One of the arguments made against Bitcoin's design choices is that it wastes resources authenticating transactions. In particular, finding small hashes is completely useless for the world.
Are there approaches (or other crypto-currencies) that use proof-of-work by working on some useful difficult problem? There are plenty of projects like SETI@home or Folding@home that distribute difficult but potentially useful calculations among different users, is there a way to use such useful calculations for building a proof-of-work system in a crypto-currency, or is there a fundamental reason (economic or computational) that a proof-of-work must involve useless work?
asked Sep 1, 2011 at 4:10
7
I think the premise of the question is not correct. The work is not useless, it secures the transactions. The public hash chain ensures that Bitcoins can only be spent once. The mechanism piles computations on top of legitimate transactions so that the recipient knows that an attacker would need at least as much computing ability to "undo" the transaction.
There is currently no known way to make the work more useful. The problem is that the primary purpose of securing transactions imposes a number of requirements on the work done:
- The work must be much, much easier to verify than to do. So it pretty much has to consist of searching for something rare, doing billions of searches to test if an input has a particular characteristic. That way the verification simply requires confirming that the input you found has that characteristic.
- The work must in fact secure the transactions and not be severable from them. If I see that you sent me 10 Bitcoins and then billions of computations are piled on top of that, it must not be possible to remove that transaction and then pile those same computations on top of a conflicting transaction. So you can't use the result of an arbitrary chunk of work to prove work on the Bitcoin chain.
It's hard to imagine any additional useful work that could be accomplished while still meeting these requirements.
2,1282 gold badges18 silver badges28 bronze badges
answered Sep 1, 2011 at 5:27
6
Primecoin is the first:
A new type of proof-of-work based on searching for prime numbers is introduced in peer-to-peer cryptocurrency designs. Three types of prime chains known as Cunningham chain of first kind, Cunningham chain of second kind and bi-twin chain are qualified as proof-of-work. Prime chain is linked to block hash to preserve the security property of Nakamoto’s Bitcoin, while a continuous difficulty evaluation scheme is designed to allow prime chain to act as adjustable-difficulty proof-of-work in a Bitcoin like cryptocurrency.
Check http://ppcoin.org/primecoin
One can question the use of knowing Cunningham chains of primes but it's arguably more useful than finding hashes with sequences of zeroes. And often with math the practical use is only found later. (There's even prize money involved: "$250,000 to the first individual or group who discovers a prime number with at least 1,000,000,000 decimal digits", from the EFF, no less, https://www.eff.org/awards/coop)
Here's an in-depth article about this question: Ask Ars: Why spend time and money finding new prime numbers?
Most of all, now that there's one mathematically useful coin more will probably follow.
Curecoin is another very interesting approach, with merged mining. 45% of new coins for SHA miners, for blockchain security, 45% for protein folding GPU/CPU power. 10% goes to development.
answered Jul 23, 2013 at 22:18
5
NooShare is an idea for:
a decentralised ledger similar to Bitcoin with the novel feature that its proofs of work are iterations of essentially arbitrary Markov-Chain Monte-Carlo (MCMC) chains, the scheduling of which can be purchased using the currency itself. It is a novel economic basis for sharing fallow computational resources.
I don't know if it moved passed the initial design phase, but it's worth a read.
2
Assume for a second that we found a proof of work algorithm that had all of the good properties of sha256, but was also useful for SETI and maintaining world peace.
Now suppose a group of miners collectively have more than 51% of the hashing power. In which of the following scenarios are they more likely to collude to double spend via a 51% attack:
A) When the proof of work algorithm is something like sha256 and is only useful for securing the bitcoin network
B) When the proof of work algorithm helps find aliens and maintain world peace in addition to securing the bitcoin network.
In Scenario B, if BTC lost all of its value due to a 51% attack/double spend, miners' hardware would still be valuable because although it couldn't mine bitcoin, it could still find aliens and maintain world peace.
In Scenario A, if BTC were to lose its value, miners' hardware would go down with it, due to said hardware's uselessness for anything other than mining bitcoin.
