[math-fun] Digital money
I also perceive the following extremely stupid design flaw in bitcoin. According to the bitcoin paper, you "prove work" by finding x so that hash(x) begins with n zeros in binary, an specifically, you keep incrementing x, starting from a known value x0, until such a new x is found. Flaw: a parallel search using 1000 computers, will find that x 1000 times faster. Better design: if instead of "incrementing" x, i.e. using x0, x1=1+x0, x2=1+x1, x3=1+x2, etc we tried x's in the order x0, x1=F(x0), x2=F(x1), x3=F(x2), etc where F is a strong encryption function, then this search would be inherently serial and not parallelizable. Advantage: The goal is, it is supposed to be "hard" to find the new x. "Hard" should mean "requiring a certain amount of time, no matter how much money you have to buy more parallelism." I repeat: this was an INCREDIBLY stupid design flaw in bitcoin, even assuming we do not debate, and simply accept, their whole design goals. -- Warren D. Smith http://RangeVoting.org <-- add your endorsement (by clicking "endorse" as 1st step)
On 15/07/2014 19:06, Warren D Smith wrote:
Flaw: a parallel search using 1000 computers, will find that x 1000 times faster. ... Advantage: The goal is, it is supposed to be "hard" to find the new x. "Hard" should mean "requiring a certain amount of time, no matter how much money you have to buy more parallelism."
Why "should" it mean that? Why should it not, e.g., mean: If you want to bring bitcoins into being by mining them, then the amount of resource you need to commit is roughly proportional to the amount of bitcoin you will gain ? -- g
This is by design. If you force the serialization of the hashes then they can't be verified quickly. But if you look in parallel for hashes with a given feature then you can verify the work much more quickly than finding it. That is: to 'prove' that I searched about 2^30 hashes it suffices to demonstrate a hash starting with 30 0s, and you can verify this with only one hash application. Charles Greathouse Analyst/Programmer Case Western Reserve University On Tue, Jul 15, 2014 at 2:06 PM, Warren D Smith <warren.wds@gmail.com> wrote:
I also perceive the following extremely stupid design flaw in bitcoin.
According to the bitcoin paper, you "prove work" by finding x so that hash(x) begins with n zeros in binary, an specifically, you keep incrementing x, starting from a known value x0, until such a new x is found.
Flaw: a parallel search using 1000 computers, will find that x 1000 times faster.
Better design: if instead of "incrementing" x, i.e. using x0, x1=1+x0, x2=1+x1, x3=1+x2, etc we tried x's in the order x0, x1=F(x0), x2=F(x1), x3=F(x2), etc where F is a strong encryption function, then this search would be inherently serial and not parallelizable.
Advantage: The goal is, it is supposed to be "hard" to find the new x. "Hard" should mean "requiring a certain amount of time, no matter how much money you have to buy more parallelism."
I repeat: this was an INCREDIBLY stupid design flaw in bitcoin, even assuming we do not debate, and simply accept, their whole design goals.
-- Warren D. Smith http://RangeVoting.org <-- add your endorsement (by clicking "endorse" as 1st step)
_______________________________________________ math-fun mailing list math-fun@mailman.xmission.com https://mailman.xmission.com/cgi-bin/mailman/listinfo/math-fun
Again, Warren, your objection is fellatious. The idea of Bitcoin is that the blocks are essentially assigned in a lottery, where your chance of winning is proportional to your (parallel) processing power. In other words, the entire world is a parallel computer. *** This is a feature, not a flaw. *** Indeed, incrementing x repeatedly is irrelevant; the idea is `try lots and lots of different `x's as quickly as possible'. It just transpires that incrementing a value is a very easy way to do this. With WarrenCoin, however, it is impossible to verify the work without repeating it (how do you know that they have F'd x lots of times, rather than just choosing an x randomly, without F-ing x that many times to verify the work?). Even if we ignore the fact that WarrenCoin is unworkable for that reason, and pretend that it is a perfect system with a non-parallelisable proof- of-work, then there is another obstacle as exemplified by the following hypothetical situation: "Tom Rokicki has the fastest computer in the world, in terms of serial operations. As a result of this, Tom wins every single block without fail (no-one can compete), and therefore has control over WarrenCoin. By comparison, he only has 1% of the world's parallel processing power, so cannot cheat Bitcoin." You clearly have some form of misconception to consider a necessary component of Bitcoin to be an `INCREDIBLY stupid design flaw', and to propose a system which is (a) unworkable and (b) infinitely worse. :) Sincerely, Adam P. Goucher
Sent: Tuesday, July 15, 2014 at 7:06 PM From: "Warren D Smith" <warren.wds@gmail.com> To: math-fun@mailman.xmission.com Subject: [math-fun] Digital money
I also perceive the following extremely stupid design flaw in bitcoin.
