# Can Bitcoin help humanity? – Matthew Lohbihler

On May 22, 2010, bitcoin was less than two years old when Laszlo Hanyecz bought two pizzas for 10,000 coins. At the time each coin was worth about 0.3 of a U.S. cent, or around $30 for them all. I don’t have data on how much effort was going into bitcoin mining back then, but I’ll take a wild guess that the electricity used was probably in the same order of magnitude as a couple Canadian suburban houses.

Today, Google quotes that a single bitcoin is worth just over $7500 USD, or 2.5 million times the price back then (ignoring inflation), and bitcoin mining consumes about the same amount of electricity as Switzerland.

The amount of effort that goes into mining (the electricity used is just one factor) closely follows the price, because miners are paid in bitcoin. For more information on how bitcoin and cryptocurrencies work in general, see the whitepaper.

The problem that I want to discuss is the fact that only a tiny fraction of the processing power that goes into the bitcoin network has to do with maintaining the ledger, processing transactions, handing network communications, or any of the many other tasks that need to be done. The vast majority of effort goes into solving the puzzles that provide the currency’s Proof of Work.

Proof of Work (or PoW) is one of the fundamental concepts of cryptocurrency. It prevents malicious users from posting bad transactions (in particular “double spends”), and without it the system wouldn’t work. There are alternates like Proof Of Stake and Proof Of Authority, but among all cryptos PoW is by far still the most widely used. For the purposes of this article I’ll only consider bitcoin — which uses PoW — because (based upon some quick research) it’s market capitalization is significantly more than all other cryptocurrencies combined.

The problem isn’t so much that puzzles have to be solved, it’s just that beyond maintaining the block chain, these puzzles serve no purpose: the result of the computation is an arbitrary number that happens to satisfy the arbitrary algorithm, like the miners spend all of their time and energy solving sudokus or Rubix Cubes.

But what if it was something more? What if the result of performing a PoW was something useful to humanity? To answer this question, we first need to look at why the bitcoin PoW (known as “hashcash”) does what it does.

There are primarily two properties that are critical to the algorithm:

## Hard to solve, easy to verify

The first is that it takes a relatively large amount of processing time (say many minutes) to find a solution to the puzzle, but relatively little time (say milliseconds) to verify that a given solution is correct.

## Infeasible to solve in advance

Hashcash is also infeasible to solve in advance because there are an infinite number of potential blocks. Something less than infinite could still be sufficient, but infinite is a pretty good start.

Knowing this, we can now ask a more precise question: is there computational problem that would be useful to humanity to be solved that also has the above two characteristics? If so, maybe it’s possible to replace the useless puzzles in hashcash with the computation of something much more interesting.

There are two popular computational problems that come to my mind: seti@home and folding@home. I don’t have enough expertise in the algorithms that these projects use, so I can’t say whether they are candidates or not, but there are a lot more such projects available for consideration, and all we need is to find at least one.

(An interesting aside is that the Curecoin project incentivizes participation in Distributed Computing Network (DCN) problems by compensating for solutions with their own cryptocurrency, which uses Proof of Stake to validate new blocks. It seems likely that they must have discussed among themselves the same ideas I present here, but I cannot find a record of them.)

For the sake of discussion, let’s say that we found a problem that has both characteristics: hard to solve and easy to verify, and there are an infinite number of problems. How would we go about replacing hashcash? Let’s also say that a particular problem in the infinite set can be defined with a function of an integer *i*: ρ = f(i). We could then choose the problem to solve dynamically by using the hash of the block for the value of *i*, where as we can scale or translate *i* to be in our desired search space. This is kind of how hashcash works anyway, so this would work. What if there were more parameters required to choose the problem, e.g. ρ = f(i, j, k)? There may be a way to divide up the hash of block into the parameters. This would restrict the size of the search space, but perhaps we can also devise our code to be able to change the search space if the one we’re currently using isn’t yielding any useful solutions.

What if we found a candidate that did not have infinite problems to solve. This raises three issues: how to associate a problem with a given block, what to do when we start running out of problems, and how can we prevent the computing of solutions in advance?

The first two issues aren’t too bad. We can associate blocks to problems by assigning an identifier to a problem and then use the modulo of a block hash to calculate an identifier. There is a problem of identifier collisions, i.e. having the modulo calculate to the same value from two different hashes, but this should be solvable. Ideally there would be enough problems to solve that this would merely be an edge case. And note that at the time of writing the bitcoin block height is just over 600,000. It’s more likely we’ll want to cram a lot of problems into a single verification than that we’ll run out of problems to solve.

But how can we prevent the pre-computing of the problems? This is an issue because it would allow the creation of invalid blocks and the corruption of the blockchain. One solution is to just have enough problems that pre-computation is impractical. Another is to hide the list of problems.

Making the problem list private solves a number of issues and in fact creates a number of interesting and useful possibilities, but also raises its own issues. Among the benefits of this approach is that the entire requirement for not being pre-computable goes away. Plus, we could now support one-off computational problems and problem prioritization, which would be useful features indeed.

On the other hand, we would be sacrificing the fully public and distributed nature of cryptocurrencies, which is a significant downside. Also, our private problem queue would never be truly private: there would always be a group of people who know at least some of its contents, and so could privately pre-compute the results and wait for the problem to present itself. And when they solve it, who would be the wiser?

Finally, what if solutions to problems are just as or nearly as difficult to verify as they are to find in the first place? But there is a potential solution to this problem when we consider a consequence of the hashcash algorithm, which is that there is not single solution to hashcash. In fact, even ignoring the current difficulty setting in the blockchain network (the required number of leading zeroes in the solution), there are a huge number of acceptable solutions. But if our problems only had single solutions it would be possible to verify the solutions by consensus, something that hashcash cannot do. This would mean that the same problem would be getting solved completely by multiple nodes, which may sound inefficient, but recall that this would practically be happening anyway. The more interesting question is, if all miners are verifying a solution by consensus, who should be compensated? With hashcash the first miner to discover a solution takes the entire prize. Perhaps with consensus the first miner to solve would get a percentage of the prize, and each subsequent solver gets a bit less until the prize is fully exhausted. Just throwing out an idea.