Bitcoin Forum

The reason behind this statement is two words, distributed consensus.

You see Bitcoin speakers, PhD lecturers, and even Bitcoin janitors like Gavin use phrases like this all the time, especially while trying to debunk security models of other systems like proof of stake.  The following is one such example from a Gmaxwell link by Andrew Poelstra, created only two months ago titled "Distributed Consensus from Proof of Stake is Impossible":

https://download.wpsoftware.net/bitcoin/pos.pdf

The problem with articles like this isn't the assumption that every theoretical form of proof of stake is broken, we'll just assume that statement is fact for now, the problem is that applying the same scrutiny to the current Bitcoin PoW security model gives you similar results.  You really have to go through some mental gymnastics to refer to a system controlled entirely by 1-4 pools as "distributed consensus".  

Earlier today, someone insisted to me that technically anything involving two parties counts as distributed.  In the case of Bitcoin, using textbook definitions like this obviously doesn't work, since both parties would be at best case 50% each, and attacks can occur with much less hash rate.  Defining at what point the Bitcoin network actually is distributed is a tricky thing.  For the context of computers, one very important phrase or requirement of distributed computing is the independent failure of components.  Some people might argue otherwise, but for my personal defintion, I'm going to argue that the system should still actually function with a single component failure in distributed computing.  

Back to the example above, most people would not consider two pools with 50% hashrate a valid consensus model for Bitcoin.  Let's assume, only for the sake of example, three pools with 33% each was acceptable.  Since we can't allow the network to fall to two pools, due to being an invalid security model, with three pools we are at the lowest state of functionality with no redundancy.  Even though the network technically functions in the example, we now have to add another pool, bringing the total to four, just to reach the lowest common definition of distributed computing by having a single increment of redundancy, or how I interpret the textbook definition, "independent failure of components".

Have we really even reached a textbook example of redundancy yet in the example?  The answer is an obvious no.  If all it takes is two out of four pools in the example to collude to bring us to an invalid security model, we obviously have no redundancy, or independent failure of components.  This also happens to be the current state of Bitcoin in the real world.  It's not even about Ghash bordering or exceeding 50% hash.  Even if they're vastly below that number, the possibility of the top two pools operating under coercion or collusion still means we have no redundancy, or real distributed computing.  

Even if you completely ignore the existence of Ghash, the number two and three pools operating together could even qualify as a system with no redundancy under many situations.  In other words, people really need to stop praising Bitcoin for it's security because it currently doesn't exist.

Maybe its the reason why bitcoin is 600, not above 5k. The price is defined by how much people are willing to pay, and now its no much less than 600.


Even not being decentralized, it still is better than fiat in some sense, and not controlled by states or big corporations, so still better than fiat.
And from the end user side, taxes are small and money transfer is quicker, think most people just don't care or don't take time to think about all the decentralization stuff and risks.

I guess that's why they're called speculators.  People make the assumption, or gamble, that these problems will be solved, or don't know the problems exist in the first place.  

Someone asked earlier, well, how does this help if you don't have a solution.  I actually do, but it's nothing compatible with the standard BTC protocol and makes concessions in other areas.

If you want to control things like mining pool centralization it has to be done at the protocol level and can't just rely on the honor system, that's just not going to work.  Someone who disagrees with me thinks you can enforce p2pool on the protocol level by using latency as a greed incentivizer.  I prefer actual hard locks, but whatever.

Hmm. People join up with pools primarily to reduce their variance; any old chip can theoretically find a block, but most people would rather have $1 for "sure" than a one-in-a-million chance to win a jackpot, even if the jackpot is paying a little better than the "sure" thing on the game-theoretical average. Faster blocks can reduce this pain point, but not eliminate it; unless you're fundamentally changing the proof of work mechanism, you'd need something like a thousand blocks a second to sufficiently level things out for a "citizen" miner. And faster blocks have staleness problems, too.

New ideas that solve problems with Bitcoin are why anyone bothers with altcoin projects. Seems worth discussing, at least.

Also curious what you mean by this.

