Primecoin: the cryptocurrency that can make mining useful


Primecoin is an innovative cryptocurrency, a form of digital currency secured by cryptography and issued through a decentralized mining market. Derived from Satoshi Nakamoto's Bitcoin, Primecoin introduces an unique form of proof-of-work based on searching for prime numbers.


Discussion about Primecoin and its infra. Primecoin is a very innovative cryptocurrency, being the 1st non Hash-Cash PoW crypto, naturally scarce (not artificially), with very fast confirmations (1min), elastic readjusting reward & a useful mining (byproducts are primes). Primecoin is sustainable (miners are guaranteed to have revenues), and decentralized (ASIC/FPGA are not particularly advantaged). Sidechain for decentralized data applications (e.g. Storj) currently in development.

Description of the Algorithm

This is one of the first cryptocurrencies that I have seen that makes any substantial change to the traditional hashing model. As such, I wanted to understand the backing mathematics before trusting the coin. Thus far I have been underwhelmed by the quality of the documentation, so I would like to address the various aspects of Primecoin that make it unique, and to show how Primecoin continues to exhibit the attractive qualities of Bitcoin, pointing out where it may fall short. If anyone finds additional information then I would love to see it included here. I will do my best so answer questions, but I am new to this coin, just like everyone else. I will break down my analysis into addressing aspects of Bitcoin/Primecoin and describing how Primecoin goes about achieving the goal.
Proof of Work is "difficult," but verifying it is "easy"
For a proof of work coin it is necessary that the work being done takes some time. In particular, it is necessary that the solution to the work is much easier to verify than it is to find, such as is the case in NP compete problems. For Bitcoin and most other cryptocurrencies this is achieved by the use of cryptographic hash functions, where the output cannot be known without executing the hash; getting a hash with a specific quality requires guessing and checking, but verifying that a solution is correct only requires checking that one solution. In Primecoin the proof of work function is the primality of numbers. In mathematics it is conjectured that there is a lower bound on the computational power required to find a prime, which makes it a reasonably strong proof of work having been done. In the range that is being checked there are enough primes that a computer can discover dozens per second; it can verify far more in the same amount of time. Thus, primality serves as a valid proof of work function from this perspective.
It is also worth noting that for the range of primes being searched it is unreasonable for there to exist a "rainbow table" of sorts (precomputed list of primes to quickly check instead of generating new ones). There are simply too many primes.
Finding a block is not a global race; One cannot mine ahead of time
In order to allow people to mine it is necessary that finding the next block is not a global race. By this I mean that while faster computers can get more blocks, slower computers must still get some blocks. If the Primecoin protocol simply required a miner to find the next prime after a given number then the fastest computer wins. That is not how Primecoin works, though. In Primecoin, as I understand it, the previous block's hash is put together with data from the current block including data for a new transaction to the owner of the miner. All of this data is then hashed together to get a starting point, which I shall call H, for hash. Valid prime chains must start at H±1, 2H±1, 3H±1, etc. Since everyone has a different value for their transaction they will all have a different value for H, preventing the global race. Since H depends on the hash of the previous block it is impossible to start trying to find block N before block N-1 if found, short of guessing what the hash of block N-1 will be (which has heat-death-of-the-universe type of odds).
Tradeoffs between inflation, low fees, and security
Bitcoin was designed with the hopes of having no (or negative) inflation, while having low fees and good security. However, these aspects necessarily compete with each other: security is determined by how many people do work on the network; they cannot be expected to do work that costs them money, so they must either be paid in new money (inflation) or old money (fees), or else the system will not be secured by many miners. Trusting fees to work opens up a vulnerability to the tragedy of the commons (it is best for everyone if everyone includes a small fee, but it is best for an individual if they include no fee). Primecoin and others choose to take another path: by causing the coin to roughly follow a harmonic series where the reward for finding a block roughly follows a 1/x curve the total number of coins to be minted is unbounded, while still decreasing over time. This model has been used by other coins, and seems to work reasonably well, at least in the short term. Time will tell if it is a viable model over the long haul.
Difficulty Adjustments
One of the important features of Bitcoin is that the difficulty readjusts, allowing a more-or-less constant flow of mined coins. In hash based coins it is simple to adjust difficulty by setting a target number that the output of the hash must be less than. In Primecoin the difficulty is defined based on the length of a chain of prime numbers. There are three types of chain that are valid for Primecoin: Cunningham Prime Chains of the First and Second Kind, and Bi-twin Chains. Bi-twin chains are primes in the form N±1, (2N)±1, (4N)±1, etc., where all of the numbers are prime. Cunningham Prime Chains consist of the same sequence where the ± is replaced by either a + (first kind) or a - (second kind). For example, 2, 5, 11, 23, 47 is a Cunningham chain of the first kind of length 5 where N = 1.
For Primecoin the difficulty target specifies a length that the chain must have. If these lengths were very long (which they likely will be when/if this coin takes off) then this would give a sufficiently granular difficulty curve. However, for short chains there is too much difference between the difficulty of, for example, a chain of length 4 and a chain of length 5. To bridge that gap an additional fractional part is considered, based on a primality test. In this test a composite number will leave a residual that varies within a certain range; it varies somewhat uniformly--probably good enough to be used. Thus the fractional part of the strength of a chain is that residual divided by the max value it can vary over. This gives a much more continuous notion of difficulty requirements or the strength of a chain.
Another note is that rather than re-targeting difficulty once every 2016 blocks like Bitcoin, Primecoin readjusts difficulty every single block. This can make it more responsive to changes in mining power of the network.
Those are the biggest ways I've seen that Primecoin differs from Bitcoin, although I'm sure I've made mistakes and/or omissions. I'm happy to try my hand at answering questions, and would love to add more information as it becomes clear.
Someone said there is a virtual cap on primecoin, can someone explain?

