The woes of Altcoin, or why there is no such thing as "cryptocurrencies"
Altcoin is a straight-up competitor for Bitcoin. I won't bore you with the historical details and piles of insider jokes attendant, let it suffice to say that it's a direct awkisation of the Bitcoin codebase (0.6.something iirc) and nothing else.
Altcoin also has a problem recently, like so :
mircea_popescu %d
atcbot [ATC Diff] Current Diff: 1878190.93 Est. Next Diff: 129090.06 in 1979 blocks (#46368) Est. % Change: -93.13
Let's understand what's going on gazing upon this graph :
Nice, huh ? Now let's try and make sense of it. On the X axis, blocks. On the Y axis, difficulty. The first, purple section represents a normal mining interval : for two weeks miners mined. The second, red interval represents an attack. Someone controlling 100x as much hashpower as the previous group of miners sets to mining. For a vanishingly small interval of about three hours, that someone will receive 99% of the block rewards, corresponding to a total of about 2k blocks. Then difficulty recalibrates, going up 100x. Which takes us to the gray questionmarked third zone. What happens there ?
Suppose the market value of the coin in question is just about at the level implied by the purple zone. The attacker loses nothing by dumping 100x as much hashpower on this chain for a few hours : the coins he gets are minted at the previous difficulty. Whether he had mined slowly or quickly, he gets the same reward, which is why purple and red surfaces occupy the same area : to get x blocks at y difficulty you need z total hashes, no matter in what hash/second debit. After the attacker leaves, however, the good folk of the purple persuasion find themselves into quite the quandry : either support the coin by mining for 2k blocks at 100x the hashpower supported by the fundamentals, or else quit altogether. As before, it doesn't matter at what speed this occurs : they can continue at their purple rate for 140 weeks, or just a little under 3 years, to get to that magical difficulty recalibration block and see difficulty drop 99%. Or else they could maintain the attackers' rate for two weeks just as well, because again, not debit is in question but total hash. Which total hash has a cost, which is fixed.i
There is no practical defense from this attackii : it will always be possible for an attacker with vastlyiii superior hashing power to swoop in, drive difficulty into the heavens, and leave. At worst, the coins he's thus mined become worthless - but they are no more worthless than all the other coins everyone else holds. At best, he gets to do it again in two years or whatever. He suffers no real cost for this attackiv and there exists no practical deterrent. Bitcoin itself had in the past been vulnerable to something very similar, but fortunately that window is now closed.
I explained a while ago the financial mechanisms that automagically heal hardforksv, but the same effect discussed above equally well applies in the case of Bitcoin competing with itself : should it shard, the main shard will mutilate the smaller ones, starting with the biggest one. Because that's how systems work in nature.
So for the benefit of all the derps derping about "cryptocurrencies" : there is no such thing. There's Bitcoin and that's it, because there can only be one. All the rest of the crap exists only inasmuch as a) it stays theoretical or b) it stays small enough nobody cares. Where a) and b) are only distinct in the derp point of view, otherwise they're the same thing. But good luck with all the community[-of-retards] driven, super-duper-innovative, ultra-mega-creative, asic-resistant, future-of-revolution-and-everything altcoins.
Meanwhile back at Reality Ranch, there can only be one.vi
———- If you're curious, currently something in the 2 to 3 satoshi per MH per day range, which means the dollar cost of one hash currently stands at about 0.00000002 × 600 ÷1000000 ÷ 24 ÷ 3600 = 1.38 to 2.08 × 10-16 dollars.
For comparison : gold costs ~1.3k dollars per ounce. Meanwhile gold also weighs 196.96655 kgs per kmol. Seeing how a troy ounce is 0.031103 kgs, and there's a total of 6.02214129 × 1026 gold atoms in each kmol (as is the case for all substances), it then comes to pass that each ounce contains ~9.5 × 10 22 gold atoms, making each gold atom worth about 1.36 × 10-20 dollars. So roughly speaking, each hash is worth something like 10k atoms of gold, a subatomic fortune. [↩]
- Bitcoin itself has a 400% baked in maximum increase each period, but what practical difference does it make ? Force the attacker to keep hashing for an extra 8 or so hours ? Big whoop, what's eight hours buy you ?
Suppose you recalibrate difficulty each block instead. Big whoop, so attacker drives your difficulty up 100x and now you only have to mine six days for negative returns instead of two years. So what ? You're still underwater, and once you recover he can still do it again.
