If an additional value is generated by mining, and miners can capture this value, the increased incentive to mine will increase mining activity.
Since there is no cap to the amount of security that the network will provide, I wonder to what extent the 'joint production' of security and computational utility is a desirable situation.
Increased mining activity will increase difficulty, at least directionally up to the point of marginal break-even. If bitcoin use and its demand increase, pushing up the price to a multiple of its current value, mining might expand even futher.

As Claudio has said, the security in the bitcoin network (with respect to the distributed consensus) is measured not by the total amount of mining activity, but by the portion of mining cost that does not otherwise have economic value.

If the cost of mining is equal to its economic value (e.g. by introducing 'useful' proof of work) then there is no security at all, because there is no cost to acquire and deploy the mining resources needed to dominate and attack the network. If mining is free at the margin, as in the heating example, then the network security is found in the fixed hardware costs.

Hence the primacy of the BTC unit in Satoshi's scheme for distributed consensus - if BTC has no value, then miners have no incentive and the network falls apart.

On a related note, in Weidai's b-money (http://www.weidai.com/bmoney.txt), he writes that "anyone can create money by broadcasting the
solution to a previously unsolved computational problem", but a condition is "that the solution must otherwise have no
value, either practical or intellectual." I'm not entirely sure of the reasoning behind this or its relation to bitcoin, though.

"that the solution must otherwise have no value, either practical or intellectual" is a desirable design feature for an efficient currency because cheaper energy exchange is the desired outcome for all economically interacting participants.

In other words, an efficient currency should have no other market value beyond what it costs to produce. In this way, its a bitcoin's price reflects roughly how much it cost to produce. This forces miners to economize.

The Petrodollar is a bit like a fish riding a bicycle to the degree that its value is derived from the scarcity of oil, and secured by military 'proof of force', but nuclear energy and renewables are cheaper, cleaner and more plentiful than fossil fuels so a currency based on proof-of-work 'without value' introduces a global standard of energy scarcity which reflects local energy abundance.

Bitcoin is a reinvention of the wheel where energy efficiency is the goal.

Useful piece - thanks Ian. The thing I explain to anybody who asks for a "socially useful" proof of work is that, aside perhaps from prime factorisations, you face the following problem:

* When people say "socially useful", they usually mean things like protein folding, searching for aliens or other activities where work has to be injected into the system from a third party (e.g. the operator of Seti@Home)
* This third party has the ability to send "easier" work to their friends and "harder" work to their friends" (or they could send the same work to everybody, but that's still problematic since an accomplice could simply fire up massive amounts of rented compute only when they knew an easy work package had been distributed - and they'd win on average)
* So you need some objective measure of "work difficulty", which all observers can retrospectively compute for all others... so that I can know that you've truly done the work you claim to have done.
* And here's the killer: I suspect (but have no proof) that the _easiest_ way to determine the "difficulty" of an arbitrary piece of code+data is to run the code with that data and see how long it takes. So it now becomes just as hard to validate a block as to find one and the system falls apart.

I'm really not sure there's a way around this problem.

In a world of so huge differences of computing power between the layman and secret services or finance, it's not like if complexity was granting any security.

For civilians, this difference is in the 1m range, enough to make anything done by "the people" utterly irrelevant.

And for the Army, the cost is no longer about how computationally expensive a problem can be - it's merely how expensive it's to bring the data to one of THE number-crunching machines.

As this cost is close to zero, if the thing supposed to be protected is of any value, forget about complexity.

Use real security - the one that cannot be broken.