being able to mint from 2 computers using multisig, does it work similar to say, minting with half a key from one location and the other half from the other location?
Would people be able to find 2 trustworthy enough pools to send them their multisig private keys?
what if you can give one the half of your keys and the other one the other half, and make sure they both don’t know each other (and make some way they will never learn from each existence)
the thing is there are 2 risks:
a) for the user: to lose the coins
b) for the coin in general: 51% attack
minting only key is good for a) but bad for b)
private key only (like now) is good for b) but bad for a) [with indirect result that few ppl mint, so also bad for b)]
multisig private key is average for both a) and b) (which may be the optimal combination)
imagine using a 2-of-2 private key for minting, one is kept on your everyday computer and the other one on a pool/online wallet:
-if u have malware on your computer it’s no prob as there is just 1 key there
-if the pool goes crazy no problem as they just have 1 key too
[quote=“superppc, post:114, topic:2336”]imagine using a 2-of-2 private key for minting, one is kept on your everyday computer and the other one on a pool/online wallet:
-if u have malware on your computer it’s no prob as there is just 1 key there
-if the pool goes crazy no problem as they just have 1 key too[/quote]
However you still have to keep your computer on at all times.
By the way, isn’t pool-minting dangerous for the pool as well? If the pool charges a minting fee, the pool could be cheated if the owner of the “winning output” broadcasts a solo-minted block before the pool broadcasts its own, thus denying the pool its cut. This incentivizes a form of double minting.
then pools may have to charge the customer directly, no big deal as their marginal cost is close to zero (it’s pure profit for them). could even be a small monthly fee for example
[quote=“superppc, post:114, topic:2336”]the thing is there are 2 risks:
a) for the user: to lose the coins
b) for the coin in general: 51% attack
minting only key is good for a) but bad for b)
private key only (like now) is good for b) but bad for a) [with indirect result that few ppl mint, so also bad for b)]
multisig private key is average for both a) and b) (which may be the optimal combination)[/quote]
This is very simplified.
I disagree minting only key is bad for b). By making minting 100% safe it will bring in a lot of new minters and that is good for b). Even providers are good because they bring people who can’t run a client 24/7. As I explained before I don’t believe the providers will grow enough to be a concern. Most people will just run their own client, and the others will not choose a provider based on its size so the vicious circle that inevitably leads to always bigger providers do not exist.
[quote=“superppc, post:114, topic:2336”]imagine using a 2-of-2 private key for minting, one is kept on your everyday computer and the other one on a pool/online wallet:
-if u have malware on your computer it’s no prob as there is just 1 key there
-if the pool goes crazy no problem as they just have 1 key too[/quote]
Who is choosing the transactions to be included in the block?
If it’s only the pool then from the network security point of view it’s equivalent to giving the pool your minting abilities.
If your own client verifies the transactions then you risk rejecting blocks because of lag. It’s equivalent to solo minting with an additional chance of missing some blocks.
And you still have the risk of both being compromised. It may be a very small risk, but for people holding a large amount of peercoins I think it would still be too high. And that’s the people who would help securing the network the most.
Sigmike, in the v0.5 cold minting feature you’re working on, does the holder of the minting key control the generated newly-minted coins, to discourage (but not prevent) pool formation? Is there somewhere we can read details on the solution you and Sunny are implementing? Thanks!
[quote=“sigmike, post:117, topic:2336”]This is very simplified.
I disagree minting only key is bad for b). By making minting 100% safe it will bring in a lot of new minters and that is good for b). Even providers are good because they bring people who can’t run a client 24/7. As I explained before I don’t believe the providers will grow enough to be a concern. Most people will just run their own client, and the others will not choose a provider based on its size so the vicious circle that inevitably leads to always bigger providers do not exist.[/quote]
why should they run their own client if there is a free pool that runs 24/7 and there is 0 risk of losing coins? there is no guarantee a single pool will not hit 51%, just like ghash did for btc.
[quote=“superppc, post:119, topic:2336”][quote=“sigmike, post:117, topic:2336”]This is very simplified.
I disagree minting only key is bad for b). By making minting 100% safe it will bring in a lot of new minters and that is good for b). Even providers are good because they bring people who can’t run a client 24/7. As I explained before I don’t believe the providers will grow enough to be a concern. Most people will just run their own client, and the others will not choose a provider based on its size so the vicious circle that inevitably leads to always bigger providers do not exist.[/quote]
why should they run their own client if there is a free pool that runs 24/7 and there is 0 risk of losing coins? there is no guarantee a single pool will not hit 51%, just like ghash did for btc.[/quote]
Holding the minting key won’t mean you will get the reward as it can be send to some other address. Each pool will have to explicitly claim fees from users, and they will most probably have to be paid in advance. That might be a show stopper for most people.