In short, having a "useless" proof of work algorithm (where "useless" just means being able to secure the bitcoin network and nothing else) is a plus (for the bitcoin network,) because miners will be less tempted to trash bitcoin, knowing that their hardware would be worthless if they were to do so.
1
"Merged Mining" (simultaneously mining on multiple block chains with the same amount of work) may not be useful in a "real-world" sense, but at least it also produces Namecoins or Solidcoins or what have you in the process of producing Bitcoins.
No, because there is a significant advantage in requiring that the work be done on the actual transaction record, and not on any arbitrary problem.
By making the problem include the transaction record data, it makes any changes to the transaction history require providing a new solution, and this prevents a party from slowly 'storing' solutions, and releasing them all at once, since there are always new blocks of transactions being added to the block-chain, which means the required solution keeps changing, depending what the last block of transactions is.
answered Jul 14, 2013 at 18:44
If you made the computation "useful" in some other sense, then in principle you could just sell that "useful" output, and thereby decrease the net economic expenditure securing the blockchain, making it less secured. So bitcoin's "useless" computation is useful, whether or not it has another use.
I recently answered this question on my blog, more details can be found here: https://blog.sldx.com/is-bitcoins-proof-of-work-useless-work-a411480d3eb3
answered Dec 14, 2015 at 16:28
2
I thought I would give the answer I know to this question, and that is an economic one.
One of the reasons for using proof-of-work (apart from the technical usefulness) is as a way to inherently give the currency value. If the currency value is too high, to the point that it costs less to buy the computing power to counterfeit currency than it does to buy the currency directly, then there is an economic incentive to counterfeit and stabilize the price.
If we use a problem that is not useless, then there is a chance that it will be more useful to some that to others. As an example, solving an instance of problem X might generate income of $Y for person N, and no income for person M. (Say we are folding proteins and person N is a pharmaceutics company that can use this to build a new drug, while person M is a random person). Then, if it costs $K to counterfeit the currency by buying computing time, then for person N it would cost $(K - Y) while for person M it would cost $K. This could lead to a destabilization of the value of the currency.
Thus, if there is a useful problem, it must be equally useful to ALL users of the currency.
answered Sep 1, 2011 at 5:00
5
Another excellent reason to select an algorithm that is not useful in any other context other than bitcoin alone is so that the infrastructure prepared for the purposes of securing bitcoin alone is only ever incentive-compatible with securing bitcoin.
Consider the recent introduction of numerous altcoins that share the same PoW algorithms, if the work that being done is meaningful in various contexts then miners will not be dedicated to securing bitcoin as there are economic considerations as to what the work should be spent to contribute to. For example, due to Bitcoin Cash and Bitcoin sharing the same SHA256d PoW algorithm, there's been greater volatility in hash-rate in both cryptocurrency which indirectly weakens security as some proportion of work has to be re-directed elsewhere and it also reduces usability experience to due greater variance in block inter-arrival times.
This post is old, but I got redirected here and read many comments.
Many arguments about why the algoritm shoulndt do nothing outside the system have a workarround.
Some say that the solution having an extrincic value could desestabilize the system because of usefull solutions having intrinsic value.
I mean houmans are specialized in tasks and grouped by their specialization, one group knows little about the other and then cross platform solutions scarse.
For a start, there's gold and it have uses so it also has intrinsic value, there's gold on our computers, our teeth and lots of stuff meant to be durable, it's not usefull as a car or a kilogram of potatoes though.
An equivalent of gold in calculations would be any problem that hasn't any direct application and possible will never have but it's still usefull for knowledge just to satisfy curiosity, there's lots of unapplied math problems of this kind I think and they're worthless because nobody would care about it, yet is a problem intresting for humans that got a solution.
Other thing to add is that computer power incresed since this post and bitcoin somehow operated to maintain value by adding difficulty, hence as far as I know (not very much), mantaining transactions is an easy problem now so an additional task of solving the hawkings radiation would be an added difficulty that I assure you has a f*** of economic value.
I can question myself is the real problem is economist knowing few of unpractical solutions outside they're self made system, and that there is a miracle that some hackers involved to create the bitcoin.
answered Jun 3, 2021 at 17:54
Explore related questions
See similar questions with these tags.