Unfortunately, it's not viable. Proof of work needs to be "wasteful" (if you can consider validating transactions and keeping the network safe wasteful). I don't understand why so many people get angry at Bitcoin's use electricity and not at say, VISA's, or any other entity that isn't curing cancer.

Why do you say the proof of work needs to be "wasteful". The way I see it there are three major things:

1) It's hard to compute an answer (in bitcoin a low hash)

2) It's easy to verify an answer

3) The starting parameters can not be dictated by previous winners (the hash of the block in bitcoin)

This does not dictate that it can not be useful, in fact prime coin (http://primecoin.io/) could be used as an example of a cryptocurrency that has a moderately useful proof of work.

One proof of work could be based off of protein folding, however the parameters need to be chosen pesudo randomly or an attacker could store up a chain of multiple valid proofs of work then unlease a long chain all at once. So we can not direct the work, but the work can be done in a larger fertile space.

I would say primecoin is marginally useful at best.

I'm not angry about it, but I like to minimise waste. Visa wants to, and is better if it it can, minimise its computational overhead. Bitcoin is dependent on computational overhead. Seems like a very different situation.

I'm no expert--maybe it is necessary that the computation have no benefit other than being costly--but I don't understand why. If it does, I would welcome an explanation, though I recognize it's not your responsibility to educate me on the finer details of Bitcoin. :-)

The reason it is costly, is because it needs to be costly (sorry for the circular logic). ~3600 Bitcoin is given away each day to miners, which means that rational actors in the mining network are going to be able to spend that same amount in power on mining (~1M USD). That money is put into the Bitcoin network, as prevention of some kind of exploits on the blockchain. An attacker would need to spend that much in order to be able to fork the blockchain for any period of time.

As far as why it needs to have no benefit, the main reason is that the state of the blockchain needs to be transferred into a hard problem of some kind in order for the proof-of-work to work. You can think of each attempt at solving it is a "vote" for that particular version of the blockchain. If everyone could vote very fast on their own particular version of the blockchain, then it would very quickly pollute the bitcoin network, and consensus would be very difficult to achieve. If, instead each vote could be scored some way (randomly), and only one out of every thousand one of your votes for the state of the blockchain is broadcast to the bitcoin network, then that means it's going to be much less polluted, and much easier to come to some kind of consensus. By being random, the fact that you are able to send a vote at one out of every thousand, means that each vote really represents 1000 votes. This is how bitcoin works, but the thousand is a much larger number (200,000,000,000,000,000,000).

In the naive implementation, the proof of work could be done by having a function f(x) producing a number in [0, 1) based on x (and f is irreversible), and then submitting votes that are below/above some threshold. Suppose f is the protein folding problem, and f(x) is some energy on how well you folded it (I don't really know how folding works, but bear with me). The problem with this is you could sit in your basement for several weeks and solve a bunch of these problems, and then all at once use them to fork the blockchain by having several blocks that have a proof of work assigned. This means that the work that's being done needs to be related to the state of the blockchain that you're voting on somehow. Another way, is that there needs to be a function w : b -> f where b is the blockchain state that you are voting on, and it produces f. In bitcoin, this w function is the merkle tree of all the transactions in it, and f is sha2(sha2(blockheader with the merkle tree and x)). This step is what makes it very difficult to "do actual work" when mining, since it's hard to make a hard problem that is dependent on random data, that's actually useful.

Well, the fact that Visa are able to do four orders of magnitude more transactions that Bitcoin, at a minimum, indicates they're at least a great deal more efficient.

First of all, the number of transactions Bitcoin can make per unit of time is not set in stone, it depends on certain variables that will be adjusted over time. And it is a distributed system anyway, what did you expect? You can't have both the resilience of a distributed system, and the efficiency of a centralized one.

And second, you are comparing apples to oranges. Try comparing VISA (built on top closed networks and decades of bureaucracy) to services like Coinbase/Bitpay (built on top of Bitcoin) and we'll see who's more efficient.

There is also Proof of Stake to secure the network, which does not waste electricity as much and on top of that the amount of stake you get for each vote to secure the network could also be made dependent on the amount of work you do for a science project as measured by BOINC.

The identification of which user gets what amount of "Proof of research" bonus is done via hashed BOINC email, as the email in BOINC is private and cannot be accessed by others.

See my other post about gridcoin.

But this has two issues if i am reading this right:

1. Since only Gridcoin has the information of the users, than what is to prevent them from creating fake accounts that they themselves hold and paying themselves more Gridcoins?

2. Unless if every single donor has an encrypted Comodo (or something similar) email with Gridcoin, then emails can be stolen. And if gridcoin becomes valuable enough and emails are not encrypted, then its a sure thing that they will be stolen.

There is not "also Proof of Stake", because it's a flawed concept. What's at stake? Nothing. You can sell your coins before starting an attack, so you wouldn't be attacking yourself like you would with Bitcoin and proper mining. Might as well just use the USD or bottle caps as currency.

Heres a good analogy:

Visa and the banks are the old way of doing things, they are analog. Blockchain technology and Bitcoin are digital.

Years ago when analog signals had no longer been useful and became outdated, it became a law that all signal for television must be broadcast in digital. This was because analog required so much more energy and bandwidth then digital does.

What bitcoin offers is a replacement for all the energy and resources that are poured into money transmitters, banks, credit cards, and even recently wall street. The technology is expensive to run, but not more expensive than all of the above combined.

And to answer the question of transactions per second, the Bitcoin network is endless. The problem isnt how many transactions can you do, the problem is storage. The blockchain currently is 25 GBs of data that must be stored by many nodes. Though not everyone has to have a nod, if many do not and only big companies do, then it can become once again centralized. Even though 25 GBs is not that much, that is with only around 100-200,000 transactions a day in the BTC network. Visa does 2,000 a second alone.

So if the blockchain was to transact 2,000 a second, you are looking at PB hard drives in a year or so. That is the issue to be concerned with. here is a great article for reading on possibly solutions / problems https://en.bitcoin.it/wiki/Scalability

>Imagine if all that computation time were put to good, scientific use while still providing the same proof-of-work benefit.

Cryptographic hashes have the unique property that their difficulty is quite predictable, which is an absolute necessity for PoW based voting systems (like Bitcoin). I don't believe there are any known scientific computation problems that have the same desirable PoW properties as a cryptographic hash algorithm.

Also, they must be a lottery, in that it's lots of "easy" problems that have a small chance. Otherwise it weakens the "50% attack" by meaning that someone with the most computing power can efficiently "hard" problem much more reliably, rather than the their percentage of the total computing power.