public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] Upgrading PoW algorithm
@ 2018-01-17 22:31 Jefferson Carpenter
  2018-01-18 16:36 ` Peter Todd
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Jefferson Carpenter @ 2018-01-17 22:31 UTC (permalink / raw)
  To: Bitcoin Protocol Discussion

Bitcoin's difficulty will be maxed out within about 400 years, by 
Moore's law.  (After that - supposing the software does not crash when 
difficulty overflows - block time will start decreasing, and it will not 
take long before blocks are mined faster than photons can be sent across 
the planet).

Bitcoin is the dominant cryptocurrency today, as the first mover: the 
perfectly fair worldwide game of inventing the cryptocurrency has been 
played and won.  However, unfortunately, it has a built-in end date: 
about 400 years from now.  After that, it won't necessarily be clear 
what the dominant cryptocurrency is.  It might be a lot like VHS vs 
Betamax, and a lot of people could lose a lot of money.  It seems to me, 
this could be mitigated by planning today for what we are going to do 
when Bitcoin finally breaks 400 years from now.

Are there any distinct plans today for migrating to a PoW supporting an 
even higher difficulty?


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [bitcoin-dev] Upgrading PoW algorithm
  2018-01-17 22:31 [bitcoin-dev] Upgrading PoW algorithm Jefferson Carpenter
@ 2018-01-18 16:36 ` Peter Todd
  2018-01-19 20:54 ` Jefferson Carpenter
  2018-01-20 18:36 ` Melvin Carvalho
  2 siblings, 0 replies; 6+ messages in thread
From: Peter Todd @ 2018-01-18 16:36 UTC (permalink / raw)
  To: Jefferson Carpenter, Bitcoin Protocol Discussion

[-- Attachment #1: Type: text/plain, Size: 985 bytes --]

On Wed, Jan 17, 2018 at 04:31:52PM -0600, Jefferson Carpenter via bitcoin-dev wrote:
> Bitcoin's difficulty will be maxed out within about 400 years, by Moore's
> law.  (After that - supposing the software does not crash when difficulty

There's no reason to think Moore's law will last for 400 years; if it did
mining Bitcoin blocks would require astronomical energy levels. I haven't
actually done the math, but having to convert a mass-energy equivalance of a
planet or two per block is probably an accurate lower-bound even with quantum
computers. Once we're at that point, the problem is the speed of light: we'll
run out of energy in our 10 minute light radius, and thus need to get it from
farther away, at which point the 10 minute block interval forces a hard fork
anyway because mining no longer is in consensus.

tl;dr: This is a topic for sci-fi writers, not bitcoin-dev

Also: https://xkcd.com/605/

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [bitcoin-dev] Upgrading PoW algorithm
  2018-01-17 22:31 [bitcoin-dev] Upgrading PoW algorithm Jefferson Carpenter
  2018-01-18 16:36 ` Peter Todd
@ 2018-01-19 20:54 ` Jefferson Carpenter
  2018-01-20  6:30   ` nullius
  2018-01-20 18:36 ` Melvin Carvalho
  2 siblings, 1 reply; 6+ messages in thread
From: Jefferson Carpenter @ 2018-01-19 20:54 UTC (permalink / raw)
  To: Bitcoin Protocol Discussion

Actually here's something we could possibly do:

Fork off a blockchain that accepts Bitcoin blocks with strictly less 
than max difficulty.  Because it does not accept max-difficulty blocks, 
it is a soft fork.  Additionally, if difficulty of a block is set to 
max, then the difficulty field is extended so that it represents a 
higher max difficulty under a different hashing function, maybe SHA512. 
Because this blockchain also accepts differently-formatted blocks, it is 
also a hard fork.

The idea is that this blockchain is identical to Bitcoin until the 
difficulty goes too high, at which point it diverges.

Transitioning from the current SHA256 to a higher-difficulty hashing 
function could be difficult, since they might be solvable at 
proportionally different hashrates.  In other words, max difficulty for 
SHA256 might be significantly faster than forcing the first 256 bits of 
a SHA512 hash...

