Satoshi said "The nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime."[1]
Vitalik going from POW to POS is nonsense for any crypto electronic cash currency because people can not trust it if core design changes from time to time. Vitalik will probably come back again to POW after miners calm down.
Being able to change for the better is not nonsense, it's vital to the survival and stability of a coin. The #1 complaint about Bitcoin (especially on HN) is its excessive use of power. Moving to POS solves this problem. Moving to POS allows ETH to scale transaction processing where BTC cannot.
Miners are obviously angry because they spent millions (probably billions) on GPUs in warehouses to mine ETH, and this is threatening their profits. They're not the significant party when it comes to talking about ETH though. The users and larger ecosystem make up the significant parties.
POS will happen. ETH 2.0 will happen. This is why ETH is better than BTC -- it has a leader like Vitalik who is open to changes and knows how to lead implementation. If miners want to throw a tantrum in the process, so be it. We'll just leave them behind.
>And how much power does Google or Facebook consume?
In the case of google, almost an order of magnitude less than bitcoin, and it's 100% from buying renewable electricity (though because of the way energy markets work it's not quite like they don't depend on non-renewable sources). Renewable energy is in the minority of bitcoin energy usage (coal makes up a large fraction of this).
> And I'm not sure POS is a good solution because Satoshi would've used it or would've switched to it.
Satoshi is not omniscient. Just because Satoshi didn't come up with it doesn't mean it's a bad idea (in fact many of the ideas now integrated in bitcoin did not come from him).
Then devs should research and develop PoW which is more efficient and takes less energy and come up with solution that does additional useful work on top of verifying transactions.
'PoW which takes less energy' is an oxymoron. The whole point is to demonstrate cryptographically a certain amount of effort (combination of energy and efficiency of hardware implementing a deliberatly inefficient function) has taken place. The network adjusts the difficulty dynamically depending on the amount of effort being put in (basically the rewards are fixed: miners simply compete for a bigger slice of the pie by trying to put in more effort than their competitors). The only limit is when the miners stop making money off of it (and with the price of bitcoin they can buy a lot of energy and still make a profit). This is all by design and the whole point is to make it a lot more profitable to secure the system than to attack it. The only way to really reduce the energy use of coin is to reduce the block rewards or reduce the price. But at a certain point it's more profitable to attack the system than secure it, so it's a difficult balancing act. This one which bitcoin makes no attempt at: the block reward is set to automatically decrease over time at a fixed rate and this hasn't and isn't likely to change. There's no particular reason bitcoin's rewards are either not overkill or sufficient to secure the network against an attacker. Etherium takes a more practical view: because the currency has built-in adjustments which can be made by the foundation, in theory it can adjust the block reward dynamically to the right amount, though there's both political issues in terms of appeasing the miners when you cut their profit and technical issues in actually working out what is good enough.
Likewise 'doing additional useful work' is not something you can actually do in a trustless manner like with proof of work (at least not most useful work: certainly there's no task which you could use for mining which anyone actually needs the kind of energy bitcoin uses throwing at it). You need something which is easily distributable relative the to the amount of computing power needed to do it (and even SETI/Folding @ home are really struggling at this point with modern hardware: computing power has outgrown bandwidth substantially), and easy verifiable that the work has been done. There are cryptocurrencies which try to distribute coins based on contributions to distributed computing, but they rely on a central authority to do so, defeating the whole point of cryptocurrencies.
>The only way to really reduce the energy use of coin is to reduce the block rewards or reduce the price.
You can rewrite difficulty formula and make it easier to mine and therefore decrease energy consumption. Bitcoin's protocol is set in stone but if some dev likes to play with protocol like Vitalik he or she can do it. It would shift market and coin price downwards but if energy consumption is really a problem it is tax you have to pay.
>There's no particular reason bitcoin's rewards are either not overkill or sufficient to secure the network against an attacker.
Satoshi introduced blockchain checkpoint which basically enforces consensus.
"The security safeguard makes it so even if someone does have more than 50% of the network's CPU power, they can't try to go back and redo the block chain" [1]
This is centralized decision but it is better than changing protocol completely like Vitalik did (going from PoW to PoS).
>because the currency has built-in adjustments which can be made by the foundation, in theory it can adjust the block reward dynamically to the right amount, though there's both political issues in terms of appeasing the miners when you cut their profit and technical issues in actually working out what is good enough.
So centralized foundation controls decentralized network? And what is right amount?
>But at a certain point it's more profitable to attack the system than secure it, so it's a difficult balancing act.
How come? When all coins are mined miners will switch to transaction fees and they will compete for transaction fees. If you want faster confirmation time you will pay higher transaction fee for your transaction meaning miners earning more, you can do this now as well.
>Likewise 'doing additional useful work' is not something you can actually do in a trustless manner like with proof of work
It doesn't have to be additional useful work it can be in the core design of the proof of work.
In 2013 there was a coin called Primecoin which "computed chains of prime numbers (Cunningham and bi-twin chains), the results of which were published on its blockchain's public ledger, available for use by scientists, mathematicians, and anyone else."[2]
"Use of a proof-of-work system to calculate chains of prime numbers was an innovation that produced useful results while also meeting the criteria for a proof-of-work system: it involved a calculation that was difficult to perform but easy to verify, and the difficulty was adjustable."
It was first coin which had a proof of work with a practical use.
> You can rewrite difficulty formula and make it easier to mine and therefore decrease energy consumption. Bitcoin's protocol is set in stone but if some dev likes to play with protocol like Vitalik he or she can do it. It would shift market and coin price downwards but if energy consumption is really a problem it is tax you have to pay.
easy to mine == easy to attack. If you make it easier to do the miners (and attackers) will simply do it more (in fact an important attribute of proof of work is that the difficulty is dynamically adjustable to keep the block rate reasonably steady). Changing your proof of work does nothing but change the hardware miners are using. etherium has a function designed to work best (or at least close to best) on GPUs compared to bitcoin's which is most optimally implemented on an ASIC. You can also try to optimise for general purpose CPUs or FPGAs. But it does not change the amount of energy miners are incentivised to put in. Only changing the block reward does that. The whole deal with proof of work is that the work is what secures the network by incentivising miners to do more work than an attacker is willing or able to put in.
> Satoshi introduced blockchain checkpoint which basically enforces consensus.
This is a nice sanity check but it basically does nothing against 51% attacks. No realistic attack scenario involves a complete rewriting of the chain, nor is that necessary to make money or substantially destroy trust in the system. If you are waiting for your transaction to be in a checkpoint in a version rolled out to almost all bitcoin nodes, I submit that you have a cryptocurrency which is even less convenient for transactions than gold bars. It's also got nothing to do with whether bitcoin's block reward is well chosen or not.
> So centralized foundation controls decentralized network? And what is right amount?
Indeed. it can't rule entirely without the consent of the markets, but in practice it has a fair amount of control. And what is the right amount of proof of work is a very difficult question to answer. My main point is there's no particular reason bitcoin's reward structure (either block rewards or transaction fees) should correlate with it. Etherium at least in principle has more potential to react to changes in the situation, even if 'what the community/foundation thinks is the right amount' is also probably a relatively poor estimator of the correct level.
> computed chains of prime numbers (Cunningham and bi-twin chains), the results of which were published on its blockchain's public ledger, available for use by scientists, mathematicians, and anyone else
I would be interested in whether anyone actually used this information. I have similar reservations about other 'useful' proofs of work. I'll believe it when people are actually bidding to have their problems used in the chain (which is inevitable as soon as such a proof of work is useful).
Is it not plausible that developing the math to get a stable version of PoS, could take longer than Satoshi had before he dropped off the face of the interwebs?
I didn't read Ethereum whitepaper because I consider it to be a copy of Bitcoin but what was the purpose of POW then? Just to initially mine a distribute coins?
Looking at Ethereum whitepaper[1] I only found one mention of proof of stake:
"an alternative approach has been proposed called proof of stake, calculating the weight of a node as being proportional to its currency holdings and not computational resources; the discussion of the relative merits of the two approaches is beyond the scope of this paper but it should be noted that both approaches can be used to serve as the backbone of a cryptocurrency."
And why Satoshi didn't consider switching Bitcoin to POS if it is so good.
I didn't read Ethereum whitepaper because I consider it to be a copy of Bitcoin but what was the purpose of POW then? Just to initially mine a distribute coins?
Looking at Ethereum whitepaper[1] I only found one mention of proof of stake:
"an alternative approach has been proposed called proof of stake, calculating the weight of a node as being proportional to its currency holdings and not computational resources; the discussion of the relative merits of the two approaches is beyond the scope of this paper but it should be noted that both approaches can be used to serve as the backbone of a cryptocurrency."
And why Satoshi didn't consider switching Bitcoin to POS if it is so good.
Both didn't start with PoS because it's much more difficult to come up with a practical PoS design than a practical PoW design. I consider Casper CBC to be the first robust PoS design, and it took many years of research for it to developed. Look at peercoin for an example of an early PoS design that was fundamentally flawed.
PoW was ready back then, PoS tech was not there yet.
Vitalik going from POW to POS is nonsense for any crypto electronic cash currency because people can not trust it if core design changes from time to time. Vitalik will probably come back again to POW after miners calm down.
[1] https://bitcointalk.org/index.php?topic=195.msg1611#msg1611