Momentum 2.0 Discussion

[barwizi]

I think a core question is, do we want mining to be human scalable or capital scalable.

Current coins including protoshares are capital scalable, you can mine as much as you can spend money.   By requiring individual registration, or human-required interrupts like a rotating captcha you make it non-economical to run 3,000 servers if each server has an average 5 interrupts randomly per day.  Doesn't matter if it's a cloud miner, doesn't matter if it's botnet, the human element does not scale like the hardware does. 

To a certain extent this makes the guy with 40 computers in his garage the hardest working and best paid, requiring constant attention (5 interrupts x 40 divided by 24 hours in the day means an interrupt every 8.3 minutes).

I actually don't hate the idea of random interrupts, it incentivizes people run it on the computer they are actively working on because otherwise they'll be periodically checking at best or waiting for an email alert.  One imagines a new suite of tools will emerge to try and automate this, and that becomes the arms race improving captchas.

mining is meant to be fire and forget, that is why systen stabilty is one of the big five,

[Lighthouse]

I think a core question is, do we want mining to be human scalable or capital scalable.

Current coins including protoshares are capital scalable, you can mine as much as you can spend money.   By requiring individual registration, or human-required interrupts like a rotating captcha you make it non-economical to run 3,000 servers if each server has an average 5 interrupts randomly per day.  Doesn't matter if it's a cloud miner, doesn't matter if it's botnet, the human element does not scale like the hardware does. 

To a certain extent this makes the guy with 40 computers in his garage the hardest working and best paid, requiring constant attention (5 interrupts x 40 divided by 24 hours in the day means an interrupt every 8.3 minutes).

I actually don't hate the idea of random interrupts, it incentivizes people run it on the computer they are actively working on because otherwise they'll be periodically checking at best or waiting for an email alert.  One imagines a new suite of tools will emerge to try and automate this, and that becomes the arms race improving captchas.

[luckybit]

Don't be so concerned about botnets and ec2, botnets were and will always be out there, just accept it, if you got the criminal energy to control a 100k+ botnet you can mine whatever you like no matter what you do - this is starting to become a DRM vs warez analogy which always ended bad for the important part, the user / customer. And ec2 is always only a viable option at the beginning, it is not cost effective pretty soon unless you front a serious amount of cash which in turn could have bought rigs aswell - same same but different

Captcha's would make it so a human would have to be involved in the process of mining. Botnets cannot easily solve these captchas yet and when they can an update can change them. The original Bitcoin protocol has an alert functionality built in to tell the user to update and this could be extended to include alert captcha. That is just one solution. Another is to shuffle the algorithm in such a way that a botnet cannot optimize for it.

One thing about botnets is they run unattended. A popup alert which asks (are you a bot?) with a captcha would make it a lot harder to do botnets even if not impossible. I'm sure there are more creative ways too.

A solution to botnets is a human user authentication protocol. To come up with an optimal algorithm I recommend a SWOT analysis of the latest botnet technologies. What are the strengths and what are the limitations of botnets? The knowledge of limitations of botnets should be exploited in the protocol design. One example of a strength of a botnet is that it allows a central controller to control a bunch of computers at a time, potentially millions. The weakness of a botnet is the central controller is usually just one person or a group of people in an IRC chatroom and they cannot monitor 100 computers in real time 24/7.

The easy solution is to build in a reverse turing test and require every human miner solve the puzzle before they are allowed to mine. The botnet operator would have to solve each individual puzzle on each computer manually which would be as time consuming as the person using digital ocean. If the puzzle is designed right the botnet operator would not be able to solve it easily at all. For instance a lot of botnets rely on a keylogger so if you use the mouse for data entry then it would defeat the botnet. Additionally a game which is really simple like tic tac toe or something similar would be helpful as well. The most extreme solution is to just link all mining to a Keyhotee ID and have signed mining.

I don't know what algorithm would work best for an anti-botnet solution but I think it is necessary to find one if the DAC idea is to work long term. If there are botnets then proof of stake voting is impossible as it would be impossible to determine whether a real human voted or a botnet. The voting could be accomplished by code voting, but proof of stake is ruined if botnets have the highest stakes.

Unless you come up with an idea how to prevent a botcontrolled pc from mining but a normal one not without crippling everything and making the whole process a pain in the ass, thats the way it is and you are just whining because you think something is unfair - welcome to the real world.