This is also the reason each and every altcoin messes with the Proof of Work algorithm, but what's that supposed to do ? Inasmuch as your coin can be mined, your attacker can by definition mine it too, and there you go. [↩]
- That vastly is one of the main reasons Bitcoin needs, needs so much hash. Until the day Bitcoin mining uses up 50%+1 of all electricity generated on planet Earth, this theoretical avenue remains open, if very theoretical.
Verily it is the consumer of worlds, this thing. [↩]
- Theoretically speaking if mining cost is actually above market value then he spends that sliver, which may well explain why Bitcoin has historically seen this situation a majority of the time - the invisible hand at work. Nevertheless, that sliver's not significant. [↩]
- Suppose tomorrow Bitcoin splits into two independent chains, BTC-A and BTC-B. This necessarily means that any current holder of Bitcoin has his holdings doubled : if he owned 1k Bitcoin before, he now owns 1k BTC-A and separately 1k BTC-B. These will also each have a market price, different from one another. It is not possible that both those market prices exactly match the holder's estimation of value, which means that one coin will be in his eyes overpriced while the other underpriced. This means he will sell one and buy the other. These effects quickly aggregate, and within days, probably within hours one of the coins is discounted to the point mining it is no longer an affordable proposition, which makes mining cease and that's it, problem solved. [↩]
- Which is, incidentally, why all the effort lately. You're not the only ones to have realised this, the super-duper-ultra-mega lemmings in the government basement finally modeled this innovative revolutionary observation a few weeks ago. [↩]
Saturday, 16 August 2014
OK, let's isnert some facts here, as they are sorely needed. Everything stated below is verifiable to even a mean intelligence.
>> Someone controlling 100x as much hashpower as the previous group of miners sets to mining. For a vanishingly small interval of about three hours, that someone will receive 99% of the block rewards, corresponding to a total of about 2k blocks.
Not at all. If you understood bitcoin and its clones, as one would hope, you'd know difficulty goes up at most 4x and down at most 0.25x. Here difficulty didn't even go up 4x, making your hashrate attack premise over 25 times wrong from the outset.
What happened is, someone mined at about 3.9x prior hashrate, for a little under 4 days (14 day cycle as you know), while they could dump their ATC for BTC scraps. This has happened a lot with ATC over the last few months.
Said someone leaves once difficulty adusts (here 3.9 times), as they can't sell their future ATC for shit to cover costs. But nor can the other 25% "standard background" hashrate any more, as they're only earning at 25% the rate, so they give up too. End result: only suckers standing and ATC hashrate stalls at under 1% of what it was before our 4x multiplier friend comes in.
Further note: ATC difficulty will fall at most 75%, per protocol, not the predicted 93% of the broken bitcoin-asset bot. So an awful amount of ongoing subsidy required here just to survive. Rinse, repeat.
This is how all shitcoins ultimately go to the grave.
Saturday, 16 August 2014
This point is actually addressed in the text. Now what ?
I was expecting more facts. I was promised facts, plural. Where are the facts ?
Tuesday, 21 June 2016
There is a solution to the dilemma:
https://bitcointalk.org/index.php?topic=1518508.msg15306725#msg15306725
Tuesday, 21 June 2016
It's not altogether clear what you're trying to say. I'm not aware anyone's taking Monero seriously, including its owner/lead/whatever.
Why don't you get a blog, spend some time to structure your ideas properly and so on ?
Tuesday, 21 June 2016
> Why don't you get a blog, spend some time to structure your ideas properly and so on ?
It's better I produce code. Working. Verbiage after code, right.
Monday, 2 November 2020
The obvious defense for difficulty attacks is to not adjust the difficulty. Instead restrict the number of minted tokens per NTP time period to the protocol schedule and aggregate all block solutions within the interval. This does not induce Vitalik’s weak subjectivity and retains the “longest” (i.e. highest difficulty) chain objectivity. This requires several changes to Nakamoto proof-of-work which I won’t detail here.
Diff Geek’s point about the spiraling down effects of a cratered price is thwarted by preventing an acceleration in the quantity of newly minted tokens along with no adverse effects due to changes in the systemic hashrate. Given the cost-of-production model for market price one might contemplate that difficulty spiking attacks may bump the price to a higher level wherein cascaded network effects may sustain the higher price level. In short a design that is absorbs attacks as a positive contribution, lol.