According to the bitcoin paper, you "prove work" by finding x so that hash(x) begins with n zeros in binary, an specifically, you keep incrementing x, starting from a known value x0, until such a new x is found.
Flaw: a parallel search using 1000 computers, will find that x 1000 times faster.
Better design: if instead of "incrementing" x, i.e. using x0, x1=1+x0, x2=1+x1, x3=1+x2, etc we tried x's in the order x0, x1=F(x0), x2=F(x1), x3=F(x2), etc where F is a strong encryption function, then this search would be inherently serial and not parallelizable.
Advantage: The goal is, it is supposed to be "hard" to find the new x. "Hard" should mean "requiring a certain amount of time, no matter how much money you have to buy more parallelism."
I repeat: this was an INCREDIBLY stupid design flaw in bitcoin, even assuming we do not debate, and simply accept, their whole design goals.
-- Warren D. Smith http://RangeVoting.org <-- add your endorsement (by clicking "endorse" as 1st step)
_______________________________________________ math-fun mailing list math-fun@mailman.xmission.com https://mailman.xmission.com/cgi-bin/mailman/listinfo/math-fun
Again, Warren, your objection is fellatious.
Are you saying his argument sucks? On Tue, Jul 15, 2014 at 12:01 PM, Adam P. Goucher <apgoucher@gmx.com> wrote:
Again, Warren, your objection is fellatious.
The idea of Bitcoin is that the blocks are essentially assigned in a lottery, where your chance of winning is proportional to your (parallel) processing power. In other words, the entire world is a parallel computer. *** This is a feature, not a flaw. ***
Indeed, incrementing x repeatedly is irrelevant; the idea is `try lots and lots of different `x's as quickly as possible'. It just transpires that incrementing a value is a very easy way to do this.
With WarrenCoin, however, it is impossible to verify the work without repeating it (how do you know that they have F'd x lots of times, rather than just choosing an x randomly, without F-ing x that many times to verify the work?).
Even if we ignore the fact that WarrenCoin is unworkable for that reason, and pretend that it is a perfect system with a non-parallelisable proof- of-work, then there is another obstacle as exemplified by the following hypothetical situation:
"Tom Rokicki has the fastest computer in the world, in terms of serial operations. As a result of this, Tom wins every single block without fail (no-one can compete), and therefore has control over WarrenCoin. By comparison, he only has 1% of the world's parallel processing power, so cannot cheat Bitcoin."
You clearly have some form of misconception to consider a necessary component of Bitcoin to be an `INCREDIBLY stupid design flaw', and to propose a system which is (a) unworkable and (b) infinitely worse. :)
Sincerely,
Adam P. Goucher
Sent: Tuesday, July 15, 2014 at 7:06 PM From: "Warren D Smith" <warren.wds@gmail.com> To: math-fun@mailman.xmission.com Subject: [math-fun] Digital money
I also perceive the following extremely stupid design flaw in bitcoin.
According to the bitcoin paper, you "prove work" by finding x so that hash(x) begins with n zeros in binary, an specifically, you keep incrementing x, starting from a known value x0, until such a new x is found.
Flaw: a parallel search using 1000 computers, will find that x 1000 times faster.
Better design: if instead of "incrementing" x, i.e. using x0, x1=1+x0, x2=1+x1, x3=1+x2, etc we tried x's in the order x0, x1=F(x0), x2=F(x1), x3=F(x2), etc where F is a strong encryption function, then this search would be inherently serial and not parallelizable.
Advantage: The goal is, it is supposed to be "hard" to find the new x. "Hard" should mean "requiring a certain amount of time, no matter how much money you have to buy more parallelism."
I repeat: this was an INCREDIBLY stupid design flaw in bitcoin, even assuming we do not debate, and simply accept, their whole design goals.
-- Warren D. Smith http://RangeVoting.org <-- add your endorsement (by clicking "endorse" as 1st step)
_______________________________________________ math-fun mailing list math-fun@mailman.xmission.com https://mailman.xmission.com/cgi-bin/mailman/listinfo/math-fun
_______________________________________________ math-fun mailing list math-fun@mailman.xmission.com https://mailman.xmission.com/cgi-bin/mailman/listinfo/math-fun
-- -- http://cube20.org/ -- http://golly.sf.net/ --
participants (5)
-
Adam P. Goucher -
Charles Greathouse -
Gareth McCaughan -
Tom Rokicki -
Warren D Smith