Bitcoin Forum

A picture speaks a thousand words. NEM.

https://docs.google.com/document/d/10ZVrzuS_krjRF5rMvt5oKl3IS3VOhF_qnn2faZb7KZQ/edit?pli=1

http://i1373.photobucket.com/albums/ag390/John_Bob/NEM5_zpse0c61e17.jpg

http://i1373.photobucket.com/albums/ag390/John_Bob/NEM2_zpsc0700982.jpg

http://i1373.photobucket.com/albums/ag390/John_Bob/NEM6_zps0f3166a1.jpg

http://i1373.photobucket.com/albums/ag390/John_Bob/NEM3_zpsa745a51a.jpg

http://i1373.photobucket.com/albums/ag390/John_Bob/NEM4_zps7b3efd25.jpg

http://i1373.photobucket.com/albums/ag390/John_Bob/NEM2_zpsc0700982.jpg

https://bitcointalk.org/index.php?topic=426303.4720

or use existing Nxt crypto platform:

http://www.nxtcoins.nl/showcase/wp-content/uploads/2014/03/bescherming.png

one click to get to the Nxt testnet: http://nxtra.org/nxt-client/

http://justpaste.it/nxt-introduction-4-journalists

50.000 posts https://bitcointalk.org/index.php?topic=345619.0

and since it's not just about the pictures..

• Nxt's architecture is leaner and faster than Bitcoin's. The proof of stake mechanism is lightweight and block generation is 10 times faster. Nxt also doesn't support scripts/predicates, so transaction processing is easier as well.
• Everything built on top of Bitcoin must inherit Bitcoin's speed, its proof-of-work legacy of waste, and its transaction processing model. Nxt has none of these, so everything built in top of Nxt is lighter, cheaper, more energy efficient, and faster.
• Since anything being built on top of Bitcoin can also be built on top of Nxt, Nxt is the obvious choice.

he is ok, i think :)

That looks amazing.  It is clear that 2.0 is coming!!!

mining PoW is so 2012-2013

just another altcoin advertisment... Yawn.......
....moving on

if a government expresses to kill and acquire the pos cyrptocurrency then they can kill it by people panic selling to the government, until the govt holds 51%

in a pos
the rich keeps getting richer... its not really a fair way to distribute and acquire new users

if you have a lot of pos shares then you have less incentive to spend vs hoard thus mining more by hoarding

these are very strong weaknesses with pos compared to pow

Tell this to owners of PoW coins that were 51% attacked. R u able to recall a PoS coin that was 51% bought?

forging/mining income for PoS is only comparable to bank interest. how much incentive do you think bank interest gives people to hoard instead of spending?

The misconception is that you actually need 51% of the coins in order to do a 51% attack on a POS ;)

True. In Nxt u must buy 90% to attack it. ;)

I'm very interested in PoW VS PoS debate as i'm sure PoW will have to face a lot of hard issues in the future.

From reddit http://www.reddit.com/r/Bitcoin/comments/1oi7su/criticisms_of_proofofstake/ccsd6rm (http://www.reddit.com/r/Bitcoin/comments/1oi7su/criticisms_of_proofofstake/ccsd6rm):

I think Andrew Miller put it best: "The trouble with Proof-of-stake is that there is nothing at stake."

Consider the basic function of proof-of-work and the blockchain: together, they let the network come to a consensus when there are two (or more) different, competing chains.

Miners must decide to dedicate their hashing power to just one chain-- they cannot "bet on" more than one. So their best strategy is to work on the chain that they think most other miners are working on, and that quickly drives the system to a consensus on a single, best chain.

The trouble with proof-of-stake is there is no natural incentive stopping a miner from assigning their stake to multiple, competing chains. If you try to create such a system, you "go meta" -- you started by trying to solve the transaction double-spend problem (which proof-of-work and the blockchain handle nicely), and end up trying to solve a proof-of-stake double-spend problem.

How do NEM or NXT address this problem?

Nxt uses Transparent Forging to counteract malicious miners who mine multiple chains. As a result such weak point as ability to mine multiple chains becomes a strong one. Legit miners get chance to mine legit parallel chains and this leads to insane performance optimization.

I think he should be very good now ;)

I don't know much about Bitcoin though I read the whitepaper. I only used it to buy Nxt.  Wink

Edit: Hardcoded well-known nodes lead to centralization. This is just another one of the cases where Nxt is more decentralizing than Bitcoin.

Interesting TY

I don't really see how calling a bug a feature makes it a feature. In what way does transparent forging counteract malicious miners? And why does having multiple consensus chains lead to performance optimizations? (That seems quite counter-intuitive.) How is consensus eventually achieved?

