Proof-of-work blockchains were developed to solve a problem that only exists in a small percentage of distributed engineering use-cases. Unless you need to build a "censorship-free" peer-to-peer ledger distributed among untrusted, anonymous participants, the complexity costs and latency and computation costs simply aren't worth it.
It's the same reason that Ford doesn't build a tunnel under the US/Mexico border to ferry car parts to America.
Proof-of-work is simply not sustainable (energy-wise), IMO, for the foundation of a global system. The stability of whole ecosystems is predicated upon those ecosystems being attractive to people who want to make money by competing to solve hard problems by brute force.
That's a lot of energy going into a system that can commit a new block of transactions once every 10 minutes on average. It solves a problem in an interesting way, but it's nowhere near quick enough or efficient enough to solve 99% of engineering problems. That's why only 1% of engineers are working on it.
IMO, the core problem is if you want a global transaction system to become popular it needs to process and store ~TB / day of new transactions. Which means you quickly get into EB territory for the full database which is not something distributed systems can really handle without scaling issues.
Now if you want a system used by 0.01% of the global population then that's a very different problem, but far less useful.
Two points, first if you abandon the system for something else then you have to solve all the original problems again making the first system more or less useless. Second, even just 2 transactions / month * ~7 billion people is a lot of data.
PS: USD actually operate on a 3 tiered system that works well (Fed, Banks, cash) but doing the same thing in a *coin seems like just giving up.
Look up "Lightning Network". This is a solved problem. You can build on top of bitcoin to scale basically as large as you want, trustlessly. The software is being developed as we speak.
Lighting network boosts the number of transactions between two people, but you need to have 'banks' to make it efficient. And even then a minimum of 2 transactions per month * 7 billion people is still a lot of data.
Yes, I'm aware of these limitations. Neither of them refute my point, which is that you can trustlessly scale bitcoin basically as much as you want. Maybe you have "banks" (highly connected nodes), but it's still trustless, unlike with real banks.
> Neither of them refute my point, which is that you can trustlessly scale bitcoin basically as much as you want.
This is unsupported. LN is a research project, not a production-ready payment system. It has plenty of limitations (trustlessness is a huge limitation), and the topology of the network doesn’t match that of a real economy (routes to fellow consumers are practically useless, since everyone wants to pay merchants). There’s plenty of work left before LN can scale properly, if it ever manages to (again, trustlessness for both senders and receivers is setting the bar as high as it can possibly go).
Scalability is secondondary for LN, trustlessness is primary. Due to this choice I predict difficulty in scaling sufficiently.
I sense incoming downvotes, it would be great if we could get a link to an existing rebuttal, or something. Stomping on someone's dream just so you don't have to risk disappointment holds us all back. What are the limits of the Lightning network?
The challenge for the Lightning Network is cheaply routing payments from consumers to merchants. LN is optimized for anyone-to-anyone payments, while in a real economy money moves from consumer to merchant to producer to worker (consumer). LN is not optimized for this circular pattern, where many consumers pay a single merchant.
Also, everything is done via two-way payment channels in LN, which means that you need to lock X BTC in a channel in order to send it, which becomes very capital intensive for nodes close to merchants who need to lock millions of dollars worth of bitcoins to cover merchants’ monthly turnover (this is in addition to the BTC locked up by other nodes who participate in the transfer but are not directly connected to merchants). If you want to send 0.1 BTC through 10 nodes, each of these 10 nodes must have locked up 0.1 BTC on the blockchain, and you’ll pay blockchain fees if just a single channel/node in your path doesn’t have at least as much as you need to send.
A proper payment network needs two different types of nodes: senders and receivers. Using a single type of node for both doesn’t make much sense, since merchants and consumers have completely different needs. Senders need to be able to send relatively small amounts relatively frequently (a consumer making a few purchases per day), while receivers (merchants) need to redeem relatively large amounts (e.g. one week’s worth of payments) relatively rarely for bitcoins (on the blockchain).
Centralized authority. With the obvious tradeoffs. :-/
Maybe there's a happy medium where trustworthiness of central authorities is appropriately distributed, but common operations are quicker and less wasteful.
The happy medium has been found already. Would people trust Visa and MasterCard if they allowed double spending? I'm guessing not. So by virtue of having a very large investment in their corporate brands, the old economy already came up with a solution to the trust problem.
Heck, everywhere you look there's a solution to the trust problem; it's fundamental to human interactions.
- There are courts. If you try to screw me, I can drag you into one. Nothing's perfect and there's probably a minimum amount I'd not bother Judge Judy for, but it's a solution a LOT of people rely on. And I can tack all sorts of things on to this like warranties and insurances.