But pools might be needed for small stake holders as it is described there: http://www.peercointalk.org/index.php?topic=3029
if this is correct then there would be an incentive for big pools.
Sigmike, why will most people run their own client? If a user can keep coins in cold storage, and release a minting key to a pool, that would save electricity, hardware cost, and hassle vs. running their own client. What is the disincentive to do this?
Sigmike, why will most people run their own client? If a user can keep coins in cold storage, and release a minting key to a pool, that would save electricity, hardware cost, and hassle vs. running their own client. What is the disincentive to do this?[/quote]
Would also be keen to hear the reasoning behind this. As soon as there is a trustworthy entity doing this, many would go for this (laziness factor, tragedy of the commons etc.). This will result in large pools increasing the risk of 51% attack.
The only reason imo that this wouldn’t happen is that individuals would put the community interest above their own short term interest. Although examples of this do exist (philantropy) they are very rare.
This was posted in another thread. I just wanted to move it over here, because I feel it’s relevant.
Should we interpret this to mean that sigmike’s proposal is the chosen solution?
Personally, I think it is the best candidate, but there have been many proposals and I would be very interested to know if there have been any evolutions in Mike’s thoughts.[/quote]
Yes, discussion about this is still ongoing in the main cold-minting thread. Are you and Sigmike taking into consideration everything being proposed in that thread, or is the original proposal a done deal?[/quote]
So far I think Mike’s proposal has been quite solid. It also includes disincentive against publishing of minting key. It’s still a work in progress, so comments and suggestions are still open.[/quote]
I’m interested to know if the approach has a way to disincentive pool minting[/quote]
Mike posted some reply earlier:
I would like to mention that the cold minting feature does not allow a minting pool to reduce variance. This is because in coinstake the outputs addresses of coinstake must match the spent coins in the kernel input, so it prevents pools from mixing different users coins into the same coinstake transaction.
This means in order for the minting pool to reduce variance and waiting time, it cannot just collect users’ minting keys. It must have users actually deposit the coins with the pool in order to achieve that. That is a significant disincentive for pool formation.[/quote]
No, the holder of the minting key won’t be allowed to move the reward (or the coins) to another address. But this is precisely to avoid pools.
If you can move the reward then you can build variance reduction pools very similar to bitcoin pools. To do that you split each reward to all the members of the pool, proportional to their amount. And you keep a fee.
If you do that, most people will want to join the biggest possible pool because they would get more frequent rewards. They wouldn’t have to wait a random amount of time to finally find a block.
That inevitably leads to always bigger pools, like in bitcoin.
If you can’t move the reward you can’t do that. You can mint for someone else, but you can’t split the reward across members nor take a fee. You’re a minting service provider, you’re not a pool.
The first post of this thread still applies and contains the details.
The only thing that’s going to be added is that if someone receives 2 blocks from the same stake he will discard both blocks (right now he only discards the second one). That prevents people from giving away their minting keys because they risk not getting any reward (because someone may propagate a duplicate block each time they find a block).
Because anyone running a free minting service is suspicious. The cost to mint is very low but it’s not 0. Especially if the number of outputs is very large. Remember they can’t take a fee from the rewards. So why would anyone do that for free? If he’s not a friend helping you, the most likely is he’s gathering minting power to make a 51% attack. Maybe he is trying to increase the security of the network by helping others to mint. But he also concentrates minting power and that endangers the network. So if his purpose is Peercoin security he will certainly be careful about not growing too much (or just not do it at all).
Also running your own client is very simple. You just run your usual Peercoin client with your minting key loaded. Even if it’s not 24/7 it’s helping the network and will provide rewards. You can run the program at startup for example. Projects like Peerbox will also make it very easy to run a 24/7 client.
And by doing it yourself you’re guaranteed you’re not helping a malicious minter. So you protect the value of your coins. That’s especially important if you are a large holder. The more Peercoins you own, the more important its value is. And hurting its security is hurting its value.
Also by giving your minting key there’s a small risk you loose your reward. That’s not because the minter can spend it, but because if your coins are ever minted by 2 people at the same time then the network will reject your block. It may happen if your provider gets hacked for example. Of course it may also happen if you get hacked. It depends who you trust the most to handle security. Note that the hacker has nothing to gain here besides annoying you, so the risk is probably negligible.