On 1/17/2018 4:31 PM, Jefferson Carpenter wrote:
> Bitcoin's difficulty will be maxed out within about 400 years, by 
> Moore's law.  (After that - supposing the software does not crash when 
> difficulty overflows - block time will start decreasing, and it will not 
> take long before blocks are mined faster than photons can be sent across 
> the planet).
> 
> Bitcoin is the dominant cryptocurrency today, as the first mover: the 
> perfectly fair worldwide game of inventing the cryptocurrency has been 
> played and won.  However, unfortunately, it has a built-in end date: 
> about 400 years from now.  After that, it won't necessarily be clear 
> what the dominant cryptocurrency is.  It might be a lot like VHS vs 
> Betamax, and a lot of people could lose a lot of money.  It seems to me, 
> this could be mitigated by planning today for what we are going to do 
> when Bitcoin finally breaks 400 years from now.
> 
> Are there any distinct plans today for migrating to a PoW supporting an 
> even higher difficulty?


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [bitcoin-dev] Upgrading PoW algorithm
  2018-01-19 20:54 ` Jefferson Carpenter
@ 2018-01-20  6:30   ` nullius
  0 siblings, 0 replies; 6+ messages in thread
From: nullius @ 2018-01-20  6:30 UTC (permalink / raw)
  To: Jefferson Carpenter, Bitcoin Protocol Discussion

[-- Attachment #1: Type: text/plain, Size: 2404 bytes --]

On 2018-01-17 at 22:31:52 +0000, Jefferson Carpenter 
<jeffersoncarpenter2@gmail.com> wrote:
>Bitcoin's difficulty will be maxed out within about 400 years, by 
>Moore's law.

On 2018-01-19 at 20:54:52 +0000, Jefferson Carpenter 
<jeffersoncarpenter2@gmail.com> wrote:
>In other words, max difficulty for SHA256 might be significantly faster 
>than forcing the first 256 bits of a SHA512 hash...

“Moore’s law” is not a law of nature.  Indeed, chipmakers began bumping 
up against the limitations of *actual* natural laws about 15—20 years 
ago.  That is why instead of increasing core clock, they play the tricks 
which opened the way for Meltdown and Spectre.  Feature size, and thus 
transistor counts, will soon enough run into physical limitations, too.

But the scenario you describe does not even require such a discussion.

2^256 work for brute force is on the order of 10^77 hashes.  For the 
number of atoms in the observable universe, I’ve seen estimates ranging 
from 10^78 to 10^82.  Thus, you are suggesting that within 400 years, 
computers will be able to compute one hash for every myriad of atoms in 
the observable universe—perhaps one hash for every *ten* atoms.  
Moreover, you suggest that twenty-fourth century computers will do this 
fast enough to meet Bitcoin’s ten-minute target rate.

Such a proposition bypasses science, leaps over science fiction, and 
lands in the realm of religion.  Perhaps a deity could do this—using a 
computer made of other than matter, powered by other than energy.  
Humans will *never* be capable of such a feat:  Not now, and not in a 
billion years.  Certainly not a mere four centuries hence!

(I do not here positively exclude the possibility, however slim, that 
mathematical breakthroughs may yield a preimage attack on SHA-256 which 
is significantly better than bruteforce.  I *do* positively declare it 
impossible that Earth-beings will ever be capable of performing 2^256 
work.  Or even 2^128 work, for that matter.)

-- 
nullius@nym.zone | PGP ECC: 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C
Bitcoin: bc1qcash96s5jqppzsp8hy8swkggf7f6agex98an7h | (Segwit nested:
3NULL3ZCUXr7RDLxXeLPDMZDZYxuaYkCnG)  (PGP RSA: 0x36EBB4AB699A10EE)
“‘If you’re not doing anything wrong, you have nothing to hide.’
No!  Because I do nothing wrong, I have nothing to show.” — nullius

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [bitcoin-dev] Upgrading PoW algorithm
  2018-01-17 22:31 [bitcoin-dev] Upgrading PoW algorithm Jefferson Carpenter
  2018-01-18 16:36 ` Peter Todd
  2018-01-19 20:54 ` Jefferson Carpenter
@ 2018-01-20 18:36 ` Melvin Carvalho
  2018-01-21 15:29   ` Glen Peterson
  2 siblings, 1 reply; 6+ messages in thread
From: Melvin Carvalho @ 2018-01-20 18:36 UTC (permalink / raw)
  To: Jefferson Carpenter, Bitcoin Protocol Discussion

[-- Attachment #1: Type: text/plain, Size: 1885 bytes --]