- Brands. Look, we burn all this money on getting sports stars to pose for pictures. And there's reviews of our product in papers. If we did something stupid, you'd know. Again, it ain't perfect.
> Maybe there's a happy medium where trustworthiness of central authorities is appropriately distributed, but common operations are quicker and less wasteful.
I’m working on this. It’s an implementation of a protocol called Stroem, which uses payment channels to transfer bitcoins from consumers to so-called issuers, who issue payments in exchange which consumers then send to merchants. Then merchants collect these off-chain payments from issuers, and redeem them into bitcoins on the blockchain when they wish.
This system compromises with the security of the payment receivers only (the merchants). Everything is trustlessness for the payment sender/consumer, while merchants need to trust issuers. But, if desired, the merchant-issuer trust can be reduced to almost nothing by the merchant redeeming very often (at the cost of higher fees).
And, importantly, the open nature of the protocol will ensure competition between issuers, since anyone can join the network.
It's funny that proof of work still doesn't seem to protect from people loosing 31MM a while ago, or the Mt.Gox hack. I can't remember the last time my bank fucked up like that. That problem may be more solved then we are letting on. I know, I know, fuck the man.
If there's nothing cheaper solution to cryptocurrency than proof of work, it seems to me that we just have to ban cryptocurrency altogether at the legislature level.
Countries won't ban it -- countries love it. It's perfectly traceable non-anonymous currency. What they'll do is centralize it so they get the citizen-control benefits (and, of course, the ability to create and destroy it -- imagine EO6102 where they can remotely seize your gold!) without the unsustainable energy expenditure.
Using bidirectional off-chain payment channels, you can build trustless payment networks that use Bitcoin as a backend (see "lightning network"). It's almost as good as normal bitcoin, and it's much faster and cheaper. This is perhaps what most transactions will end up using.
Once most of the coins are mined doesn't bitcoin basically become a global settlement network for other crypto currencies. Although ethereum might do that easier.
> Proof-of-work is simply not sustainable (energy-wise), IMO, for the foundation of a global system. The stability of whole ecosystems is predicated upon those ecosystems being attractive to people who want to make money by competing to solve hard problems by brute force.
What do you mean by this, exactly? Bitcoin miners look more than willing to earn money on brute forcing hard problems.
The point of proof-of-work is that it shouldn’t matter what anyone thinks about it. It’s basically impossible to ban (anyone can do a SHA256 calculation), and the difficulty automatically adjusts. In addition to this, the block reward — currently 12.5 BTC per block — halves every ~4 years, so less and less electricity will be consumed until only transaction fees provide capital for proof-of-work[1].
I mean that to stay stable and grow in popularity, bitcoin must sustain ever-increasing energy demands so that nobody has a majority and can start double-spending. The whole goal with variable difficulty is to counteract the ebb/flow in popularity and ensure that the work takes ~10 minutes. This ensures that as the popularity grows, more energy is required since it will always take 10 minutes for a new block, regardless of how many contributors are involved.
Furthermore, the miners are here for the direct mining rewards. I think the future transaction fees approach will be significantly less attractive, so I'll be very interested to see how that change plays out once the era of rewarded mining is over.
The difficulty you mentioned only applies to certain currencies. Ethereum, for example, has a built-in "difficulty bomb" set for later this year to make hashing essentially unworkable.
> Proof-of-work is simply not sustainable (energy-wise), IMO, for the foundation of a global system.
Visa, MasterCard, AmEX, &c along with each individual bank, not to mention the intermediaries and gateways all of them use also consume a tremendous amount of power. It's not as if our current system uses a negligible amount of power, not to mention the number of steps and entities a transaction needs in order to be finalized.
> It's not as if our current system uses a negligible amount of power
Our current system does in fact use a negligible amount of power. Each $2 latte you put on a credit card uses an amount of electricity so infinitesimal that it can only be measured in the aggregate.
The percentage of the power used to generate a single bitcoin block for a single transaction can power an average US household for (approximately) an entire week.
To put it in perspective: If the bitcoin network scaled up to the size of the VISA network it would require 100% of all energy used for all purposes planet-wide, from transportation, manufacturing, agriculture, etc. Everything you could possibly want to buy with bitcoin would be unavailable, as 100% of all human activity would go to powering the miners.
Bitcoin network scaling has to do with transactions per second, and it is a protocol problem, and an storage problem, but it is independent of the hash capacity of the system.
We can theoretically improve the Bitcoin network capacity to handle 100x the number of transactions, while having the same hash rate.
In fact, if hash rate were halved each month, and the protocol unchanged, Bitcoin network transaction capacity would still be the same after Bitcoin difficulty is auto adjusted.
Hash rate and transaction capacity are orthogonal issues.