Oh, troll much, such cute.

You completely evaded the question and promoted what should be a critical failure (allowing double spends and providing no real means of consensus) as some feature of the currency. I'd say you're the one trolling.

Ask again without trolling and u'll get an answer.

In what way does transparent forging counteract malicious miners? And why does having multiple consensus chains lead to performance optimizations? How is consensus eventually achieved?

Miner(s) of the next block is always known. A malicious miner can't skip his turn to mine a block, coz nodes will simply ask the next miner in the queue.
Every chain is used for a specific case. If a node is not interested in working with chain that used for Messaging then it can spend more resources for another chain, for example, Payments.
Consensus is achieved by using Master chain as a point of synchronization. Consensus on Master chain is achieved by the same mechanism as used in Bitcoin. Parallel Chains concept has 2 variants, both r not nailed though.

By malicious miners, I was referring to the article's description of them: ones who are intentionally working on a separate chain. They could presumably work on both and receive no penalty at all. Knowing the order doesn't fix this.


This is not what the article was referring to. With PoW mining, there is an opportunity cost to mining a different chain: you can't mine the real one at the same time. With PoS, you can. This is a serious issue and doesn't have anything to do with separate chains for messaging or payment, it has to do with forking the "master" chain.


This is a baffling statement--I thought Nxt used a completely different mechanism.

Bagholder.

/thread.

He would have only 15 sec to release his "secret" chain. 16 sec later and it's too late to do an attack.



See above.



U were wrong. Nxt uses the same mechanism. Just replace PoW with PoS, each coin is a small mining rig.

This can never be true because a previously unconnected or not-well-connected node will not have the "correct" notion of order and time--it must rely on other nodes. There is no guarantee that those nodes will be honest, and it would only take one dishonest node to present a conflicting viewpoint for which the unconnected node has no way of determining the correct chain.

This is solved by hallmarking.

It isn't solved, it is an extension of the same problem. It is already a given that whoever performs such an attack will have plenty of nxt, hallmarking adds only a little effort and no risk, and does not achieve a common consensus in the case of a public (as opposed to secret) attack. And as far as I can tell, hallmarking significantly reduces privacy for no benefit to honest users.

Sorry, but I disagree. Could u explain step by step how would u do such the attack having 100 million coins (10% of the stake)?

I think I understand lx's concern. It is related to the following description of transparent mining:


Whether the adversary works on only the secret branch and gets penalized or works on both branches without being penalized, the two branches both have 100% "hashing" power. So, without the advanced consensus mechanisms, the two branches will have the same length and for an account being offline during the procedure, it cannot recognize the legit branch from the one generated secretly. This issue is supposed to be resolved by the advanced consensus mechanisms,

Regarding the advanced consensus mechanisms, we know that, when one account is left on a fork alone, it will generating all the blocks, but after some blocks, it stops. Only after some other accounts join in, can it continue to generate blocks. I believe this is caused by the advanced consensus mechanisms. It is obvious that the adversary cannot attack Nxt by working on a secret branch using only a few accounts. But that's all what I know about it. How will the advanced consensus mechanisms counteract if the adversary introduces enough accounts for the secret branch? Can you explain it, CfB?

Now the mechanism that was stopping forging is disabled.

Then what stops the adversary and tells the account that is offline during the procedure which branch is legit when it comes back online?

Explain ur attack step by step if u want to get a detailed explanation. Unfortunatelly, most of guys ask general questions and become upset when get general answers.

Ok, I'll try later after giving it more thought.

Well, just try to understand how an account choose the legit branch

Assume the attacker has 51%+ of the stake

Case 1: the attacker forges on both the legit and secret branch
- Consider the attacker has two computer, computer A is connected to the internet and computer B is offline.
- The attacker use his account to forge on the legit branch as usual with computer A, and at the same time he also use his account to forge on the secret branch with computer B.
- After some time, he connects the computer B to the internet and broadcast his secret branch to other accounts. he can do this with computer A online or turn computer A offline.

Case 2: the attacker skip his turn on the legit branch and forges only on the secret branch
- The attacker use only one computer.
- At first, the computer is connect to the internet, the attacker forges on the legit branch as usual.
- At some time point, he turns the computer offline, begins to forge his secret branch.
- After some time, he turns the computer online

In case 1, because the legit branch has more stake involved in the forging than the secret one, every account has no problem to tell which one is valid. right?

In case 2, though more stake is involved in the secret branch, every account that forges on the legit branch know that the attacker's account has been penalized, so they will not accept the secret branch. but for an account that was offline when all this happened, how does it know which account(s) has been penalized for forging on a secret branch when it comes back online? the secret branch can also be interpreted as the legit because all other accounts have been forging on a secret branch.

