducing the incentives to deploy real
solutions like payment channels).
Placing hard limits on blocksize is not the right solution. There are still
plenty of options to be explored to increase fees, resulting in users
voluntarily economizing on block space. It's premature to resort to
destroying the reliability of propagated transaction getting into blocks.

Child-pays-for-parent is useful, but requires the recipient to spend inputs
upon receipt, consuming even more block space. Replace-by-fee may also
help, but users won't know the fee they are getting charged until after the
fact, and it will make worse all the problems that tx malleability causes
today.

We have $3billion plus of value in this system to defend. The safe,
conservative course is to increase the block size. Miners already have an
incentive to find ways to encourage higher fees and we can help them with
standard recommended propagation rules and hybrid priority/fee transaction
selection for blocks that increases confirmation delays for low fee
transactions.

Aaron Voisine
co-founder and CEO
breadwallet.com
Post by Jorge Timón
Post by Gavin Andresen
I think long-term the chain will not be secured purely by proof-of-work.
I
Post by Gavin Andresen
think when the Bitcoin network was tiny running solely on people's home
computers proof-of-work was the right way to secure the chain, and the
only
Post by Gavin Andresen
fair way to both secure the chain and distribute the coins.
See https://gist.github.com/gavinandresen/630d4a6c24ac6144482a for some
half-baked thoughts along those lines. I don't think proof-of-work is the
last word in distributed consensus (I also don't think any alternatives
are
Post by Gavin Andresen
anywhere near ready to deploy, but they might be in ten years).
Or never, nobody knows at this point.
Post by Gavin Andresen
I also think it is premature to worry about what will happen in twenty or
thirty years when the block subsidy is insignificant. A lot will happen
in
Post by Gavin Andresen
the next twenty years. I could spin a vision of what will secure the
chain
Post by Gavin Andresen
in twenty years, but I'd put a low probability on that vision actually
turning out to be correct.
I think is very healthy to worry about that since we know it's
something that will happen.
The system should work without subsidies.
Post by Gavin Andresen
That is why I keep saying Bitcoin is an experiment. But I also believe
that
Post by Gavin Andresen
the incentives are correct, and there are a lot of very motivated, smart,
hard-working people who will make it work. When you're talking about
trying
Post by Gavin Andresen
to predict what will happen decades from now, I think that is the best
you
Post by Gavin Andresen
can (honestly) do.
Lightning payment channels may be a new idea, but payment channels are
not, and nobody is using them.
They are the best solution to scalability we have right now,
increasing the block size is simply not a solution, it's just kicking
the can down the road (while reducing the incentives to deploy real
solutions like payment channels).
Not worrying about 10 years in the future but asking people to trust
estimates and speculations about how everything will burn in 2 years
if we don't act right now seems pretty arbitrary to me.
One could just as well argue that there's smart hard-working people
that will solve those problems before they hit us.
It is true that the more distant the future you're trying to predict
is, the more difficult it is to predict it, but any threshold that
separates "relevant worries" from "too far in the future to worry
about it" will always be arbitrary.
Fortunately we don't need to all share the same time horizon for what
is worrying and what is not.
What we need is a clear criterion for what is acceptable for a
-Do all the hardfork changes need to be uncontroversial? How do we
define uncontroversial?
-Should we maintain and test implementation of hardfork whises that
seem too small to justify a hardfork on their own (ie time travel fix,
allowing to sign inputs values...) to also deploy them at the same
time that other more necessary hardforks?
I agree that hardforks shouldn't be impossible and in that sense I'm
glad that you started the hardfork debate, but I believe we should be
focusing on that debate rather than the block size one.
Once we have a clear criteria, hopefully the block size debate should
become less noisy and more productive.
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Bitcoin-development mailing list
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Pieter Wuille
2015-05-14 00:58:28 UTC
Permalink
Post by Aaron Voisine
We have $3billion plus of value in this system to defend. The safe,
conservative course is to increase the block size. Miners already have an
incentive to find ways to encourage higher fees and we can help them with
standard recommended propagation rules and hybrid priority/fee transaction
selection for blocks that increases confirmation delays for low fee
transactions.
You may find that the most economical solution, but I can't understand how
you can call it conservative.

