public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Adam Back <adam@cypherspace.org>
To: John Dillon <john.dillon892@googlemail.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] merged mining hashcash & bitcoin (Re: Coinbase TxOut Hashcash)
Date: Mon, 13 May 2013 12:54:08 +0200	[thread overview]
Message-ID: <20130513105408.GB3393@netbook.cypherspace.org> (raw)
In-Reply-To: <CAPaL=UV7B2ULcUSBBQNWKc70PzGnveeF2WiWQE7msteZ6TZAbQ@mail.gmail.com>

On Mon, May 13, 2013 at 07:31:21AM +0000, John Dillon wrote:
>[with] merge-mining [you get] more value from just one unit of work.

correct.

>But Peter's coinbase hashcash protocol carefully ensures [...] the amount
>of value the miner would have then given away in a "anyone-can-spend"
>output.

I think there are 3 choices:

1. merged-mine (almost zero incremental cost as the bitcoin mining return is
    still earned)

2. destroy bitcoin (hash of public key is all 00s so no computible private
    key)

3. anyone-can-spend (= first to spend gets coin?)

Surely in 3 if you mine the bitcoin its no particular assurance a you will
do your best to make sure that it is *you* tht spends it, so it devolves to
merged-mine.  (Eg delay revealing it for 10 seconds while you broadcast your
spend widely)

Peter talks about value, but the proof only proves cost equal to bitcoin. 
Those are not the same thing.  And they are so-far non-respendable.

I still dont understand what he was saying.  If you do please speakup.


I think potentially a publicly auditable pooled mining protocol would be a
place to start thinking about respendble micropayments.  I made a post
on the bitcointalk forum outlining how that could be done:

https://bitcointalk.org/index.php?topic=1976.msg2035637#msg2035637

if you have a publicly auditable pool, where users can prove to each other
outside of the bitcoin transaction log that they contributed a number of
shares to a block, those could be traded somehow.  Possibly eg with the pool
keeping a double-spend db.  If the payments are low value, people maybe
happy trusting a pool.  If the pool cheats, everyone stops using the pool. 
You rely on the pool not to spend the backing bitcoin blocks.  But it
remains possible for the pool to cashout people who collected enough shares. 
Probably you could do that with blinding if desired.

>> [probabilistic micro-payments]
>
>I think you are misremembering [...] It is not a probabalistic scheme.

You are right I was thinking of Rivest's peppercoin.

>> In this way one can merge mine bitcoin & hashcash to the benefit of the
>> recipient (or some beneficiary trusted not to be paying the proceeds to the
>> spammer).  And in a way that scales to email scale, and does not involve
>> installing a bitcoin client in every client, nor mail server.
>
>Blockchain header data may very well be one of the most widely distributed
>single data sets in the history of mankind, and most of its closest cousins are
>definitions such as the ASCII table or near definitions like the DNS root
>servers. Not something with new data every 10 minutes.

Well there doesnt need to be a one-true-blockchain DNS, though the power to
output a hash at any reasonable rate is a big proportion of the network
power.  And the outputs are instantly verifiable, so it forms a kind of
trapdoor hashchain (where the trap door is not a secret but havng a huge
amount of CPU power).  And there can and should be many blockchain via DNS.

For namesaces in general another approach other than DHT/flood is numerous
competing hierarchical, heavily cached, but publicly auditable.  Cheaters
are shunned.  Same effect, more scalable, most people are not cheating most
of the time.

http://cypherspace.org/p2p/auditable-namespace.html

Adam



  reply	other threads:[~2013-05-13 10:54 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-11  4:53 [Bitcoin-development] Coinbase TxOut Hashcash Peter Todd
2013-05-11 10:22 ` [Bitcoin-development] merged mining hashcash & bitcoin (Re: Coinbase TxOut Hashcash) Adam Back
2013-05-13  7:31   ` John Dillon
2013-05-13 10:54     ` Adam Back [this message]
2013-05-13 18:38       ` Jeff Garzik
2013-05-13 21:12         ` Adam Back
2013-05-13 22:00           ` Jeff Garzik
2013-05-14  9:25             ` Adam Back
2013-05-14 16:50               ` Jeff Garzik
2013-05-14 20:07                 ` Adam Back
2013-05-14  2:30           ` John Dillon
2013-05-14 17:25         ` Mike Hearn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130513105408.GB3393@netbook.cypherspace.org \
    --to=adam@cypherspace.org \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=john.dillon892@googlemail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox