Releasing mining rewards over 50 weeks


#103

As far as I can see, most people in this thread are objecting to precisely what was proposed, and have not misunderstood this. The title of the thread is pretty clear, as was @Dodger’s initial description:

This was further clarified early in the thread.


#104

It’s very clear from beginning that the rewards are unlocked periodicly and not after just 50 weeks, that doesn’t change the fact the the full amount of reward will be owned just after 50 weeks.

I would make a calculation but we don’t have a network, difficulty, nothing. Even the mining reward is unknown for now. There are not enough values available to make whatever calculation other than a maybe electricity usage calculation IF ProgPOW is choosen which again is unclear.

Another approach could be to illustrate the principe to use just the current Asic algo and put the proposed time locking design on it:

Trying to make an example with Z9 mini @ 13 cents per kw/h (about worldwide average) = 1.24/day

  • For every week mined it currently would generate a income of $15.89
  • For electricity every week from income would need to be paid $8.68
  • each weekly share from time lock would be about $0.32 to be paid out

Trying to make a german miner example with Z9 mini @ 35 cents per kw/h = 3.36/day

  • For every week mined it currently would generate a income of $15.89
  • For electricity every week from income would need to be paid $23.52
  • each weekly share from time lock would be about $0.32 to be paid out

Trying to make a low cost china Z9 mini @ 2 cents per kw/h = 0.19/day

  • For every week mined it currently would generate a income of $15.89
  • For electricity every week from income would need to be paid $1.33
  • each weekly share from time lock would be about $0.32 to be paid out

While this fast calculation is nowhere accurate it indeed shows how again the low electricity region/industrial miner would profit most from it.

From the example it’s clearly visible that the low cost electricity miner would have to “invest” only $1 per week while the average cost miner would have to invest $8.34 per week.

For me there is no doubt that this is time lock approach is highly attractive for lost cost electricity mining operations. It’s like christmas for them in my opinion. Where else competition gets an additionally force out for free!

Edit: This doesn’t even include the hardware cost at about USD 800, would be likely about the same for the gpu…


#105

Thanks boxalex.
Would it mean that week 2, it would be 2 50ths week 3 3 50ths, etc?
EDIT: I read further explanations and I think I got it now :slight_smile:


#106

Yes, of course, but we must first know when the first share is paid. As it’s suggested to be 50 weeks payout there is a chance (not sure about this) that the first released timelock reward will happen 2 weeks later, could of course as well just the next week of course. Until clarification from a dev it’s speculation, but you got the idea as i see. Each week you would get paid out 32 cents or 1/50th from the week you mined.


#107

@Trololino has been permanently banned for wilful violation of the CoC, and threatening to bypass moderation by creating a new account.


#108

Security in POW = distributed PoS in disguise
Coins change POW to distribute hashrate more evenly among mining equipment (stake) holders. ASICs have a large stake, but it is concentrated. NiceHash renting is greatly distributed, but renters have no stake. A secure coin requires both a good distribution and a stake in the coin or txns. To be precise, it’s not distributed stake, but distributed provable losses in excess of the potential gains if there is a network partition by attack or accident. The electricity and equipment costs (the WORK in POW) are reduced when coins change POW, so the level of work is not proportional to security. Next paragraph gives another example. PoS attempts to take this to the limit, removing the work all together. The new PoS systems (Casper and Dfinity) are fixing the old problems.

Miner stakes protect BTC, not work
As hashrate shifts from the monopolistic stake your miners have in your coin to the free market of NiceHash renting, your POW gets hit with double spends and Cryptopia disables your coin. BTC is not immune, especially if lightning succeeds. If lightning allows 1000x multiplier on txns & BTC’s end game is 2% fees per coin transferred & it replaces USD ($40 triilion M2 velocity per year), then only $53,000 is needed for a 7-block 51% attack. (Actually, it will cost about $45k to gain $106k in fess and $530k in double spends if you had 10% of the txns on the public chain that gets voided). This assumes your hardware plus rentable equipment are 51% (actually 42%) of network hashrate. Therefore it is the stake that miners have placed into equipment that protects BTC, not work. New kinds of PoS work the same (requiring capital to be locked up). They require even higher levels of risk to their stake than BTC miners face.

POW coin creation is useful & better in combination PoS
POW can create value by proving there was waste. This makes it harder for people to realize it’s not providing security after the coins are generated. A PoS system could still use POW to allow users to create value without pools. They could create their own base txn, setting their own nBits value and disclosing the nonce that solves it, disclosing both in the txn that sends the new coin to their address. They just hash the txn with that nBits in it, then append the nonce. See bottom for how user fees determine the amount of coin that’s generated as a result of the nBits setting (the hashes/coin required).

How all this is related to topic at hand:

Security problem with delayed rewards
Delaying coins to miners is trying to make them more like stake holders, but it’s a “stake requirement” that does not clearly reduce ASICs from a larger coin (or renting) like the short-term benefit of a change in POW. It also does not reduce the risk of a double-spend like the new proof of risk (POR) types of PoS. But it would decrease total hashrate that would make a double-spend easier. Even as a pro-stake person, I see a problem.

Side note: Ideal Coin Idea
Users paying maybe 0.5% fees on txns would vote to increase or decrease the hashes/coin needed to get new coin (in the above coin creation) in order to keep constant value in the presence of Moore’s law. Past and future users are inherently motivated to target constant value. If past users effectively allow “pre-mines” (few hashes/coin), new users won’t join. Future users doing the same will collapse the coin from hodlers exiting at the prospect. So everyone will automatically adhere to a social contract of “constant value” or the coin dies (evolution will select coins that keep constant value). All coin parameters could be taken out of the hands of devs and put into the hands of the users paying the txn fees, in proportion to the fees, giving equal taxation with equal representation. The coin could evolve, with changeable parameters in each block header. (The votes are in the txns, so everything is atomic) such as max block size, block time, % fees, hashes/coin required to create your coin, and foundation’s address. I imagine coin-split schemes so that when blocks get full, the splits creating a hierarchy and each chain has an exchange rate with those above and below it in the hierarchy. The 0.5% fees go to foundation & distributed stake holders (Dfinity) who risk losing 10x the coins in txn if they attempt a double spend. So security is provided by POR = proof of risk that can exceed the stakes BTC miners have invested. And the Chinese government may not be able to control 74% of the stakes (if the Chinese get 74%) since it’s not in physical equipment. A big problem with this is that electricity is 1/2 price in China, so they get coin for less, so the POW for coin creation would be hardware-costly. Or instead of POW coin creation, use proof of burn or charity (BTC burning to trade your BTC for this new coin at an exchange rate determined by users in each block header).

P.S. [Moderation edit by @daira: personal attack on Zooko deleted.]

P.S.S. 51% on new PoS:
PoS could also have a 51% attack that prevents loss of capital. The capital itself that is being placed at risk (not the txns) could be “double-spent”. If the risk factor is 10x, then a large actor with 51% of the stakes (5x the txns in blocks) and 50% of the txns could double-spend the same block 11x to make a profit. Dfinity gets around this by randomly selecting the stakers from all the stakers. Doing that correctly is probably the hardest part because choosing block leader is little more than a random selection we all agree on. Everyone with coin could potentially be a staker, so an attacker would need 51% of the market capitalization of the coin to attack, which is a lot more than having 51% mining equipment in POW. The capital could be borrowed which would be like renting mining equipment.


#109

It was satirical.

However I was making the points that Zooko said were the benefits of time-locking. Why is this not a benefit for time locked founders rewards? Maybe if we locked them for up to 4 years, these benfits would take effect?

“would be a long-term investor in the value of ZEC and would have an economic incentive to protect the network,”.

“probably make more revenue than if we didn’t have the time-locking of rewards”.

“reap the benefits of the trailing coin rewards for up to a 4 years”

I know they are currently time-locked, I was just trying to put Zookos “benefits” into perspective. These are the only things he has said so far that support his claim, and they are ridiculous.

Why would they not count for founders rewards if it works for mining rewards?

EDIT: Also trying to affect Zookos money, so he can see how and why its a bad idea.


#110

I dont want my coins locked at all Zooko. Never. I dont know how hard that is to understand. Not 1 week, not 50 weeks. The coins are my money that I spent money to mine. Why should I have them locked up and unuseable?

Why would I want to get paid slowly over 50 weeks instead of just having MY money? I have yet to see you post ANY proof or studies showing how this is a good idea, you just keep repeating opinions with no basis in facts.

Ohh great, they are Opt-in. Ok as a GPU miner, I dont want to OPT-IN to time-locking, how can I turn it off to mine Zcash with a GPU when the new algo comes out…wait thats not what you mean.

This is not OPT-IN, this is, if you dont like it, dont mine it.

All we keep asking for is some type of proof.
Or maybe WHY Zooko thinks this way, and what has lead Zooko to this conclusion?
Why does Zooko feel so strongly that this is the right choice?
How many “experts” has Zooko talked to about this?
What studies have shown Zooko this is the correct choice.?
What sources does Zooko have, that makes him think this will have the effects he is looking for?


