How to overthrow the GPU Oligarchs

Pooled generation: +1

Add more hash functions... how would this balance the generation? People with better hw would still generate more, in all hash functions. Maybe not GPU / massive parallel, but any problem more/better hardware can't help resolve is probably out of general user's boundaries.

GPU and unfairness. Realize that the hardware needed to stand a chance of generating isn't all that cutting edge or expensive. Any mid-level gamer machine has the engine to put out 20 or 30 million hashes/sec, at least. The real issue is software, as this gives the owner of such software a huge advantage for a very small price, thus people will obviously take advantage of this as long as possible.

I feel stupid, really. I could put a little more money/effort into this, say nothing about it, and generate away. Instead here I am with my sense of community duty and such... damn, I'll never get rich this way

If you feel strongly as to the need for fairness, why don't you Help the little ol CUDA developer?

My concern isn't really fairness, it's stability.

I buy about $20 worth of BTC each month, but I spend most of them straight away. What is keeping me from buying $1000 worth of BTC is my concern with the problems I mentioned. As a way of transferring money Bitcoin is great, as a way of saving money it is still too risky for my tastes. To succeed as a currency it must be good at both.

Thanks for the work you are doing.

It's always been the plan for block generation to not be profitable for most people. It's supposed to be done mainly by dedicated "backbone" entities. What's stronger: a thousand people producing 1 Gh/s with hardly any individual economic interest in preserving the network's integrity, or five businesses producing the same Gh/s that will fail if they or someone else destabilizes the network?

I'm not saying that GPU code shouldn't be made, but it's not fair to say that GPU generators are "taking without giving back". People dedicated to generating deserve a head-start on new technologies.

I was under the impression that coin generation was a way to make sure everyone had a fair chance of putting effort against coins, thus avoiding any central committee of deciding the future of bitcoins. Decentralized is the word, I believe...

But I get it, if you put the time and money into getting better miners, you should be able to keep it to yourself, so the 4way patch should never had been merged into mainline, as its creator would have 2x+ performance over the same machine running common clients.

I have to disagree here. Yes, competition is good and valuable, and people should not get into bitcoins for the mining alone, but if you let a small subset of people hold most of the future generated coins you are putting the whole project in danger of abuse and destruction... but I may be overreacting.

I'll be glad to stop posting code, buy some serious hw and just do the generation myself. As difficulty goes up and people stop generating, this gets more and more statistically interesting... you say I should, right?

Start a pool yourself. If you are generating 4000k/sec 10 others are generating 20,000k/sec combined, you get 4,000/24,000 of each block generated. Seems this code could be introduced. I don't think the GPU Oligarchs are making a mint, in fact, I bet they are losing money to my benefit.

I bet you could pay nelisky for proprietary code yourself. But, the economics won't work out.

It will if proof-of-work comes down to something as specialized as solving a single, well-defined, simple, and predictable hash function such as SHA-2.

We need to make proof-of-work more choatic and complex if we want to avoid this. 

SHA-2 was actually designed to be computationally EASY because it's original purpose was digital signing, not proof-of-work. 

Otherwise, it will end just like you say.

Think of this vision of the year 2020: 2/3 of the world's Ghash/s is controlled by just three companies. They manufacture their own specialilsed HPUs (hash processing units) and feed them with custom-built power plants. The Chinese goverment then persuades the three companies to double spend 10% of all transactions into the Chinese government's bitcoin address, in return the companies get an exclusive deal on the rare earths they badly need for the HPU manufacture. Some people leave Bitcoin for alternative currencies without the 10% "tax", but most tolerate it because by then Bitcoin is accepted almost universally.

The companies can raise fees if generations aren't enough to profit.

Every calculation can be made more efficient in hardware. Trying to prevent it is pointless. It'd be a lot like making effective DRM.

SHA is easy to calculate, but it's difficult to calculate a piece of data which will generate a given hash (which is [almost] what bitcoindoes). The proof of work must be difficult to calculate but easy to prove, which SHA is

How many Ghash's do you think Google would do if it started to generate?

Probably all of them, but difference would it make?  Even if they are willing to commit the full brunt of their computing resources to overtake the generation of new coins, they can't make them faster than the difficulty system would permit.  At least not for more than two weeks.  Nor can they do anything to manipulate the value of the coins already in existance, beyond the effects of the regular generation awards.  That's the beauty of the design, even Google couldn't do more than disrupt the system temporarily.  Even at this early stage, the total proof-of-work represents a supercomputing class cluster.  For what gain would anyone do such a thing?  For a max return of 50K coins over two weeks of supercomputing time?  Even Google doesn't have the computing power to rebuild the blockchain from the beginning.  Even if they did, to what end?  To steal a quarter million dollars in wealth?  Which would likely collapse the system if it could be done at all, so that value would drop to zero.  As we have seen, that difficulty level increases as the user base increases, regardless of an analysis as to the economics of each person generating.

I can accept that, however unlikely, a takeover of the system is possible; but if such a thing were to happen, it certainly wouldn't go unnoticed by the Bitcoin community.  From where I stand, the odds that the Federal Reserve will cease to exist and the FRN collapse is more likely to occur first.  For that matter, I would consider a worldwide extinction-level-event to be about as likely; but I'm not going to let the risks of a meteor strike stop me from walking out on the surface of the Earth.

This is already guaranteed because everyone has a unique public key in their block. You reminded me of another way that pools are bad, though: since everyone uses the same public key, they have to do weird things with extraNonce, which increases the size of the block header and makes generating more difficult for them.

Usually you can start the nonce at 0 because they block you are working on is made unique by the inclusion of your unique address in the generate transaction. If a group of people all send generates to the same address you need another number included to make sure that the members are not repeating work.

I have no idea how important that fact is, it doesn't seem like too big of a deal to me, but theymos can elaborate.

They wouldn't need to rebuild the blockchain from the beginning. They can double spend any transaction that happens after the 50% Ghash/s takeover. Of course, if they get too greedy, the system would collapse as users become fed up with their coins being stolen all the time. But what if they decide to double spend a certain "optimal income" percentage of transactions, just short of what will piss off most users?

But that effect would be totally insignificant.  Even the standard client is optimized so that it doesn't need to hash the entire block header if only the last part of it has changed.  That last part includes the nonce but not the extraNonce, so a larger extraNonce wouldn't cost anything for the vast majority of all hashes, namely those where only the normal nonce has been incremented.  With today's transaction volumes, the cost of hashing the extraNonce should be less than a millionth of a percent for pools with thousands of members. 

I'm just getting into this whole bitcoin thing. It seems to me already, though, that getting
great results from bitcoin mining would require a server farm, super computer, etc; worrying
about individuals taking advantage of their GPUs or crypto accelerators is probably pointless.
What can 30000 khash/s really get you? Maybe around the equivalent of $1.50 per day at
current difficulty levels? Not really a very efficient means of recouping the cost of an expensive
gaming rig.

I'd be much more concerned about what somebody with a botnet might be capable of.

This is the point of confusion.  extraNonce is not part of the block header, it is part of the first transaction.  It does not slow down your hashing.  It does not change the size of the header.

We need to be vigilant and nip in the bud any misconception that the contents of your block slows down your hash speed.  It doesn't.

extraNonce never needs to be very big.  We could reset it every second whenever the time changes if we wanted.  Worst case, if you didn't want to keep track of incrementing it, extraNonce could be 4 random bytes and the chance of wasting time from collision would be negligible.

Separate machines are automatically collision proof because they have different generated public keys in the first transaction.  That also goes for each thread too.