My name is Meni Rosenfeld and I support Bitcoin Core.
Just wanted to say it. Seems important. I am not a Bitcoin Core developer or any kind of developer. I am also not affiliated with Blockstream or received any sort of payment or incentive from them. I did meet several of the people from Blockstream (before it existed) in various conferences, such as Pieter Wuille, Gregory Maxwell and Adam Back, and I think they're all very nice people (earliest was Pieter, whom I've met in Prague in November 2011). For reference, I've met Roger Ver in New York in August 2011, and he also seemed nice. Lest I be suspected of being a random troll paid to feign support for Core... Look me up. I've been involved with Bitcoin since March 2011, most of that time in full capacity. I'm best known for my work on mining pool reward methods, and for my work on promoting Bitcoin in Israel. During this time I've also occasionally posted about how I believe Bitcoin should face its challenges going forward, and notably, my views haven't changed considerably over the years. For example, I support Core's position that scalability should be derived primarily from micropayment-channel-based solutions, and have since 2012 (see https://bitcointalk.org/index.php?topic=91732.0). So I cannot be accused of promoting that view out of some vested interest. I do not condone the moderation policy of /bitcoin which rejects discussions about alternative protocols. I do not believe the conspiracy theory which suggests that Bitcoin Core is interchangeable with Blockstream. I do believe there's room for a modest block size increase, perhaps more so than most of my fellow Core supporters. But I also believe it is important to respect the analysis of technical people who have been with Bitcoin since the beginning - in particular, with respect to the potential danger of hard forks. Despite the drama regarding blocks being full, I have not yet been personally severely affected by the phenomenon. I believe that with the immediate effective block size increase that SegWit offers, coupled with the eventual advent of micropayment-channel-based solutions, I may never have to be. I also believe that if for some reason these solutions fail, we can always reopen the issue and find solutions as the problems become relevant. As such, I cannot understand why anyone in their right minds would oppose Segwit. I believe that Bitcoin Unlimited is dangerous. I believe that even if it works as planned, it gives way too much power to miners, at the expense of other participants in the Bitcoin network. I also believe that it will not work as planned, that it is buggy and exploitable, and that it has not been thoroughly researched and tested, as should fit a change of this magnitude. I believe that the power to change the Bitcoin protocol should, and does, rest in the hands of the economic majority of people who use Bitcoin and give it value. I believe that miners should not and do not have the power to dictate protocol changes unilaterally. I believe that in case of disagreement about changes, the default should be sticking with the current protocol until agreement is reached, rather than rushing into making changes. I believe that if all else fails and the disagreement cannot be reconciled, there should be a responsible split of the network into two, with both sides working to ensure a clean, uneventful split, and both sides respecting each other's right to coexist. I have written a series of blog posts about that last point: How I learned to stop worrying and love the fork I disapprove of Bitcoin splitting, but I’ll defend to the death its right to do it And God said, “Let there be a split!” and there was a split. EDIT: Ok, there have been a lot of comments. Thanks for the lively discussion. But its 3:10 AM here now, I need to sleep and tomorrow I'll probably need to work. I'll try address as much as possible. EDIT 2: Please see my followup comment.
It's time for a break: About the recent mess & temporary new rules
Unfortunately, I was on vacation this weekend, so I was unable to prevent /Bitcoin from becoming messy. Sorry about that. I and other moderators more-or-less cleaned it up. Report anything that we missed. Because people are still probably in a "troll-happy" mood from the lack of moderation, moderation will be increased for a while. Everyone needs some time to calm down. In particular, posts about anything especially emotionally-charged will be deleted unless they introduce some very substantial new ideas about the subject. This includes the max block size debate (any side) and /Bitcoin moderation. Also, people are continuously spamming links to inferior clones of /Bitcoin and the XT subreddit -- these links will be removed and the posters banned unless the links are remarkably appropriate for the given situation. When this sticky is removed, the rules will return to what they were previously. It is possible that some people have been or will be banned too readily due to the increased moderation. If this happens to you, mail /Bitcoin with a justification of your actions, then wait 2 days and mail again if there's no satisfactory response, then wait 4 days, then 8, 16, 32, etc. If your mail to /Bitcoin is too high-volume, we may block all further mail from you, which will make it impossible for your to appeal your ban.
/Bitcoin exists to serve Bitcoin. XT will, if/when its hardfork is activated, diverge from Bitcoin and create a separate network/currency. Therefore, it and services that support it should not be allowed on /Bitcoin. In the extremely unlikely event that the vast majority of the Bitcoin economy switches to XT and there is a strong perception that XT is the true Bitcoin, then the situation will flip and we should allow only submissions related to XT. In that case, the definition of "Bitcoin" will have changed. It doesn't make sense to support two incompatible networks/currencies -- there's only one Bitcoin, and /Bitcoin serves only Bitcoin. If a hardfork has near-unanimous agreement from Bitcoin experts and it's also supported by the vast majority of Bitcoin users and companies, we can predict with high accuracy that this new network/currency will take over the economy and become the new definition of Bitcoin. (Miners don't matter in this, and it's not any sort of vote.) This sort of hardfork can probably be adopted on /Bitcoin as soon as it has been determined that the hardfork is not absolutely against the spirit of Bitcoin (inflating out-of-schedule, for example). For right now, there will always be too much controversy around any hardfork that increases the max block size, but this will probably change as there's more debate and research, and as block space actually becomes more scarce. I could see some kind of increase gaining consensus in as soon as 6 months, though it would have to be much smaller than the increase in XT for ~everyone to agree on it so soon. There's a substantial difference between discussion of a proposed Bitcoin hardfork (which was previously always allowed here, even though I strongly disagree with many things posted) and promoting software that is programmed to diverge into a competing network/currency. The latter is clearly against the established rules of /Bitcoin, and while Bitcoin's technology will continue working fine no matter what people do, even the attempt at splitting Bitcoin up like this will harm the Bitcoin ecosystem and economy.
Why is XT considered an altcoin even though it hasn't broken away from Bitcoin yet?
Because it is intentionally programmed to diverge from Bitcoin, I don't consider it to be important that XT is not distinct from Bitcoin quite yet. If someone created a fork of Bitcoin Core that allowed miners to continue mining 25 BTC per block forever, would that be "Bitcoin" even though it doesn't split from the Bitcoin currency/network quite yet? (I'd say no.)
Can I still talk about hard fork proposals on /Bitcoin?
Right now, not unless you have something really new and substantial to say. After this sticky is removed, it will be OK to discuss any hardfork to Bitcoin, but not any software that hardforks without consensus, since that software is not Bitcoin.
If XT is an altcoin then why aren't sidechains or Lightning altcoins?
/Bitcoin is about the Bitcoin currency and network. Lightning allows you to move the Bitcoin currency. Sidechains are on-topic in general because they are a possibly-useful addition to the Bitcoin network. It is possible that some specific sidechains might not be on-topic -- this isn't clear to me yet. XT is programmed to create a separate currency and network, so it is not Bitcoin.
How do you know that there is no consensus?
