|
Any distributed p2p, digital currency which relies on trust to make it work is nothing more than a horrible mistake a best, and at worst it's a scam.
As soon as you make that trust sacrifice, you might as well throw it all in the bin and use VISA, which has none of the drawbacks associated with crypto, and is already accepted everywhere.
|
|
|
|
No, that estimation includes the threats by long range attacks (like the attack you described - the typical "old keys attack"), bribe attacks, short-range attacks and other known N@S-related scenarios. No one of these attacks is free, most of them are highly impractical (try to find people that sell you 50% of the staking amount in some moment of time) and, thus, expensive
Not sure I'd completely agree with that. More like between 0% and 3% would be a more accurate estimate. |
|
|
|
However, I believe a PoS attack to be in the same order of magnitude (~3-5% of market cap).
...ignoring the threat outlined in the OP of the thread? |
|
|
|
Sybil attacks can place a fake chain with a lower PoW difficulty rating until a node sees the other chain with the higher difficulty and reorgs.
That is an objective decision. You have to buy or steal the PoS coins to stake them?
Their is a cost involved.
Buying empty private keys will be very, very cheap compared to renting hash power. Also your pretense at how easy it would be is over exaggerated. Feel free to 51% attack zeitcoin to prove how easy it is for you.  (According to you it is a zero cost attack so nothing is stopping you.)I have no motivation, nor desire to attack your shitcoin, I have better things to do with my time. What I am saying is if their is a sybil attack involved and your node is being blocked from seeing the true chain,
you can use a block explorer to verify the true chain for PoS or PoW.
That is not only subjective, but is also human intervention. Double systematic failure. |
|
|
|
True chain can be determined by comparing block height with the block explorer for PoS or PoW.
As a Sybil attack can fake a chain on either PoS or PoW and only comparing to a Block Explorer can verify the true chain for a syncing node.
Have you listened to a single thing anyone had said in this thread? Producing blocks under PoS has zero cost, therefore any desired chain height can be reached by the fake chain, making it impossible to objectively differentiate between fake and canon chains. |
|
|
|
It's a difficult attack to be sure because owning that much stake in a network is unlikely - but it is absolutely not impossible because many PoS systems especially have very lopsided distributions. Losing the ability for new nodes to know what is the "one, true chain" without needing outside information is a problem. How big of a problem is a matter for debate, but it can't just be brushed off as so unlikely as to be impossible.
...and, indeed in the scope of the topic of this thread, it becomes much more problematic than just a contemporary majority stake holder turning bad, even recently emptied private keys can be used to carry off this attack as long as there is no objective way for the network to determine the true chain. |
|
|
|
 In Figure 6, user A attempts to publish alternate blocks A2† and A3†. Since user B3 has already wit-nessed blocks A2, A2† would be rejected by all participants. Furthermore, A can be flagged as a malicious or compromised user for presenting two different solutions for A1 I fail to see how this can work; the concept of 'already' is totally subjective due to latency. It is just as likely that the situation presented in that figure will shortly be resolved in favour of A2 and A3 as other users see that branch 'first' before B3. You need an objective way to sort this out. |
|
|
|
What I am telling you is , you are wrong.
If you modify the wallet client to place false time date in the blocks , all you are doing is making a hard fork that the other nodes will ignore.
That's called 'weak subjectivity'. You really need to do some more research. |
|
|
|
Cost is not the issue, Each Block has a defined target of say 1 minute between blocks.
Your chain is 3 months behind, and still has a target time of 1 minute, your block height will always be ~ the same 3 months behind and as such never a threat to causing a reorg, because a reorg can only happen if your block height # exceeds the main chain.
So how do you make up the 3 months time difference?
FYI:
Any change to the code to modify the time target between blocks could allow faster blocks, would lower the target difficulty making it a weaker chain and also break consensus with the other nodes, therefore making sure it would never be accepted over the main chain.
FYI2:
The phrase (block production has zero cost) , is incorrect.
There actually is a cost , it is time.
Your block has to wait the coded time before block generation can occur, and those coins go dormant for a coded period, another time factor.
The Time between blocks is hard coded which affects the difficulty # in proof of stake coins, thus defining the strength or weakness of a chain.
I really hope you're not the developer of that coin in your sig, because you seem to have some fundamental misconceptions about consensus design. 1) I have already said this above, but I'm going to restate it in plain terms: any concept of time elapsed in a trustless system is utterly unverifiable without an objective measure such as PoW, which is an unforgable proxy for elapsed time 2) In PoS block production has zero cost, see 1) |
|
|
|
My question is this:
Let's say their are no checkpoints , rolling or coded.
Someone buy the old private keys or at some point just actually owned over 51% of a coin total.
Say they try your attempt , but it was 3 months earlier when they owned coins.
The Blockchain has 3 months of confirmations ahead of them at a rated say 1 minute interval.
How do they ever catch up , with the block height of the main chain, won't they always be ~3 months behind?
* Now if you say it is possible to trick the time setting and somehow condense those 3 months into a day, please provide details or proof on how that is done.*
Because block production has zero cost, and there is no way to objectively verify any given block as being created at time T. |
|
|
|
This would be a perpetual subsidy - not one that runs out ?
Is there no competition to mine the most max POW transactions, and accrue the most mining subsidy ? A professional miner as you say in your paper.
The subsidy is perpetual, yes. There is no competition to mine a particular block; all miners can mine their own max difficulty blocks - they just have to be careful not to do so outside the path of most cumulative difficulty. Doing it like this maximises PoW efficiency, since no PoW is 'wasted' in orphans, it all adds to the security of the DAG. |
|
|
|
 .. there you go!.. The Mining Subsidy.. It's not clear to me quite how that works.. What Stops people fighting over it - or do they just compete as normal ? Everyone on the path of greatest cumulative difficulty gets a mining reward proportional to their chosen difficulty. The big departure from bitcoin is there is no competition to mine the best block, since only the sender of the single transaction within the block can 'mine' it. How long does it take for a branch to become heavy enough to be considered final ? How do you remove the need for the coordinator that IOTA uses ?
Are you knocking this up and launching ? ..
How long in real time is hard to quantify, but its very easy to quantify finality - it's simply when enough PoW gets built on top of the transaction in question to make any attack B/E, where 'enough' is equal to the sum of all the block rewards above the transaction. This doesn't need coordinators because it has a mining incentive. I'm not planing on taking this any further as a cryptocurrency - simply because it doesn't support lite nodes. No DAG design can support lite nodes without extra centralisation. As @anunymint noted previous, satoshi didn't make any mistakes - blocks are essential for adoption. |
|
|
|
Why wouldn't the "community" be resistant to this as this poses a threat to the security of the network.
Maybe the 'community' is all miners? |
|
|
|
It's simpler just to interchange USD for stableUSD directly on a one-page website, without using any tech inbetween (coloured coins, whatever). The Federal Reserve accepting 1 stableUSD for 1 USD is the most guaranteed peg possible
You can BUY stableUSD that way, yes, but you can't sell it back to them like that, you have to do a cryptocurrency transfer to their wallet address. |
|
|
|
Right, it's the same model as Tether, but with either the issuing central bank or Wells Fargo etc doing the 1:1 redemption
Then my question still stands: why invent your own cryptocurrency in order to do that? Its much easier to use a coloured coin. |
|
|
|
Either the coins are in the ACH legacy banking network, or they're in p2p stablecoin network. Neither permit double spends. It's simple.
When coins are in the banking network, they get burnt to nothing, so they don't exist. When they're out in the open, they have to be inside a cryptocurrency to prevent double spends. |
|
|
|
That's not a cryptocurrency you're talking about, its a wire transfer. As you know, cryptocurrencies exist because of the double spend problem - so why go to all the effort of solving it again in your own crypto when you can just piggyback on the most trusted crypto in the world?
No the idea would be to use a p2p network protocol to allow permissionless transfer of the stablecoin, but use direct convertibility with the issuer to maintain the peg. I'm sorry, I don't follow what you're saying. Why doesn't this allow double spending the stablecoin (or double convertibility to use your terminology)? |
|
|
|
Central banks would be unlikely to take that approach, but in principle there's no technical reason why not. The only reason I have for saying central bank cryptocurrency would solve the stablecoin issue is the simplicity, why use omni layer when they could just redeem TCP/IP routed USD 1:1 directly at federalreserve.com, or through whatever regular commercial bank?
That's not a cryptocurrency you're talking about, its a wire transfer. As you know, cryptocurrencies exist because of the double spend problem - so why go to all the effort of solving it again in your own crypto when you can just piggyback on the most trusted crypto in the world? |
|
|
|
|
Show Posts