#111

The decision to time-lock a subset of future coins needs to be evaluated in the context of the following past decisions made by ZcashCo:

  1. ZcashCo decided to pay their investors in full during the first year. See https://z.cash/blog/continued-funding-and-transparency:

The investors will receive their share of the Founders’ Reward over the first year of mining. The rest of the founders will receive their share of the Founders’ Reward over the first four years of mining. (This doesn’t change the size of the Founders’ Reward per block — it is still 2.5 ⓩ for the founders and 10 ⓩ for the Miner for each block in the first four years. It just means more of the Founders’ Reward goes to the investors than to the other founders during the first year.

  1. ZcashCo decided to “frontload” the distribution of the Founder’s Reward to the first four years. In other words, the 2.1 million ZEC Founders Reward is 10% of the eventual 21 million total ZEC, but instead of distributing the 2.1 million ZEC as 10% of generated coins in perpetuity, they instead are distributing the 2.1 million ZEC as 20% of the coins generated during approximately the first four years.

Taken together, these two decisions show that it was important to at least some of the recipients of the Founders Reward that they receive their coins sooner rather than later.

I do not find persuasive the argument that the Founders Reward is effectively time-locked. @Daira nailed it in a post above:

But we’ve been told repeatedly that the Founders Reward is not a premine. In my opinion, it’s not a premine because it did not fully “vest” at the outset. Rather, it slowly vests over the first four years.

Where I differ from @Daira is that I do not view the proposal to time-lock the Founders Reward similar to what is proposed for the new algorithm as a either a straw man or satirical. I think no coins should be time-locked such that they are slowly distributed over 50 weeks, but if ZcashCo wants to time-lock the miner’s coins from the Alg-B blocks, the Founders Reward coins from the Alg-B blocks should be similarly time-locked. For coins from Alg-B blocks, I say: What is good for the goose is good for the gander.

True, the second-order effects that @Zooko points to do not apply the same way to recipients of the Founders Reward: The set of Founders Reward recipients is much more static that the future set of Alg-B miners, so time-locking the Alg-B Founders Reward coins will probably not significantly change the set of Founders, but time-locking the Alg-B miner coins could beneficially change the set of Alg-B miners as @Zooko has hypothesized. But this has to be balanced with the unfairness of, for a given Alg-B block, Founders being able to sell their coins before miners. For a given Alg-B block, because Founders would be able to sell the entirety of their Alg-B coins before miners can sell the entirety of their coins, the Founders would be better able to take advantage of spikes in the market price of ZEC. I think that is unfair.


#112

Folks, I had a great chat with Daira just now to go over her results regarding hashpower-security-analysis from the github ticket. It’s very interesting, and I still think it will take at least several weeks of security analysis to evaluate the security impacts of it. I’ll be deciding today whether the company will abandon Harmony Mining for NU2 or move ahead with it in the hopes that deeper analysis will show that it is secure. Daira is going back to working on ZIP0 so that we can have a more public evaluation process for NU3.


Is Zcash Still For You?
#113

This is interesting, Howard. My initial response was the same as Daira’s — that this doesn’t matter because the FR is already time-locked. But you’re right that it would actually be an effective difference. NU2 Blossom is going to kick in October 2019, which means there will be one year left of FR at that time. Your proposal would effectively just stretch that remaining FR out over two years instead of one.

It just so happens that splitting up which keys receive which portion of the Founders Reward (at least splitting up Electric Coin Company Dev Fund, Zcash Foundation Dev Fund, and the rest of the Founders Reward) is on the agenda for NU2 Blossom, so it is just barely possible that the technical work to change the lockups on some parts of the FR could be done in time.

One problem I have though is that I can’t really insist on changing the way rewards go to the other Founders unless they agree or unless it fits into the legal contracts that we are party to. The broader Zcash community could unilaterally change such consensus rules (but I think they won’t), but I don’t have as much freedom of action since I have simultaneously legal and moral obligations to my co-founders as well as moral obligations to the broader Zcash community. I guess I could potentially ask them if any of them would opt-in to an extension of the lockup on their part, possibly as a way to signal long-term intent and alignment. I would certainly consider opting-in my own share of the FR to extending the lockup, but my own share is less than 1%. (Miners get 80%, Zcash Foundation Fund is about 2% (most of which was pledged by me), ECC Dev Fund is about 2%, other Founders are about 15%.)