Consensus is a high bar. It is not the same as a majority. In general, consensus means that there is near-unanimity. In the very particular case of a hardfork, "consensus" means "there is no noticeable probability that the hardfork will cause the Bitcoin economy to split into two or more non-negligible pieces". I know almost for certain that there is no consensus to the change in XT because Bitcoin core developers Wladamir, Greg, and Pieter are opposed to it. That's enough to block consensus. And it works both ways: if Gavin and Mike are strongly opposed to Pieter's BIP, then this will also block consensus on that BIP. Other than the core devs, big Bitcoin companies (especially Coinbase, BitPay, and exchanges) could block consensus, as could large groups of average users who are collectively capable of making reasonable arguments and exerting economic force (probably not just random unknown people complaining about nothing). Even though consensus is such a high bar, I think that in practice any hardfork that gets consensus among the Bitcoin Core devs and makes it into Bitcoin Core has a good chance of succeeding. But again, the developers would just be spearheading the effort, and many others could block them if necessary.
But with such a high bar, 8 MB blocks will be impossible!
If consensus can never be reached on one particular hardfork proposal, then the hardfork should never occur. Just because you want something doesn't mean that it's ever reasonable for you to hijack Bitcoin from the people who don't want it, even if your side is the majority (which it isn't in this case). This isn't some democratic country where you can always get your way with sufficient politicking. Get consensus, live without the change, or create your own altcoin. Hard forks are supposed to be hard. While some hard forks will probably be necessary in the long run, these hard forks will need to have consensus and be done properly or Bitcoin will die due to the economy being constantly shattered into several pieces, or as a side-effect of forcing through technically unsound changes that the majority of experts disagree with (like XT's 8MB block size).
Don't most experts want 8 MB blocks soon?
Not by any reasonable idea of "most experts" I can think of. For example, among people with expert flair on /Bitcoin, AFAIK any large near-term increase is opposed by nullc, petertodd, TheBlueMatt, luke-jr, pwuille, adam3us, maaku7, and laanwj. A large near-term increase is supported by gavinandresen, jgarzik, mike_hearn, and MeniRosenfeld. (Those 12 people are everyone with expert flair.) I've heard concerns that some experts who oppose any large near-term increase have conflicts of interest. But many of them have been expressing the same concerns for years, so it's unlikely that any recent possible conflict of interest is influencing them. Also, if they believed that increasing the max block size would help Bitcoin as a whole, what reason would they have to prevent this? I don't see the incentive. We don't need to trust the above list of experts, of course. But I for one have found the conservative position's arguments to be much more convincing than the huge-increase position's arguments. It's not reasonable to say, "You know a lot more than I do, and I don't see any fault in your arguments, but you must be trying to trick me due to this potential conflict of interest, so I'm going to ignore you."
Who are you working for?
I am not an employee of anyone but myself. As far as I know my only incentives for engaging in this policy are to make Bitcoin as strong as possible for ideological reasons, and in the long-term to increase the Bitcoin price. When I make policies, I do so because I believe that they are right. I am not being paid for my work on /Bitcoin or for creating certain policies. It would have been far easier for me to simply allow XT. If I was a politician or a business, I probably would have bowed to community demands already. And on several occasions I have very seriously considered the possibility that I could be wrong here and the community right. But in the end I just don't see any way to both reasonably and consistently deal with XT and cases similar to XT except to ban them on /Bitcoin. Additionally, I am further motivated by my knowledge that a "hostile hardfork" like the one in XT is very harmful for Bitcoin no matter what the change entails, and that the change in XT is in fact amazingly bad.
See my previous posts on this subject and the discussion in their child comments. Keep in mind that my comments are often downvoted to the point of being hidden by default.
Also, someone who could be Satoshi posted here. This email address was actually used by Satoshi before he left, and the email apparently did come from that email address legitimately (not a spoof). Whether he's actually Satoshi or not, I agree with what he's saying.
Just because many people want something doesn't make it right. There is example after example of this in history. You might reasonably believe that democracy is the best we can do in government (though I disagree), but it's not the best we can do with private and independent forums on the free market. If you disagree with /Bitcoin policy, you can do one of these things:
Try to convince us moderators that we are wrong. We have thought about these issues very deeply already, so just stating your opinion is insufficient. You need to make an argument from existing policy, from an ethical axiom which we might accept, or from utilitarianism.
Move to a different subreddit.
Accept /Bitcoin's policies even though you don't agree with them. Maybe post things that are counter to our policies in a different subreddit.
Do not violate our rules just because you disagree with them. This will get you banned from /Bitcoin, and evading this ban will get you (and maybe your IP) banned from Reddit entirely. If 90% of /Bitcoin users find these policies to be intolerable, then I want these 90% of /Bitcoin users to leave. Both /Bitcoin and these people will be happier for it. I do not want these people to make threads breaking the rules, demanding change, asking for upvotes, making personal attacks against moderators, etc. Without some real argument, you're not going to convince anyone with any brains -- you're just wasting your time and ours. The temporary rules against blocksize and moderation discussion are in part designed to encourage people who should leave /Bitcoin to actually do so so that /Bitcoin can get back to the business of discussing Bitcoin news in peace. The purpose of moderation is to make the community a good one, which sometimes includes causing people to leave.
You can post comments about moderation policy here, but nowhere else.
Most alt-coins are NOT secure enough, they exist only for entertainment and speculation
(I believe this needs to be posted to /bitcoin as Bitcoin users/enthusiasts need to know the difference between Bitcoin and other cryptocurrencies. About author: I'm subscribed to /bitcoin since 2011, and have been involved in cryptocurrency security research for several years.) Let's talk about security aspect of cryptocurrencies. I'm afraid an average user knows very little about this topic: he might know that hashrate is needed to protect the blockchain, and that higher hashrate is better, as it implies that attacker needs to spend more to get control of the blockchain. But there is a plenty of other kinds of attacks (or, rather, economic models of attacks), some of which have much higher practical significance. Let's start with something simple: there is a straightforward and rigorous model of double-spending attack under condition that attacker has a fraction of total network's hashrate. I highly recommend Meni Rosenfeld's Analysis of hashrate-based double-spending paper (PDF). The main takeaway from this paper is that "maximal safe transaction value" is directly proportional to block reward (i.e. amount of coins miners get for each block). It is easy to understand this intuitively: bigger reward means that miners get more money from normal mining, so they will be reluctant to try double-spending attacks. On the other hand, if block reward was negligible, double-spending could be a lucrative source of revenue. Let's look at numbers: if attacker controls 26% of hashrate and number of confirmations is 6, maximal safe transaction value is 1113 BTC when block reward is 25 BTC. This is pretty cool: you only need to wait 1 hour to make sure you irreversibly received half million USD worth of bitcoins (I assume exchange rate of $450 for 1 Bitcoin). However, situation is pretty different for alt-coins which have much less valuable block rewards. For example, imagine there is a Foocoin with exchange rate of $1 for 1 Foocoin. If Foocoin's block reward is also 25 foocoins, then max save transaction value for 6 confirmations is only $1113 USD worth of Foocoins. It doesn't look like Foocoin is suitable for commerce, does it? One could say that Foocoin simply requires larger number of confirmations for larger transactions. But that's wrong: higher number of confirmations helps only under condition that attacker is unable to obtain more than 50% of total hashrate, but for most alt-coins it isn't true. First of all, let's note that so-called miners simply rent their equipment to "mining pool operators" and are paid in crypto-currency for it. In many cases they don't even care what cryptocurrency they mine as long as they are being paid. See Middlecoin:
This pool automatically mines the most profitable scrypt coin, automatically exchanges those coins for bitcoins, and pays out entirely in bitcoins.
