[MrEldritch]

The problem with FileCoin is that the math behind it - Proof-of-Spacetime and Proof-of-Replication - just ... doesn't exist yet. That's what the delay has been, trying to figure out how to actually turn those into usable cryptographic primitives. It's not clear that a practical, scalable implementation of the system described in the FileCoin paper is actually even possible.

(There's been some progress on getting proof-of-replication working, but it's still early stages and I haven't seen anything on proof-of-spacetime.)

Also, the economics of FileCoin don't make a lot of sense ... https://blog.dshr.org/2018/06/the-four-most-expensive-words-...

[ChrisClark]

I've found they've been extremely quiet for the whole year, or longer. They did recently send out an email talking about their progress and showed some demos, but I just skipped over the email actually, didn't look into it to see if they talked about their POS 'Proof of [stuff]'.

I just dug it up and they say Proof of Replication is going great. But don't show anything, they promise to open the code in the 'coming months' so people might see what progress has been done if any.

No progress was mentioned for Proof of Spacetime.

Edit: The link to their update, the only substantial one since the ICO last year I think... https://filecoin.io/blog/update-2018-q1-q2/

[MrEldritch]

Yeah, this is the kind of stuff I'd seen that had made me reluctant to talk about FileCoin as "IPFS has found a way to..."

They wrote a paper describing a plausible system that - if it existed - could do a thing. They've been much less successful actually finding a way to implement it.

[colordrops]

Seems that proof of replication could be done by querying for a random subset of data from the stored file. Is anyone familiar with a hashing scheme or algorithm for determining if a subset of data is part of a larger file without having access to all the data?

[justincormack]

There are ways to do that, proof of possession. What they need is proof you have multiple copies, but you can easily pretend to have multiple copies if they are identical by running the proof on another copy.

You can probably do it by mixing the data with some extra data so replicated copies actually look different so you have to do proof of possession on each replica, and you dont even know they are replicas.

[nicoburns]

Why do we even want a given node to have multiple copies of the same data?

[katzenjam]

If I understand right, GP's saying we need proof that the nodes storing the data are collectively storing multiple copies (as opposed to being sybil identities for a single node that's getting paid multiple times for storing a single copy).

GP suggests making each copy unique. It seems to me that the difficult part is making it cheap for uploaders, verifiers and downloaders to translate between the original data and the various unique copies, without also making it cheap for storers to do so (otherwise they could just store the original data and generate parts of the copies on the fly when challenged).

A similar problem arises in memory-hard functions used for password hashing, such as scrypt and Argon2. Those functions are designed to ensure that you have to use a large amount of memory to compute the function - or at least, to ensure that a space/time tradeoff that allows you to use a smaller amount of memory is very expensive. I wonder if techniques from memory-hard functions could be useful in proof of (unique) storage?

[nicoburns]

Ah, got it. Thanks :)

[hathathat]

You don't, but if you're the best bid for storing one copy your the best bid for storing all n copies!