Trying to work out whether more feasible to adapt to an existing chain or new one atm.



Ask Othe about that part, his idea.  He'll either be around a VTC or Bloatero dev channel.

Dear Apies, you can't solve social problems with technology.

Honestly, your posts don't make much sense to me. I notice that your profile joined this forum right about the last bubble and you first interest was in CatCoin. Did you miss the BTC train or something?

You seem to be preoccupied with matters that don't matter. Do you think anyone in the Speculation forum cares which crypto will "win" 50 years from now when the dust settles? No. We care about which coin is winning now. Most of us will be so educated and ahead of the curve if another coin challenges Bitcion or if there is a major problem that develops with Bitcoin, that it won't matter. We will always be early adopters.

Your 51% attack issues don't matter for bitcoin now and they won't be the deciding factors 50 years from now.

Oh god, not this guy again.  I posted a single economic analysis of current BTC status in the thread below, you didn't like the result, and now you're on some kind of crusade against me for not saying BTC will be worth $10 billion each before 2015:

https://bitcointalk.org/index.php?topic=698038.msg7888383#msg7888383

As for trying to portray me as some kind of "Catcoin enthusiast", that was an era when there was only one new altcoin every week or so, and generally everyone would mine the hell out of them on launch day since everything was profitable and post in their threads.

Does this comment look like I really care about Catcoin?


What about my post in the "Hamstercoin" thread.  Does this make me a "Hamstercoin enthusiast" ?


^ If that's not the golden age of scamcoins, I don't know what is

Its not about whether or not bitcoin is going to be worth $10 billion each, smh.

Its about the fact that your posts dont make a lot of sense and they seem to be better placed in the Bitcoin Discussion Thread, not the Price Speculation thread.

Since we are in the Price Speculation Thread, why don't you tell us what you think the intermediate price outlook is? Personally, I think the ATHs will fall in the next 12 months. I think institutional money will be the main catalyst - institutional money has a long history of pumps and a long history of chasing price. It may take a little more time for that train to get down the track, but once it gets rolling, I think $5kish a coin is a reasonable topping estimate. After institutional money has its say, I think fundamentals such as halving and user adoption will determine how high the price gets beyond that.

I also think the more big money gets involved, the more pressure will be applied to miners to developers to safe guard in apparent, albiet small, chance of attacks, including the over hyped 51%.

Meanwhile, other 2.0 currencies will continue to have a chance to make a case for a better crypto. This is going to take years to be settled though.

I do not think $600 has anything to do with the 51% attack. $600 has to do with lack of regulatory framework foremost.

I might comment this later on because I've been at a party so bear with me:

Andrew Poelstra has no idea how distributed consensus works, not the slightest (I am assuming the language barrier is not so large as to twist can into can't etc...)

"It can be mathematically proven that given only a synchronous network it is impossible to achieve distributed consensus in a cryptographically guaranteed way"

Really? you are trying to quote FLP85 for synchronous systems?

FLP85 states that in an asynchronous system it becomes impossible to discern a failed process from one that is merely very slow.
This is a logical conclusion anyone can reasonably follow without requiring the formal proof. (If you can take as much time to answer to me as you want  I can't by any measure say you have not definitely sent me an answer without waiting indefinitely as for any time I wait you could take that time + 1 to answer me and that is still a valid amount of time I have to wait)

I've not rigorously looked through that paper but from flying over it I can tell the author has no idea what he is talking about.

The new coins coming in everyday is clearly a major factor which prevents price rise and is costly for existing holders. All those in charge have also got big mining investments so they will not like to hear this.

Saw there were some initiatives on creating an exact chain as Bitcoin with some form of PoS. While it is impossible for it to happen now, things might change in a couple of years.

This is something I've been wondering about recently.  With all the new mining hardware that's been purchased in the last few months, and the fact that the price hasn't moved much, I can see how there may be a lot of pressure to sell to pay off the equipment.  If it really looked like the price were going to take off again, more miners might hold on to their coins.  But as it doesn't look like we're about to hit ATHs anytime soon, they may be trying to get what they can, afraid that the price may drop more.

You would do better trying to predict price by calculating cost of production, then valuating a percentage premium on top of that which takes into account network security and other benefits or services it brings.  I already went over the network security part, the rest, or "killer app" of Bitcoin, seems to either be black market, or an avoiding financial armageddon motive, zombie apocalypse currency in other words.  Bitcoin doesn't currently lend itself well to such a task with large, centralized mining pools requiring nuclear reactors.  Bitcoin really needs more of a mission statement for people to try and attempt to mold the protocol to meet that task, otherwise, you're selling swiss army knives, and nobody really buys those.

That mission statement, in my opinion, should be something along the lines of a digital asset that provides utility by being able to survive the quadrillion dollar derivatives bubble, but like I already said in this post and the one below, Bitcoin currently does not perform well as a zombie apocalypse currency.  Going long on Bitcoin is also the equivalent of going long on treasury bonds and fiat not collapsing since BTC is useless without infrastructure.

https://bitcointalk.org/index.php?topic=698038.msg7889487#msg7889487

This is why I believe proof of work mining is completely useless, but extremely necessary for distribution, and in order to fulfill some of Bitcoin's market niches as described above, it will have to make concessions and introduce something such as stake + reputation system to fix stake's inherent problems.  This will either be done by Bitcoin crashing tremendously and then big changes can be made, or by an altcoin overtaking it.  Someone will say, "can't do that, all reputation systems lead to centralization".  If you read the original post, you would see Bitcoin is already centralized with no distributed computing redundancy.  It would actually be extremely hard if not impossible to make it more centralized doing what I'm talking about.

bitcoin is over price, $4xx and $3xx are coming

I noticed the broken, east Asian English.  Wolong?  Is that you?

If the miners did not earn enough bitcoin to recoup their initial investment them the miners would have nothing to sell.

I'm confused.  Could you please explain what you mean?  Here's an example of what I'm saying: Let's say I buy $5,500 worth of mining equipment using fiat, and let's say that based on current and projected difficulty, I expect to be able to mine about 10 bitcoins before the difficulty becomes so high that I won't be able to mine profitably anymore.  As long as I can sell my mined coins for at least $550 each, I will break even (of course you'd have to consider electricity costs, too).  If the price starts rising, then I can be patient and see what happens since I know I'm still in profitable territory.  If price stays where it is or looks like it may start falling, then I may feel pressured to sell what I've mined so far so that I minimize my chances of taking a loss on my miner.

Of course, there might also be a point at which I would just hold my coins and hope for better prices.

Bitcoin is nothing more than a 'prototype' for something much bigger, much more advanced, and much more secure.

I agree with the analysis, r0ach. Mostly. changed my mind. OP has a valid point, wrapped up in a hysterical and sensationalist presentation.

De-decentralization is, in my view, the biggest (technical) challenge BTC faces at its current stage. Needless to say, just ignore the peanut gallery calling you a troll - shooting the messenger is always easier than accepting an unpleasant message.

That said, you seem to see the situation rather binary: either the network is decentralized, or it is not. I believe however that, taking into account human elements, i.e. not just looking at centralization/decentralization as a technical property of the network, we're very far from BTC being completely "centralized".

For one, the largest pools that could in principle collude in an attack have shown absolutely no sign of interest in doing so. In fact, them doing so would almost certainly be economically damaging to them. And other than a hypothetical attack, they don't hold special "voting powers" that grant them a disproportionate influence on decisions.

Second, the large pools are comprised to a large degree of individual miners, so the situation is different from, say, 2 or 3 large individual operators holding the same computing power as the currently largest pools.