There is no cap on the number of coins but I read someone say there was a virtual cap. I'd that through increasing difficulty?
Request for computational work

Many of you are likely aware of the crypto currency phenomenon which is underway. The foundation of these coins is something called "Proof of Work", which essentially requires a computationally intensive amount of work to be performed in order to determine the recipient of newly minted coins.
Currently Bitcoin uses a useless hashing calculation to do determine the "winner" of new coins, and given the size of the Bitcoin mining network, this has become a prohibitive usage of power. One innovative coin was launched in June (Primecoin) which searched for Cunningham chains. It was an innovative solution to the power waste issue, but it isn't clear if Cunningham chains have or will ever have meaningful usage - certainly they do not merit the power usage today.
Many of us in the Crypto space are wondering if there are more fundamental physics computations that may provide real world value that could be used as the foundation of a new coin. The requirements are that the data input to the system must be unpredictable to the outputs when combined with a random seed, trivially verifiable, transparent, and indisputable. The computational formula cannot be changed after implementation, and it isn't clear if new data could reliably enter the system, so something with full data initially is preferable.
Thoughts? Are there fundamental constants of the universe that need modeling?
Primecoin's only problem: marketing [solvable]

The only problem it has is marketing and its association with scientific calculation, which is not its point. The point is that prime numbers chain ( cunningham) has very interesting properties that give superior features to Primecoin vs Bitcoin/Litecoin in terms of security, inflation and fees. Specifically, the cap that is not artificially fixed (a fixed cap implies that the price or fees grow exponentionally otherwise miners stop mining ) allows for a nevertheless rare coin, and low inflation, qualities of a good currency backed by precious metal.
Mining hardware constraints in relation to transaction fees: thinking about the future

In a (not so) distant future when block subsidies are no more, miners' income will come from transaction fees only. Assuming everybody behaves the same way and mines to support decentralization, what each person spends on mining is also what each person receives as mining rewards, so the balance is zero. However they still have to pay for their mining hardware and their power bills.
The question is: how much are you willing to spend to support the network?
I would say not much more than regular banking fees. As a rule of thumbs, let's say $10 per month.
Let's study 2 cases.
If you already have the hardware because it is general-purpose (i.e.: the crypto is ASIC-resistant), you can spend these $10 on electricity only. At a rate of $0.15/kWh, this is is 67 kWh, which means you can afford to let a miner of 91W run permanently. This is slightly more than a CPU (without the rest of the system), and only about one third of an AMD 7950 GPU (without the rest of the system either).
If you must buy specific hardware (i.e.: the crypto is ASIC-friendly), assuming it is perfectly power-efficient, you can disregard power costs and spend your whole budget on hardware. Assuming you will renew it every 3 years, this means you can afford a $360 miner. For Bitcoin, as of today, this would be 3 Redfury USB miners.
Now, the important part: since the sum of transaction fees can only support that much hashing power, if anyone mines more than their share, they contribute to centralizing the network, because assuming no one is willing to pay more transaction fees to compensate, someone else will need to stop mining.
Conclusions: in the long run, GPU mining is not sustainable at more than 1 GPU per household. CPU mining by everyone could be sustainable if a CPU-friendly, GPU-resistant and ASIC-resistant algorithm can actually be designed. As of today, SHA-256 is completely dominated by ASICs, Scrypt with N=1024 ASICs are on the horizon, Scrypt with higher N values is vulnerable to DOS attacks, Quark's algos have already been implemented as ASICs by academics and Protoshare's Momentum algorithm is GPU-vulnerable. As far as I know, the only viable algo that has yet to be proven GPU/ASIC-vulnerable is Primecoin's, but given the fates of the others, I wouldn't set my expectations too high.
So it appears that progression to ASICs will be hard to avoid. But big ASICs with power draws higher than 100 watts are definitely a threat to decentralization. They are acceptable as long as the money supply is growing, but are not sustainable, so I advocate the development of smaller ASICs to preserve the decentralization of crypto-currencies in the future.
Coincidentally you can use these calculations to estimate the cost of a 51% attack in the future: let's consider the current global population of 7 billion people, each spending $10 per month to secure the network. For a 51% attack, you would need more than 70 billion dollars per month, or 840 billion per year, 23% more than the 2010 US military budget.
Of course, all of this is assuming a PoW mining system. With proof-of-stake, it would be completely different, as block generation would be nearly free.
[email protected]

Can someone please ELI5 how the idea behind PrimeCoin (scientifically-interesting -- or at least vaguely interesting -- proof-of-work) might extend to performing calculations as required by a project like [email protected]? Or ELI5 why it's not possible. Or at the very least ELI5 why you're not sure whether it's possible or not.
I am interested in the cryptographic question of when and whether an existing computational challenge which is (a) useful, and (b) difficult, can be provably and efficiently encoded as a partial hash-inversion task, a la bitcoin mining. I am also interested in any foreseeable obstacles for a project of this sort, be they software-related, mathematical, or sociological in nature.
A conceivable alternative to the "encoding useful work as hash inversion" idea is to have a semi-trusted institution (like the [email protected] project) mediate the conversion from societally-useful to cryptographically-usable work. I am not so interested in schemes along such lines because the mediating institution seems like a likely target for corruption or subjugation by the Powers That Be. But if you have interesting ideas to share along these lines, feel free to mention them as well.
You got some powerful CPUs; Why not mine some Primecoins?

Primecoin is secure online money similar to bitcoin, but can only be mined (generated) with CPUs as of now. Primecoin is generating long and longer prime chains as more computing power joins the network. Right now, 1 XPM is worth around $1.
Remember Bitcoin?
If not, look it up or get a super-short summary here:
Bitcoin is a decentralized encrypted currency with no bank in control. Think of it as a p2p network for money. Bitcoins are not given away for free, your PC has to solve complicated tasks to be rewarded with some BTC.
Calculation difficulty rises with more people calculating, so it gets harder when more people join in.
As people started using Graphic Cards and even so called ASIC devices for bitcoin mining, your chances of getting a block are very very very small.
Primecoin takes a different approach, it calculates prime chains (which are a lot more useful to science than cracking random hashes)
Primecoins can, as of now, only be mined with CPUs so you might want to chime in.
Primecoin High Performance Client can be aquired here (
You can mine Primecoin alone or in a mining pool ( - I haven't tested this pool myself)
Primecoin is an interesting new concept similar to bitcoin, but instead of wasteing all this computing power on SHA256 hashing, Primecoin is generating long and longer prime chains as more computing power joins the network.
Read about it on /primecoin
Primecoins (XPM) are generated when you find a prime chain (Cunningham or bitwin chain) of given length. Right now, it has to be 9 primes long. The computer who found the chain gets primecoins credited into his wallet file. (Around 11 XPM)
Primecoins are similar to Bitcoin. For general information, check out Bitcoin. Primecoins are simply generated in a more meaningful way. (Generating prime chains instead of "bruteforcing" senseless SHA256 hashes)
There isn't, but as the difficulty of mining them increases, the payout of coins decreases. Right now, difficulty is at 9. That means chains of 9 primes have to be found. Soon 10 primes are needed.
The payout can be calculated with
999 / difficulty2 = payout
The more people join in on calculating, the higher the difficulty. It adjusts in such a way that every minute one chain is found.
I have some Primecoins to give away to interested folks and I am ready to answer questions!
In Case you Haven't Read the 2nd Community Interview with Sunny King Because you Haven't Signed up at the Forum yet, Here it is...