But even if people use providers (free or not), it’s much less a problem than in Bitcoin. In Bitcoin you must choose a big pool. Small pools can’t work because they rarely finds a block and thus rarely reward the minters. So competition is very hard. The cost to entry for new pools is huge. That leads to only a few major actors.
There’s no such thing here. Someone can start a minting service with a Raspberry Pi and a home internet link and will provide you the exact same reward as a big company minting tons of coins.
Bigger providers will probably have lower fees than smaller providers so that may lead to bigger actors. But if the provider is doing real business you will have to pay him because he can’t get money by other means. That’s very different from Bitcoin where you must use a pool who can get money from the rewards and the transaction fees.
I think most people will rather run their own client or ask a friend than pay a big provider.
[quote=“sigmike, post:126, topic:2336”]But if the provider is doing real business you will have to pay him because he can’t get money by other means. That’s very different from Bitcoin where you must use a pool who can get money from the rewards and the transaction fees.
I think most people will rather run their own client or ask a friend than pay a big provider.[/quote]
Not sure, why can’t they take a fee from the rewards if you provide them with the minting key? You get your rewards minus say a 1% fee or some fixed cost/3 months in return for minting. Sounds great for someone who doesn’t have the time to mint or reckons buying a Peerbox and paying for energy is more expensive. They only risk their rewards, their coins all still in cold storage. I can see a viable business which could potentially own a lot of minting keys. You can only hope that large shareholders can withstand the short term gains of outsourcing their minting versus the risk of 51% attacks.
Or did I miss something?
I guess it’s because of this:
I guess it’s because of this:
Yes, thanks for spotting that, if the rewards always go to the same (cold storage) address as the stake, then it would be safe.
[quote=“sigmike, post:126, topic:2336”]But even if people use providers (free or not), it’s much less a problem than in Bitcoin. In Bitcoin you must choose a big pool. Small pools can’t work because they rarely finds a block and thus rarely reward the minters. So competition is very hard. The cost to entry for new pools is huge. That leads to only a few major actors.
There’s no such thing here. Someone can start a minting service with a Raspberry Pi and a home internet link and will provide you the exact same reward as a big company minting tons of coins.
Bigger providers will probably have lower fees than smaller providers so that may lead to bigger actors. But if the provider is doing real business you will have to pay him because he can’t get money by other means. That’s very different from Bitcoin where you must use a pool who can get money from the rewards and the transaction fees.
I think most people will rather run their own client or ask a friend than pay a big provider.[/quote]
i agree that problem is less than for btc because user can’t benefit of variance reduction. however cost for pool to mint 1 key or 100 keys is same. pool could work with donations, or charge like $10/year (prepaid). who is going to bother using peerbox if u can just outsource everything for like $10/year? so the benefit of using pools is less than btc but there is still some benefit. also cost to run pool is probably so low that even if only some ppl pay instead of everyone it’s still worth keeping the pool running.
maybe a solution could be making a very high quality opensource pool software so to make it very easy for anyone to make a high quality pool and avoid concentration?
also it would be nice if the minting key would look different than the priv/pub keys so that one can immediately see the key type and avoid mistakes (like giving priv key to pool)
[quote=“superppc, post:130, topic:2336”]cost for pool to mint 1 key or 100 keys is same. pool could work with donations, or charge like $10/year (prepaid). who is going to bother using peerbox if u can just outsource everything for like $10/year?
maybe a solution could be making a very high quality opensource pool software so to make it very easy for anyone to make a high quality pool and avoid concentration?[/quote]
Good thoughts. Keep an eye out for the Chronos Pool of Anti-hackers? :
You need more power to process 100 keys. The cost difference is very small, but it’s not null. And it becomes not so small if you want to manage thousands of keys.
People who already have a computer running 24/7, people who don’t trust providers, people who have less than $1,000 in peercoins (because $10 is what they can get with the reward), people who want to be certain they don’t help a malicious minter, people who like DIY, etc.
But it’s fine if people use providers. It helps bring more Peercoins to the minting power and makes 51% attacks more difficult.
It would be a problem only if a provider (or anyone) could manage to get 51% of the minting coins. And I think the forces here do not push to this direction, unlike in Bitcoin.
Yes that would probably be nice.
Note that if you’re ready to manually manage member payments and manually add keys, you just need the official peercoin client to do that.
That would mean adding a new type of key and change significant parts of the code. It would be nice but I’m not sure it is worth the troubles.