Thus I conclude that the presumption of this blog — that no altcoins can survive and that the diabolical “Great Reset” scamdemic, complicit Bitcoin is the only one — will be incorrect.
http://trilema.com/2020/things-i-have-been-doing/#comment-153913
“That was your only chance”
Smaller things grow faster and the entropy of the universe trends to maximum. Never has the world had only one from of money and it never will unless we are to perish as a collective species due to lack of antifragility. :p
P.S. I’m a programmer with ~4 decades of experience. Been programming since I was 13 years old. I’m capable of implementing this.
Monday, 2 November 2020
Why the hell would you introduce ntp as a dependency ?!
Monday, 2 November 2020
Gresham’s law contains to your point about selling the weaker horse to buy the stronger. Is everyone without significant exception to acquiesce to CBDCs as the silver to Bitcoin’s gold and accept Marxist devolution thusly self-immolation? Men (as distinct from other blobs of flesh with male genitalia but dysfunctional testosterone) prefer to die for liberty than live as a slave. And not everyone can employ the Bitcoin gold to transact. Some level of market demand will exist for a non-diabolical, circulating altcoin. If you’re correct as to what Bitcoin is disrupting then the fiat, centralized nature of CBDCs will be disrupted:
http://trilema.com/2015/ok-so-what-is-bitcoin-disrupting/
Monday, 2 November 2020
Look, you can't have a meaningful coin with ntp in it.
Monday, 2 November 2020
NTP intervals as the Schelling point for the block period replaces the block announcement in Nakamoto proof-of-work’s Nash equilibrium. Nakamoto difficulty also requires coarse timestamp coordination. In both the time coordination is erasable, non-reified because it’s irrelevant to the objectivity of the longest difficulty chain. If the time coordination is insufficient the consensus diverges.
Saturday, 7 November 2020
Further analysis concludes that weak subjectivity is required for the protocol I posited. That may not be a complete failure though. At least there not nothing-at-stake as in proof-of-stake.
A WoT is weak subjectivity.
Saturday, 7 November 2020
Stop reading known imbeciles, it rots away whatever brains you started with.
Sunday, 8 November 2020
Sunday, 8 November 2020
I really don't give a shit what three nobody neckbeards wetfarted on each other. Stop spamming inane links to shit, I won't have to shitcan you.
Sunday, 20 December 2020
You seem to misconstrue my point? My prior comments were somewhat incoherent. The essence of the problem with proof-of-stake is that there’s nothing-at-stake (no cost to attack it and thus no objective reality) — it’s essentially the delusion of democrazy. That was the point of linking you to my comments at the bottom of the Eth wiki wherein I reiterated the problems with proof-of-stake.
The problem with Nakamoto proof-of-work is that it’s also democrazy because it subjects the major minority to the will of the simple majority aka the 50+% attack. The attack will be profitable via the extortion of censoring transactions. It appears to have been designed for this outcome because eventually the mining reward-based Nash equilibrium is lost as the protocol reward shrinks relative to the transaction fees reward aka incentives compatibility for consensus is lost and an oligarchy must take control to enforce consensus. Bitcoin eventually becomes a permissioned, fiat system and there will be only one sovereign who controls it. It’s Biblical.
The design I vaguely contemplated and posited may be the only alternative. I essentially posit to combine proof-of-work to eliminate nothing-at-stake with the objectivity of being there in real-time (a facet of proof-of-stake without the nothing-at-stake) to eliminate the weakness of Bitcoin — i.e. 50+% attacks are eliminated. The tradeoff is that my design has no prima facie objectivity for those who weren’t there in real-time, so they’ll need to trust someone that was and thus the analogy to a WoT and my reference to Vitalik's weak subjectivity but that shouldn’t be conflated with nothing-at-stake. Yet there’s still prima facie objectivity as the amount of proof-of-work that has been burned and thus the value of that blockchain — thus ultimately the non-fraudulent chain should eventually become the longest difficulty chain possessing the prima facie objectivity of Bitcoin after all, without Bitcoin’s major flaw. And after further thought I do believe the design I’m contemplating converges on consensus. The key distinction is that the reward for consensus the cost of loss of value of all one’s investment in the tokens instead of the mining reward. All those who are sufficiently vested will not form a consensus around the longest difficulty chain which is a fraud (as they observed it in real-time) because if fraud can succeed then their investment is ultimately worthless. Thus my design allows for fraud chains to fork off in their 50+% uneconomic, democrazy delusion whilst the vested economic majority are unaffected.
Perhaps this is my comeback ticket.
Monday, 21 December 2020
I can't believe solidcoin's lulz are still being passed about.