So, miners who mine using Middlecoin do not know if their equipment is being used to mine Litecoins or Dogecoins or something else. And they wouldn't care if it is used for attacks on alt-coins, as they are being paid in bitcoins. Let's consider a scenario where Middlecoin-like pool has higher hashrate than Foocoin, e.g. Middlecoin (not Middlecoin specifically, but any pool like that) has 20 GH/s, while Foocoin has 10 GH/s. Here's how one can profit from it:
Buy $1M worth of Foocoins, get them into your wallet.
Make an agreement with Middlecoin: you rent they hashrate for a couple of hours, paying them in bitcoin, slightly above what most profitable alt-coin yields.
Send your foocoins to exchange Bar.
Start mining a private chain which has a double-spend transaction which sends coins to exchange Baz.
After your transaction gets 10 confirmations on the normal chain, convert foocoins to bitcoins on Bar and withdraw them immediately.
After withdrawal transaction is confirmed on Bitcoin network (and thus cannot be reversed), you release the private chain you have mined, causing reorganization. You should have mined 20 blocks by then under if Middlecoin has hashrate which is twice higher than normal Foocoin's hashrate.
Your deposit to exchange Baz is now confirmed, converl your foocoins to bitcoins again, and withdraw immediately.
A day later 20 blocks you have mined will get mature, and you'll be able to sell them too.
If Foocoin price doesn't change in process, you can get approximately $1M profit on this attack, as cost of renting a mining pool is approximately equal to value of mined blocks. In practice, you'll lose some money due to lack of liquidity on exchanges, so profit will be less than $1M. The conclusion we get from this analysis is that alt-coins which have only a small fraction of total hashrate for a certain mining algorithm are extremely non-secure. And they cannot grow big: as soon as exchanges will have enough liquidity, it will be possible to perform the attack I described, which will result in the price drop. So almost all alt-coins are simply not suitable for any kind of "real economy" applications. They are doomed to have high volatility, shallow markets, low "max safe transaction value". One can't deny the fact that it is possible to make money on alt-coins. But that's just gambling. And people who create new alt-coins are in same position as people who build casinos. It is a business, but it is the entertainment sector, not in 'real economy' or 'financial' sectors as some people are trying to pretend. Bitcoin is one of few cryptocurrencies which are actually serious. It isn't perfect, but attacking Bitcoin is very hard, so transactions worth millions of dollars can be confirmed in matter of hours. Same cannot be said about alt-coins, and this situation won't change unless new cryptocurrency designs will be found. If there is an alt-coin which is more-or-less secure, it is probably Litecoin. Its hashrate is a significant fraction of total scrypt hashrate, so attacking Litecoin is hard. Interestingly, at some point Dogecoin's hashrate was higher than Litecoin's but it dropped after block reward have dropped. So, again, block reward is important for security. This has dire implications for alt-coins which have short block reward schedules. If all coins will be mined in two years, this mean that alt-coin will be dead in two years. (It's worth noting that same problem might affect Bitcoin in future, like in 10 years or so.) Now there is a question: Is there a way to make multiple currencies all of which will be secure? Probably. There are several approaches:
Merged mining: The idea is that Bitcoin's proof-of-work can be re-used to mine alt-chains. This makes attacks harder, but hashrate-based double-spending considerations are still applicable, so safety can't be guaranteed... They will be safe only if miners are benevolent.
Side-chains: This needs more research, but it looks like high degree of security is possible as long as you don't care about SPV.
Proof-of-stake and PoW/PoS hybrid: Needs more research, there is some hope. Note that Peercoin's PoS is pretty bad.
Multiple cryptocurrencies in the same blockchain (e.g. colored coins, Mastercoin, Counterparty, Ethereum, Ripple, etc.) will all be equally secure, so I believe this is what we should do instead of spawning a shitload of alt-coins.
Abstract Blockchain systems are designed to produce blocks at a constant average rate. The most popular systems currently employ a Proof of Work (PoW) algorithm as a means of creating these blocks. Bitcoin produces, on average, one block every 10 minutes. An unfortunate limitation of all deployed PoW blockchain systems is that the time between blocks has high variance. For example, 5% of the time, Bitcoin's inter-block time is at least 40 minutes. This variance impedes the consistent flow of validated transactions through the system. We propose an alternative process for PoW-based block discovery that results in an inter-block time with significantly lower variance. Our algorithm, called Bobtail, generalizes the current algorithm by comparing the mean of the k lowest order statistics to a target. We show that the variance of inter-block times decreases as k increases. If our approach were applied to Bitcoin, about 80% of blocks would be found within 7 to 12 minutes, and nearly every block would be found within 5 to 18 minutes; the average inter-block time would remain at 10 minutes. Further, we show that low-variance mining significantly thwarts doublespend and selfish mining attacks. For Bitcoin and Ethereum currently (k=1), an attacker with 40% of the mining power will succeed with 30% probability when the merchant sets up an embargo of 8 blocks; however, when k>=20, the probability of success falls to less than 1%. Similarly, for Bitcoin and Ethereum currently, a selfish miner with 40% of the mining power will claim about 66% of blocks; however, when k>=5, the same miner will find that selfish mining is less successful than honest mining. The cost of our approach is a larger block header. References  Bitcoin cash. https://www.bitcoincash.org/.  Litecoin. https://litecoin.org/.  Ethash. https://github.com/ethereum/wiki/wiki/Ethash, Aug 3 2017.  Martin Abadi, Mike Burrows, Mark Manasse, and Ted Wobber. Moderately hard, memory-bound functions. ACM Trans. Internet Technol., 5(2):299–327, May 2005.  Tuomas Aura, Pekka Nikander, and Jussipekka Leiwo. Dos-resistant authentication with client puzzles. In Revised Papers from the 8th International Workshop on Security Protocols, pages 170–177, 2001.  Adam Back. Hashcash - Amortizable Publicly Auditable CostFunctions, 2002.  Iddo Bentov, Ariel Gabizon, and Alex Mizrahi. Cryptocurrencies without proof of work. In International Conference on Financial Cryptography and Data Security, pages 142–157. Springer, 2016.  Iddo Bentov, Charles Lee, Alex Mizrahi, and Meni Rosenfeld. Proof of Activity: Extending Bitcoin’s Proof of Work via Proof of Stake [Extended Abstract] y. ACM SIGMETRICS Performance Evaluation Review, 42(3):34–37, 2014.  Bobtails. https://en.wikipedia.org/wiki/Natural_bobtail.  Xavier Boyen, Christopher Carr, and Thomas Haines. BlockchainFree Cryptocurrencies: A Framework for Truly Decentralised Fast Transactions. Cryptology ePrint Archive, Report 2016/871, Sept 2016. http://eprint.iacr.org/2016/871.  George Casella and Roger L. Berger. Statistical inference. Brooks Cole, Pacific Grove, CA, 2002.  Liqun Chen and Wenbo Mao. An auditable metering scheme for web advertisement applications. Information Security, pages 475–485, 2001.  F. Coelho. An (Almost) Constant-Effort Solution- Verification Proofof-Work Protocol Based on Merkle Trees. In Progress in Cryptology – AFRICACRYPT, pages 80–93, June 2008.  Drew Dean and Adam Stubblefield. Using client puzzles to protect tls. In Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10, SSYM’01, Berkeley, CA, USA, 2001. USENIX Association.  J. Douceur. The Sybil Attack. In Proc. Intl Wkshp on Peer-to-Peer Systems (IPTPS), March 2002.  Cynthia Dwork and Moni Naor. Pricing via processing or combatting junk mail. In In 12th Annual International Cryptology Conference, pages 139–147, 1992.  Ethereum Homestead Documentation. http://ethdocs.org/en/latest/.  Ittay Eyal, Adem Efe Gencer, Emin Gun Sirer, and Robbert Van Renesse. Bitcoin-ng: A scalable blockchain protocol. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16), pages 45–59, Santa Clara, CA, 2016. USENIX Association.  Ittay Eyal and Emin Gün Sirer. Majority is not enough: Bitcoin mining is vulnerable. In International conference on financial cryptography and data security, pages 436–454. Springer, 2014.  M. Franklin and D. Malkhi. Auditable metering with ligthweigth security. In Proc. Financial Cryptography, pages 151–160, 1997.  Arthur Gervais, Ghassan O. Karame, Karl Wust, Vasileios Glykantzis, Hubert Ritzdorf, and Srdjan Capkun. On the Security and Performance of Proof of Work Blockchains. https://eprint.iacr.org/2016/555, 2016.  Bogdan Groza and Bogdan Warinschi. Cryptographic puzzles and dos resilience, revisited. Des. Codes Cryptography, 73(1):177–207, October 2014.  Markus Jakobsson and Ari Juels. Proofs of Work and Bread Pudding Protocols. In Proc. Conference on Secure Information Networks: Communications and Multimedia Security, pages 258–272, 1999.  A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proc. Networks and Distributed Security Systems, pages 151–165, 1999.  Ben Laurie and Richard Clayton. “Proof-of-work" proves not to work; version 0.2. In Proc. Workshop on Economics and Information Security, 2004.  Andrew Miller, Ari Juels, Elaine Shi, Bryan Parno, and Jonathan Katz. Permacoin: Repurposing bitcoin work for data preservation. In Proc. IEEE Security and Privacy, pages 475–490, 2014.  Satoshi Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System, May 2009.  A. Pinar Ozisik and Brian Neil Levine. An Explanation of Nakamoto’s Analysis of Double-spend Attacks. Technical Report arXiv:1701.03977, University of Massachusetts, Amherst, MA, January 2017.  Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal Selfish Mining Strategies in Bitcoin. https://arxiv.org/pdf/1507.06183.pdf, July 2015.  XiaoFeng Wang and Michael K. Reiter. Defending against denial-ofservice attacks with puzzle auctions. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, SP ’03, pages 78–, Washington, DC, USA, 2003. IEEE Computer Society
In my opinion the bigger issue of Bitcoin in the long term will be the mining centralization (centralized by geography - china). Which are in your opinion the best solutions proposed until now in order to resolve it? What are your ideas? An interesting article by the creator of http://statoshi.info, Jameson Lopp: https://medium.com/@lopp/the-future-of-bitcoin-mining-ac9c3dc39c60#.81zo1vxsc An idea from Theymos (below in the comments): More speculatively: Assuming that someone can design a PoW algorithm that won't give ASICs any advantage over desktop machines (despite what you may have heard, it is not at all clear whether this is actually possible), I think that it might be an improvement to change the PoW so that: If the block height mod 3 = 0, the current PoW is used. If the block height mod 3 = 1, the ASIC-resistant PoW is used. If the block height mod 3 = 2, some sort of proof-of-stake is used. (Maybe using the method in Meni Rosenfeld's Proof of Activity proposal.) Within each group, there would probably be some degree of centralization, but it seems unlikely that there'd be enough cooperation between the three groups to do evil. Meni Rosenfeld's Proof of Activity proposal: https://eprint.iacr.org/2014/452.pdf https://21.co/ : Did you ever thinked to add a real lottery for all who mining with modems, usb, phones.. in order to incentivize the mining for "poor" people that wants to mine in solo or maybe in "lottery" pool too? See comments below.
First of all, I should note it's not a big deal and there are no reasons to panic or anything, but it's just remarkable that the thing we knew is theoretically possible is happening now. To provide background on this kind of attack I need to start from fundamentals. Here's the security assumption from the Bitcoin paper:
The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.
Originally mining was done by users themselves, it was a part of node/wallet software. However, later it became more specialized. Hashing, running nodes and using Bitcoin are completely separate things nowadays when pooled mining is commonplace. That is, somebody can "mine" bitcoins using his hashing hardware without running a node. (And, perhaps, without even being a Bitcoin user, as a "miner" can auto-convert his revenue to dollars.) Calling this "mining" isn't quite accurate. More precisely it can be described as renting (that is, mining pools rent hashing hardware of so-called "miners") or paying for a service (mining pools pays a "miner" for the efforts he's performed). Some "miners" believe that they receive bitcoins they created, but it's not true in a general case. One thing is that more often then not, individual miners fail to solve the block, but are still compensated for their efforts (not for results). Also pools generally have reserves which they use to smooth out reward payments, thus rewards miners receive do not necessarily come from freshly mined bitcoins. Now let's recall that hashpower is intimately linked to the security of the network. Attacker who controls a significant portion of total hashpower might be able to perform double-spend attacks (e.g. see Meni Rosenfeld's Analysis of Hashrate-Based Double Spending) or denial-of-service attacks (he might mine empty blocks). It is usually understood that these attacks are practically unfeasible, as overpowering the honest network would require enormous amounts of hardware, energy, etc. However, there are several different attack model. The most primitive one was relevant back when mining was done on CPUs: an attacker could rent CPU power from a cloud provider such as Amazon and try to do a double-spend reorganization or a 51% attack. It's fairly easy to do calculations within this model as the cost of an attack is known (for a certain difficulty) and one just needs to compare it to potential profits attacker might get. But CPU mining is irrelevant now, attacker would need specialized hardware to have a chance. This makes attack much more complex, as attacker needs to buy hardware, deploy it, start mining... And once attack is complete, he needs to do something with that hardware. It's generally understood that parties who own hashing hardware will be reluctant to perform attack because a successful attack can drastically decrease the value of the hardware they own. Thus it can be said that ASICs made Bitcoin much more secure due to this stickiness. But wait... what if an attacker rents hardware instead of buying it? It's much simpler than buying hardware: no complex logistics, little overhead, no concerns about how an attack would affect hardware price. Attacker would need to pay slightly above the market price to make sure he gets more than a half of total hashpower to make sure that it's statistically certain his attack can succeed. This can be describe as a sort of a bribe. Normally miners get block rewards (subsidy + fees). Attacker adds a bribe to it, making it subsidy + fees + bribe. This is attractive to miners as it pays more. Once attack is successful, attacker receives subsidy + fees + attack profit. Thus his cost is
Note that bribe can be arbitrarily small, it should be just enough to get miners interested. It can be 1% of a subsidy, for example. E.g. suppose attacker wants to earn 1000 BTC by double-spending, he gives a 10 BTC bribe to miners to orphan some of the recent blocks and pockets 990 BTC. The cost of this attack can be arbitrarily small, but it requires a lot of a capital and is also quite risky. And also it's not possible right now because miners do not just rent their hashpower to the highest bidder, they use mining pools they trust. Thus there's no way for the attacker go get more than 50% of total hashpower to be successful with this attack. There are, however, pools which allow people to rent hashpower. For example, NiceHash. It currently has 16 PH/s of SHA256 hashpower (according to the stats they publish), thus controlling around 1% of total hashpower. NiceHash allocates hashpower to highest bidder, and thus it can be potentially used for attacks I described above. But currently it's too small to have any effect. So this is just something to keep in mind. Pools like NiceHash are evil, they can potentially destabilize Bitcoin if more than a half of total Bitcoin's hashpower will be rented out on pools like this. It is important for miners to choose legitimate pools. So until now I thought that a bribe attack is just a curiosity in context of Bitcoin (it might be more relevant for alt-coins with much weaker hashpower), but today I was surprised with the fact that somebody tries to pull it off right now. There's a post on /btc: Someone just donated 16 BTC towards Classic Hashpower. We are now at 2 Petahash/sec on Slush pool. Thank you, donator. The fund is at 30 BTC and recycling the mining rewards over and over.. This is exactly the bribe attack, but they aren't using for double-spending or DoS, but on an attempt to hard-fork Bitcoin. Basically it's an attempt to artificially prop up Classic hashpower a little, and is good only for PR. But still it's something we should be aware of, I think. NodeCounter site the link points to is absolutely hilarious, BTW, totally recommend:
Bitcoin development has been bought out by a private company called "Blockstream". Blockstream has directed the crippling of Bitcoin in order to provide the solution, for their own future, financial gain.
(I hope moderators won't remove my post. /btc is currently being advertised in the sidebar of this subreddit, so every visitor is already one click away from learning information about "Classic Hashpower". I see absolutely no point in censoring this information.) On topic of brigading: when I posted it initially the post was 100% upvoted, that is regular /bitcoin subscribers found it good and relevant. However a bit later upvote rate dropped to 65% and at the same time several comments defending Classic and /btc appeared. Brigading much? I don't really care what you do with hashpower (attack is just a technical term FYI, it's not necessarily morally wrong), but brigading is despicable.
Abstract Bitcoin is the world's first decentralized digital currency. The rate at which bitcoins enter circulation is cut in half every 4 years, approximately. These events are considered landmarks in Bitcoin's history, and as such are widely celebrated. However, this requires placing confidence intervals on the precise timing of the halving well in advance, and the particular mechanism by which the halving time is determined makes this challenging. In this paper, we intend to help party planners by describing the problem, and highlighting several techniques to estimate the mean and variance of the halving. References  http://bitcoinclock.com/.  www.thehalvening.com/.  http://www.bitcoinblockhalf.com/.  https://bitcoin.org/en/developer-guide.  Satoshi Nakamoto. Bitcoin p2p virtual currency. http://www.bitcoin.org/.  Meni Rosenfeld. Block [halving] party promo - israel 2016. https://youtu.be/IEcd Ecntro/.  Meni Rosenfeld. Analysis of bitcoin pooled mining reward systems. CoRR, abs/1112.4980, 2011.  Meni Rosenfeld. Analysis of hashrate-based double spending. CoRR, abs/1402.2009, 2014.
Abstract We make several contributions that quantify the real-time hash rate and therefore the consensus of a blockchain. We show that by using only the hash value of blocks, we can estimate and measure the hash rate of all miners or individual miners, with quanti able accuracy. We apply our techniques to the Ethereum and Bitcoin blockchains; our solution applies to any proof-of-work-based blockchain that relies on a numeric target for the validation of blocks. We also show that if miners regularly broadcast status reports of their partial proof-of- work, the hash rate estimates are signi cantly more accurate at a cost of slightly higher bandwidth. Whether using only the blockchain, or the additional information in status reports, merchants can use our techniques to quantify in real-time the threat of double-spend attacks. References  2015. The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments. https://lightning.network/lightning-network-paper.pdf. (July 2015).  2016. Gnosis. https://www.gnosis.pm. (November 2016).  Asaph Azaria, Ariel Ekblaw, Thiago Vieira, and Andrew Lippman. 2016. "MedRec: Using Blockchain for Medical Data Access and Permission Management. In Proc. Intl. Conf. on Open and Big Data. 25–30.  Adam Back, Matt Corallo, Luke Dashjr, Mark Friedenbach, Gregory Maxwell, Andrew Miller, Andrew Poelstra, Jorge Timón, and Pieter Wuille. 2014. Enabling Blockchain Innovations with Pegged Sidechains. Technical report. (Oct 22 2014).  Simon Barber, Xavier Boyen, Elaine Shi, and Ersin Uzun. 2012. Bitter to better—how to make bitcoin a better currency. In International Conference on Financial Cryptography and Data Security. Springer, 399–414.  Bryan Bishop. 2015. bitcoin-dev mailling list: Weak block thoughts... https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Septembe011158.html. (Sep 2015).  bitcoin 2015. Confirmation. https://en.bitcoin.it/wiki/Confirmation. (February 2015).  Joseph Bonneau. 2015. How long does it take for a Bitcoin transaction to be confirmed? https://coincenter.org/2015/11/what-does-it-meanfor-a-bitcoin-transaction-to-be-confirmed/. (November 2015).  J. Bonneau, A. Miller, J. Clark, A. Narayanan, J.A. Kroll, and E.W. Felten. 2015. SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies. In IEEE S&P. 104–121. http://doi.org/10.1109/ SP.2015.14  George Casella and Roger L. Berger. 2002. Statistical inference. Brooks Cole, Pacific Grove, CA. http://opac.inria.frecord=b1134456  Kyle Croman et al. 2016. On Scaling Decentralized Blockchains . In Workshop on Bitcoin and Blockchain Research.  Digix. 2017. https://www.dgx.io/. (Last retrieved June 2017).  DigixDAO. 2017. https://www.dgx.io/dgd/. (Last retrieved June 2017).  J. Douceur. 2002. The Sybil Attack. In Proc. Intl Wkshp on Peer-to-Peer Systems (IPTPS).  Bradley Efron. 1982. The jackknife, the bootstrap and other resampling plans. Society for industrial and applied mathematics (SIAM).  Ethash. 2017. https://github.com/ethereum/wiki/wiki/Ethash. (Last retrieved June 2017).  ethereum. Ethereum Homestead Documentation. http://ethdocs.org/en/latest/. (????).  Etheria. 2017. http://etheria.world. (Last retrieved June 2017).  Ittay Eyal and Emin Gün Sirer. 2014. Majority is not enough: Bitcoin mining is vulnerable. Financial Cryptography (2014), 436–454. http://doi.org/10.1007/978-3-662-45472-5_28  William Feller. 1968. An Introduction to Probability Theory and its Applications: Volume I. Vol. 3. John Wiley & Sons London-New YorkSydney-Toronto.  Juan Garay, Aggelos Kiayias, and Nikos Leonardos. 2015. The bitcoin backbone protocol: Analysis and applications. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 281–310.  Arthur Gervais, Ghassan O. Karame, Karl Wust, Vasileios Glykantzis, Hubert Ritzdorf, and Srdjan Capkun. 2016. On the Security and Performance of Proof of Work Blockchains. https://eprint.iacr.org/2016/555. (2016).  Hashcash. 2017. https://en.bitcoin.it/wiki/Hashcash. (Last retrieved June 2017).  Ethan Heilman, Leen Alshenibr, Foteini Baldimtsi, Alessandra Scafuro, and Sharon Goldberg. 2017. TumbleBit: An untrusted Bitcoincompatible anonymous payment hub. In Proc. ISOC Network and Distributed System Security Symposium (NDSS).  Svante Janson. 2014. Tail Bounds for Sums of Geometric and Exponential Variable. Technical Report. Uppsala University.  Litecoin. 2017. https://litecoin.org. (Last retrieved June 2017).  Satoshi Nakamoto. 2009. Bitcoin: A Peer-to-Peer Electronic Cash System. https://bitcoin.org/bitcoin.pdf. (May 2009).  A. Pinar Ozisik, Gavin Andresen, George Bissias, Amir Houmansadr, and Brian Neil Levine. 2016. A Secure, Efficient, and Transparent Network Architecture for Bitcoin. Technical Report UM-CS-2016-006. University of Massachusetts, Amherst, MA. https://web.cs.umass.edu/publication/details.php?id=2417  Meni Rosenfeld. 2012. Analysis of hashrate-based double-spending. https://bitcoil.co.il/Doublespend.pdf. (December 2012).  Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. 2015. Optimal Selfish Mining Strategies in Bitcoin. https://arxiv.org/pdf/1507.06183.pdf. (July 2015).  Eli Ben Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. 2014. Zerocash: Decentralized Anonymous Payments from Bitcoin. In IEEE S&P. 459–474. http://dx.doi.org/10.1109/SP.2014.36  Yonatan Sompolinsky and Aviv Zohar. 2015. Secure high-rate transaction processing in Bitcoin. Financial Cryptography and Data Security (2015). http://doi.org/10.1007/978-3-662-47854-7_32  Yonatan Sompolinsky and Aviv Zohar. 2016. Bitcoin’s Security Model Revisited. https://arxiv.org/abs/1605.09193. (May 2016).  F. Tschorsch and B. Scheuermann. 2016. Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies. IEEE Communications Surveys Tutorials PP, 99 (2016), 1–1. https://doi.org/10.1109/COMST. 2016.2535718  Marko Vukolić. 2015. The quest for scalable blockchain fabric: Proof-ofwork vs. BFT replication. In International Workshop on Open Problems in Network Security. Springer, 112–125.
Abstract Bitcoin is the first secure decentralized electronic currency system. However, it is known to be inefficient due to its proof-of-work (PoW) consensus algorithm and has the potential hazard of double spending. In this paper, we aim to reduce the probability of double spending by decreasing the probability of consecutive winning. We first formalize a PoW-based decentralized secure network model in order to present a quantitative analysis. Next, to resolve the risk of double spending, we propose the personalized difficulty adjustment (PDA) mechanism which modifies the difficulty of each participant such that those who win more blocks in the past few rounds have a smaller probability to win in the next round. To analyze the performance of the PDA mechanism, we observe that the system can be modeled by a high-order Markov chain. Finally, we show that PDA effectively decreases the probability of consecutive winning and results in a more trustworthy PoW-based system. References  Satoshi Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” Consulted, vol. 1, no. 2012.  Ephraim Feig, “A framework for blockchain-based applications,” arXiv preprint arXiv:1803.00892, 2018.  Marta Piekarska Harry Halpin, “Introduction to security and privacy on the blockchain,” in Symposium on Security and Privacy Workshops, 2017 IEEE European Symposium on. IEEE, 2017.  Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar, “Optimal selfish mining strategies in bitcoin,” in Financial Cryptography and Data Security. 2017, pp. 515–532, Springer.  Ghassan Karame, Elli Androulaki, and Srdjan Capkun, “Two bitcoins at the price of one? double-spending attacks on fast payments in bitcoin.,” IACR Cryptology ePrint Archive, vol. 2012.  Ghassan O Karame, Elli Androulaki, Marc Roeschlin, Arthur Gervais, and Srdjan Capkun, “Misbehavior in bitcoin: A study ˇ of double-spending and accountability,” ACM Transactions on Information and System Security (TISSEC), vol. 18, no. 1.  Tobias Bamert, Christian Decker, Lennart Elsen, Roger Wattenhofer, and Samuel Welten, “Have a snack, pay with bitcoins,” in Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on. IEEE, 2013, pp. 1–5.  Chrysoula Stathakopoulou, “A faster bitcoin network,” 2015.  Adrian E Raftery, “A model for high-order markov chains,” Journal of the Royal Statistical Society. Series B (Methodological), pp. 528–539, 1985.  Andre Berchtold and Adrian E Raftery, “The mixture tran- ´sition distribution model for high-order markov chains and non-gaussian time series,” Statistical Science, pp. 328–356, 2002.  Waiki Ching, Michael K Ng, and Shuqin Zhang, “On computation with higher-order markov chains,” in Current Trends in High Performance Computing and Its Applications, pp. 15–24. Springer, 2005.  Michael K Ng and WK Ching, Markov Chains: Models, Algorithms and Applications, Springer, 2006.  Wen Li and Michael K Ng, “On the limiting probability distribution of a transition probability tensor,” Linear and Multilinear Algebra, vol. 62, no. 3.  Jen-Hung Tseng, Yen-Chih Liao, Bin Chong, and Shih-Wei Liao, “Governance on the drug supply chain via gcoin blockchain,” International Journal of Environmental Research and Public Health, 2018.  Shih-Wei Liao, Boyu Lin, and En-Ran Zhou, “Gcoin:wiki, code and whitepaper,” https://g-coin.org and github.com/OpenNetworking/gcoin-community/wiki/Gcoinwhite-paper-English, 2014.  Meni Rosenfeld, “Analysis of hashrate-based double spending,” arXiv preprint arXiv:1402.2009, 2014.  Joshua A Kroll, Ian C Davey, and Edward W Felten, “The economics of bitcoin mining, or bitcoin in the presence of adversaries,” in Proceedings of WEIS, 2013, vol. 2013.
Reflections on Bitcoin's problems over the years (can we get a sticky or sidebar link with some Lightning Network content?)
In the days before we had the luxury of worrying about Bitcoin's scaling, we focused endlessly on other problems and imperfections of the protocol. Back then, we'd talk about confirmation times. Ten minutes was far too long for much of commerce and as Meni Rosenfeld showed, the oft-repeated "I'd rather have one 10 minute block's security than five 2-minute blocks" was exactly wrong. You learn a little more, and you realize that bitcoin's security is really all-or-nothing. Unconfirmed transactions, properly understood, are not transactions at all. Miners have no obligation to "drop" them after a few days, so the coins can disappear from your wallet even if your node has forgotten. Furthermore, the "safety" of 0-conf was widely misunderstood--the policy of honoring the first-seen transaction wasn't a consensus one, so miners have always been able to collude with double-spenders if they wanted to. Fungibility and anonymity were other major concerns. Every single coin has a unique history and is "tainted" by it. If governments want, they can easily blacklist particular Bitcoins, be they stolen, used in the drug trade, or simply suspect. We worried about Mike Hearn's possible connections to similar "redlisting" of coins and had endless discussions about the anti-anonymous nature of the bitcoin network. Personally, I've followed threads and topics such as this which relate to the equilibrium transaction fee when the block reward ends or reduces in value. In short, if there's no transaction backlog (and assuming competitive markets, etc), users have no incentive to pay anything more than 1 Satoshi per transaction, because larger blocks don't take more work to mine. Zero marginal cost means zero price. The Bitcoin Cash community denies this. I can provide more references if people are curious. Over time, it's become clear to us who have been following bitcoin closely for years, and even to many of you newbies, that blockchains cannot scale through on-chain transactions (without sacrificing decentralization, which is the point: e.g. if you can't run your own node, you simplycan't knowif there are still only 21,000,000 bitcoins, or that you have any of them). It turns out, all of these problems are addressed or hugely mitigated by the LN. It is such a remarkable fact that it suggests that Bitcoin is meant to be used as a fundamental settlement layer for LN transactions. Luke Dashjr seems to think so. With a little thought, it makes some sense: scaling Bitcoin is hard because you're telling the entire world to perpetually store and propagate your transactions--this also creates a public graph that can be analyzed by hackers, governments, or snoops. Almost all LN transactions are not stored, are only communicated between sender and receiver, and are onion-routed so traffic analysis is impossible. That they are communicated only between sender and receiver also means that Bitcoin's blockchain isn't needed to synchronize their transaction--thus, instant "confirmation" with no chance of double spends. Lastly, this isn't vaporware. Right now, The (yes, The) Lightning Network is a protocol with multiple fully interoperable implementations (so all LN nodes can participate in a single network). This is the fully-realized version of what had been theorized for at least 5 years and is the solution to problems we've been complaining about for almost all of Bitcoin's existence. For a basic intro to the LN, please read What is the Lightning Network and how can it help Bitcoin scale? and the links inside, check out Lightning Protocol 1.0: Compatibility Achieved and other info suggested by the commenters below.
Israel Bans Crypto Companies from the Tel Aviv Stock Exchange
The Tel Aviv Stock Exchange or TASE, has announced that crypto based companies are banned from the market indices. The regulation has been instituted by the Israel Securities Authority (ISA) after the authority had announced their plan for regulating cryptocurrencies in the TASE market earlier this year. An ICO regulations and guided working manual is to be published soon this year and according to the ISA, the change of TASE regulations has no association with this new crypto update. The committee has instead issued a cautionary statement about investing and trading in cryptocurrency. ISA claims, “Such investment incurs many exceptional risks, including an absence of liquidity and ability to convert the currencies to money, exceptional price volatility, illegal activity, and risk of fraud”. The warning from ISA further states that investor must be be prepared to face the high probability of risk from investing money, directly or indirectly, in cryptocurrency or crypto company. They elaborate on the risks of losing money and assets when it comes to the crypto market and trading in cryptocurrency as well. Many banks like the Bank of Israel, do not categorise cryptocurrency like Bitcoin as a valid type of currency but rather as an asset. Anat Guetta, the chair of ISA, has held the post from January this year and has already taken her stance on cryptocurrency. She states that barring crypto companies from TASE will safeguard the market against passive investors that are prone to such risks. She further warns of the volatile environment surrounding crypto investment and high risk of losing money in this market. As per the new regulation, the ISA will review the regulations in TASE and block out any company related to cryptocurrency. This means that any business, exchange, platform, or company that allows investing, trading, and mining of crypto coins like Bitcoin, Ether, and other Altcoins will be restricted from investing in TASE. This regulation is temporary for the length of this year, until it is reviewed again and reinstated or not based on the market projections and developments. Chairman of the Israel Bitcoin Association, Meni Rosenfeld, responded to the new regulations on cryptocurrency, by stating, “There are indeed several risks in investing in digital currencies, and people should take them into account in order to make wise decisions. Investing in this sector is not suitable for everyone; it is only for those who understand both the potential and the risks”.
