This is by design. If you force the serialization of the hashes then they can't be verified quickly. But if you look in parallel for hashes with a given feature then you can verify the work much more quickly than finding it. That is: to 'prove' that I searched about 2^30 hashes it suffices to demonstrate a hash starting with 30 0s, and you can verify this with only one hash application. Charles Greathouse Analyst/Programmer Case Western Reserve University On Tue, Jul 15, 2014 at 2:06 PM, Warren D Smith <warren.wds@gmail.com> wrote:
I also perceive the following extremely stupid design flaw in bitcoin.
According to the bitcoin paper, you "prove work" by finding x so that hash(x) begins with n zeros in binary, an specifically, you keep incrementing x, starting from a known value x0, until such a new x is found.
Flaw: a parallel search using 1000 computers, will find that x 1000 times faster.
Better design: if instead of "incrementing" x, i.e. using x0, x1=1+x0, x2=1+x1, x3=1+x2, etc we tried x's in the order x0, x1=F(x0), x2=F(x1), x3=F(x2), etc where F is a strong encryption function, then this search would be inherently serial and not parallelizable.
Advantage: The goal is, it is supposed to be "hard" to find the new x. "Hard" should mean "requiring a certain amount of time, no matter how much money you have to buy more parallelism."
I repeat: this was an INCREDIBLY stupid design flaw in bitcoin, even assuming we do not debate, and simply accept, their whole design goals.
-- Warren D. Smith http://RangeVoting.org <-- add your endorsement (by clicking "endorse" as 1st step)
_______________________________________________ math-fun mailing list math-fun@mailman.xmission.com https://mailman.xmission.com/cgi-bin/mailman/listinfo/math-fun