What if you also include the energy consumed by the employees and facilities of Visa, including their commute-to-work energy? And the energy used to construct their facilities, improve network infrastructure, etc? Now are we getting within an order of magnitude of the energy consumption of an army of ASIC miners, and the people who farm them?
Those costs specifically end up being reified in the fee those processors charge to their customers, so we can determine an upper limit to how much is spent on energy in that way.
The same is true of bitcoin transaction fees, no? Miners set the minimum fee that they will accept, and people tack a fee onto a transaction, large enough that a miner will likely process it.
No, because there is a block reward too that subsidizes the miners, so you have to account for that too.
We don't really know the relationship between transaction rate and electrical usage in a mature BTC system, because mining is mainly used to prevent double-spends and the minimum required mining rate to support a given transaction rate is a game-theoretical concern and not a technical one. We can only really observe what has happened so far in the Bitcoin ecosystem.
Why is so much compute needed for the blockchain? Couldn't a proof-of-work system be developed that consumes VISA-network levels of power? How costly the computation should be (and how much the cost has scaled up) seems like it was an arbitrary design decision.
No, the amount of energy needed will always be enormous as their is a direct linkage between the value of bitcoin and the amount of energy required to secure the network.
Otherwise there will be a point where it is cost effective to attack the network.
"I'm working on these hashes. You know I'm not taking a shortcut, because there's not yet a known way to do that with this secure hash. And because you know I'm doing the work, you should reward me with some coins."
Alternatives have been considered, like proof-of-stake.
You try to equate the current Visa, Mastercard, etc. to the current Bitcoin. This is not possible because Visa alone handles like 100,000 times the volume of Bitcoin. As soon as Bitcoin&Co. become serious currencies, the incentives for manipulation rise. When eventually no new Bitcoins will be generated, all miner incentives come from mining blocks for the transaction fees. How do you want to protect the chain? How much will a single transaction cost to pay for the power to prevent this manipulation by working faster than the "enemy"?
If you raise the block size to put more transactions into a single block, you will end up with a normal banking system because nobody can carry the whole blockchain with them to pay and has to trust providers that manage wallets.
So what? That's a totally meaningless comparison because the ubiquity of cryptocurrencies would not obviate the need for financial services. Besides, market forces incentivize businesses to use as little power as possible because it costs them money, PoW incentivizes miners to use as much power as possible because that is a necessary requirement for increasing hash output.
> So what? That's a totally meaningless comparison because the ubiquity of cryptocurrencies would not obviate the need for financial services.
The person I replied to compalined about "wasting" power to run the bitcoin network. It's only a valid comparison when compared against current usage, as our current system also "wastes" power to run the current system.
> PoW incentivizes miners to use as much power as possible because that is a necessary requirement for increasing hash output.
It also incentives them to get the most performance per Watt. I'm just saying it's meaningless to complain that bitcoin uses power, it only matters how it compares to the current system.
> It's only a valid comparison when compared against current usage, as our current system also "wastes" power to run the current system.
No, even if "the current system" was an apt comparison, there is still a fundamental difference between PoW and everything else. The power consumed in the process of facilitating a bank or any type of business is incidental to the useful work being performed. Power is burned so there are lights for people to see, power is burned so computers can perform calculations so that employees can get their jobs done faster, power is burned so that people can go back home after their shift is over; all this is incidental, the power is expended to make the business process more efficient, but the business could still run (though much less efficiently) without spending power on lights, computers and transportation. On the other hand, PoW is literally a waste of work because the nature of the work itself does not matter, the only thing that matters is that the unbounded cost of wasting energy keeps everyone honest.
> I'm just saying it's meaningless to complain that bitcoin uses power, it only matters how it compares to the current system.
The comparison is meaningless because "the current system" continues to exist regardless of any developments in bitcoin, if anything ubiquitous bitcoin would almost certainly increase the power impact of the finance industry.
> Visa, MasterCard, AmEX, &c along with each individual bank, not to mention the intermediaries and gateways all of them use also consume a tremendous amount of power.
But is it more or less than the equivalent amount of power it would take for Bitcoin (or something like it) to scale to Visa, MC, AMEX, etc. global levels?
That's what I don't have good numbers on, I was just pointing out that talking about bitcoins using a lot of energy isn't a good argument unless you're comparing it against the current system, which also uses a substantial amount of power. The big question is what you're asking: How do they compare?
I think that depends on how much mining hashing power scales with regard to transaction rate. From a technical point of view, there's no reason that the hash rate has to increase to process more transactions. But from an economic and game theoretical point of view, increasing transaction rate makes the network more valuable, which makes attack rewards more valuable, which necessitates a higher hash rate. I'm not sure anyone has sussed out what the relationship is between transaction rate and minimum necessary hash rate.