Suggesting a hard fork is betting the survival of the entire ecosystem on
the bet that everyone will agree with and upgrade to new suggested software
before a flag date.
--
Pieter
Aaron Voisine
2015-05-14 01:13:14 UTC
Permalink
Conservative is a relative term. Dropping transactions in a way that is
unpredictable to the sender sounds incredibly drastic to me. I'm suggesting
increasing the blocksize, drastic as it is, is the more conservative
choice. I would recommend that the fork take effect when some specific
large supermajority of the pervious 1000 blocks indicate they have
upgraded, as a safer alternative to a simple flag date, but I'm sure I
wouldn't have to point out that option to people here.


Aaron Voisine
co-founder and CEO
breadwallet.com
Post by Pieter Wuille
Post by Aaron Voisine
We have $3billion plus of value in this system to defend. The safe,
conservative course is to increase the block size. Miners already have an
incentive to find ways to encourage higher fees and we can help them with
standard recommended propagation rules and hybrid priority/fee transaction
selection for blocks that increases confirmation delays for low fee
transactions.
You may find that the most economical solution, but I can't understand how
you can call it conservative.
Suggesting a hard fork is betting the survival of the entire ecosystem on
the bet that everyone will agree with and upgrade to new suggested software
before a flag date.
--
Pieter
Pieter Wuille
2015-05-14 01:19:45 UTC
Permalink
Post by Aaron Voisine
Conservative is a relative term. Dropping transactions in a way that is
unpredictable to the sender sounds incredibly drastic to me. I'm suggesting
increasing the blocksize, drastic as it is, is the more conservative choice.
Transactions are already being dropped, in a more indirect way: by people
and businesses deciding to not use on-chain settlement. That is very sad,
but it's completely inevitable that there is space for some use cases and
not for others (at whatever block size). It's only a "things don't fit
anymore" when you see on-chain transactions as the only means for doing
payments, and that is already not the case. Increasing the block size
allows for more utility on-chain, but it does not fundamentally add more
use cases - only more growth space for people already invested in being
able to do things on-chain while externalizing the costs to others.
Post by Aaron Voisine
I would recommend that the fork take effect when some specific large
supermajority of the pervious 1000 blocks indicate they have upgraded, as a
safer alternative to a simple flag date, but I'm sure I wouldn't have to
point out that option to people here.
That only measures miner adoption, which is the least relevant. The
question is whether people using full nodes will upgrade. If they do, then
miners are forced to upgrade too, or become irrelevant. If they don't, the
upgrade is risky with or without miner adoption.
--
Pieter
Aaron Voisine
2015-05-14 01:31:56 UTC
Permalink
by people and businesses deciding to not use on-chain settlement.
I completely agree. Increasing fees will cause people voluntary economize
on blockspace by finding alternatives, i.e. not bitcoin. A fee however is a
known, upfront cost... unpredictable transaction failure in most cases will
be a far higher, unacceptable cost to the user than the actual fee. The
higher the costs of using the system, the lower the adoption as a
store-of-value. The lower the adoption as store-of-value, the lower the
price, and the lower the value of bitcoin to the world.
That only measures miner adoption, which is the least relevant.
I concede the point. Perhaps a flag date based on previous observation of
network upgrade rates with a conservative additional margin in addition to
supermajority of mining power.


Aaron Voisine
co-founder and CEO
breadwallet.com
Post by Aaron Voisine
Conservative is a relative term. Dropping transactions in a way that is
unpredictable to the sender sounds incredibly drastic to me. I'm suggesting
increasing the blocksize, drastic as it is, is the more conservative choice.
Transactions are already being dropped, in a more indirect way: by people
and businesses deciding to not use on-chain settlement. That is very sad,
but it's completely inevitable that there is space for some use cases and
not for others (at whatever block size). It's only a "things don't fit
anymore" when you see on-chain transactions as the only means for doing
payments, and that is already not the case. Increasing the block size
allows for more utility on-chain, but it does not fundamentally add more
use cases - only more growth space for people already invested in being
able to do things on-chain while externalizing the costs to others.
Post by Aaron Voisine
I would recommend that the fork take effect when some specific large
supermajority of the pervious 1000 blocks indicate they have upgraded, as a
safer alternative to a simple flag date, but I'm sure I wouldn't have to
point out that option to people here.
That only measures miner adoption, which is the least relevant. The
question is whether people using full nodes will upgrade. If they do, then
miners are forced to upgrade too, or become irrelevant. If they don't, the
upgrade is risky with or without miner adoption.
--
Pieter
Aaron Voisine
2015-05-14 02:34:29 UTC
Permalink
Post by Aaron Voisine
I concede the point. Perhaps a flag date based on previous observation of
network upgrade rates with a conservative additional margin in addition to
supermajority of mining power.

