Hey guys, I am Ruben. I've been running the Bitcoin Meetup in Seoul for nearly 5 years, and I recently gave a presentation at Scaling Bitcoin in Tokyo (Statechains, L2 scaling). @Truise summoned me here to ask some questions about this project, since I am a pretty strong ICO/altcoin skeptic and he likes the project, so here I am :slightly_smiling_face:
Skeptical is usually a good starting point
I agree :slightly_smiling_face:
@Fireduck, what motivated you to create a new coin? And what do you think makes SNOW stand out from what's already out there?
I have been involved in Bitcoin for quite a while and appreciated it as novel concept but thought some things could be done differently with the benefit if things we have learned since then.
There are a few things that make it stand out, the snow PoW method using large data files, the multiple signing algorithm support. Discarding OP codes as an unneeded complication for a currency.
My thought on that is either go full smart contract like ethereum or keep it simple (addresses only)
So snowblossom is on the simple side there
OK, so would it be fair to say you consider snowblossom superior in some meaningful ways, so therefore you think it should exist and people should use it?
(maybe not entirely clear: I don't mean to say you think it is superior in every way, just some)
Absolutely. I think the codebase is a lot simpler, which is important for a long term cryptocurrency. It should be understandable by as wide of a group as possible.
There are also small but important refinements, like the UTXO root hash in every block
OK, interesting argument. Allowing more people to understand the code.
makes it much easier to prove answers given to lite clients are full and correct.
Speaking of doing things differently from bitcoin, it stood out to me that you kept the halving schedule, despite it being pretty widely criticized for being too severe. It surprised me that you didn't go with a more gradual curve.
I thought about that, but in the end I wanted to keep that simple and the halving is simple
I honestly don't think it was important. I think having a total cap is important, but I don't think the schedule really matters.
Plus I am not an altcoin expert, so I don't know what things people have argued to death already. :wink:
I see, that's a pretty strong commitment to simplicity. Halving does seem to be quite a shock to mining, but it seems the difficulty adjustment is faster for your coin, so I guess that helps.
yeah, the difficulty is important and I think my per block difficulty adjustment is a good improvement
and is needed for the snowfield jumps
Regarding multiple signing, why do you consider this an advantage? I can think of both up and downsides.
Part of the advantage there is long term, like decades long term.
To make sure I understood correctly: you mean different types of cryptography can be used to make signatures.
Eventually, some things are going to be broken or weakened and it is good to give the control to the users
about which signing algorithm to use
Have you thought about the potential downsides?
also having a multiple algorithm system makes it easier to add new algorithms as appropriate (like for post quantum)
oh yeah, any node not having access to bouncy castle is going to be rather hard
because a validating node needs to understand them all to validate transactions
bouncy castle?
a crypto library, very popular in java and c++
I believe it is already quite easy to add new algorithms to most coins as a soft fork, so I am not sure if there would be a big difference in that regard.
I can't really speak to that. I imagine they would have to add a field for signature type to transactions and such, but yeah, probably not too hard.
Some other downsides I can think of are that most people will end up using the cheapest signature type, rather than the most secure one. And a loss of privacy for using non-standard signature types. And it makes optimizing the cryptography and signature aggregation more difficult.
batch validation won't work across different signature types, for instance
batch validation would be using some sort of acceleration like gpu?
No, for instance, say you have 10 signatures. You can check them all simultaneously and you will learn whether they are all correct or whether one of them failed, but you won't know which one.
This is faster than individual checking, at the loss of some accuracy that doesn't really matter since you need everything to be valid.
alright. You could batch the things that are the same algorithm and that would be most things, at least at this point
yeah
I've also changed how the signing is done, if you have multiple inputs that need the same public key, there is one signature for the transaction rather than one per input (which I think bitcoin does)
so it makes a sweep transaction for a bunch of things sent to a single address much smaller
Right, but this assumes address reuse, which is considered bad practice
sure, one of those things up to users
Schnorr signatures will end up with the same space saving, without loss of privacy
It's also considered bad practice to give financial incentives to ruining your own privacy, because it also ruins the anonymity set of others who wish to be private
So the lack of opcodes is interesting. I do like the simplicity, kind of like what mimblewimble ended up with, but you're also closing the door on second layer protocols like Lightning.
Yeah. As someone who wrote an electrum server and had to deal with trying to resolve op codes to addresses in some sort of sensible way I thought it was a good compromise.
also it was my impression that a lot of early bitcoin bugs related to op code interpretation and I was trying to avoid that
I'd really love to make a full on smart contract supporting system, but that would be a separate project
But doesn't that clash with your stated objective of making something better? It sounds like the limitations of what you think you can realistically accomplish are at odds with that.
