Bitcoin calculations right now is not really a waste of resource. It's used to "audit" the transactions to make sure no one can double spend any money.
The majority of work done on btc is useless though, because very few hashes end up validating into blocks. It would be nice if all that compute power was being used for some productive use, and you just did a consensus raffle rather than arbitrary hashing to pass out new coins.
Proof-of-work is not useless if it prevents other, undesirable outcomes that would otherwise occur without it.
Make no mistake, though - the large mining pools are the spacing guild of bitcoin; without them, there is no network.
Unfortunately they (via their users) would not welcome such a switch after so much time and effort and money has already been expended to be able to increase sha256 speed to the point it is at now.
Perhaps this is why Litecoin chose scrypt instead?
Regardless, the proof-of-work we have in Bitcoin today is likely what we'll have in Bitcoin forever, like it or not.
When a lock only stays shut as long as it's the biggest, and everyone is pouring thousands of tons of molten steel in just to keep the lock big? Hell yes it's a waste of resources.
A single lock is much closer to encryption than it is to 'race the world' levels of proof of work.
When compared to digging huge quarries into the earth, physically extracting gold ore, processing it and shaping into blocks then burying it back underground again (in vaults), it's not actually that wasteful.
If there was no other way to secure the advantages of this hypothetical big lock, and those advantages were as significant as Bitcoin's, then it wouldn't be a waste of resources.
Keep in mind that the entire Bitcoin network could be replaced with one trusted party with the computing power of an average smart phone. The network is currently paid 150 Bitcoins every hour to be that party, and in an efficient market, almost all of that would be spent on mining, i.e. wasted.
The security of Bitcoin against double-spending is literally based on wasting so much money that it is unattractive for an attacker to spend a matching amount of money on a double-spend attack. The network must spend this money all the time, though - it can't know in advance when it is being attacked.
An attacker with enough resources can also force the network to either match their spending, or be rendered useless.
Bitcoin is an inherently wasteful system, and it actively resists scaling. There are alternatives, the most proven of which is a centralized ledger run by a trusted third party.
Even if there were no viable alternatives at all, I would still have doubts about the sustainability of the current system. The cost of running the network is just too large compared to the amount of real economic activity.
I think you underestimate and/or understate how big of a deal Bitcoin's lack of reliance on a trusted third party is. That's essentially the entire point of Bitcoin, so it seems a bit disingenuous to call it "wasteful." Perhaps if you have no desire for a decentralized transaction log with no trusted third parties, then it would be wasteful for you to throw computing resources at Bitcoin, but it's ridiculous to apply that generally.
Still, think about how the proof of work operates. There is no connection between the amount of computation needed to prevent attacks and the current block reward. Therefore logically the amount being spent on mining is very probably far too high or far too low. It's possible that it's too low, and bitcoin could be taken out by a government body. I personally think it's more likely to be too high. As in, X attack only needs to cost $1M to keep the network safe, but the current mass of miners makes it take $10M. The other 9 million is truly wasted on the tragedy of the commons.
To go back to the silly analogy, you need a 20 ton lock but you can only use 'cost plus' bidding and all the contractors keep making the lock bigger until they get every possible cent out of the process.
Hardly. Bitcoin ran just fine on CPUs. The only reason nobody uses CPUs to mine any more is because everybody else switched to GPUs, which resulted in a difficulty adjustment. In other words, competition for bitcoins upped the required compute power, not anything inherent to producing bitcoins themselves.
Do 500W GPUs play any part in this? No. The bitcoin client is a standalone app that can run on any machine. Mining (generating hashes) does not, to my knowledge, actually operate the network.
Hell, if bitcoin needs 1000 petaflops just to operate the network when it is still a fringe currency, how exactly is it supposed to scale to mainstream use?
The computing effort required by mining is almost completely decoupled from the actual number of transactions. It's designed to scale up with the available computing power, that's why it has grown.
> Mining (generating hashes) does not, to my knowledge, actually operate the network.
You're incorrect. The proof-of-work requirement is integral to the Bitcoin network, because it makes fraud unprofitable. The amount of computation required to create a block chain longer than the honest one should cost more than the potential benefits of doing so. That said, as far as I know, any proof-of-work algorithm could be used as long as a large portion of clients adopted it, so it should be possible to use work that is useful in itself.
So what you are saying is that Bitcoin will always require a horrific amount of computational power, just to prevent fraudulent generation of blocks? I'm starting to like the idea of mainstream Bitcoin less and less... 1000 petaflops just to maintain the network? Does that not raise the eyebrow?
I don't think it's "horrific," and I think the phrase "just to prevent fraudulent generation of blocks" vastly understates the awesomeness of having a virtually fraud-proof transaction log without relying on a centralized party.
Well, if Bitcoin goes mainstream it seems like we could expect it would require 51% of all computational power on the planet at all times, which would indeed be horrific as well as tragic, IMO.
Sure, the perfect currency is valuable. But is such a sheer brute-force approach to security the best we can do?
What makes you think it would require 51% of all computational power? That would only be true if there were no other valuable things to compute, which is very unlikely to be the case.
I don't think you really understand how the protocol works. The transaction rate is rather small and handled entirely by general purpose CPUs. The proof of work uses a fixed-size input made by hashing all the transactions in a block.