It occurs to me that this would allow for a relatively small percentage of
miners to stop the upgrade if the flag date turns out to be poorly chosen
and a large number of non-mining nodes haven't upgraded yet. Would be a
nice safety fallback.


Aaron Voisine
co-founder and CEO
breadwallet.com
Post by Aaron Voisine
by people and businesses deciding to not use on-chain settlement.
I completely agree. Increasing fees will cause people voluntary economize
on blockspace by finding alternatives, i.e. not bitcoin. A fee however is a
known, upfront cost... unpredictable transaction failure in most cases will
be a far higher, unacceptable cost to the user than the actual fee. The
higher the costs of using the system, the lower the adoption as a
store-of-value. The lower the adoption as store-of-value, the lower the
price, and the lower the value of bitcoin to the world.
That only measures miner adoption, which is the least relevant.
I concede the point. Perhaps a flag date based on previous observation of
network upgrade rates with a conservative additional margin in addition to
supermajority of mining power.
Aaron Voisine
co-founder and CEO
breadwallet.com
Post by Aaron Voisine
Conservative is a relative term. Dropping transactions in a way that is
unpredictable to the sender sounds incredibly drastic to me. I'm suggesting
increasing the blocksize, drastic as it is, is the more conservative choice.
Transactions are already being dropped, in a more indirect way: by people
and businesses deciding to not use on-chain settlement. That is very sad,
but it's completely inevitable that there is space for some use cases and
not for others (at whatever block size). It's only a "things don't fit
anymore" when you see on-chain transactions as the only means for doing
payments, and that is already not the case. Increasing the block size
allows for more utility on-chain, but it does not fundamentally add more
use cases - only more growth space for people already invested in being
able to do things on-chain while externalizing the costs to others.
Post by Aaron Voisine
I would recommend that the fork take effect when some specific large
supermajority of the pervious 1000 blocks indicate they have upgraded, as a
safer alternative to a simple flag date, but I'm sure I wouldn't have to
point out that option to people here.
That only measures miner adoption, which is the least relevant. The
question is whether people using full nodes will upgrade. If they do, then
miners are forced to upgrade too, or become irrelevant. If they don't, the
upgrade is risky with or without miner adoption.
--
Pieter
Owen Gunden
2015-05-16 20:35:05 UTC
Permalink
Post by Aaron Voisine
by people and businesses deciding to not use on-chain settlement.
I completely agree. Increasing fees will cause people voluntary
economize on blockspace by finding alternatives, i.e. not bitcoin.
This strikes me as a leap. There are alternatives that still use bitcoin
as the unit of value, such as sidechains, offchain, etc. To say that
these are "not bitcoin" is misleading.
Post by Aaron Voisine
A fee however is a known, upfront cost... unpredictable transaction failure in
most cases will be a far higher, unacceptable cost to the user than the
actual fee.
Are we sure that raising the block size is the only way to avoid
"unpredictable transaction failure"? If so, and it's as bad as you say
it is, aren't we screwed anyway when we inevitably start hitting the cap
(even if it's raised 10x or 20x)? And if that's the case, then don't we
do a disservice to users by continuing to pretend that we can make this
problem go away?
Post by Aaron Voisine
The higher the costs of using the system, the lower the
adoption as a store-of-value.
On what do you base this? Gold has a very high cost of using (storage,
transport) and yet is perhaps the most widely accepted store of value.
Tom Harding
2015-05-16 22:18:59 UTC
Permalink
There are alternatives that still use bitcoin as the unit of value,
such as sidechains, offchain, etc. To say that these are "not bitcoin"
is misleading.
Is it? Nobody thinks "euro accepted" implies Visa is ok, even though
Visa is just a bunch of extra protocol surrounding an eventual bank deposit.
Aaron Voisine
2015-05-17 01:08:16 UTC
Permalink
Post by Owen Gunden
This strikes me as a leap. There are alternatives that still use bitcoin
as the unit of value, such as sidechains, offchain, etc. To say that
these are "not bitcoin" is misleading.
The only options available today and in the near future that I'm aware of
are of the centralized custody variety, which is pretty bad in my opinion,
but your point is taken.
Post by Owen Gunden
Are we sure that raising the block size is the only way to avoid
"unpredictable transaction failure"? If so, and it's as bad as you say
it is, aren't we screwed anyway when we inevitably start hitting the cap
(even if it's raised 10x or 20x)? And if that's the case, then don't we
do a disservice to users by continuing to pretend that we can make this