There may be ways but none are easy to implement without bringing in some level of centralization. If you use captchas it would require either centralization or an external data stream. If you do some scheme with cellphone txt message authentication then the miner loses anonymity. Eventually the best solutions will make mining unprofitable for botnets and make mining a process where a human being has to attend to the process and interact with it somehow.

The lottery mining idea is great because it increases human interaction with the process which exploits the fact that botnets cannot gain any benefit from it because botnets don't have any human interaction capability. So a botnet is not going to benefit very much from a lottery like they would from a mining pool.

This is a good time for experimentation to find out if its theoretically possible to provide disincentives for botnets and incentives for humans.

[bytemaster]

Fast validation times are a requirement.   It is easy to make a memory hard pow that takes too long to verify. 


Sent from my iPhone using Tapatalk

[Sy]

Please, don't compare us with music industry, it has absolutely nothing to do. This is about a business model and how shares could be distributed, not about copyright.

1. We don't want to make it hard for everyone, just for botnets. And this is what this thread is all about.
2. Every good miner gets much less than it could if there were no botnets.
3. Invictus and their supporters get less if they put things easy to botnets.
4. Nobody says nothing against anonimity, but about identity, which is what Keyhotee is all about.
5. This is an idea of Invictus, they are free to impose the rules they want. If you don't like them, don't use the system or fork it.

¿Perhaps you have something to loose so you insist so much about not putting things difficult to botnets?

Na, just more realistic than the others out there who scream botnets are evil and unfair, why waste energy into something you can't change - and if, at any point, it makes it uncomfortable for the user, your main audience, it's not worth it.

[Pocket Sand]

I believe in the methods bytemaster has laid out earlier, for this currency to be decentralized, so does mining. By forcing licenses this currency becomes centralized and that defeats the purpose of DAC.

[phoenix]

I definitely like the idea of restoring the momentum to the POW algorithm. I think the comparison step might be to easy for a GPU, although that might not be a bad thing for the network, as long as it stays ASIC resistant.

[liberman]

Which brings me straight back to my prevous quote - dont make it a pain in the ass.

You guys sound like the music industry and mp3s - just accept that there is a part you can't control and don't make it hard for everyone else - you are not really missing out, every miner still gets the same with or without botnets mining.

This is the internet, you are doomed if you try to control everything - signed mining, seriously? For a currency which greatest benefit has always been anonymity... 

Please, don't compare us with music industry, it has absolutely nothing to do. This is about a business model and how shares could be distributed, not about copyright.

1. We don't want to make it hard for everyone, just for botnets. And this is what this thread is all about.
2. Every good miner gets much less than it could if there were no botnets.
3. Invictus and their supporters get less if they put things easy to botnets.
4. Nobody says nothing against anonimity, but about identity, which is what Keyhotee is all about.
5. This is an idea of Invictus, they are free to impose the rules they want. If you don't like them, don't use the system or fork it.

¿Perhaps you have something to loose so you insist so much about not putting things difficult to botnets?

[Sy]

Which brings me straight back to my prevous quote - dont make it a pain in the ass.

You guys sound like the music industry and mp3s - just accept that there is a part you can't control and don't make it hard for everyone else - you are not really missing out, every miner still gets the same with or without botnets mining.

This is the internet, you are doomed if you try to control everything - signed mining, seriously? For a currency which greatest benefit has always been anonymity... 

[liberman]

Don't be so concerned about botnets and ec2, botnets were and will always be out there, just accept it, if you got the criminal energy to control a 100k+ botnet you can mine whatever you like no matter what you do - this is starting to become a DRM vs warez analogy which always ended bad for the important part, the user / customer. And ec2 is always only a viable option at the beginning, it is not cost effective pretty soon unless you front a serious amount of cash which in turn could have bought rigs aswell - same same but different

EC2 is all right, as you have to pay for it. The only inconvenience is that at the end the money goes to Amazon.
But botnets... how can we accept those? Do we want criminals to be part of our organization?
I don't like the idea of sharing my parts with such people. And the more shares they STEAL, the less we decent people have.

Unless you come up with an idea how to prevent a botcontrolled pc from mining but a normal one not without crippling everything and making the whole process a pain in the ass, thats the way it is and you are just whining because you think something is unfair - welcome to the real world.

I had an idea that I put in the other thread. I just repeat it here:

Why don't you use signed mining?
I mean: to be a miner, you must be aproved by Invictus and recive a key to be able to mine, and any client which tries to mine without being signed cannot find a block. You can also impose limits on the amount one miner can mine.
Then, after the 6 months period, you just release a new version which removes the signing requirement.
You can even sell a license to mine, but please make it cheap.

I don't exactly know how this could be implemented, but I'm sure you can think ways.

And another answer from BitMinerN8:

I also had this idea on my way driving to work this morning. It's great to have so many people thinking about it. I don't have it fully fleshed out either, but I think we can all agree that we don't want it centralized. There needs to be some method of Mining Contracts or Mining DAC's that utilize Keyhotee ID's. Something that tied mining availability, the right to work, to a reward system. This along with difficulty keeps it from spinning out of control.

[Sy]

Don't be so concerned about botnets and ec2, botnets were and will always be out there, just accept it, if you got the criminal energy to control a 100k+ botnet you can mine whatever you like no matter what you do - this is starting to become a DRM vs warez analogy which always ended bad for the important part, the user / customer. And ec2 is always only a viable option at the beginning, it is not cost effective pretty soon unless you front a serious amount of cash which in turn could have bought rigs aswell - same same but different

EC2 is all right, as you have to pay for it. The only inconvenience is that at the end the money goes to Amazon.
But botnets... how can we accept those? Do we want criminals to be part of our organization?
I don't like the idea of sharing my parts with such people. And the more shares they STEAL, the less we decent people have.

Unless you come up with an idea how to prevent a botcontrolled pc from mining but a normal one not without crippling everything and making the whole process a pain in the ass, thats the way it is and you are just whining because you think something is unfair - welcome to the real world.

[liberman]

Don't be so concerned about botnets and ec2, botnets were and will always be out there, just accept it, if you got the criminal energy to control a 100k+ botnet you can mine whatever you like no matter what you do - this is starting to become a DRM vs warez analogy which always ended bad for the important part, the user / customer. And ec2 is always only a viable option at the beginning, it is not cost effective pretty soon unless you front a serious amount of cash which in turn could have bought rigs aswell - same same but different

EC2 is all right, as you have to pay for it. The only inconvenience is that at the end the money goes to Amazon.
But botnets... how can we accept those? Do we want criminals to be part of our organization?
I don't like the idea of sharing my parts with such people. And the more shares they STEAL, the less we decent people have.

[FreeTrade]

botnets were and will always be out there, just accept it, if you got the criminal energy to control a 100k+ botnet you can mine whatever you like no matter what you do

[Sy]

Keep in mind that you usually want a cpu coin to be mineable by everyone, the steps you are taking will reduce your audience to a smaller circle, those with more than 4 GB of RAM and such and yes, there are still ppl with 4 GB and less.

Avoiding GPUs and such is always a good thing, allowing gpus usually pushes out cpus thus shrinking the ppl who can mine even more.

Don't be so concerned about botnets and ec2, botnets were and will always be out there, just accept it, if you got the criminal energy to control a 100k+ botnet you can mine whatever you like no matter what you do - this is starting to become a DRM vs warez analogy which always ended bad for the important part, the user / customer. And ec2 is always only a viable option at the beginning, it is not cost effective pretty soon unless you front a serious amount of cash which in turn could have bought rigs aswell - same same but different

Concentrate on the core, faster retargets for the next one (4032 is really bad) and that maturing time are good.

[FreeTrade]

I'd like to suggest the following POW for consideration -

Step 1.
Generate 1GB-4GB of psuedo random data, maybe SHA512

Step 2.
Find pattern in this data
>Step 2.0 Choose starting byte, say byte 0, use nonce as seed.
>Step 2.1 Load sequential 1-2MB from data into L2 cache from starting byte
>Step 2.2 Perform simple conditional + arithmetic operations on 1-2MB data and seed to provide answer + new seed
>Step 2.3 Use answer at byte start location for next data set.
>Step 2.4 Repeat from 2.1  n times
>Step 2.5 If answer < x, problem solved
>Step 2.6 Choose new starting byte, say byte 1, repeat

Step 1 and 2.3 is designed to require minimum amount of RAM per process
Step 2.1 is designed to obviate any latency advantage of GPU
Step 2.2 is designed to harness the CPU's large L2 cache

The validation will take longer than Momentum 1.0 - as the validating system will need to generate the psuedorandom data used in the solution, maybe 20 or 40MB, but a miner will likely need to generate it all.