[gambler]

Computational power is not a good proof of anything. It devours energy and disproportionately rewards weird market actors (like people with custom mines ASICs).

I always wondered whether storage could be used as proof of stake. It might use less energy and it probably will have much better effect on the IT industry as a whole. First, mining ASICs are not general computational devices and cannot be used for anything useful. On the other hand, storage is storage and can be repurposed. Second, it will up the prices for storage hardware, but that is probably a good thing in the long run. (Consider how super-cheap storage enabled unlimited surveillance and software bloat, for example.)

I don't know whether access to storage can solve all the problems a blockchain solves, but it can solve some. Like proving that you're a real actor in the system, rather than a temporary fake.

Some random ideas I had about how this could work:

If you want to transact with someone, they send you a challenge that consists of a set of addresses in a large file. You must respond with a hash of data at those addresses, problematically proving that you have the entire file.

This is the foundation. There are obvious challenges to how useful this is. Many of them are solvable.

[hinkley]

There are some IPFS people who talk about proof of having stored files, but I was never satisfied with their fraud detection techniques.

Can you prove that one copy of your data is being stored? Yes.

Can you prove that three copies of your data are being stored? I haven't seen any scheme that can detect if I'm pretending to be multiple people, serving files from the same disk array over multiple network connections.

[labawi]

> Can you prove that three copies of your data are being stored?

In the context of IPFS, I'm not sure.

If you want to use the (crypto) network as distributed storage, you can shard and encrypt the data (at you 3x or whatever redundancy) and the storage provider is forced to store all of it, at least once.

Some incentives on data durability and availability may be enough to get a reasonable baseline.

[hinkley]

If I didn't care how complicated the client is, sure.

I can do something reminiscent of "m of n" control tools, FEC or striping algorithms, but now the client is doing multiple fetches and matrix multiplication on every single request.

If I'm just trying to make sure there are 3 copies of my home page on IPFS, then I need 3 copies of the same file in three locations. And those locations all need to be online when I want to challenge them.

The Bitcoin protocol is designed around low availability of individual nodes and inference of consensus. Any 'proof' has to be uploaded while you're connected. Uploading a proof (of work, stake, whatever) to the network proves you did something, there is no need to challenge that fact, and you can disappear for hours or forever. No voting, no challenges.

Proof of storage requires challenges, which requires availability (well, storage also requires availability, otherwise what's the point?). If you insist that almost everyone is online, then you open the door to other consensus algorithms. Ones that can, for instance, handle non-repudiation.

[labawi]

I wasn't thinking of IPFS, rather a way to have a proof-of-stake storage system doing actually useful work. I think I've seen at least one, though I'm not sure of it's current state.

[gambler]

The question is not whether it's possible to pretend to be multiple people. The question is whether storing a large file places some fundamental restriction on how much activity a node can conduct on the network. (I.e. is there a cost of doing business that limits your from just spamming transactions at nearly infinite rate.)

[RL_Quine]

> Computational power is not a good proof of anything. It devours energy and disproportionately rewards weird market actors (like people with custom mines ASICs).

It's literally what it says it is, proof of work. Consumption of electrical power in a way that can't be re-used for anything else.

> If you want to transact with someone, they send you a challenge that consists of a set of addresses in a large file. You must respond with a hash of data at those addresses, problematically proving that you have the entire file.

I'll cheat by making my "large file" the output of a PRNG, meaning I don't have to store any of it, but other people do because they don't know the seed.

[gambler]

> I'll cheat by making my "large file" the output of a PRNG, meaning I don't have to store any of it, but other people do because they don't know the seed.

This will work, but only until the file is sufficicently changed/expanded by the networks as the result of transactions.

(I probably should have said it explicitly: the file would be shared by all participants.)

You can also generate the file by recording something random everyone can observe, like records of a stock market, temperature of some location, etc. I don't see any reason it would have to be perfectly, cryptograhically random.

And yes, a single participant could "help" other nodes by responding to challenges instead of them. But think about the economics of how that would work over time.

I'm not saying that what I described is a full, working, tamper-proof protocol, but I think something interesting can be built based on the core idea.