problem go away?
When we start bumping up against the block size limit, the transactions at
the margins will experience failure in a way that will be unpredictable to
current wallet software. We can slow blockchain growth by increasing fees
alone, without introducing the additional cost of unpredictability around
confirmation failure, which when it comes down to it is just another
(extreme) way to keep usage low. Instead of fees and unpredictable
confirmation, why not just have fees alone. A single, upfront, known cost.
Post by Owen Gunden
On what do you base this? Gold has a very high cost of using (storage,
transport) and yet is perhaps the most widely accepted store of value.
I would argue that the reason gold is not the one world global currency
that it once was is because of those costs. That's why people shifted over
time to gold backed bank notes and eventually fiat.
Damian Gomez
2015-05-13 17:49:04 UTC
Permalink
This post might be inappropriate. Click to display it.
Melvin Carvalho
2015-05-14 00:44:01 UTC
Permalink
Post by Thomas Voegtlin
The discussion on block size increase has brought some attention to the
other elephant in the room: Long-term mining incentives.
Bitcoin derives its current market value from the assumption that a
stable, steady-state regime will be reached in the future, where miners
have an incentive to keep mining to protect the network. Such a steady
state regime does not exist today, because miners get most of their
reward from the block subsidy, which will progressively be removed.
Thus, today's 3 billion USD question is the following: Will a steady
state regime be reached in the future? Can such a regime exist? What are
the necessary conditions for its existence?
Satoshi's paper suggests that this may be achieved through miner fees.
Quite a few people seem to take this for granted, and are working to
make it happen (developing cpfp and replace-by-fee). This explains part
of the opposition to raising the block size limit; some people would
like to see some fee pressure building up first, in order to get closer
to a regime where miners are incentivised by transaction fees instead of
block subsidy. Indeed, the emergence of a working fee market would be
extremely reassuring for the long-term viability of bitcoin. So, the
thinking goes, by raising the block size limit, we would be postponing a
crucial reality check. We would be buying time, at the expenses of
Bitcoin's decentralization.
OTOH, proponents of a block size increase have a very good point: if the
block size is not raised soon, Bitcoin is going to enter a new, unknown
and potentially harmful regime. In the current regime, almost all
transaction get confirmed quickly, and fee pressure does not exist. Mike
Hearn suggested that, when blocks reach full capacity and users start to
experience confirmation delays and confirmation uncertainty, users will
simply go away and stop using Bitcoin. To me, that outcome sounds very
plausible indeed. Thus, proponents of the block size increase are
conservative; they are trying to preserve the current regime, which is
known to work, instead of letting the network enter uncharted territory.
My problem is that this seems to lacks a vision. If the maximal block
size is increased only to buy time, or because some people think that 7
tps is not enough to compete with VISA, then I guess it would be
healthier to try and develop off-chain infrastructure first, such as the
Lightning network.
OTOH, I also fail to see evidence that a limited block capacity will
lead to a functional fee market, able to sustain a steady state. A
functional market requires well-informed participants who make rational
choices and accept the outcomes of their choices. That is not the case
today, and to believe that it will magically happen because blocks start
to reach full capacity sounds a lot like like wishful thinking.
So here is my question, to both proponents and opponents of a block size
increase: What steady-state regime do you envision for Bitcoin, and what
is is your plan to get there? More specifically, how will the
steady-state regime look like? Will users experience fee pressure and
delays, or will it look more like a scaled up version of what we enjoy
today? Should fee pressure be increased jointly with subsidy decrease,
or as soon as possible, or never? What incentives will exist for miners
once the subsidy is gone? Will miners have an incentive to permanently
fork off the last block and capture its fees? Do you expect Bitcoin to
work because miners are altruistic/selfish/honest/caring?
A clear vision would be welcome.
I am guided here by Satoshi's paper:

"Commerce on the Internet has come to rely almost exclusively on financial
institutions serving as trusted third parties to process electronic
payments. While the system works well enough for *most transactions*"

This suggests to me that most tx will occur off-block with the block chain
used for settlement. Indeed Satoshi was working on a trust based market
before he left.

