Bitcoin calculations right now is not really a waste of resource. It's used to "audit" the transactions to make sure no one can double spend any money.
The majority of work done on btc is useless though, because very few hashes end up validating into blocks. It would be nice if all that compute power was being used for some productive use, and you just did a consensus raffle rather than arbitrary hashing to pass out new coins.
Proof-of-work is not useless if it prevents other, undesirable outcomes that would otherwise occur without it.
Make no mistake, though - the large mining pools are the spacing guild of bitcoin; without them, there is no network.
Unfortunately they (via their users) would not welcome such a switch after so much time and effort and money has already been expended to be able to increase sha256 speed to the point it is at now.
Perhaps this is why Litecoin chose scrypt instead?
Regardless, the proof-of-work we have in Bitcoin today is likely what we'll have in Bitcoin forever, like it or not.
When a lock only stays shut as long as it's the biggest, and everyone is pouring thousands of tons of molten steel in just to keep the lock big? Hell yes it's a waste of resources.
A single lock is much closer to encryption than it is to 'race the world' levels of proof of work.
When compared to digging huge quarries into the earth, physically extracting gold ore, processing it and shaping into blocks then burying it back underground again (in vaults), it's not actually that wasteful.
If there was no other way to secure the advantages of this hypothetical big lock, and those advantages were as significant as Bitcoin's, then it wouldn't be a waste of resources.
Keep in mind that the entire Bitcoin network could be replaced with one trusted party with the computing power of an average smart phone. The network is currently paid 150 Bitcoins every hour to be that party, and in an efficient market, almost all of that would be spent on mining, i.e. wasted.
The security of Bitcoin against double-spending is literally based on wasting so much money that it is unattractive for an attacker to spend a matching amount of money on a double-spend attack. The network must spend this money all the time, though - it can't know in advance when it is being attacked.
An attacker with enough resources can also force the network to either match their spending, or be rendered useless.
Bitcoin is an inherently wasteful system, and it actively resists scaling. There are alternatives, the most proven of which is a centralized ledger run by a trusted third party.
Even if there were no viable alternatives at all, I would still have doubts about the sustainability of the current system. The cost of running the network is just too large compared to the amount of real economic activity.
Hardly. Bitcoin ran just fine on CPUs. The only reason nobody uses CPUs to mine any more is because everybody else switched to GPUs, which resulted in a difficulty adjustment. In other words, competition for bitcoins upped the required compute power, not anything inherent to producing bitcoins themselves.
Do 500W GPUs play any part in this? No. The bitcoin client is a standalone app that can run on any machine. Mining (generating hashes) does not, to my knowledge, actually operate the network.
Hell, if bitcoin needs 1000 petaflops just to operate the network when it is still a fringe currency, how exactly is it supposed to scale to mainstream use?
The computing effort required by mining is almost completely decoupled from the actual number of transactions. It's designed to scale up with the available computing power, that's why it has grown.
> Mining (generating hashes) does not, to my knowledge, actually operate the network.
You're incorrect. The proof-of-work requirement is integral to the Bitcoin network, because it makes fraud unprofitable. The amount of computation required to create a block chain longer than the honest one should cost more than the potential benefits of doing so. That said, as far as I know, any proof-of-work algorithm could be used as long as a large portion of clients adopted it, so it should be possible to use work that is useful in itself.
So what you are saying is that Bitcoin will always require a horrific amount of computational power, just to prevent fraudulent generation of blocks? I'm starting to like the idea of mainstream Bitcoin less and less... 1000 petaflops just to maintain the network? Does that not raise the eyebrow?
I don't think it's "horrific," and I think the phrase "just to prevent fraudulent generation of blocks" vastly understates the awesomeness of having a virtually fraud-proof transaction log without relying on a centralized party.
I don't think you really understand how the protocol works. The transaction rate is rather small and handled entirely by general purpose CPUs. The proof of work uses a fixed-size input made by hashing all the transactions in a block.