On 17 January 2018 at 23:31, Jefferson Carpenter via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Bitcoin's difficulty will be maxed out within about 400 years, by Moore's
> law.  (After that - supposing the software does not crash when difficulty
> overflows - block time will start decreasing, and it will not take long
> before blocks are mined faster than photons can be sent across the planet).
>
> Bitcoin is the dominant cryptocurrency today, as the first mover: the
> perfectly fair worldwide game of inventing the cryptocurrency has been
> played and won.  However, unfortunately, it has a built-in end date: about
> 400 years from now.  After that, it won't necessarily be clear what the
> dominant cryptocurrency is.  It might be a lot like VHS vs Betamax, and a
> lot of people could lose a lot of money.  It seems to me, this could be
> mitigated by planning today for what we are going to do when Bitcoin
> finally breaks 400 years from now.
>
> Are there any distinct plans today for migrating to a PoW supporting an
> even higher difficulty?
>

Crypto algorithms have a lifetime, and consensus is no different.

Is it likely to be more than a few years?  Yes.

Is likely to be less than a few hundred years.  Yes.

Every algorithm involves trade offs and it's the job of a thoughtful dev
team to examine those trade offs and come to a consensus optimal solution.

This field is only 9 years old, and there is a large amount of R & D in
this area.  So we can evaluate what seems to working better and what seems
to be working worse, transfer that to BIPs, create code, test it, try to
achieve consensus.  The normal path that has served free software projects
well.


> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

[-- Attachment #2: Type: text/html, Size: 2710 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [bitcoin-dev] Upgrading PoW algorithm
  2018-01-20 18:36 ` Melvin Carvalho
@ 2018-01-21 15:29   ` Glen Peterson
  0 siblings, 0 replies; 6+ messages in thread
From: Glen Peterson @ 2018-01-21 15:29 UTC (permalink / raw)
  To: Bitcoin Protocol Discussion

Popular hashing algorithms have historically managed 10-15 years of
intense use before flaws are found in the algorithm.  This chart
suggests SHA-256 is already aging:
http://valerieaurora.org/hash.html
If history is any guide, any long-term cryptocurrency/blockchain will
need the cryptography updated every decade or so.

On Sat, Jan 20, 2018 at 1:36 PM, Melvin Carvalho via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>
> On 17 January 2018 at 23:31, Jefferson Carpenter via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
>>
>> Bitcoin's difficulty will be maxed out within about 400 years, by Moore's
>> law.  (After that - supposing the software does not crash when difficulty
>> overflows - block time will start decreasing, and it will not take long
>> before blocks are mined faster than photons can be sent across the planet).
>>
>> Bitcoin is the dominant cryptocurrency today, as the first mover: the
>> perfectly fair worldwide game of inventing the cryptocurrency has been
>> played and won.  However, unfortunately, it has a built-in end date: about
>> 400 years from now.  After that, it won't necessarily be clear what the
>> dominant cryptocurrency is.  It might be a lot like VHS vs Betamax, and a
>> lot of people could lose a lot of money.  It seems to me, this could be
>> mitigated by planning today for what we are going to do when Bitcoin finally
>> breaks 400 years from now.
>>
>> Are there any distinct plans today for migrating to a PoW supporting an
>> even higher difficulty?
>
>
> Crypto algorithms have a lifetime, and consensus is no different.
>
> Is it likely to be more than a few years?  Yes.
>
> Is likely to be less than a few hundred years.  Yes.
>
> Every algorithm involves trade offs and it's the job of a thoughtful dev
> team to examine those trade offs and come to a consensus optimal solution.
>
> This field is only 9 years old, and there is a large amount of R & D in this
> area.  So we can evaluate what seems to working better and what seems to be
> working worse, transfer that to BIPs, create code, test it, try to achieve
> consensus.  The normal path that has served free software projects well.
>
>>
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>



-- 
Glen K. Peterson
(828) 393-0081


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2018-01-21 15:29 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-17 22:31 [bitcoin-dev] Upgrading PoW algorithm Jefferson Carpenter
2018-01-18 16:36 ` Peter Todd
2018-01-19 20:54 ` Jefferson Carpenter
2018-01-20  6:30   ` nullius
2018-01-20 18:36 ` Melvin Carvalho
2018-01-21 15:29   ` Glen Peterson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox