There's a variety of choices in terms of solving "nothing at stake". Bitshare's DPoS system being one of them.
If Bitshares are going to give a fair % (> 50%) for all holders of BTC from a given snapshot then I'd support it but I somehow doubt they are going to do that.
|
|
|
Now with Peercoin, if you want 51%, you have to buy them, you can't just "collude", since no one will listen you. Now if Peercoin's marketcap is same as Bitcoin, tell me which way is easier?
And how exactly do you *know* that their initial distribution wasn't concentrated such that *one owner* (under various aliases) actually already has > 50% of the stake?
|
|
|
That does not make any sense to me either. Why current bitcoin holders will get any advantage in PoS distribution ? Moreover, a lot of non-tech people keep coins in exchange/wallet for which they dont hold the pvt key. PoS, in any form, is nothing but a pure BS.
As you see the "initial distribution problem" is not something trivially solved (it is the Achilles heel of PoS IMO).
|
|
|
Glad to see that your eyes are open. ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif) So far only Peter R's idea for initial distribution based upon a *snapshot* of the Bitcoin blockchain makes sense to me (no IPO coin will ever be more than a scam in my eyes).
|
|
|
I'm not sure where this PoS "collude" concern come from. Who would collude to destroy their own wealth? I hold some peercoin, if you tell me to collude with you to attack Peercoin, I would tell you to gfys. Do you think it's easy to collude with 10,000 peercoin holders? or is it easier for discus fish and ghash.io to collude? I think the answer is obvious.
You seem to have missed the IPO idea of creating a PoS with say 21 BTC and a bunch of anonymous bitcointalk accounts (do I need to name the coin?). It is perfectly easy to collude to gain 100% of the initial distribution if the cost is so low (but maybe very expensive for anyone else to *take that away from you* once the coin *gains value* via an exchange especially if the "initial stakeholders refuse to sell").
|
|
|
Usually only about 10-20% of the coin actively engage in mining PoS.
That in itself is "worrisome" as presumably it means that forks could appear more often. The other problem with PoS is that those not mining could be in fact colluding to present a new better chain (the cost of doing so being very little as the "Nothing At Stake" point made). Again it comes down to "distribution" with PoS that basically *cannot be anonymous* in order to be trusted.
|
|
|
Yes. Anyone can own part of a miner.
And make money from that? Anyway - a "share in an ASIC" farm is *not real ownership* as far as "control of what it does".
|
|
|
There is a fundamental difference between PoS and PoW. PoS is aristocratic in nature. PoW is proletariat. It comes down to which side of humanity you choose to identify.
This seems poorly thought out - proles can't afford "high end ASIC" can they?
|
|
|
The real problem with PoS is the "initial distribution" (although Peter R's idea of using a snapshot of the Bitcoin blockchain is perhaps one possible solution to that issue).
We have already seen coins where > 50% are owned by "anonymous people" whose accounts were created around the same time as the coin was launched (so quite possibly sock puppets of the coin creator) and the cost of owning the "initial distribution" can be *very low* (say as little as 21 BTC).
Whilst that might not be an issue immediately it certainly could become an issue at a later stage if said "coin creator" decided to "do the dirty" in order to gain funds.
|
|
|
Maybe this should be called "Proof of Spam". ![Grin](https://bitcointalk.org/Smileys/default/grin.gif)
|
|
|
In a PoS currency how do you guarantee that a 51+% stake holder remains a benign actor?
This is very hard and in fact the biggest issue with the approach (how do you know that a group of "large stake holders" haven't decided to collude?). I think PoW is not going to die any time soon and that PoS approaches can be used to create "other chains" which will probably be "less secure" (but much more energy efficient).
|
|
|
As I have stated the CA system is *flawed* because of *trust* (just search for "ca certificates hacked") to get a start (do I really need to post the links?).
The Finney attack is nothing new and so I don't see why it is relevant especially as you have shown no way to avoid it (apart from relying upon the CA system which is flawed).
|
|
|
Bitcoin Core already includes X.509 infrastructure for remote procedure calls, therefore that technology has been vetted by them and run in production.
Bitcoin does not use X.509 for anything important (it was added for merchants and has nothing to do with the core operations). Regarding double spending, I use a single nomadic mint agent that timestamps each accepted transaction and broadcasts it back into the network for archival and verification. That is a so-called single-writer to the canonical blockchain, which prevents double spending. Right?
Your statement about "sometimes allowing double-spends" is *completely false* - please show me 1 example of a *double spend* in the Bitcoin blockchain to back up your claim (and yes I know *you can't because there is no such thing*).
|
|
|
Again - you trust the CA system which has been *proven* to be flawed.
We just have to somehow *trust you*?
Let's see your papers and how they are reviewed before you ask for any funds please.
BTW - this:
- Does not permit double-spending, whereas Satoshi's Bitcoin sometimes does.
is *wrong* (if you want to be taken seriously then I'd suggest that you remove it).
|
|
|
You just made absolutely no sense whatsoever please read the topic and answer using your mind.
Maybe I was answering in a "technical way" so it didn't make any sense. The reply about 10 minutes indicated *one confirmation* but *one confirmation can take a lot longer than 10 minutes* was what I was getting at. EDIT: Basically if you are using a service like BitPay (which all the big companies being mentioned do) then it is really BitPay that makes that decision for you (not the other way around).
|
|
|
Sometimes 1 confirmation can take an hour (not often but it does happen).
So unless you are dealing with 0 confirmations then you should probably keep this in mind.
|
|
|
Nice article and a very important contributor to Bitcoin (especially because he was the first person with the necessary crypto skills to actually review and help improve the code).
|
|
|
Not to quibble, but in my two decades of enterprise billing and payment system experience, I found that reasonable data security practices prevented loss of customer funds. I believe a public trial of cooperative Bitcoin will demonstrate its resistance to hacking - or not.
Sure - you are asking for *trust* so I am just making sure that people are aware of that (if they want to trust your system then that is up to them). I could mention about my own years of experience (in financial and other fields) but I think it is irrelevant to the discussion.
|
|
|
I suppose then that the root certificate private key should be destroyed immediately after creating a sufficient number of intermediate certificates. The system treats the root certificate as it treats the blockchain. Each is widely replicated and tamper-evident by way of comparing the local copy with what all the other peers have. This notion is resistant to byzantine faults up to 50% invalid peers.
It won't help - the corruption (or cheating) is not possible to stop with any system (that is why Bitcoin is what it is). Basically you'd need another Bitcoin blockchain to stop any fault with your CA system which means you are back at square one.
|
|
|
Ok. In this system each full node has a copy of the root certificate. The distributed certificate servers use an intermediate X.509 certificate. Validation by TLS/SSL endpoints at the full nodes perform validation of the chain from root --> intermediate --> end-user, which is a software agent role.
Suppose the root key is lost somehow. The chain validation still works. The software does not check for certificate revocation. Bad nodes are simply banned.
The issue is not "lost somehow" but "stolen/leaked somehow" - so the system can be "played" if those at the "top" decide to be corrupt (or are cheated).
|
|
|
|