These companies handle orders of magnitude more traffic than Bitcoin and also provide services beyond just processing transactions. The comparison is not useful.
Very good points. In complex financial transactions (at least within regulatory domains), my understanding is that rollbacks can and do happen. I initially thought across borders/regulatory domains, blockchain will shine. I haven't seen a killer application just yet. It is a bit frustrating because the tech is indeed interesting .. we just don't have multi-billion dollar real (as opposed to imagined) use-cases beyond the distributed ledger.
"I initially thought across borders/regulatory domains, blockchain will shine."
Massive institutions with billions of dollars at stake would rather have a predictable and stable regulatory regime to conduct transactions in the shadow of then to rely on a technical solution that supposedly obviates the need for one. Things come up -- bugs, acts of god, internal fraud, hacking, flash crashes, and so forth and so on. They want to be able to go to arbitrator and ask for a sensible and reasonable result and not be reliant on a totally inflexible mechanical rule set. Not the least of which because they can afford the very best lawyers to try to convince those arbitrators that what they want is sensible and reasonable.
A few years ago, a substantial amount of money was accidentally wired to my bank account. After about a month, I got a letter from the bank if I agreed on that money being wired back to the sender. I agreed, because I knew the implications.
With a technology like bitcoin, where receivers are pseudononymous, that would have never been possible.
Noone except for those who wish to remain pseudononymous will ever use bitcoin for any real-world scenarios. The costs are higher, the risks are higher, it doesn't scale, there are no checks and balances.
I don't want bitcoin for the same reason I don't want an AI to run national defenses.
I wonder if there's such a thing as Bitcoin address typosquatting. Especially targeting single bit typos (of busy wallets) to catch single bit errors. I guess, though, vanity wallet addresses are hard to create. Or maybe there's also a checksum that keeps this from working anyway.
There's a checksum, so your desired typosquatting address may not even be a valid address to begin with (the chance that it is valid is only 1 in 2^32). Even if it is a valid address it would be very very difficult to generate it. The difficulty of doing so would be at least as difficult as preimage attacks on both SHA-256 and RIPEMD-160.
"Let me explain why. In economic organization, we must distinguish between enforcing rules and making rules. Laws are rules enforced by state bureaucracy and made by a legislature. The SWIFT Protocol is a set of rules enforced by SWIFTNet (a centralized computational system) and made, ultimately, by SWIFT’s Board of Directors. The Bitcoin Protocol is a set of rules enforced by the Bitcoin Network (a distributed network of computers) made by — whom exactly? Who makes the rules matters at least as much as who enforces them. Blockchain technology may provide for completely impartial rule-enforcement, but that is of little comfort if the rules themselves are changed. This rule-making is what we refer to as governance."
>The Bitcoin Protocol is a set of rules enforced by the Bitcoin Network (a distributed network of computers) made by — whom exactly?
Bitcoin and Blockchains are an opt-in rule system. You literally subscribe to the rule set (called consensus) that you wish to participate in. No one coerces you into participating in a rule system you do not want to participate it.
Your capitalist||socialist country is invaded by socialist||capitalists and they change the rules of your country's bank? Your blockchain doesn't care, it is enforced at the user level, at the edge.
And if there's a fork? As I see it, either you follow the fork supported by the majority of miners, or you run the risk of finding your coins worthless, because everyone else is on the other fork.
>And if there's a fork?
If someone proposes to violate the rules of your blockchain, you ignore them. Only when users support rule changes does the market value them.
>either you follow the fork supported by the majority [...], or you run the risk of finding your coins worthless
Any thing is only worth what others will pay for it. This is the case regardless if you are using a blockchain or not. If the world suddenly decided USD were worthless and you held lots of USD, yes you would find that your USD are now worthless.
The problem seems to me that users and miners have different priorities, and it's the miners who decide what the consensus is, not people who actually hold bitcoin. Of course, miners hold BTC too, and presumably want BTC to hold its value, so they wouldn't, say, intentionally inflate BTC (unlike a government-backed currency). But there's still a disconnect there. Consensus is consensus of miners, not consensus of users.
This is true in the abstract. However in the real world Bitcoin is in such a bind right now. While the USD had been stable in that sense since it came into existence.
In my opinion, the ICO is the blockchain killer app. You don't really need a distributed ledger except in case of digital currencies, which can be used to facilitate transactions in specific apps
Came here to say essentially the same thing. One possibility would be a government mandate that financial transactions are done with a blockchain in order to have transparency. I don't see that as likely though as the use case is pretty tenuous.
It's the same reason that Ford doesn't build a tunnel under the US/Mexico border to ferry car parts to America.