Third, you mentioned it yourself, technical solutions (or proposals) exist, p2pool one of them. Right now, the incentive isn't there yet to fully switch to an alternative mining model, but I just don't see it as an urgent failure case either: if any form of abuse of a majority of computing power becomes known, the network's value will be damaged, I'm sure, but at the same time, the incentive to enforce decentralized mining will also be there finally. In the absence of such abuse, there is no urgent reason to switch (which is probably why we're not doing it). I'd prefer miners (and users, and investors) would think a bit more long term and provide more incentives to make the transition to a decentralized mining model (brought that up in a thread of my own (https://bitcointalk.org/index.php?topic=667821.0)), but until we're actually getting there, I fail to see how the current state is so bad that it prevents actual usage of the network for a pretty big portion of, say, online payment processing. It's not as if the alternatives are more secure, or less centralized. In fact, they're substantially worse on both counts - even if BTC security and centralization is not at its optimum.

You're basically saying the so called "distributed trustless system" of Bitcoin relies entirely on trusting 1-3 guys.  This is obviously not a valid security model.  What is my personal definition of when a PoW network is secure?  If it relies on pools, I would say most likely never.  Best case scenario, secure temporarily over a brief period of time.  The sheer amount of attack vectors for pools renders the entire model nonfunctional.

PoW in current form, with pool mining, is an obvious dead end.  It's excellent for distribution (i.e. before an ASIC is created), but useless for anything else.  The only solution I see to move forward out of this already failed model, is to utilize proof of stake and introduce the variable of reputation to fix most of proof of stake's current issues, such as having no finite resource in the system, the root of most of stake's problems.

If someone is going to claim I'm wrong, then I hope you have some kind of method for enforcing p2pool for PoW at the protocol level?  And can defeat share withholding attack at the same time?  I'm going to try to move forward instead with the other system I described.  The current system is a complete dead end.

I have created a TLDR version of my post:

https://i.imgur.com/MlOY7K2.jpg

Yup.  Know a couple of people that are sweating the fact that these types of changes are even being discussed at any level.  Pretty funny the parallels between massive mining operations and the central banks they where meant to conquer.

You are greatly exaggerating the problems of PoW.

In a blockchain type of probabilistic distributed consensus you can do the following attack:

1) erase transactions by creating a longer chain that does not include them.

All issues derive from this such as double spending or preventing any transactions at all.

The number blocks on top of a particular block give you some form of confidence on the stability of that block.
With a 51% attack you can deterministically change the blockchain (make a new chain that is longer) while attacks < 50% only have a certain probability of being successful.

PoS depends greatly on how random the minting process is (PoW has an element of randomness to it and this is crucial) or else you have a problem.
If I can split my stakes in a way that guarantees me to be chosen for block minting for x blocks in a row I can attempt attacks.
Of course I need 51% of the stakes to deterministically change the chain.

The mixed mining/staking approach by peercoin is actually a good compromise in this regards. The mining introduces randomness for choosing the next minting candidate.

I'm also unsure what you mean by adding reputation to PoS? So if someone tries to double spend you penalize them? that would be a huge problem because these coins would be worth less.
What happens when you move penalized coins to untainted ones etc?

Well most of my non geeky friends have lost interest in Bitcoin beyond being something that would deliver more fiat money to use for mall shopping and going traveling, they just want a nice extra on their shitty situation (mine is shitty too) if it doesnt improve their life quality they get bored with it.

A lot of people may be starting to give up on bitcoin now that it's lost some of its novelty.  Price stability may cause problems, too, as a lot of people are looking for the next bubble.  If it doesn't happen soon, more people may stop caring.

Why would people who are mining now care about this?  Most of their equipment will be obsolete in a few months anyway.  If it looks like bitcoin is seriously starting to move in that direction, then just get out of the mining business.

Way to butcher my argument...

Carry on without me then.

Stake models are not required for coin weight to equal network control.  A finite variable is needed in the system for it to function, but it doesn't have to be coin age, coin weight, or any of the variables that have already been attempted.  Models already exist like this, such as BitsharesX, that use other variables (reputation), although I consider their system completely broken for numerous reasons, a few listed below.  

The current Bitcoin model is already an obvious failure while people walk around in a delusional state pretending it isn't.  It's advertised as requiring "no trusted 3rd parties", yet the entire thing relies on them in the form of a small number of mining pools for block verification.  Since Bitcoin never solved the "no trusted 3rd parties" dilemma, it's time to admit that and come up with a solution, most likely assign a performance metric to regulate those parties (i.e. PoS with reputation variable).

Unless every single iota of Bitcoin dev manpower is redirected towards the solitary goal of getting rid of mining pools, they're operating under the textbook definition of insanity.

I think you totally misunderstood the post. His point, I think, is that Bitcoin's price is not "too high" but is actually very low due to the problems you identify.

Perhaps if it hadn't failed on distributed mining, the price by now would be $5000 with a market cap of $60 billion. That is still a tiny number compared to what one expects for a widely adopted currency, so lack of full global adoption (yet) is hardly incompatible with a $5000 price.

It may be that people (meaning people at large, not just bitcoin developers or supporters) in fact aren't ignoring the problems you point out, but actually see them as a reason to be skeptical about it, therefore greatly depressing the price.

If you assume a future price of $100K for hypothetical global adoption, the current price implies a probability of 0.6% of success. You may well agree with the market on this.

I don't want to be rude here but it appears to me that you have very little knowledge and understanding of how probabilistic distributed consensus through the blockchain works.

"Stake models are not required for coin weight to equal network control"

What are you trying to say here? Coin weight in a Proof of Stake type model only deterministically gives you control if you own more than 50% of the coins.
From an economic perspective yes, if you own a lot of something you might be able to assert more control over it. But please enlighten me where coin weight equals network control in a model
where those coins do not directly influence the creation of new blocks or somehow restrict transactions.

"A finite variable is needed in the system for it to function, but it doesn't have to be coin age, coin weight, or any of the variables that have already been attempted."

Yes a finite resource is desirable for a blockchain type method of consensus. In the original whitepaper satoshi points out why using network addresses is not a great idea and that using processing power
as a finite resource makes sense. If you do not require this finite resource the entire mechanism boils down to who is the quickest at producing the most blocks and disseminating them (actually such a system would still be valid but for obvious reasons it makes little sense to want it).

"The current Bitcoin model is already an obvious failure while people walk around in a delusional state pretending it isn't"

No it isn't. I do not understand why you think that the network needs maximum distribution of mining/minting to be secure.
Block height on top of the one with your transaction is a measure of confidence. Unless the attacker disrupts the entire process of transactions as long as your transaction is sufficiently low down in the chain it becomes extremely impracticable to be removed. Double spending is an issue that will always exist if you have randomness with the block creation method. That is why you should wait for a few blocks if you want stronger confidence in a transaction. It becomes extremely improbable that low down blocks in the chain will change.

Neverheless with a blochchain there is no 100% guarantee that a block does not change. The probability just converges to 1 that it won't. (I'm intentionally discarding checkpointing here as for this consensus is reached through a majority using the same software)

I don't have time to reply to all this right now, but it's pretty common knowledge that you only need 51% of coins currently staking to control the network and not 51% of total coins.  Using coin age as a finite resource in this system just makes it easier to attack, which is why NXT never used it, and why Blackcoin is removing it.  Reputation makes a much better finite resource than coin age and makes it so large holders can't perform effortless attacks, just like how PoW works.

For simplicities sake it makes sense to assume most people have an interest to stake their coins or participate with their resources but yes, you are right that you only need > 50% of coins staked to deterministically form the longest chain.
It makes no real difference because whatever model you choose always reduces down to how likely it is for a single active entity to produce > 50% of the blocks.

There is very little real incentive to perform a > 50% attack because you'd shake confidence, no matter what method is used for block creation.
I think the issue is greatly exaggerated because then it is much easier to promote an altcoin with a new mining/minting scheme.

To me the real problem lies in ensuring privacy. And I do not mean through a new altcoin but rather implementing stronger privacy in bitcoin itself.




 

People keep using the phrase 51% attack to try and downplay the issue, like it's just some theoretical thing that won't happen because self motivated greed will prevent it, aka the rational miner factor.  Since when are rational miners considered even the top 10 security risks?  Did you also forget Bitcoin is advertised as having "no trusted third parties"?  Those pools that you can count with less than 5 fingers are your trusted third parties, which is why the system as is, has failed completely.

Giant pools are also way too large of an attack surface to be nationalized by governments, regulated to oblivion, demolished with TNT by order of environmental protection agency, etc.  There's a billion things that can and will go wrong with them.  Most likely Bitcoin will fail if it follows it's current path since it's not even close to what it's described as on the box.  If it doesn't fail, the best case scenario you will get out of the mining pool centralization is "governmentcoin".

Unless all current Bitcoin development is redirected towards getting rid of the mining pools, there's really no reason to support it.

There is some higher level thinking at work here though.  Most people are unable to put 1+1 together and figure out that if a global, anonymous currency was to become huge, it would most likely mean the end of central governments.  Even if you're some kind of super anarchist, is that something you really want to see during your lifetime?  The odds of being murdered by Obama zombies for a nickel is probably pretty high.  The same central governments probably have contingency plans to to prevent this from happening, either by never allowing the centralized pools to be removed from the protocol, or just waiting and nationalizing them.

Here is what happens when you have a real attack:
1) The attacker can attempt a double spend
2) The attacker withholds a transaction to cause economic harm

Double spending is something that is quite time critical for the attacker. The further down a block is in the chain the more unlikely it becomes that the attacker can successfully replace the above chain with a new one.
Large double spends will be noticed and as an effect people will lose trust and move to something else. So realistically the attacker would try to pull off a one shot double spend for a very large amount of coins.
I do not know what policies are in place for big exchanges but you would expect them to wait quite a few blocks for very large sums.
The attacker would have to put in immense financial efforts to reach the >50% hash power and would probably gain little from the attack.
It only really makes sense if you are out to destroy bitcoin as a whole.

Equal argumentations can be made for Transaction withholding.

"Those pools that you can count with less than 5 fingers are your trusted third parties, which is why the system as is, has failed completely"

Those pools can't sign transactions for your coins. They can't double spend your transactions unless you WANT them to by broadcasting two different transactions for the same input.
If you send me coins I can require you to wait 1000 blocks before I send you goods or no blocks. This gives me the freedom to choose.
I can happily trust that in the current system it is very very very unlikely that a new chain with 1000 blocks will appear out of thin air to double spend that transaction.

Incomplete list, and you are ignoring some very important implications.

For example, withholding transactions isn't just a question of economic harm, it can also be used to whitelist/blacklist.

Better analysis here: http://hackingdistributed.com/2014/06/16/how-a-mining-monopoly-can-attack-bitcoin/

Please don't give me some primitive list off an FAQ.

I'm not talking about some one time double spend, I'm talking about how the pools are so large of an attack vector, that it's trivial for governments to take over or impose their will on the network.  Also how it's supposed to be a decentralized network without trusted 3rd parties, yet the tiny amount of mining pools are the trusted third parties.  The protocol never actually succeeded in it's stated goals, and is currently just a giant fugazi.

Do you remember the initial Bitcoin premise and intro to the world?  When Satoshi types he claims to have figured out a way to create decentralized consensus without trusted third parties?  Everyone gives him credit like he actually succeeded.  

He never did succeed.

If governments cracked down on one or more pools, the pool participants would simply repoint their hardware to another pool or p2pool. Not a big deal.

How would you know that they've been subverted by a government?  What about the event where large pools that control their own hashpower are subverted and there aren't any "pool participants" to speak of?

How would they know? And aside from that, a lot of the hash rate is internal (big farms). Supposedly ghash moved some of their own hash rate off their pool to alleviate concerns over their market share. If external miners leave they just put it back (or expand).

The OP is right. There is really very little decentralized going on here. If decentralization is the goal, it is rotten to the core.

Either the pool is processing transactions/blocks normally or it isn't. As soon as the pool owner or participants notice something wonky, they can split and go somewhere else. Even the largest pool owners like ghash.io AFAIK only own roughly 25% of the pool hashrate themselves. At least that's the estimate I've seen of what chunk of ghash.io is CEX. And even that AFAIK is split up geographically in different jurisdictions and datacenters. Probably the largest chunk of hashpower you might be able to find in one pool+jurisdiction is under 10% of the total bitcoin hashrate.

No that list is complete. Even your link just points out different nuances of using these two actions.
It is complete because these are the only valid actions that the protocol allows a miner to take. (we will disregard a >50% attack on running the protocol code because that effectively just forks bitcoin)



Again you post arguments based on your premises but not on hard facts.
It is trivial to see if the network behaves. All you need to do is have enough participants log broadcast transactions and from this you can derive if those transactions were put through.

Bitcoin has probabilistic consensus on the blockchain. Do you even know what this means? It means that the probability of a block not changing converges towards 1.
So unless you use checkpointing (which is basically consensus enforced through the protocol) you never have a 100% certainty that your transaction is stable.
That does not matter however as a very large probability is good enough for most use cases.

You do not have to trust third parties because you can observe their behaviour and decide for yourself if a transaction has reached a level of trust you desire.


Statments like saying bitcoin is just a "giant fugazi" just strengthens my assumption on your motives.
It is not so much about the security of bitcoin but more about you wanting another coin you deem more secure to succeed.

I think it is great that altcoins are exploring new routes and methods which can flow back into all other cryptos if they are valid and useful.
But lets face it. Altcoins need to inflate issues with bitcoin to give people an incentive to switch to them.

"Oh look, bitcoin is so horribly broken but coin xyz fixes all that and has free candy on top! who would not want free candy right*?"


* Disclaimer, I have large holdings in xyz coin.

False.

Add, at least:

3. The attacker can refuse to mine on top of certain blocks

(Which prevents such blocks from ever being accepted into the longest chain.) The protocol allows that as well. I'm still not quite sure if this is a complete list.

But your 2. would only be correct if you did not include the phrase "to cause economic harm." The protocol is agnostic about why something is being done.

You are right it would probably make sense to differentiate between the rewards of a miner and a regular transaction.

What is a block? Effectively it is a set of transactions including the one where the miner pays himself. The block is linked to previous blocks and has a PoW (in the case of bitcoin)
Double spends can only happen if you "erase" a block by presenting a longer chain in which it is not present.
In a sense robbing a different miner of their rewards by intentionally making a new chain is very similar to a double spend.

[edit] I'm unsure if the selfish mining approach is as viable as it is claimed to be
You would obviously find a pattern if a pool consistently tries to maliciously remove blocks.
Of course it can't be prevented but at the same time you have a similar effect to that of double spending.
Everyone will know you are behaving badly and will shun you. Furthermore you are negatively affecting your profits (loss in confidence of the system).

Your premises seem to rely on the assumption that Bitcoin will live forever, and that any disruption to the block chain is only temporary and greedy miners will sort things out from there.  My premise is that the centralization of mining pools will be an ongoing issue that provides so large of an attack vector, that it's inevitable central governments will impose their will over how the protocol functions, either getting rid of it outright, or turning it into governmentcoin.

For example, let's say all western governments suddenly said, "sorry, you can't mine anymore because you could be processing financial transactions for terrorists".  Various third world Asian governments would probably follow suit as well.  Mining would suddenly be a crime in most places.  You might end up with only small amounts of hash rate in obscure places like Bulgaria.  There would be no real security for the network since overpowering it's hash rate would be trivial.  Price would go down to nothing, market cap would be nothing, nobody would use it.

You seem to ignore the obvious fact that if governments have any opportunity whatsoever to regulate, manipulate, or screw something up, they will.  The giant mining pools have to go or Bitcoin has no future.  As for your claim of me "shilling" for a specific altcoin, my point has nothing to do with altcoins.  My point is that you either have to remove the giant pool mining from PoW, or use PoS and utilize reputation as a finite resource to fix most of proof of stake's current issues.

The problem is that you want a solution to a formally impossible problem.
In the type of system we have you need at least a majority to reach consensus and you can't circumvent this.

