Digital money with Proof-of-Useful-Work

Bitcoin and my fork of it, Infinitum, use “Proof-of-Work” (PoW) as the block “mining” function. By doing a quantity of some useless computation (“hashing block headers”), the users compete to find a solution to a “block mining” puzzle that allows the block-chain to grow, transactions to be processed, and tokens to be created and assigned to the “miner.”

Instead of trying to eliminate this need to mathematically and publicly prove that a quantity of useless computation has taken place, we can make sure that the computation is useful. For example, “miners” can volunteer for any one of the scientific computing projects that exist, helping scientists find signs of alien brains, big prime numbers or to help them study cancer.

Here’s my documentation on how to properly do it starting from the Infinitum block-chain system, specifically. As in Infinitum, the token reward for a volunteer doing useful computing is “democratic,” that is, it will always be proportional (1:1) to the computing power they spend and not to how early they got into the game.

This “Proof-of-Useful-Work” (PoUW?) system is significantly more complex than the Infinitum system as currently planned. Since it is just a waste-reduction strategy, I will consider implementing only after Infinitum is deployed and only if it turns out to be useful to such an extent that it is generating significant waste. Perhaps some other project also finds this design useful, so here it is.


In this system, social entities, the issuers of tokens, are responsible for signing public messages stating that a quantity of useful computation has taken place. These issuers are identified by their public key(s). Multiple issuers can monitor and sign off the results of useful computation, increasing the level of confidence in the statement, acting as a single virtual issuer entity that is composed of multiple issuer parties.

The unit in which useful computation is expressed is a standard quantity of computation, such as FLOPs or energy (J) spent, or a combination of these, and it is the task of each issuer to approximate the chosen unit in the best manner possible. A definition of what the ideal unit of computation is defines the protocol and ties together all parties that are in the same network, the same game of creation and exchange of “PoUW” tokens.

Contrary to how Infinitum (or Bitcoin, or any block-chain system for that matter) operates, the top-tier settlement network is already made up of central banks, which are a server-based, online service provided by the issuers themselves. And to increase trust, security and fault-tolerance, multiple issuers, both individual and the “virtual” multi-signature ones, will usually get together and provide a multi-party central bank service using state machine replication. This ensures that an overwhelming majority of the issuers involved has to agree on the state of the multi-party central bank service at all times.

In this cooperative arrangement, issuers will replicate each others’ currencies in the same ledger system. The final tying up of the settlement network is done by having the replicated, cooperative central bank services talk to each other to settle transfers between them. This system will probably scale better than a block-chain system, and yet is intended only for settlement between a second-tier of banking services!

Like in Infinitum, true scalability and low latency is to be obtained by having third parties, completely unrelated to the issuers and their central banks, create their own “commercial” banking services. Like the central banks, they can be “socially replicated” by multiple parties holding multiple public keys, to ensure at all times that a vast majority of these parties agree on the state of that particular bank’s ledger.

The final step is in integrating all the multiple currencies that are actually tracked. All tokens created through useful work are “colored” by the issuer that signed them into existence. Contrary to PoW systems, where a mathematical function is implicitly signing off the creation of all tokens, in a system where tokens are socially issued such as in our “PoUW” game, the tokens have to be tagged with who created them, so users can choose to modify their valuation of a particular token based on how much they trust (if at all) their issuers.

(Note that there are no actual “tokens” as in Bitcoin’s transaction-inputs-and-outputs sense. Everything is ledger-based and an amount of work recognized by an issuer immediately becomes a credit in an account number at their own central bank ledger.)

Now, the “wallet interface” has an additional complication that isn’t fully transparent to users, and that part of the price to pay for the “PoUW” system. Although the “unit” is standard and the wallet shows only one combined balance to the user, that balance is relative to his perception of how much value to give to the tokens of each issuer that exists. If an user has 100 units from Issuer A, and 100 from Issuer B, but he thinks Issuer A’s are correctly assessed (i.e. they are worth 100 units of the ideal work unit) whereas he thinks Issuer B is overestimating the work done by 100%, then his wallet will show that he has a balance of “150”, instead of “200.”

In practice, if serious research institutions would ever participate in such a system, it is unlikely that users would not simply import a standard trust file that assigns a weight of “1.0” to every collaborating university or research center. Only power users and nit-pickers would toy with their trust maps.

But since the weight that users give to the units created by different issuers, “payment” also becomes a little more complicated. Under-the-hood, both the sender and the recipient have their wallet software negotiate what balances from what issuers are to be transferred (in Bitcoin parlance that’s the “coin selection” problem). The “value” that the sender parts with is potentially different than the “value” that the receiver will see incoming. So the receiver can end up receiving either “more” or “less” value than what the sender perceived to have parted with. Needless to say, the receiver will give a value of zero to all balances created by an issuer he doesn’t know about.


This solves Bitcoin’s waste of computing power, but also removes its built-in scarcity of game tokens. Recreating Bitcoin’s token-scarcity model in this system would probably require an additional layer of networking on top of it. It makes me happy that the design for PoUW turns out to be naturally democratic and hostile to Bitcoin’s scarce-token game!

The final, hidden benefit, is that the “CPU vs. GPU vs. ASIC mining” problem is solved — the disparity between the computing capacity of dedicated “mining” hardware versus the typical user’s “Home PC” hardware. Scientific computing will benefit from GPUs, but, as far as I know, there are no widely-available “ASICs” for all of the specific scientific computing tasks that exist. This distributes the token rewards more evenly among the people. Coupled with the “useful,” ethical nature of the transferable symbolic unit itself, may breed healthier “economic” trade games than systems like Bitcoin and even Infinitum.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.