#114

This was kinda the point I was making also, they want to be paid upfront and not have their coins locked up, so why should miners have their coins locked up? Im not seeing the logic.

This is not my argument, its Zooko’s. I was just trying to put it into perspective by looking at it a different way.

If it was HIS money that was being locked up, does the things he is saying still make sense?
He has been giving examples to why miners should have their rewards locked and I was just trying to point out the fact its easier to say when its not your money or him not being affected. So i was just using his logic spun back at his money, does it still make sense?

Using Zooko’s logic
If Founders Rewards were time-locked for 4 more years after they were mined and we only paid a little out every week…

it would help them…
Zooko: “be a long-term investor in the value of ZEC and would have an economic incentive to protect the network,”.

Prices will go up in the future, so for them to use the rewards now is wasteful, if they wait they will…
Zooko: “probably make more revenue than if we didn’t have the time-locking of rewards”.

When the foundations rewards ends they can…
Zooko: “reap the benefits of the trailing coin rewards for up to 4 years”

These are the things Zooko has said about mining rewards. I dont see how they dont apply to time-locking the payouts of Zcashs Foundation Rewards. Sure the Foundation Rewards are already delayed with the creation of blocks, this is far from “TIME-LOCKED”, it is your funding schedule that you guys agreed to.

Im just trying to make the point, when its your money being locked up and unuseable, you think a little different about it. Sure its easy to lock the miners rewards because you are not a miner. It does no affect you. Im just trying to put what Zooko has has said as benefits are infact not.

But I agree, locking coins is not a good idea, for miners or founder rewards.


#115

As I mentioned in my meeting with Zooko, I believe that given prima facie evidence that a proposed consensus change may be a security regression (which I’ve already provided), the burden of proof should lie with its proponent(s) to show that it isn’t.


#116

I am against timelocking miner rewards; I broadly agree with @daira. It’s not clear to me what the benefit would be, and there are significant downsides. I think we should make mining Zcash as easy and profitable as possible without compromising the security of the network.

Disclaimer: I read the first ~half of this thread and the GitHub thread.


#117

…kinda neat this discussion is happening out ‘in the open’ with so many ZcashCo folks


#118

In my humble opinion, after reading all of the input and considerations, abandoning Harmony Mining seems like the best way forward. Dual-pow seemed like a cool idea, but not if it adds more attack vectors. Mining always becomes more centralized in a bear market (lowest electrical cost wins). With the 51% on ETC today, I don’t know if going away from ASICs is the right next step either. Thanks @hloo for your thoughtful weigh in on the FR.


#119

Zooko, this is a mischaracterization of Daira’s comment, which was not an accusation and only rendered judgment on actions, not people. Additionally, whether or not ZcashCo is behaving responsibly is a matter of opinion and people’s assessments differ. It’s okay to have hurt feelings, but we (I am speaking as a moderator) need you to be reasonably accurate in how you describe other people’s statements.


#120

I agree with you on everything but the ASIC part.

Thinking back to all the 51% attacks, how many were 100% GPU coins? I know alot of supposed GPU “ONLY” coins got hit, and then later we found out they had hidden ASICs for them, maybe its the ASICs causing all the attacks. If ProgPow can do what it says it can do, maybe this might be the answer.

But I dont see how time-locking GPUs only will fix anything. ASIC are the ones currently dumping the coins right now, there is no GPUs left mining. So why are these time-locks proposed for GPUs? It makes zero sense.

I believe the dual PoW is a bad idea, not just from a security stand point. AND if your going to penalize the GPU miners, its a ever WORSE idea. It has been almost 2 days now and I keep asking for

ANY proof that time-locking will have the effect Zooko says it will.

All he needs to do is post some, anything. I havent seen one shread of science showing this is a good idea.

All we keep asking for is some type of proof.
Or maybe WHY Zooko thinks this way, and what has lead Zooko to this conclusion?
Why does Zooko feel so strongly that this is the right choice?
How many “experts” has Zooko talked to about this?
What studies have shown Zooko this is the correct choice.?
What sources does Zooko have, that makes him think this will have the effects he is looking for?


#121

Miners who have locked-up rewards can always sell their private keys to buyers who trust them not to spend the newly-unlocked rewards first. Maybe it’s even possible to implement some kind of cross-chain smart contract that protects the buyer from the seller cheating and protects the seller from the buyer reneging on the deal if the exchange rate goes down. Depending on how the market for locked-up-ZEC private keys will look, the proposal doesn’t necessarily incentivize miners to be long-term investors in Zcash.


