[Cryptography] Securing cryptocurrencies

Ray Dillinger bear at sonic.net
Wed Mar 11 00:52:28 EDT 2015 


On 03/10/2015 12:52 PM, ianG wrote:
>  I have suggested that the PoW algorithm
> should be something that could be more usefully used by the rest of
> society, like house-heating, but that suggestion seems to be
> philosophically blocked by a misreading of economics that says that the
> material used for uniqueness (paper, hashing) should be of NO use to the
> rest of society otherwise Gresham's law kicks in.

It is hard to create something that meets the needs of block
chain security which is also more generally useful. Cooperation
between nodes is limited both by bandwidth and by the fact that
the nodes are fundamentally competing.  Solutions need to be
easily checkable but difficult to find.  They have to be subject
to a measurable degree of successfulness or difficulty because
block chain security requires a meaningful difficulty adjustment
to regulate its block rate.  The problems that are being solved
must be unknowable until the previous block is published, because
otherwise someone could subvert block chain security by preparing
an 'attack sequence' of blocks in advance,

Simulation problems are mostly too long-running (meaning the
fastest computer wins *ALWAYS* rather than just at a rate
proportional to its speed advantage) and as hard to check as
they are to compute.

There is a cryptocurrency secured by an algorithm for finding
large prime numbers, but large prime numbers (with orders of
magnitude many times the order of magnitude of primes that are
beneficial for cryptography today) are only marginally useful.

What other useful calculations yield the properties needed for
block chain security?  Factoring is out, because for the problem
to exist there needs to be someone who knows what the factors
are before the contest starts.  Protein folding maybe?  But where
does a useful protein folding problem come from in the context
of being unknowable until the previous block is revealed and
having a solution verifiable in terms of the block chain?

What class of problems is "bottomless" in terms of being
capable of producing useful instances to solve, easy to check
but hard to find solutions for, has uniformly distributed
probabilistic solution time, has solutions gradable on
degree of correctness or can produce problems of graded
difficulty on demand, where the next instance to solve can
be revealed or specified by the previous block, and where the
finder of the previous block does not get to pose a special
form of the problem giving himself (or herself) an advantage
in finding the solution?

I agree with you in principle about the undesirability
of converting electricity into heat and otherwise-useless
hashes, but I just can't come up with anything.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150310/e491c123/attachment.sig>

More information about the cryptography mailing list