Some people have not signed up at yet and don't have access to Sunny's interview, so here it is...
Sunny King: hi all
JustaBitofTime: Hey Sunny, nice to have you with us. Are you ready to get started?
Sunny King: Yes John I'm ready.
JustaBitofTime: Coolbeans94 wanted to know about Peercoin's long term approach, he asks "27. Is its design more for long-term security and sustainability? How does that relate to Bitcoin’s longterm vision?(Coolbeans94)"
Sunny King: @Coolbeans 94. Both PPC and XPM are designed to last. PPC is designed with energy efficiency, XPM is designed with energy multiuse. Bitcoin has a long term uncertainty as to whether transaction fees can sustain good enough level of security. Before that the main concern is how to balance transaction volume and transaction fee levels. Currently I get the feeling that bitcoin developers favor very low transaction fees and very high transaction volume, to be competitive against centralized systems (paypal, visa, mastercard etc) in terms of transaction volume, to the point of sacrificing decentralization. This also brings major uncertainties to bitcoin's future.
Sunny King: @Coolbeans 94. From my point of view, I think the cryptocurrency movement needs at least one 'backbone' currency, or more, that maintains high degree of decentralization, maintains high level of security, but not necessarily providing high volume of transactions. Thinking of savings accounts and gold coins, you don't transact them at high velocity but they form the backbone of the monetary systems.
Sunny King: @Coolbeans 94. Pure proof-of-work systems such as bitcoin is not 100% suitable for this task. This is because transaction fee is not a reliable incentive to sustain network security. If the mining generation amount is kept constant (there have been several such attempts in altcoins) it would work better security-wise but then it would also significantly weaken the scarcity property of the currency. XPM's inflation model is designed in such a way that it could serve as backbone currency better than bitcoin if needed, because it could maintain high security reliably for longer, with reasonably good scarcity property as well. Of course that's only from architect's point of view, whether or not it would be chosen by the market is a whole different matter.
JustaBitofTime: Along those lines the community wanted to know ""If the tax fees are to remain fixed at 0.01 and Peercoin becomes widely adopted, (Thus a sharp rise in value) the fees could become too much for microtransactions. What would happen in this case? What solutions do you imagine to get around the microtransaction issue?"
Sunny King: @Coolbeans 94. PPC is designed to serve even better as a backbone currency. The proof-of-stake technology in PPC is not only energy efficient; it also maintains high level of security without relying on transaction fee. Thus PPC could be safely designed with strong scarcity property yet serving well as backbone currency.
Sunny King: @Coolbeans 94. Both PPC and XPM use protocol enforced transaction fees, which reflects my preference that high transaction volume is discouraged in favor of serving as backbone currencies.
JustaBitofTime: Speaking of security, there's often quite a bit of debate surrounding the PPC vs XPM checkpointing. 27.5 Will checkpoints be optional like they are in XPM in the next client version?
Sunny King: @transaction fees: Right now if we are talking about micropayments in the US$1 range, both PPC and XPM still handle them with much lower overhead than credit card network. In the long term micropayments should be provided by centralized providers, or a less decentralized network optimized for high capacity transaction processing.
Sunny King: @transaction fees: On the other hand there is no promise that minimum transaction fee wouldn't be adjusted. If processing capacity of personal computers continues to advance at the current pace, both max block size and minimum transaction fee could very well be adjusted at some point. However I do take a very cautious approach to adjusting transaction fees, as opposed to bitcoin devs. The impact to the fitness of the currency as a backbone currency is of great concerns to me.
Sunny King: @checkpoint: Decentralization of PPC checkpoint is currently planned to begin in v0.5. It would be a gradual process.
JustaBitofTime: I can tell you from my own Libertarian leaning, being able to add some layer of anonymous transactions is important to me. 47. Can you tell us more about 'sendtoaddressfrom' and Avatar mode? Will this be released in the next client version? (JustaBitofTime)
Sunny King: @JustaBitofTime Yeah this is still at conceptual stage. It shares some similarity to coin control. However from user point of view I'd like them to think in terms of avatars instead of addresses and coins, it's simpler and better for privacy.