What you are proposing when you say there will be government intervention etc. is that there is an external entity that enforces rules.
For absolutely any protocol the government can come in and pull out the "its illegal" card.

Actually here is something for you to think about:
All it takes to break any of these models (PoS,PoW whatever you want) is to control the exchange of information.
If I can assert control over the underlying network used to exchange information (i.e the internet) I can isolate groups and participants so they cannot post new blocks to participate.
Because these systems are decentralized they have to be able to deal with failures of participants.
Satoshi was clever to assume that messages are disseminated quickly enough because it simplifies the problem.
It is in part a dangerous assumption but given the long block intervals he chose reasonable enough to withstand most issues.

Say you use a PoS model with reputation or whatever. For the network to function it has to be able to generate blocks with fluctuating amounts of participants.
How do you want to enforce distribution of the active resources used in creating blocks is fair (no one has a majority)? You can't unless you block during times where this is not the case.

The issue of some entity being able to control >50% of the active resources required to generate new blocks will always be there.
It is impossible to remove because it is impossible to reach consensus in the proposed model without a majority.
Probabilistic consensus allows smaller disruptions to be rectified later on because eventually the majority overrules any decisions taken contrary to the majority.
If you do not allow this the system has to block as soon as a majority cannot be reached.


[edit]

Reading through my own text it is a bit unclear what I want to say.

In a blockchain type of consensus sytem:

1) you cannot guarantee that a single entity won't somehow obtain more than 50% of the active resources used to create blocks, whatever they are.
You can try to encourage stronger distribution but there is no way to enforce it at all times.
2) Indecision will always exist in a probabilistic consensus model. You cannot fully prevent double spending because no block is 100% agreed on.

Technically, you can with ease in the short term by boot strapping a DPOS system with 101 pseudo-random, pre-selected candidates from various countries, then treating their role as a supreme court judge type position where it's difficult to remove them.  The challenge in that scenario is selecting what method for allowing their replacement:  voting with money from coin holders (plutocracy), other delegates (democracy), or thousands of other combinations of variables.

The method BitsharesX used for their system was executed extremely poorly, and I've already come out against their system, so don't even think I'm shilling for that.  Some people will say 101 delegates isn't decentralized, but when only 1-4 mining pools really matter in Bitcoin, it beats the hell out of that decentralization, or lack thereof.

There are many other technicalities to hammer out as well, such as should delegates be allowed to run anonymously, or force it so the original 101 delegate names are handed down over time for people to better keep track of.  Then you have things like TOR/I2P integration and timing attacks and all that.

Yeah, it's true. It is simply too easy for regular people to get scammed by someone. There need to be simpler solutions for people to securely sign their transactions. This needs to be solved before Bitcoin can enter the mass market. I'm curious to see, though how all the wallets in Apple's restricted ecosystem are doing, and whether such a restrictive marketplace suffices in protecting peoples' bitcoins!

Look, that is just externalizing the problem.
I'm all with you on better types and methods of democracy and I feel that the current political system is rotten to the core.
I would also warmly welcome any incentives that foster stronger decentralization of bitcoin mining.

Nevertheless I stand by my argument that from a technical standpoint PoW and even the current hashrate distribution is not as problematic for bitcoin as suggested.

Like you hinted governments can and probably will try to manipulate cryptocurrencies until they are a shadowy joke of what they were and are intended to be.
But it will happen in the public space and not through a brute force attack on hashing power.
Through lobbying, through enforcing stupid regulations and maybe even through making the software illegal or otherwise manipulating it.

The system I described earlier limits the government's ability to become involved in such a role by removing their obvious entryway into the system, the small number of centralized mining pools.  If you think you can fix that giant, central authority attack vector while still using PoW, then by all means, go for it, but I don't think you can personally.  A system based on DPOS is the only way forward that I see currently.

How do I know DPOS is the future?  Because even the government itself could easily use it.  They could do something like make each member of the UN a DPOS delegate, and suddenly you have a distributed world currency.

You can either wait for this to happen, or create a private, non-government run model before they do.