Replying to Avatar waxwing

Got on a sidetrack this morning and found this interesting little paper from 2004: "why proof of work doesn't work".

https://www.cl.cam.ac.uk/~rnc1/proofwork.pdf

(from a quick read of the conclusion, their argument doesn't appear that strong, but the basic idea is well known - attackers are prepared to spend a ton more to specialize, than ordinary users are, etc. etc.)

This paper might seem quaint to Bitcoiners who are convinced that PoW *does* work, but bear in mind: they are thinking of the spam problem specifically, and so their analysis could still be very relevant today, e.g. in the case of using PoW for systems like Tor or Lightning.

Interesting tidbit, the first author Ben Laurie is the guy, iirc, that invented "Lucre" an ecash system that is an early precursor of privacypass and cashu.

Avatar
Gustavo 2y ago

PoW without difficulty adjustment doesn't work.

The paper makes a bunch of assumptions that work for email but not Bitcoin mining. They assume that sending computer clients will remain slow while spammers can upgrade to fast computers.

In Bitcoin terms, that would be like saying you have to keep difficulty low because you have a lot of slower miners and that they couldn't participate otherwise. No, Bitcoin doesn't work like that, if a miner is slow and can't participate, tough luck, we don't compromise the Bitcoin network security because of that.

Reply to this note

Please Login to reply.

Discussion

Avatar
waxwing 2y ago

It's from 2004. Yes it does not apply to bitcoin. Whether this line of reasoning does apply to anti-spam/dos use cases like Tor, LN is more relevant but, anyway, well-trodden ground.