If commerce works well enough off-block with zero trust settlement
supporting it, people might even forget that the block chain exists, like
with gold settlement. But it can be used for transactions. To this end I
welcome higher fees, so that the block chain becomes the reserve currency
of the internet and is used sparingly.

But as Gavin pointed out, bitcoin is still an experiment and we are all
still learning. We are also learning from alt coin mechanisms. I am
unsure there is huge urgency here, and would lean towards caution as
bitcoin infrastructure rapidly grows.
Post by Thomas Voegtlin
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Bitcoin-development mailing list
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Michael Jensen
2015-05-18 02:29:57 UTC
Permalink
I think the basic reality is that a) an arbitrarily elevated level of
hashing is fundamental to a truly decentralised, autonomous network,
and is an essential cost to maintaining Bitcoin, b) there are no signs
that this fact will change, c) there must be some replacement to the
current system of incentivisation through debasement (inflation).

Arguments about limiting block size versus setting minimum fees are
confused because ultimately both mechanisms should ideally achieve the
same outcome: a market price for transactions which means that a) not
everyone who would make a TX if TXs were unpriced does so (reduced
number of TXs) and b) the market price is used to fund hashing. This
is just the nature of prices, it always reduces effective demand, but
without prices supply must collapse and the market must fail.

Regardless, if every time the network gets close to reaching the block
size limit the development community gets scared and raises the limit,
then such a limit will never be an effective tool for setting a market
price. Personally I think trying to artificially limit supply to
create a price for transactions is a needlessly complicated way of
trying to achieve this goal. I think minimum fees for transactions is
a better, simpler option.

I would go a step further and say that the development community will
struggle forever if it tries to play the role of the centralised
economic planner in setting prices for network services. The community
should look at more dynamic ways to let network users express their
preferences for security and their willingness to pay for it. I've
written on the issue -
https://medium.com/@mike0/securing-bitcoin-5-determing-an-optimal-funding-level-9873fa1322a7

As far as the argument that fees will drive people away from Bitcoin,
I can't believe that. Everything we desire has to be paid for somehow.
People will accept a fee for making Bitcoin transactions if Bitcoin as
a result is a stable, useful service. Bitcoin as both a currency and
as a transaction network has strong network effects, so, ignoring
sidechains, it's highly unrealistic that a mandatory fee will drive
people away from Bitcoin when the alternatives are dubious knock-offs
with no network effect, and fiat, which is even worse in regards to
the hidden and malignant costs it exacts.
Mike Hearn
2015-05-25 18:31:12 UTC
Permalink
Hi Thomas,

My problem is that this seems to lacks a vision.
Are you aware of my proposal for network assurance contracts?

There is a discussion here:


https://www.mail-archive.com/bitcoin-***@lists.sourceforge.net/msg07552.html

But I agree with Gavin that attempting to plan for 20 years from now is
ambitious at best. Bitcoin might not even exist 20 years from now, or might
be an abandoned backwater a la USENET.
Thomas Voegtlin
2015-05-26 18:47:15 UTC
Permalink
Hello Mike,
Post by Mike Hearn
Are you aware of my proposal for network assurance contracts?
Yes I am aware of that; sorry for not mentioning it. I think it is an
interesting proposal, but I would not rely on it today, because it
includes a large share of unproven social experiment.

(Bitcoin too is a social experiment, but so far it has been working)
Post by Mike Hearn
But I agree with Gavin that attempting to plan for 20 years from now is
ambitious at best. Bitcoin might not even exist 20 years from now, or might
be an abandoned backwater a la USENET.
I agree with that, but I don't think it can be used as a way to justify
how decisions are made today.

The opposition to block size increase comes from two things:
(1) The perceived risk of increased centralization.
(2) Long-term considerations on the need for fee pressure.

I believe you and Gavin have properly addressed (1). Concerning (2), I
think the belief that miners can eventually be funded by a fee market is
wishful thinking. Thus, I am not against the proposed block size increase.

However, the issue of long-term mining incentives remains. So far, the
only proven method to incentivize mining has been direct block reward.

The easiest solution to ensure long-term viability of Bitcoin would be
to put an end to the original block halving schedule, and to keep the
block reward constant (this is what Monero does, btw). That solution is
inflationary, but in practice, users happen to lose private keys all the
time. The rate of coins loss would eventually converge to whatever rate
of emission is chosen, because the care people take of their coins
depends on their value.

