[Bitcoin-development] Coinbase reallocation to discourage Finney attacks

Wed Apr 23 21:39:26 UTC 2014

On Wed, Apr 23, 2014 at 2:23 PM, Tier Nolan <tier.nolan at gmail.com> wrote:
> An interesting experiment would be a transaction "proof of publication"
> chain.
>
> Each transaction would be added to that chain when it is received.  It could
> be merge mined with the main chain.
>
> If the size was limited, then it doesn't even require spam protection.
>
> Blocks could be "discouraged" if they have transactions which violate the
> ordering in that chain.  Miners could still decide which transactions they
> include, but couldn't include transactions which are double spends.
>
> The locktime/final field could be used for transactions which want to be
> replaceable.
>
> The chain could use some of the fast block proposals.  For example, it could
> include orphans of a block when computing the block's POW.

You can see me proposing this kind of thing in a number of places (e.g.
http://download.wpsoftware.net/bitcoin/wizards/2014-04-15.txt "p2pool
only forces the subsidy today, but the same mechnism could instead
force transactions.. e.g. to get you fast confirmation.", or
previously on BCT for the last couple years) but there are still
limits here:  If you don't follow the fast-confirmation share chain
you cannot mine third party transactions because you'll be at risk of
mining a double spend that gets you orphaned, or building on a prior
block that other miners have decided is bad.  This means that if the
latency or data rate requirements of the share chain are too large
relative to ordinary mining it may create some centralization
pressure.

That said, I think using a fast confirmation share-chain is much
better than decreasing block times and could be a very useful tool if
we believe that there are many applications which could be improved
with e.g. a 30 second or 1 minute interblock time.  Mostly my thinking
has been that these retail applications really want sub-second
confirmation, which can't reasonably be provided in this manner so I
didn't mention it in this thread.

One of the neat things about this is that you can introduce it totally
separately from Bitcoin without any consensus or approval from anyone
else— E.g. P2pool builds such a chain today though it doesn't enforce
transactions.  It would immediately provide the useful service of
demonstrating that some chunk of hashpower was currently working on
including a particular set of transactions.  Once the details were
worked out it could be added as a soft-forking requirement to the
commonly run system.