Sunny King: The main rule is that in avatar mode the client doesn't automatically assemble coins from different avatars into the same transaction but it can still do so within an avatar
JustaBitofTime: One of the challenges the Peercoin community faces is breaking down all the technical nuances of the coin. Alertness asks "60. Could you please explain exactly how the level of PoW and PoS difficulty is calculated? (Alertness)"
Sunny King: so you probably need to specify which avatar the money should come from in a send
Sunny King: I would wait to see how coin control is introduced in bitcoin first. If bitcoin implements similar concepts first that would be nice too.
Sunny King: @Alertness For simplicity we can think of the difficulty adjustment of PoW and PoS blocks independent of each other. Basically it uses some technique called 'exponential moving' to keep the block spacing relatively constant. It adjusts on every block and smoother than bitcoin's adjustment, responding to change of network hash rate much faster than bitcoin, but at the same time not too fast to make difficulty manipulation exploits difficult.
Sunny King: @Alertness PoS blocks have a constant 10-minute spacing target. PoW blocks have a variable spacing target, between 10-minute and 2-hour, but on average it's about 30-minute when PoS block spacing is close to the 10-minute target. This serves to reduce the variation of block spacing.
JustaBitofTime: Along those lines, 60.5 Could you please spend some time talking about the environmental impact of Bitcoin vs Peercoin now and then in the future? (JustaBitofTime)
Sunny King: @JustaBitofTime I don't like to paint bitcoin in a negative picture because it's indeed a brilliant system with high integrity and reasonably good inflation design. High energy consumption is only a minor blemish. To say that it's gold 2.0 I think is quite reasonable.
Sunny King: But if we can solve one of the issues with gold and gold 2.0, their environmental impact, that would be very nice, wouldn't it? We all want to live on a cleaner and happier earth, right? So we should take this task more seriously and PPC provides a possible solution.
Sunny King: On the other hand we should also respect other people's free will. For example we should not force other people to not mine bitcoin or participate in distributed computing projects, because of the environmental cost. So XPM complements the goal here as it produces additional scientific value from the consumed energy. So people who like to mine cryptocurrency for whatever reason have a better choice to mine, to get more benefit out of the mining activity and environmental cost.
JustaBitofTime: For our non-technical users, how does PoS factor into the environmental impact? In other words, 1 friend is mining Bitcoin and the other is mining Peercoin. How does that look now and how does it look in 1 year?
Sunny King: Currently PPC market cap is still small, so the effect is still small. If PPC becomes as successful as BTC, then the energy saving would be significant, and more and more so as difficulty rises
JustaBitofTime: As difficulty rises, what is the net effect? I feel this is an area that many new to the coin have trouble making the connection.
Sunny King: A caveat here is that the energy consumption on bitcoin mining might drop in the long term as well, due to lack of incentive in mining. However this would drop bitcoin's security level
JustaBitofTime: You spoke about producing additional scientific value from consumed energy with XPM. 55. What are your thoughts about [email protected]? Do you see a place for it in crypto coins?
Sunny King: Difficulty increase in PPC reduces inflation rate, which also reduces the energy consumption. This is assuming market capitalization stays the same
Sunny King: It's hard to say, I am not an expert in protein folding algorithms but I can imagine it would be hard to completely decentralize. There has been a proposal of a less decentralized solution whereas traditional hashing provides network security and half of the minting, whereas folding computation provides the other half of the minting using the existing centralized distributed computing network. This approach is not limited to [email protected] though, people are also thinking about other networks such as BOINC.
Sunny King: The problem with this system is whether trust is required on the centralized distributed computing network to not abuse the system and counterfeit. Without solving such problems it's not a serious currency system in my opinion, but on the other hand we do see existing systems in operation with centralized minting, such as DVC and FRC. So this type of systems definitely has some niche in the market.