In my experience, simpler is often better.
I do think it's reasonable to limit the bitcoin scripting language even further.
I'm certainly not trying to cover every use case, that would be madness
but there are lots of room to do interesting things without op codes, but by adding extra data to transactions or transaction outputs
like the output locking and for benefit of work I have for my channels project
if that data is interpreted in some script-like fashion then you're back to opcodes haha
true
channels project?
It would be a distributed data framework for social platforms
in very early phase
Cool, I'll read through that later
Is it platform agnostic, or does blossom specifically need to be altered to work with it?
The intersection point with snowblossom is the idea of locking an output for some time period in order to provide some backing to a social identity
So an account with 1000 SNOW locked up for 2 years is probably not a spammer. Might be an asshole, but not a spammer.
OK, that does sound like it could be built on top of any crypto.
yeah, just needs an ability to lock and mark
so in snowblossom I added output locking and a way to note an address it is locked for
yeah, I was going to ask, does that mean timelocks are supported?
only on transaction outputs
so you can make an output that can't be spent for some time
later I plan on supporting them on transactions as well, to make a transaction that can't be confirmed until some time
You should consider supporting relative timelocks. That combined with Schnorr will make you fully compatible with Lightning.
relative to what? Sorry, I am out of loop on lightning.
No worries, relative to when the transaction got confirmed on the blockchain.
ah, interesting
yeah, that would be easy
Yup, it's a small step from absolute timelocks.
currently support block height and clock time
If simplicity is your goal maybe eliminate clock time haha
time is kind of a malleable concept in blockchains
gotta include it for mining difficulty adjustments so might as well use it
yeah, I know
true
So what about funding, because that is usually where altcoin incentives become problematic.
Even if you have good intentions, there are many people willing to inject capital in your innocent project to use it for their not so innocent pump.
I can't prove it, but I have good intentions. :wink: Of course, someone could pump and dump this thing and I have no idea how to stop that.
I guess I'd just say I am in the long haul and anyone thinking about putting in money should think in those terms.
I'm really excited about UTXO headers. I feel built in light clients are extremely important to any actual scale. With improvements, it might be possible to add anonymity and privacy as well, even on public nodes. I've sat there day in and day out helping people setup electrum light wallets and bitcoin wallets in many contexts. It's really hard to seriously manage blockchain data and security for most people.
Have any investors approached you and asked about options to somehow obtain a chunk of coins?
Only on <#CB40FDCF9|trade> and not specifically asked me
most people interested in going in seem to setup mining rigs and don't say anything but it is hard to tell
Is there any funding you have been able to receive so far?
I haven't sold any of my coins. I've in fact bought some on qtrade once that launched.
So I haven't received anything for this project, other than the tips people have set in their mining pools
Will you be able to continue without funding?
absolutely
That's always a good position to be in
it isn't like we are hiring anyone, except of course the guy we are having make the android wallet
and that isn't a huge chunk
Who is 'we' in this context?
Zac (clueless) and I
Ah I see, so it's the two of you doing the coding? I thought it was just you
We have one other member who has been in from the start but he is super busy doing volunteer computer science teaching so he is a ghost
Almost all of the code has been me. Tyler (the ghost) has done a bit. Zac is mostly helping with other things, like organization, community management and installation scripting
he is working on a python client as well
Gotcha
So long term how do you want things to turn out? Because if you do get successful people will be knocking on your door asking for favors.
Personally, I've done pretty well with Bitcoin so am already fairly successful.
Long term, I'm not really sure. Mostly I want to do work that people care about and gets used.
Why did you not join some decent existing projects like mimblewimble? Do you prefer working freely on your own thing?
I really enjoy doing my own thing. It was also a fun challenge. There are lots of bits of code that are pretty tricky in a cryptocurrency.
If i joined another project, they probably would have already done all the fun parts.
Yeah, I can relate to the desire to build your own thing from scratch.
OK so the final topic I have for you is mining.
As you know it's incredibly hard to make something ASIC resistant. If you ever gain a decent level of success I think you can probably forget about mining with regular hardware.
sure. I am hoping to disprove that, but we shall see.
Is this a domain you are particularly knowledgeable in? Even if you're good in software, hardware is a whole different ball park.
It is not. I have a hypothesis and no one has told me I am way off yet.
My hypothesis is that no ASIC will be able to do random access on bulk data more cost effectively than consumer SSD/NVME or consumer RAM.
