> For almost all practical applications for which bitcoin is being used, this doesn't actually come in to play very often.

Not exactly. If you have all your coins in a single transaction, you will get change - which can take 10 minutes to confirm before you can spend it again.

Yes, you can solve this by splitting up your money, but it's not something people expect.

> It's not wasted if it's being used to process bitcoin transactions.

Yes it is being wasted. Waste doesn't mean "unused", waste means "using more than necessary". Due to the hashrate arms race, tremendous amounts of power are being wasted doing nothing useful.

Bitcoin is powered by electricity, a better currency would spend something else instead.

> Due to the hashrate arms race, tremendous amounts of power are being wasted doing nothing useful.

But they are doing something useful. They're preventing someone from turning up and performing a 51% attack, thus ensuring the security of the network. You could suggest that there's better ways of doing that, but our ideas so far haven't panned out.

Interestingly, how it works at the moment is that essentially, through the mining of bitcoins, every bitcoin holder's bitcoins are devalued to pay for the security of the network. Therefore, if a significant amount of bitcoin holders decided that they could deal with less network security, they would use a coin which provided less network security (by paying miners less).

As it is, at the moment, we're not sure exactly how much security we need. Therefore, we're willing to pay for as much security as possible; nobody wants their bitcoins to be worthless tomorrow because they didn't pay enough to protect the network.

The thing I don't like about the way bitcoin mining works is that it's an arms race that leaves attacker and defender on equal footing - quite unlike a lot of crypto, where adding a bit increases the defender's work linearly but the attacker's exponentially. By its nature, then, we have to keep burning off more in value than someone could make with a 51% attack, regardless of improvements in tech efficiency.

Of course, lacking a better proposal, it could be that this is the best we can do. I don't have to like everything about every piece of technology in the world...

> You could suggest that there's better ways of doing that, but our ideas so far haven't panned out.

Can I ask, have you heard about Peercoin, which uses a combination of a proof of work and a proof of stake system rather than just a proof of work system? Do you have an opinion as to why such as system wouldn't be at least as secure as bitcoin?

My understanding is that it's currently unproven, and certain ideas we used to have about it have already been disproven. I'd love to see an actual academic paper on what it would take to break the network.

There's also the fact that wealth inequality - specific groups of people owning significant amounts of money - will break the network's assumptions. This could be a good or bad thing, depending on your point of view.

Additionally, minting a proof-of-stake block locks your stake for 520 blocks. Most reasonable people would be angry that they can't access their money for that long. There's a workaround of reserving a certain amount of coins so that it can't be used for proof-of-stake, but that doesn't actually solve the problem, and generally means that the poor will reserve all their money and never generate a proof-of-stake block.

And that leads on to another issue with proof-of-stake; the rich get richer, as a rule that's explicitly built into the system. Probably not much richer, but it's against common ideology.

The other thing that most cryptocurrency enthusiasts won't like about Peercoin is that it's eternally mildly inflationary. While some will understand that this is essentially payment for security, others will argue that those who use the network more should pay more (via transaction fees), rather than a "tax".

I suspect that it will see a mild increase in use when they prove that they can get rid of centralised checkpointing, but I think there's a very significant core group that will not be able to get past the ideological issues and lack of academic research.

> Due to the arms race, it's only getting more and more efficient.

Wrong. The number of hashes is going up. But the energy consumption hasn't changed.

> Again with that?

You really think that calculating exact hashes is a useful activity?

Please separate the action of securing the network from the action of calculating useless numbers.

They are not the same thing. Yet you seem to think they are.

> You are starting to sound like a troll.

After a single comment? You have a pretty low bar.

> Why does Bitcoin's energy consumption bother you so much ... everything else still using fossil fuels

Because it could easily be better. The other things can only be better with difficulty. That makes it a waste.

It might be too late to change now, but that doesn't make it good.

You might be interested in Andrew Miller's Permacoin, a proposed Bitcoin derivative that uses PoS (Proof of Storage) to secure the network.

[0] - http://cs.umd.edu/~amiller/permacoin.pdf

Imagine a computation-intensive crypto-coin-mining activity somehow linked to a real-world, practical use, say, curing cancer (say, by digging through vast amounts of genetic data). Instead of paying for the computation time directly, people could work on chuncks of the problem as they wish and be rewarded with CCCs (Cancer Cure Coins) for defined partial results.

Then we could say the computing ressources are not wasted.

This is a frequent point that comes up from people who haven't really thought through all the details of how PoW based cryptocurrencies work.

A good proof of work function needs two things (among other desirable properties I will elide):

1) For some difficulty factor D, you should be able to generate an instance of the problem that takes time proportional to D to solve

2) The solution should be verifiable in time much less than D (preferably constant time)

So until you can show me a foolproof way to generate protein folding problems, genetics problems, or SETI problems, etc. that have these properties (I haven't found one myself), it seems quite difficult to make a "useful" PoW.

Now, theoretically, if you found a "useful" problem that had property 1, but not property 2, you could convert it into a viable PoW using efficient zero knowledge proof techniques [0], but at the moment that isn't really viable.

[0] - https://eprint.iacr.org/2013/507.pdf

It was just an example to clarify the criticism of "cryptocurrencies waste energy". It would be up to the cryptocurrency advocates to show such a function.

On the plus side, the problem does not necessarily be "proportional to D", in fact, finding a better function would be incentivized. Since the computer cycles would produce a "real" value (curing cancer), the upper limit for these coins would be the amount of money society would spend on a cancer treatment.

/speculation

I heard talk of some math that said, in effect, "if the work is useful, proof of work breaks down." Not finding a link...

> For almost all practical applications for which bitcoin is being used, this doesn't actually come in to play very often.

But could this be a self-fulfilling prophecy? Perhaps this property of Bitcoin is hurting its adoption, by relegating it only to uses where this is not a hurdle.

Possible, but auth apps or other off blockchain workarounds must be coming. Existing payments systems had similar problems in the past.