Another solution, that does not break Bitcoin's social contract, would
be to keep the original block halving schedule, but to allow miners to
also redeem lost coins (defined as: coins that have not moved for a
fixed number of years. Some time averaging of the lost coins may be
needed in order to prevent non-productive miner strategies). That
solution would create less uncertainty on the actual money supply, and
better acceptability.

I do not expect such a solution to be adopted before miner incentives
become a problem. Neither am I attempting to predict the future; a
completely different solution might be found before the problem arises,
or Bitcoin might stop to exist for some other reason.

However, if I had to decide today, I would choose such a solution,
instead of relying on completely unproven mechanisms.

More important, since we need to decide about block size today, I want
to make it clear that my support is motivated by that long-term
possibility. I believe that the "we will need fee pressure" argument can
reasonably be dismissed, not because we don't know how Bitcoin will work
in 20 years, but because we know how it works today, and it is not
thanks to fee pressure.

Thomas
Mike Hearn
2015-05-27 21:59:02 UTC
Permalink
I wrote an article that explains the hashing assurance contract concept:

https://medium.com/@octskyward/hashing-7d04a887acc8

(it doesn't contain an in depth protocol description)
Gregory Maxwell
2015-05-27 22:22:48 UTC
Permalink
Post by Mike Hearn
(it doesn't contain an in depth protocol description)
The prior (and seemingly this) assurance contract proposals pay the
miners who mines a chain supportive of your interests and miners whom
mine against your interests identically.

There is already a mechanism built into Bitcoin for paying for
security which doesn't have this problem, and which mitigates the
common action problem of people just sitting around for other people
to pay for security: transaction fees. Fixing the problem with
assurance contracts effectively makes them end up working like
transaction fees in any case. Considering the near-failure in just
keeping development funded, I'm not sure where the believe this this
model will be workable comes from; in particular unlike a lighthouse
(but like development) security is ongoing and not primarily a fixed
one time cost. I note that many existing crowdfunding platforms
(including your own) do not do ongoing costs with this kind of binary
contract.

Also work reminding people that mining per-contract is a long
identified existential risk to Bitcoin which has been seeing more
analysis lately:
http://www.jbonneau.com/doc/BFGKN14-bitcoin_bribery.pdf

------------------------------------------------------------------------------
Mike Hearn
2015-05-28 10:30:55 UTC
Permalink
Post by Gregory Maxwell
The prior (and seemingly this) assurance contract proposals pay the
miners who mines a chain supportive of your interests and miners whom
mine against your interests identically.
The same is true today - via inflation I pay for blocks regardless of
whether they contain or double spend my transactions or not. So I don't see
why it'd be different in future.
Post by Gregory Maxwell
There is already a mechanism built into Bitcoin for paying for
security which doesn't have this problem, and which mitigates the
common action problem of people just sitting around for other people
to pay for security: transaction fees.
The article states quite clearly that assurance contracts are proposed only
if people setting transaction fees themselves doesn't work. There's some
reasonably good arguments that it probably won't work, but I don't assign
very high weight to game theoretic arguments these days so it wouldn't
surprise me if Satoshi's original plan worked out OK too.

Of course, by the time this matters I plan to be sipping a pina colada on
my private retirement beach :) It's a problem the next generation can
tackle, as far as I am concerned.
Post by Gregory Maxwell
Considering the near-failure in just keeping development funded, I'm not
sure where the believe this this model will be workable comes from
Patience :)

Right now it's a lot easier to get development money from VC funds and rich
benefactors than raising it directly from the community, so unsurprisingly
that's what most people do.

Despite that, the Hourglass design document project now has sufficient
pre-pledges that it should be possible to crowdfund it successfully once I
get around to actually doing the work. And BitSquare was able to raise
nearly half of their target despite an incredibly aggressive deadline and
the fact that they hadn't shipped a usable prototype. I think as people get
better at crafting their contracts and people get more experience with
funding work this way, we'll see it get more common.

But yes. Paying for things via assurance contracts is a long term and very
experimental plan, for sure.
Post by Gregory Maxwell
one time cost. I note that many existing crowdfunding platforms
(including your own) do not do ongoing costs with this kind of binary
contract.
Lighthouse wasn't written to do hashing assurance contracts, so no, it
doesn't have such a feature. Perhaps in version 2.

Continue reading on narkive:
Loading...