Since gamers love those things, so with the gaming market the price will always be decent for those things.
Well we've already seen the opposite happen. Gamers were unable to buy graphic cards haha.
ha, true.
But firstly, it seems ram beats out ssd
is it even worth talking about ssd?
yes, once the field is large enough were ram mining isn't common then SSD will be the thing
That was the plan anyways. I don't know how it will play out of course.
but why wouldn't I just add more ram as you increase the field (is this a hard fork btw?)
RAM gets very expensive very fast. You could build a 128gb machine for about $2k.
ram is like an ASIC with higher up front cost but faster 'hashing' no?
A 256gb machine would be way more than double that price.
I mean you gotta think custom hardware here, not consumer hardware
is a specialized machine going to outcompete consumer hardware
sure. And that might end up being what happens, I could see someone making custom boards and filling them with DDR4
Does it count as specialized if you have a network attached cluster of consumer hardware?
In a practical sense, it probably does since someone would be purchasing this stuff for mining
I made software that does that, it works surprisingly well due to how the 4k read limitation on almost all block devices works out: https://wiki.snowblossom.org/index.php/Mining/Tuning#Arktika
The argument I've seen made against chia is that the cost isn't electricity, so instead the cost moves to efficiently producing and adding more hardware
you'll end up with data centers filled with more and more hardware, up to the point that the value of the coin supports adding more cost effectively
so whereas bitcoin mining clusters around cheap electricity, this will cluster around cheap production
The counter argument here is the magnitude of differences between custom and consumer.
A DDR4 machine going all out will probably max out at around 10 MH/s depending on memory bus.
A good nvme will get you 100 KH/s on a reasonable computer
which is only 100x slower
which seems like a lot, by compare a 15TH/s bitcoin asic miner to a 100 MH/s GPU.
Much bigger difference there
well I assume the mining algo is parallel, no?
each round is sequential, you can do many in parallel of course
not sure if that answers what you were asking
I mean why does a memory bus limit matter if you can just use two
Because you can only get so fast in and out of a memory chip, whatever it is
also, you need the entire field available to whatever processor is running a PoW attempt
so yeah, you can optimize for memory bandwidth but there will still be some sort of limit
OK well this is as far as my knowledge goes
honestly, I am not a hardware design expert
so I could really be wrong
I am looking forward to finding out
Yeah, you might want to hit up David Vorick
He's recently made it painfully clear that Grin is not quite as ASIC resistant as they were hoping
https://www.grin-forum.org/t/comments-on-the-proof-of-work-update-by-vorick-summarized/742) and the topic was focused mostly around the Proof of Work update(Proof of work update) suggested by the Grin dev team. This post will try to summarize the main points that were brought up during the conversation. This post will not go into the technica...
Thanks for taking the time to answer my questions, Fireduck. I hope things work out for you.
Thanks for asking them, it makes me feel like we might have something here.
Haha, well I just hope you're ready for the path ahead. It's hard not to get side-tracked in this pump-and-dump world.
I've been in bitcoin for a long time, I can ride out whatever comes
it should be fun
@Fireduck @Ruben Somsen a single consumer machine will not break 10MH/s, it’s only a factor of 10 difference there
What I want is something like a raspberry pi with a SATA or m.2
^^i think this is the best idea. Doesn't really look like theres anything out there yet, but maybe in a few months from ODROID
The cool thing is that the cpu doesn't need to be fast enough to max out the storage, it can share over network
@Fireduck i’ve been pipedreaming of these, but outlook not good https://www.crowdsupply.com/traverse-technologies/five64 Quad-core ARM64 Networking Platform with Mainline Linux Support
@Rotonen so what stats do you think would be useful to report or chart?
none
@mjay where'd you have your testnet faucet at and did that have any instructions for the uninitiated?
it is just a box on that page
easy as eating pancakes
now the hard bit is how to get someone completely uninitiated to have a both testnet node and a testnet wallet to play with
unless you ship a testnet .bat and .conf for both
i'm starting to lean towards the site needing a 'getting started' section pointing people to try it out on the testnet
I can include a testnet .bat and .conf easily. Thought about doing so this morning, but I'm trying to not over-complicate things for anyone.
i think that's not possible with a pile of bats command line client
i don't know how widely known the concept of a testnet is to people at large
I think we should use testnet for user education
No one should touch real crypto without playing with testnet first
I agree
@Fireduck now that'd be on you to actually do a site which pushes people that way
True
i can only imagine you swinging between 'oh fuck' 'meh' and 'pff', mostly on the latter ends of that spectrum