Yep..

As I see it you would run the POS chain first, on top. Just like a normal POS chain.

And then the POW chain would be playing catchup, time-stamping the POS chain blocks.

You both(POW & POS miner) get 'paid' once the block has been POW-Stamped.

I haven't thought it through enough to get an algorithm, but something like a 10 sec POS chain (sprinkle of GHOST), with the POW chain maybe operating 1 minute behind..

So, as you say, there would be 1 minute where the miners could 'play' around, for free.

I'm sure there would many advantages to such a system, but there is certainly a large amount of complexity being added..

Well..

POS has various attacks that are performed because of the NaS (Nothing At Stake) issue. Yes I am fully aware of the current pseudo-fixes and that's fine. But with this, no fix is required at all.

Just as POW has some issues with mining centralisation.

With this :

1) POS Long Range Attacks. The POW time-stamping would remove the 'Weak Subjectivity' that POS suffers from. So no need to ask a friend for a checkpoint / hash when you log in for the first time. It's there just like with bitcoin, as the chain with the most POW work put into it wins.

2) POS Short range attacks. You can't simulate infinite futures as the POW must also be included.

3) POW mining centralisation would seem 'less' important. The miners can't censor or be coerced to. They are JUST the security of the system. The POS block creation has a much larger user base. More users than miners.

So in this system, you would have the advantages of POS systems in terms of WHO ACTUALLY DECIDES WHAT HAPPENS, and the advantages of POW systems in terms of SECURITY.

Win win.

ADDENDUM :

..

Obviously, having the chain timestamped with POW, means that all the costless attacks on POS are now fixed. 

POS is simply used to pick the creator of the next block. Who can then create it. (And NO you can't run a costless simulation, the POW is real..)

There is a payout to both the POW and POS miner in the block. Though not necessarily equal.

..

END of ADDENDUM

 

Lot's of talk about Consensus mechanisms on the boards ATM.. Get's the old imagination going..
..

Miners are 'really' just time-stampers.

That's the Battle that wages between them.

Who get's to decide the TIME.

And they get paid 'well' for that. And that's a nice, neat, clean relationship. 

..

In current block chain systems the miners ALSO get to decide the Content, Which events and the Sum of the Events , that occurred during the last slice of time.

Why not change that so that Miners ONLY worry about the Time. Something they are good at.

And the actual Content, The Blocks, are created by a different group. Say a POS mining group (quite a few options here..) .

So POS Miners are busy running full nodes, NO hashing, and create blocks with TXNS in them. Sign them in some fashion.

POW Miners are busy running full nodes, FULL HASHING, and crunching mega-hash functions, to solve the current POS Block.

I can't see that the partial-centralisation of the HASH mining would be such an issue then.

This would distribute the business of creating the 'important' Content 'bit', to a far wider audience.

?   

I don't think the sidechains can use the security of the main chain unless they are merge mined..

If you want to run a POW side chain, not merged, you would need to start from ground ZERO.

I think POS sidechains, with POW checkpoints https://bitcointalk.org/index.php?topic=1170713.0 might be one way to go.

Just to be clear, is the question, How do I get a random number from a POS chain ?

If so.. I would go with,

You take the last 64 blocks, and take 1 bit from each block, the first bit of the header hash, stick all of these together and come up with one 64 bit number.

Even if you controlled the last 8 blocks, that would only be 256 different permutations you could try, to find one that favoured you.

Then, you could spread this out to use 64x64 blocks instead, by hashing each 64 blocks to get 1 hash, and then 1 bit from each of those.. Surely that would be pretty hard to game ?




 

Is it possible to create 2 txns with the same normalised txid ?

You are not alone... 

I'd love a solution.

The Only one I could think if, is as you mention at the end, to have a 3rd signer.

So you would make a 2-of-3 address, and if there is a TXN malleability issue, AND the other party tries to blackmail you (which he may not do), then you can always fall back on the 3rd signer to process the refund.

BUT - the issue with that is that you and the 3rd signer could send the funds whenever you like, without waiting for the required locktime. So the 2nd Party, the one you are trying to trade with, would then be at the mercy of the first and 3rd signer..
 
I can't think of a way of preventing the 3rd signer from 'not' signing until a reasonable amount of time has passed, as otherwise the other party would not get involved in the first place. Other than TRUST of course.

I wanted to implement this in an exchange, as I'm sure many of us do, but it's just not quite there yet..

..

OP_CHECKLOCKTIME !? When please..?

Yep - You do need to run both currently, not ALL the sidechains, but the main chain and sidechains could use UTXO compression and other tricks that are floating around to minimise blockchain size. (Something I think should become the default for all coins IMHO - I think Cryptonite was the first TINY coin chain ?)

I think POS has many MANY potential uses, which POW simply is not suited for. (And VICE VERSA - but maybe MORE uses for POS - just not as 'Currency'.. ;-p).

So if we need ONE POW chain, a simple decentralised timestamp server really, to fix a little thing like long range attacks, but then get all the benefits of POS, for thousands of separate chains, that sounds acceptable to me.

Now.. Just need to fix those pesky short range missiles..

Hmm.. not sure.. let's think.

As far as the checkpointing. Assuming you would want to store a checkpoint every 24hrs for you POS chain, and that there were 10,000 different POS chains running of it, that would be, well, tiny. Easily fits into 1mb blocks..   

Other txns could be cross-chain transfers, going from one side chain to another. This would need to go through the main chain, but it would not be a daily occurrence for most users. I can't really say how much of this would happen without knowing what chains were running.

The main chain would really just be a clearing house. All the 'Action' would be happening on the various sidechains.

So it might be quite an expensive min fee on the main chain. But that's OK, as the fees on the side chains could be tiny. (I think this is the current position being pushed by blockstream..)

As far as running a node, I think it would be no different from now. Just that you could run the main chain node, or a side chain node, or both in some merged-mine hybrid.

Main Chain SPV clients would be fine, but as I said, I think most of the daily user action would be occurring on a side chain, so they would not be as prevalent as on Bitcoin.
 

MONSTERERERERR..! Thanks for chipping in..

As far as my understanding goes, SideChains and Coloured coins are different animals. Although maybe of the same genus.. 

Sidechains allow you to interact with the main chain, on a side chain, without having 'trust'. You can jump to a sidechain, dance a jig / interact / etc , and then return to the main chain. In a Semi-Atomic-Trustless fashion. ( Depends on how the sidechain is secured. Currently the 'Elements' Sidechain is federated, so you do have to trust the 'federators', although they can't 'screw' you in a hidden fashion. Their treachery would be public! )

In this system, you are only delegating the 'POS Decentralised Checkpointing' to the main POW chain.

This means that the POW chain is not used to determine the outcome on each individual POS chain. Just to store each POS chains latest checkpoint.

Then each POS chain can perform it's task, ( an exchange, company governance system, super fast confirmation time chain, torrent file link host, etc etc),  in the knowledge that it is not susceptible to a long range attack.

Once your POS chain is compatible with the POW main chain checkpoint mechanism, you can do ANYTHING you like on a POS sidechain. Without ever needing to change the main POW chain. No Main-Chain Hard Forks..  everererer ..

Well, you still have to secure a sidechain ? A sidechain doesn't just get all the security of the main chain. Far from it.

So you are going to need to run the side chain as a federated chain, POW chain, or POS chain.

I always feel that although POW 'works', I wouldn't want to run my company governance off of that..

It's definitely a situation where POS makes much more sense. 

Especially Proof of Virtual Miner  : https://bitcointalk.org/index.php?topic=1143191.0 

You can keep your share in the company without someone 'paying' for mining equipment that makes your share negligible. The stakeholders have there say. Like a normal company.

If only we could fix the various attack vectors..

Scalability ? Extensibilty ? Personal POS chains per company ?

