📅 Original date posted:2013-05-06
📝 Original message:On Mon, May 06, 2013 at 04:43:07PM -0400, Peter Todd wrote:
> Now determining the value of D has a nice compact proof: B1, BP and M
> and B2. Taking the minimum of the difficulties of B1 and B2 (in case
> they cross a retarget boundry; don't want to create strange incentives)
> determine the expected return in Bitcoins from the block reward had the
> hasher solved valid blocks instead and you can determine exactly how
> much the proof-of-work was worth, kinda...
One last thought... suppose you want to make these proof-of-works
transferable on the blockchain, as is easily possible with
announce/commit fidelity bond sacrifices. The problem is of course
re-use - you don't want it to be possible to use the same proof-of-work
for a different asset.
So for D use the txid:vout pair of a txout that you can spend, then
spend it to some output to create the start of the smartcoin/contract
asset chain. The txout can only be spent once, so the PoW is inherently
non-reusable.
The final proof is a more compact than a fidelity bond proof, just the
PoW block and a single transaction and existence proof rather than two
or three. (announce, commit, and commit txin if sacrifice is via fees)
Unfortunately PoW schemes do mean you are actually taking away from the
overall security of the network, and if there was a lot of demand for
these things it will lead to the undesirable effect of making it easy to
rent hashing power. Botnet owners will be happy to have a task that
requires even less communication than Bitcoin itself. Finally the
varience inherent in them is annoying too. But it's an interesting idea.
--
'peter'[:-1]@petertodd.org
00000000000001358eaf811792b28798a04103b2e47aecf54268736514defd2f
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130506/df6a9aa7/attachment.sig>;
Peter Todd [ARCHIVE] /
npub1m2…a2np2
2023-06-07 14:56:32
in reply to nevent1q…xc4a
Author Public Key
npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2Published at
2023-06-07 14:56:32Event JSON
{
"id": "e55b20ef17ff18531567c5420cbfc22adf27849305eea36ea338086c445c125e",
"pubkey": "daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa",
"created_at": 1686149792,
"kind": 1,
"tags": [
[
"e",
"9cb33d8203a5589d82e93e68414f2319cab88bed2fa44a0f49d161195eb0441f",
"",
"root"
],
[
"e",
"67f8df9afe8d8d1cb77f1552545259dcdb184ce35096098ac0be15de9c67255e",
"",
"reply"
],
[
"p",
"daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa"
]
],
"content": "📅 Original date posted:2013-05-06\n📝 Original message:On Mon, May 06, 2013 at 04:43:07PM -0400, Peter Todd wrote:\n\u003e Now determining the value of D has a nice compact proof: B1, BP and M\n\u003e and B2. Taking the minimum of the difficulties of B1 and B2 (in case\n\u003e they cross a retarget boundry; don't want to create strange incentives)\n\u003e determine the expected return in Bitcoins from the block reward had the\n\u003e hasher solved valid blocks instead and you can determine exactly how\n\u003e much the proof-of-work was worth, kinda...\n\nOne last thought... suppose you want to make these proof-of-works\ntransferable on the blockchain, as is easily possible with\nannounce/commit fidelity bond sacrifices. The problem is of course\nre-use - you don't want it to be possible to use the same proof-of-work\nfor a different asset.\n\nSo for D use the txid:vout pair of a txout that you can spend, then\nspend it to some output to create the start of the smartcoin/contract\nasset chain. The txout can only be spent once, so the PoW is inherently\nnon-reusable.\n\nThe final proof is a more compact than a fidelity bond proof, just the\nPoW block and a single transaction and existence proof rather than two\nor three. (announce, commit, and commit txin if sacrifice is via fees)\n\n\nUnfortunately PoW schemes do mean you are actually taking away from the\noverall security of the network, and if there was a lot of demand for\nthese things it will lead to the undesirable effect of making it easy to\nrent hashing power. Botnet owners will be happy to have a task that\nrequires even less communication than Bitcoin itself. Finally the\nvarience inherent in them is annoying too. But it's an interesting idea.\n\n-- \n'peter'[:-1]@petertodd.org\n00000000000001358eaf811792b28798a04103b2e47aecf54268736514defd2f\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 198 bytes\nDesc: Digital signature\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130506/df6a9aa7/attachment.sig\u003e",
"sig": "bc652ec495c625c4d1e69c23099ee924c7232e6e41ae6c4faaca76f6f8e8b217cc65e56524a495d5b86287f18e3fba6a5e771174d9ead76aeb6f374da68d7b5b"
}