User:Gmaxwell/alt ideas

From Bitcoin Wiki
Revision as of 17:44, 4 February 2013 by Gmaxwell (talk | contribs) (some stuff)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Here are the ideas which I think would be most interesting to see in an altcoin. A few of these things may be possible as hardforking changes in Bitcoin too but some represent different security and economic tradeoffs and I don't think those could be ethically imposed on Bitcoin even if a simple majority of users wanted them (as they'd be forced onto the people who don't want them).

  • POW which involves queries against the UTXO set (set of spendable coins)
    • Basically a special kind of memory hard POW that proves that the miner has a complete copy of the UTXO set and that the miner is good at querying it
    • Can still be combined with merged mining.
  • UTXO aging
    • Abandoned UTXO should be forgotten and become unspendable.
    • Demurrage is one possible construction for this, but its economically and educationally complicated. Simpler would just be having a long but finite maximum. Unspendable coins could vanish forever, or be returned to mining— but returning the coins to mining is economically distorting and risks creating weird incentives ("I won't mine your txn because I want to collect its inputs as fees once you've been successfully denied")
  • Make all transactions P2SH
    • Simplicity and some space savings
  • Pruned history
    • Structure transactions so that the parts needed for validation (txins, scriptsigs) are separate from the output data (scriptpubkey, output and fee values) and put them in separate hash trees. All nodes fully prune all data more than a few thousand blocks back.
    • Massive space savings and improvements in syncup speed.
    • Massive security loss— an attacker that can construct a large reorg can steal all the transacted coin beyond a certain depth.
  • Normative and committed merkelized UTXO data structure
    • allows full validation of current blocks by storageless nodes with SPV security
    • Can be complimented by proof-of-misbehavior messages that show a block is invalid by packing up the tree fragments that provide the data needed to see its invalidity
  • Chain folding
    • If nodes don't actually need to validate old chain data (because of committed UTXO and pruned history), it would be possible to 'fold up' the historic chain: whenever— by chance— a header is found with an apparent difficulty greater than a summary target (some large multiple of the current difficulty) then the next block can have a summary header which has a PREV back to the prior summary as well as the prior blocks. Nodes which are validating just to gauge difficulty can skip the intermediate blocks. This can be applied recusrively
  • Adaptive block speed
    • If nodes can merge in orphans for the prior (few?) blocks then they can show evidence at the amount of forking which is happening. This could be used to achieve closed loop control of the block target speed. Thought would need to be given on what the right incentives would be to make sure that all the merging is done (the obvious thing to do would be to add the difficulty in for the best chain preference).
    • Merges wouldn't merge transactions, just difficulty.
    • Merges would bloat blocks, and very fast blocks would result in a lot of header data but these are less significant with folding (esp if summary blocks never included merges).
    • If blocks are fast that might incentivize not mining transactions. Aligning POW with the work of validation may help.
  • Support for ed25519 signatures and lamport signatures
    • Both are significantly faster than Bitcoin's ECDSA, lamport is QC hard but would result in enormous scriptsigs (less of an issue with pruned history).
  • Direct support for validating unblinded chaum tokens of some kind
    • Makes off-chain chaum banks easier to integrate (e.g. directly redeeming your offchain tokens onto the chain)
  • Switch to a value encoding which is arbitrary precision
    • Removes divisibility concerns forever
    • Perhaps allow coinbase votes to increase the permitted precision. (May also allow more compact transactions for typical transactions with a finite number of significant digits)

See also