[Cryptography] Securing cryptocurrencies

ianG iang at iang.org
Thu Mar 12 09:36:51 EDT 2015 

On 11/03/2015 04:52 am, Ray Dillinger wrote:
>
>
> On 03/10/2015 12:52 PM, ianG wrote:
>>   I have suggested that the PoW algorithm
>> should be something that could be more usefully used by the rest of
>> society, like house-heating, but that suggestion seems to be
>> philosophically blocked by a misreading of economics that says that the
>> material used for uniqueness (paper, hashing) should be of NO use to the
>> rest of society otherwise Gresham's law kicks in.
>
> It is hard to create something that meets the needs of block
> chain security which is also more generally useful. Cooperation
> between nodes is limited both by bandwidth and by the fact that
> the nodes are fundamentally competing.  Solutions need to be
> easily checkable but difficult to find.  They have to be subject
> to a measurable degree of successfulness or difficulty because
> block chain security requires a meaningful difficulty adjustment
> to regulate its block rate.  The problems that are being solved
> must be unknowable until the previous block is published, because
> otherwise someone could subvert block chain security by preparing
> an 'attack sequence' of blocks in advance,
>
> Simulation problems are mostly too long-running (meaning the
> fastest computer wins *ALWAYS* rather than just at a rate
> proportional to its speed advantage) and as hard to check as
> they are to compute.
>
> There is a cryptocurrency secured by an algorithm for finding
> large prime numbers, but large prime numbers (with orders of
> magnitude many times the order of magnitude of primes that are
> beneficial for cryptography today) are only marginally useful.


Right, so thinking of this as a mathematical puzzle or a cryptography 
game isn't really better than marginal.  Peter Todd also suggested that 
we're testing SHA256 but that is only extraordinarily interesting for 
about 100 cryptographers...  the other 7.999.999.900 of us are a bit 
ho-hum over the point of that.

> What other useful calculations yield the properties needed for
> block chain security?  Factoring is out, because for the problem
> to exist there needs to be someone who knows what the factors
> are before the contest starts.  Protein folding maybe?  But where
> does a useful protein folding problem come from in the context
> of being unknowable until the previous block is revealed and
> having a solution verifiable in terms of the block chain?

So, think outside the box.  Here are my suggestions:

Room-heaters.  Build mining boxes that do 500w, 1kw, 2kw as room heaters 
and sell them for winter.  Those people who have to run electric heaters 
anyway will get a buzz out of an occasional lottery win.  Extra points 
if the heater plays a bingo chime.  Also, this does a nice distribution 
of hardware because your average family isn't going to be seriously 
mining these things for profit -- so we improve the distribution, the 
checking over the big miners.

Digital signing / encryption accelerators.  Instead of SHA256 which is 
boringly useless and fast, build an RSA 4098 variant.  E.g., change the 
crypto algorithm to something that is now "dual purpose".  The point 
here is you run it for 6m as a PoW box and then sell it to a corporation 
that does lots of RSA.  Better than scrap :)

(Quite what the algorithm of choice would be here, I don't know. 
Password crunching, of both forms... would require some thought, or 5 
mins asking someone at Akamai.)

More here.

http://financialcryptography.com/mt/archives/001518.html


> What class of problems is "bottomless" in terms of being
> capable of producing useful instances to solve, easy to check
> but hard to find solutions for, has uniformly distributed
> probabilistic solution time, has solutions gradable on
> degree of correctness or can produce problems of graded
> difficulty on demand, where the next instance to solve can
> be revealed or specified by the previous block, and where the
> finder of the previous block does not get to pose a special
> form of the problem giving himself (or herself) an advantage
> in finding the solution?
>
> I agree with you in principle about the undesirability
> of converting electricity into heat and otherwise-useless
> hashes, but I just can't come up with anything.

It's the problem that everyone loves to attack.  I've spent a lot of 
time on it too, and my answer is ... change everything.  But I'm still 
left with the fundamental coordination problem of a split/fork that has 
to be resolved at efficient cost.  Working on that very occasionally...

iang

More information about the cryptography mailing list