#122

The only known existing catastrophic failure in POW coins is double-spending attacks. It’s an over-riding concern. The two non-PoS decentralized ways to prevent them are 1) have a more evenly distributed hashrate aka prevent concentration of it and 2) create checkpoint if you’re able to prove the existence of
the distribution. (Begin side discussion of 2) Existence of the distribution can be assumed (but not proven) by nodes independently (without a consensus) create their own checkpoints by proving to themselves that network HR has not changed which proves there was not an accidental network partition therefore any future higher chain work is by actors who were not on the network when they were supposed to be. It’s a highest publicly consistent chain work rule instead of a strict POW. I pondered this possibility here. This is a less-well-known way to deal with the CAP theorem. (end side discussion)

In a sense delayed payments are the opposite of merge mining. Merge mining brings in disinterested parties and it generally causes problems, but it does raise HR which might protect it from 51% attacks. But coins seems to always regret it. It might increase selling pressure on the coin. By better marrying miners to the coin, delayed payments may have all the opposite consequences: higher price, not regretted by the devs, and more subject to 51% by reducing the higher hashrate that less-interested miners would give it. Higher hashrate helps prevent 51% attacks only if you are the largest coin for that POW, and it’s still no deterrent if ASICs suddenly appear or the smaller coins for that POW add up to enough to for a rental market to develop. If 20% of your stable HR is from renting and a miner has 15% of your HR that’s about to get outdated, he might as well perform a 51% attack (taking the 15+20=35% private would be a 54% attack on the remaining 65%) to get some double spends.

In short, delaying payment must 1st prove it helps keep HR from being concentratable.

It may stabilize price and difficulty independently, and stabilized price makes difficulty even more stable, but the only benefit I see to stable difficulty is if it were combined with a complicated checkpoint system that needs proof that the network HR is stable. The fundamental problem with that checkpoint idea is that it takes too many blocks to prove network HR is within +/-10% of say the past 24 hr average.

Concerning Zooko’s motivation behind this: marrying miners to the coin seems like a good idea. It forces them to be stronger stake holders aka it pushes out less dedicated miners. But removing dis-interested miners probably reduces hashrate and does not seem to directly increase the hashrate distribution. It should raise price which would give it an even higher price-to-difficulty ratio, increasing the chance of 51% attack from future ASICs, a larger coin with the same POW, or a renting market.

Security in cryptocoins is not based on high stakes (PoS) or high hashrate (POW). It’s based on keeping them distributed. We can’t measure or force the distribution because there’s no solution to the identity/uniqueness/sybil problem. BTC assumes being largest means “less concentratable”. PoS also depends on the stakes not being concentrated, which again implies the largest is safest. Hashrate (total work) is kinetic or heat energy & PoS is potential or internal energy, but they’re all just energies we use to get weights for votes that are connected to the physical world. They need to be distributed votes (>51% independent) to generate the independent random variable we need for selecting a specific block to be the leader. The fundamental advantage PoS has over POW is that PoS voters can be forced to risk more potential energy (value) than a double-spend would gain, but POW voters are only required to spend a small fraction of that amount. They can’t spend more energy on a block to protect it than the energy the txns represent, but PoS can risk a lot more than that to protect it. (The stake miners have in equipment is a potential energy in this context and it’s not merely a metaphor: silicon has more Gibbs free energy than almost any other material, surpassed by lithium & aluminum which make the best batteries. This “accident” is due to its extremely low entropy per atom that gives more control over the electrons flowing in it that makes it a very efficient thinking machine material so that less heat energy is produced when hashing. So a savings of heat energy is like a potential energy here. Like a PoS stake, you have to pay upfront for it to get this “potential energy” which results in less kinetic energy. )

Dual alternating POW seems problematic because an actor only needs to be really good at one to have a good chance of getting 3 in a row which gives a good head start on the 4th if he keeps the chain hidden, which is all the more problematic since he can get the 5th. In other words, you have to make sure both POWs meet the “even HR distribution” criteria to prevent double spends. Same thing for a simple parallel method and a more complicated parallel scheme seems to have a bad complexity/benefit ratio.

Combining several GPU-friendly POWs in each block could increase HR distribution by blocking out ASICs which has the side effects of increasing rental costs (which is good b/c it keeps HR distributed). Pigeon’s “shuffle” version of Raven’s x16r which is called x16s seems good. It consists of 16 POWs that users must solve in a shuffled order to get 1 block. I like this better than Raven’s random method because it will not have the same POW more than the others in a block, which throws off individual block times. The idea is that changing order makes it harder to create an ASIC or FPGA.