This has already been discussed and proposed in various papers and
articles, typically to replace SHA-256d with something else. It
basically works, but there's a some tiny issues:
1) Who goes first?
If you first calculate the expensive PoW and then do a cheap SHA-256d
around it, anyone can malleate it by changing the outer PoW.
If you first calculate the cheap SHA-256d and then do an expensive PoW
around it, it would work, but then you would have to retool the P2P
protocol.
2) What's the incentive for miners?
In a "normal" soft-fork, miners have the incentive to upgrade because
their blocks will be orphaned if they don't, and even the old clients
won't accept them.
Here, miners will be able to produce an alternate chain that will appear
valid to old clients, and that the new miners won't be able to orphan
(since their hash power is much weaker).
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
