Re-Mining Lost Bitcoins: Part I

in #beyondbitcoin8 years ago (edited)

How do we reintroduce lost value on the blockchain?

Image Source

Losing Value

Cryptocurrencies have proven much easier to lose and mismanage than fiat currencies. Every so often we see an article describing someone's tragic loss of millions of dollars in a Bitcoin wallet through a system update, a hardware malfunction, or simple carelessness. This was especially common in the early days of the cryptocurrency, when the mining reward was higher, concentrated on a lower number of users, and with virtually no value, setting the perfect conditions for the potential loss of millions of Bitcoins.

Bitcoin's supply limit is to reach 21 million coins in 2140. It won't. A significant fraction of that is already gone - and the number of lost coins can only increase. The way the Bitcoin protocol is defined today, lost coins are lost irretrievably. First we must understand why in order to see what can be done about it. In this post, I'll explain one scenario of how we could implement a scheme that attempts to solve the problem of lost coins - and the reasons it may fail.

When we say a coin is lost, we mean the private key of the address that owns the coin is lost. It's our ability to spend the Bitcoin that vanishes. The only way to retrieve an ECDSA private key would be to derive it from its public key complement, a feat unreachable before the onset of quantum computers. That is assuming the public key exists and is known; Bitcoins sent to a randomly generated address can't even be recovered with the help of quantum algorithms.

Reintroducing Value

There is but one law on the blockchain - consensus. The coins are lost because the nodes in the network agree they are. The protocol states that the only way to spend coins on an address is to generate valid transactions using your private key. But what if the protocol was defined in another way? Could we ameliorate the problem of lost coins?

There exists a single pattern that all lost coins fulfill: they're stationary. The private key is lost, and so is any chance of them ever again being part of a valid transaction. So if a coin is lost, it will never be spent; but what about the reverse? Coins that lie unspent on the blockchain for an extended period of time are often called zombie coins, and they are a lot more numerous than you may think. Zombie coins, including their permanent subset (lost coins) must to play a vital role in reintroducing value into the system.

We can't know whether the lack of activity of an address is due to the key being lost or some other reason. But there is a way to prove active ownership: spend the coins. Even when we send our coins back to ourselves, we've proven we posses the private key required to produce a valid transaction from an address. And how do we make the owners of dormant coins do this periodically?

Threaten to render their coins unusable otherwise.

Threaten may be the wrong choice of words - define the protocol in that way is better. A protocol defined to label any inactive coins after a year as "lost" would incentivize spending and stimulate the blockchain economy.Now we have solved the problem of figuring out which coins are lost and which have lazy owners - all coins that are not lost will be at least periodically active. Now that we have clearly denoted our targets, it's time we start figuring out how to introduce them into the system.

The Bad News

This is, in fact, easier than it sounds. In cryptocurrencies, including Bitcoin, employing Proof-of-Work (PoW) consensus algorithms we could define the recently inactive currencies as part of miner's reward, alongside the block reward and the transaction fees.

I will analyze only this one way that a PoW protocol could be redefined to reintroduce value into the system.If we set the critical time threshold to one year that would be equivalent to 52,560 blocks (assuming one is generated every 10 minutes.). So every block, the successful miner gets every coin that has been part of an unspent transaction output for the last 52,560 blocks. Here are the problems with this.

It would require a hard fork.

This kind of modification to Bitcoin's (or any other PoW-based) protocol would be a major update. It would make previously invalid blocks (those including transactions from "lost" addresses to the miner's address) valid. There are always stability concerns to be taken into account in the cases of large economic systems like Bitcoin.

There is an inherent conflict of interest.

We must also take into account game theory. There's still much insight that we lack when it comes to modeling rational behavior on the blockchain. However, we can make the following observation: the same people who validate transactions can benefit from certain transactions not being validated.

Let's say that I'm a powerful miner (or a mining pool) and that 10% of all blocks are generated by me. I see somebody has a large transaction worth $T and is offering an extremely generous fee equal to 1% of T. The address was inactive for 52,559 blocks, so if it doesn't get validated in this block, it will be deemed "lost", and ripe for the taking during the next round of mining. So I have a choice:

  1. Include the transaction in the current block I'm generating. There exists 10% chance that I will get to collect its 1% fee. My expected income is$0.001T.
  2. Don't include the transaction in the current block. Then, there is a 10% chance that I will generate this block, making the address with $T "lost". There is a 10% chance that I will also generate the following block. In this scenario, my expected income is $0.01T.

Any rational miner would chose the second option. Keep in mind that we're assuming a 1% for a big transaction - it's likely to be significantly smaller depending on the transaction size, and miners will be even more inclined not to validate your transaction in order to strip you of your coins. But that's just the way of PoW - miners are allowed to make selfish choices, they represent nobody but themselves. We're modeling the behavior of only a single prominent miner here - things would get even more chaotic and less appealing to the average user if we extended the scenario to model the entire network.

That's a couple of reasons why one attempt at resolving this problem in a PoW environment is not likely to succeed. In my following articles, I will delve into other (potentially more successful) ways of reintroducing lost currency into the system, and cover the cases of other consensus algorithms, such as Proof of Stake and Delegated Proof of Stake.

Stefan Crnojević is the Chief Blockchain Architect for Chain of Points Inc., a Toronto-based cryptocurrency stratup. Chain of Points is an innovative new blockchain implementing Ricardian Contracts to serve as fuel for the modern loyalty industry. Chain of Points will hold an Initial Crowd Offering in February 2017.

Visit the Chain of Points Website and its Crowdsale Page.

Follow Stefan on Medium, Twitter, and LinkedIn.

***

[THIS IS AN ORIGINAL STEEMIT ARTICLE]

***

Sort:  

I really enjoyed this article zarn. Zombie coins are indeed an interesting problem to get around. I suspect Proof of Stake might help ameliorate some of these issues as well.

Thank you! Yes, Proof of Stake does offer some very interesting options for working around this problem. I'll definitely be covering it in the next couple of articles.
Stefan

What is the likelihood of bitcoin changing to POS though?

Not very high. It would destabilize its price and wreck the supply model Bitcoin adheres to, which is curently unnaceptable to most nodes. Not to mention the fact that PoS alone just doesn't work, it has to have either central (Peercoin) or elected (BitShares) authorities to help produce blocks, or be combined with PoW, for instance. But that's OK - we have newer cryptocurrencies to solve these kinds of problems. They won't stop Bitcoin from remaining the absolute digital gold for some time though.

Lol. About .00035%

Thereabouts, yes.
:)