I also perceive the following extremely stupid design flaw in bitcoin. According to the bitcoin paper, you "prove work" by finding x so that hash(x) begins with n zeros in binary, an specifically, you keep incrementing x, starting from a known value x0, until such a new x is found. Flaw: a parallel search using 1000 computers, will find that x 1000 times faster. Better design: if instead of "incrementing" x, i.e. using x0, x1=1+x0, x2=1+x1, x3=1+x2, etc we tried x's in the order x0, x1=F(x0), x2=F(x1), x3=F(x2), etc where F is a strong encryption function, then this search would be inherently serial and not parallelizable. Advantage: The goal is, it is supposed to be "hard" to find the new x. "Hard" should mean "requiring a certain amount of time, no matter how much money you have to buy more parallelism." I repeat: this was an INCREDIBLY stupid design flaw in bitcoin, even assuming we do not debate, and simply accept, their whole design goals. -- Warren D. Smith http://RangeVoting.org <-- add your endorsement (by clicking "endorse" as 1st step)