JustaBitofTime: Shifting gears here, Jimmy asks "Q1 New: When will the development team release the official ppcoin specification? (Jimmy) Clarification “We got the paper last year, but we need a protocol specification detail similar to , especially for POS and the integration of POW with POS. The specification is important to developers and the general users who are interested in ppcoin.”
Sunny King: @Jimmy There is no set plans for this yet. If the demand is strong I could look into getting a summary of difference between bitcoin protocol spec and ppcoin protocol spec.
JustaBitofTime: Between 2 different coins, you obviously have your hands full. Romerun asks "Last interview sunny say if he somehow disappears Scott will fill in. But up till now we don't really know who he is, or how much commitment of him to the project / etc. There could be the issue of impostor too, so it would be benefit to the community to clear this up. And wouldn't it be better to have a few more key devs to PPC."
JustaBitofTime: My understanding was Scott was capable of filling in, however, has not worked on PPC recently?
Sunny King: That's right. For some reason Scott isn't as motivated as I am. I also look forward to having more developers with ppc, right now I think xpm team is in good shape, quite a number of people are working on xpm miners which requires a good understanding of the innerworkings of primecoin.
Sunny King: So I think as our community grows there will be more talents showing up. I am still pounding scott to be actively involved as well
JustaBitofTime: As your development team expands for XPM, Muto asks "35. Do you plan to release another currency? (Muto)"
Sunny King: @Muto 35. No such plan right now. I have recently turned down a few invitations to work on other currency projects due to my responsibility in PPC and XPM. I am committed to further improve PPC and XPM's competitiveness in the market.
JustaBitofTime: Speaking of competitiveness in the market, Romerun would like to know "What are the development priorities/future features of PPC/XMP in Sunny's mind? online wallet? etc."
JustaBitofTime: I understand marketing and overall community development/involvement is a big part of the overall plan.
Sunny King: I have touched a few things last week I think, there are other things I have in mind but don't wish to talk about yet. I am constantly evaluating market situation to figure out what's the best features to compete in the market
JustaBitofTime: Let's change it up again 8. Who are your business and personal heroes? (MeBeingAwesome)
Sunny King: As to services and apps I usually leave those to the market to support. If I were to be involved in a service somehow I think it needs to have profit potential
Sunny King: and not divert too much of my resources and time
Sunny King: @MeBEingAwesome Right now I am in the business of cryptocurrency As to my heroes, I think Satoshi qualifies as one. We know that before bitcoin came into existence, several pioneers in the digital currency world have made sacrifices, such as Douglass Jackson the founder of e-gold, Bernard von NotHaus the founder of Liberty Dollar, among many others. These efforts are part of the same movement to decentralize the control of money, from potentially rising oppressive governments. Gold was demonetized to mainly facilitate centralized power, that gives governments power to do a lot more damage, to do whatever they want. Through history we can see the corruption of morality of governments, for example, in the 1860's US governement still had the integrity to return to gold standard after civil war, while in the 1930's it no longer had such integrity after an economic depression. Not only that, it developed audacity to blame the depression on gold. It's very difficult to restore morality of governments.
Sunny King: The cryptocurrency movement, arising from the lessons of e-gold and liberty dollar, gives people a powerful tool to peacefully return to the principle of limited government. We all thank Satoshi whose brilliant mind and effort enabled this movement. Of course there are a lot more things going on in the societies outside cryptocurrency world, to preserve mankind's freedom, to elevate mankind's morality and spirituality, so there are many heroes around us.
JustaBitofTime: I completely respect your desire to remain anonymous. If the code is open, that should speak for itself. With that being said, there are people that claim you might be someone involved with the Satoshi team early on. Can you speak to that rumor? Also, did you have any involvement with Satoshi directly?
Sunny King: I wish I were as that would have made me very rich I am also curious to who Satoshi really is, what led him to such great achievement. But on the other hand I also wish him a peaceful life not having to endure such hardships like NotHaus
JustaBitofTime: For those not familiar with NotHaus, please look into Liberty Dollar.
submitted by Sentinelrv to peercoin [link] [comments]