The new guy (who has no actual blockchain yet) must choose "well-known nodes" to get the blockchain from. He won't accept ur secret chain coz he will get the legit one from other nodes. U have to "isolate" him, but the same attack is applied to Bitcoin as well and can't be counteracted if the new guy has no information about what nodes r legit.

The new guy may be not necessarily brand new, he may have the part of the blockchain before the bad guy forging the secret chain.

So, if the new guy has chosen the bad guy as his "well-know nodes", he will go on with the secret chain, and the network will be forked. This is true for both PoW and PoS. right?

Right.

Got it. Thank you very much.

seems like an almost identical question to me.  come-from-beyond is just thin skinned.

I don't really think of that as "the" network being forked. A fork exists, known to a scamsite that convinced someone to download a fake nodes-list and to the person or persons who downloaded that list and ran using it. That hardly seems a case of "the" network being forked, more just a case of one or more suckers falling for a fake network. Once the real network actually hears about it, would it in fact fork, or would it tell the suckers they are wrong and correct them?

Ripple's consensus supposedly would basically tell them they are wrong, ignore them, and I guess it would be up to them whether to trust the scamsite and their fellow scammed-people or all the nodes they just heard about on the other network they just heard about, wouldn't it?

-MarkM-

Hard to answer, Transparent Forging is not implemented yet. Without TF Ix's attacks would be successful.

Yep, POS is definitely far worse than POW, and completely against the spirit of crypto.

Apart from not needing to help global warming by consuming vast amounts of electricity to secure the blockchain (since by merged mining you can in effect re-use that same electricity that is already being expended anyway), the main argument for Proof of Stake had been that Proof of Work miners invest in hardware that can attack or defend any chain that uses that type of hashing as its proof of work, thus have no "stake" in any particular coin that they could choose to mine, whereas Proof of Stake miners do need a stake in the specific chain they wish to attack or defend.

All that really amounts to though is that in order to trash a Proof of Stake coin they need some way of shorting, or betting against, the chain, that can handle a short or wager large enough to cover the losses their stake in the coin will suffer when they do trash the coin.

So in a sense Proof of Stake coins depend upon the unavailability of means of wagering or shorting whereas Proof of Work coins depend upon unavailability of more-profitable chains to mine combined with inability of committed mining operations to muster enough hashing power to defend the chain. (They need enough committed hashing power, in other words. Because uncommitted hashing power will run off to any more profitable activity instead of continuing to secure the chain.)

Maybe though it can also be argued that "shorting" - in the sense of borrowing something - can also be used against proof of work chains: you simply borrow something to buy hashing power with instead of borrowing the coin itself or betting against it. Though you could also bet against it once you are confident you have enough hash power for an effective attack against it.

WIth Proof of Stake though you can get two bangs for your bucks: in addition to any crashing or falling of the coin's value due to your attack, you also can dump your stake too if the chain is still processing transactions after the attack and exchanges are still exchanging the coin after the attack, which could suppress the exchange-rate even more if your stake was a significant amount compared to the depth-at-each-price curve at the exchanges.

-MarkM-

Are you saying that after TF is fully implemented, the new guy can tell who is the bad guy from the blockchains? How?

If anyone sees a contradicting block mined by someone then he will "report" it by including block headers into the blockchain.

Then both the branches will report the other in its blockchain. The new guy is still confused.    ???

No. The new guy will stick to the 1st blockchain he sees.

Doesn't which blockchain he sees first depend on which well-known nodes he chooses? He could choose the bad guy's node.

Exactly.

Seems it cannot be avoided. There is always a chance for the new guy to be cheated. He need to choose the trust-worth well known nodes.

Yes, the same is used in Bitcoin, isn't it? In Nxt u do it manually, in Bitcoin this is hardcoded.

I don't know much about Bitcoin though I read the whitepaper. I only used it to buy Nxt.  ;)

Edit: Hardcoded well-known nodes lead to centralization. This is just another one of the cases where Nxt is more decentralizing than Bitcoin.

You are just showing a template of nothing.
Everybody can buy it for just $18: https://wrapbootstrap.com/theme/smartadmin-responsive-webapp-WB0573SK0

___________________________

Nxt is alive and kicking! :)

http://nxtra.org/nxt-client/

Could you explain that?

That is wrong. An attacker will never need to cover losses. He can attack just because.

+1
I'd like to hear that explanation too.

I think POS will kill POW oneday

I think time is the only problem when will happen or never?