Dynamically Controlled Bitcoin Block Size Max Cap [BIP 1xx - Draft] | Upal Chakraborty | Aug 25 2015
Upal Chakraborty on Aug 25 2015: Github: https://github.com/UpalChakraborty/bips/blob/masteBIP-DynamicMaxBlockSize.mediawiki BIP: 1xx Title: Dynamically Controlled Bitcoin Block Size Max Cap Author: Upal Chakraborty <bitcoin at upalc.com> Status: Draft Type: Standards Track Created: 2015-08-24 ==Abstract== This BIP proposes replacing the fixed one megabyte maximum block size with a dynamically controlled maximum block size that may increase or decrease with difficulty change depending on various network factors. I have two proposals regarding this... i. Depending only on previous block size calculation. ii. Depending on previous block size calculation and previous Tx fee collected by miners. ==Motivation== With increased adoption, transaction volume on bitcoin network is bound to grow. If the one megabyte max cap is not changed to a flexible one which changes itself with changing network demand, then adoption will hamper and bitcoin's growth may choke up. Following graph shows the change in average block size since inception... https://blockchain.info/charts/avg-block-size?timespan=all&showDataPoints=false&daysAverageString=1&show_header=true&scale=0&address= ==Specification== ===Proposal 1 : Depending only on previous block size calculation=== If more than 50% of block's size, found in the first 2000 of the last difficulty period, is more than 90% MaxBlockSize
Else if more than 90% of block's size, found in the first 2000 of the last difficulty period, is less than 50% MaxBlockSize
Keep the same MaxBlockSize
===Proposal 2 : Depending on previous block size calculation and previous Tx fee collected by miners=== TotalBlockSizeInLastButOneDifficulty = Sum of all Block size of first 2008 blocks in last 2 difficulty period TotalBlockSizeInLastDifficulty = Sum of all Block size of second 2008 blocks in last 2 difficulty period (This actually includes 8 blocks from last but one difficulty) TotalTxFeeInLastButOneDifficulty = Sum of all Tx fees of first 2008 blocks in last 2 difficulty period TotalTxFeeInLastDifficulty = Sum of all Tx fees of second 2008 blocks in last 2 difficulty period (This actually includes 8 blocks from last but one difficulty) If ( ( (Sum of first 4016 block size in last 2 difficulty period)/4016 > 50% MaxBlockSize) AND (TotalTxFeeInLastDifficulty > TotalTxFeeInLastButOneDifficulty) AND (TotalBlockSizeInLastDifficulty
TotalBlockSizeInLastButOneDifficulty Else If ( ( (Sum of first 4016 block size in last 2 difficulty period)/4016 < 50% MaxBlockSize) AND (TotalTxFeeInLastDifficulty < TotalTxFeeInLastButOneDifficulty) AND (TotalBlockSizeInLastDifficulty < TotalBlockSizeInLastButOneDifficulty) )
Consensus based block size retargeting algorithm (draft) | Btc Drak | Aug 21 2015
Btc Drak on Aug 21 2015: I wanted to offer a potential way to adjust the block size limit in a democratic way without making it easy to game. This is meant only as a starting point for a general idea. Thresholds and exact figures and the details of the algorithm are up for debate, and possibly some formula based determination. The living document is currently a gist available at https://gist.github.com/btcdrak/1c3a323100a912b605b5 BIP: XX Title: Consensus based block size retargeting algorithm Author: BtcDrak <btcdrak at gmail.com> Status: Draft Type: Standards Track Created: 2015-08-21 ==Abstract== A method of altering the maximum allowed block size of the Bitcoin protocol using a consensus based approach. ==Motivation== There is a perception that Bitcoin cannot easily respond to raising the blocksize limit if popularity was to suddenly increase due to a mass adoption curve, because co-ordinating a hard fork takes considerable time, and being unable to respond in a timely manner would irreparably harm the credibility of bitcoin. Additionally, predetermined block size increases are problematic because they attempt to predict the future, and if too large could have unintended consequences like damaging the possibility for a fee market to develop as block subsidy decreases substantially over the next 9 years; introducing or exacerbating mining attack vectors; or somehow affect the network in unknown or unpredicted ways. Since fixed changes are hard to deploy, the damage could be extensive. Dynamic block size adjustments also suffer from the potential to be gamed by the larger hash power. ==Rationale== By introducing a cost to increase the block size ensures the mining community will collude to increase it only when there is a clear necessity, and reduce it when it is unnecessary. Rogue miners cannot force their wishes so easily because not only will they have to pay extra a difficulty target, then can be downvoted at no cost by the objecting hash power. ==Specification== The initial "base block size limit" shall be 1MB. Miners can vote for a block size increase by signalling the proposed percentage increase of the "base block size limit" in the coinbase field. For the vote to be considered valid the block they mine must meets a difficulty target which is proportionally larger than the standard difficulty target based on the percentage increase they voted for. If a miner does not vote, or the vote is invalid, it shall be counted as a vote for no change. Miners may vote the size down by signalling in the coinbase field without paying a difficulty penalty. Every 2016 blocks, the maximum allowed block size will be recalculated by the average of all votes in the last 2016 blocks, i.e. sum each vote from each block and divide by 2016 then multiply by the base block size limit. This will redefine the base block size limit for the next 2016 blocks. Blocks that are larger than the calculated base block size limit are invalid and MUST be rejected. The maximum change up or down each retargeting period shall be limited to 10% of the base block size limit. The maximum block size may not increase above 8MB. Votes shall be cast by adding the following human readable multiplier to the coinbase string “/BXn.nnn/” where valid votes would exist between the ranges “/BX0.900/” (10% decrease) and “/BX1.100/” (10% increase). “/BX1.000/” would be a vote for no change. Invalid votes will be counted as a vote for no change: “/BX1.000/”. ==Acknowledgements== This proposal is based on ideas and concepts derived from the writings of Meni Rosenfeld and Gregory Maxwell. ==Copyright== This work is placed in the public domain. original: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-August/010580.html
Meni Rosenfeld is a mathematics M.Sc. graduate of the Weizmann Institute of Science, specializing in machine learning. After being exposed to Bitcoin in March 2011, he has focused exclusively on activity in this field. He has established the Bitcoin community in Israel, founded Israel's first Bitcoin exchange service, and performed mathematical research on the algorithms that underlie the ... The theoretical background behind the idea was developed with the help of Meni Rosenfeld, an Israeli mathematician who has also been a main organizer of the Israeli Bitcoin community for the last two and a half years. The furthest developed implementation of the project today, Webcoinx, was written mostly by Ukrainian developer Alex Mizrahi, but was funded by eToro, a popular “social ... Meni Rosenfeld Bitcoil 4/2/2013 Written by Meni Rosenfeld 1 . Bitcoin adoption (Jan 2013) ... A proof-of-work system (hashing, “mining”) for: Synchronizing transactions Determining initial distribution of coins 4/2/2013 Written by Meni Rosenfeld 18 . Coins The fundamental building block of Bitcoin is a “coin” A coin is characterized by: Unique ID Quantity (denomination) – arbitrary ... Stream EB49 – Meni Rosenfeld: Mining Pool Reward Systems, Bitcoin Economics, Bitcoin in Israel by Epicenter from desktop or your mobile device Chairman of the Israeli Bitcoin Association (IBA) Meni Rosenfeld said that “Bitcoin has matured ” during an interview at the Blockchain & Bitcoin Conference in Israel. He discussed the progress of bitcoin in Israel, and his role in its progression. Meni’s role in the IBA. Meni was questioned on his role as chair of the IBA, and the goals the association hopes to achieve. He described his ...
The lecture took place in the Inside Bitcoins Tel Aviv 2014 conference, organized by the Israeli Bitcoin Association and Buzz Productions, on October 19-20, 2014. Slides (for the entire conference ... 1) If you enjoyed this, I'd welcome a tip here: 185By4a1Lt2HnKLAKR5EmidZMYgp5DDSaj 2) Mining Pool Reward Methods, lecture by: Meni Rosenfeld of Bitcoil.co.il... Meni Rosenfeld - Early Days of Bitcoin Mining Tel Aviv Nov 2016. OnChain Scaling Conference presentation June 24/16 "A Fork in the Road: Must we Choose a Path?" www.onchainscaling.com [email protected] Mining Pool Reward Methods by Meni Rosenfeld, Chairman of Israel Bitcoin Association. The lecture was presented at the 6th Technion Summer School on Cyber and Computer Security held Sept. 10 ...