You could have ONE almighty POW chain, with perhaps a smallish block size limit  ,  that is used to ground Thousands of POS side chains, each doing something funky / different.

Want to test a quantum secure chain ?

POS ethereum ?

Anything really, with the POS chains not having to worry about expensive mining hardware.

Did try and discuss this in the technical forum, but no bites..

https://bitcointalk.org/index.php?topic=997125.msg12307016#msg12307016

Basically :

POW mainchain, with POS sidechain.

POS sidechain can store the checkpoints required to show which chain is real on the un-fakeable POW chain. Decentralised checkpointing.

This means no 'Weak Subjectivity' as Vitalik puts it.. so the first time you connect to the POS network you now have a reference block hash, checkpoint, to prove which chain is the real one.

Thoughts ?

If Bitcoin goes.. I think it would be naive NOT to think that MOST if not ALL of the cryptocoin scene will implode and not resurface for a decade or so..

You'll still have the DARK side, of course, but the mainstream will see it as a passing fad.
 
None of the technical differences make any difference to average joe, at all. It's all Maths-FU to them anyway.

..

As far as the real world is concerned :  'All Coins lead to Bitcoin.'

On the other hand, if Bitcoin succeeds, as we know it can , then I think there is a good chance that other coins will flourish.

Nature of Decentralisation. Having only one coin seems pretty, well, centralised.. 

Ahm.. Yeeess..

But thanks, you bring up a nice point that I shall now throw back at ya'..   

How long has IPv6 been rolling out ? Years.. ?

Now imagine that you couldn't even use it unless 75% of the ENTIRE internet has upgraded to it..

Because that's how Bitcoin works, you can't just have some people upgrade, and use the new-teck, and wait for the others to follow suit. You have to wait until ALMOST ALL OF US have upgraded before you can even START using the new features..   

I think 'decades' would be a closer approximation to how long the roll-out would take.. And then of course, you've got those of us who think IPv6 is, to be frank, bollox, and that they should have gone for IPv8 - (you know what I mean, 6 digits isn't enough, they should have gone for 8 and be done with it..)

BOOM!.. WAR!!..  (again..)

..

As for protocols that should have long since been superseded but just keep on ticking.. how about SMTP / POP3 ? Jesus, I bet their inventors never dreamed they would last this long.. But here they stand.

You can't STOP an attempted Hard Fork.. I know.. that's the beauty of it.. and if someone came up with the perfect system, anonymous, fast, global, etc etc, (..looking at you #GMAX..) of course they'll try to push it on Bitcoin, and good luck, but I think the GOAL should be NOT TO HARD FORK.

EVER.

Well, these certainly are 'interesting' times in the Bitcoin sphere.. (They always are to be fair.. )

In my humble opinion, the current 'Situation' stems from the fact that the protocol is NOT FINISHED. This is the issue. Not the client software, as that is simply an implementation of the protocol.

We should WANT lots of implementations of the protocol. Trying to use just ONE client, CORE or whatever, is not a good idea. 

Imagine if we all had to use the same web browser ? That would be rubbish.

Imagine if the Core HTTP protocol could change.. What a nightmare.. All the browsers/servers in the world having to argue and fight over who is right, and who is dead.. Well that's the situation we currently find ourselves in.

What this needs, is to finally and concretely define the Bitcoin protocol. No more Hard-BIPS. No more protocol level changes. One more MEGA-FORK, and then we live with what we have created. Full stop.

Tried to work out what future forks might occur here.. https://bitcointalk.org/index.php?topic=1123605

Once the 'Protocol' is specified, done and dusted, then, and ONLY then, will this uncertainty about the future disappear. Otherwise we are all just waiting around for the next change.. and round and round the merry-go-round goes..

Couple of points / ideas I've been mulling over..

If you had Bitcoin's POW as the main-chain, and then a POS sidechain, could this not remove the 'long range attacks', as the checkpoints required to fix the issue would be stored on the POW chain ? So there would be no 'weak subjectivity' required  ? You can always tell what a valid checkpoint in the valid POS chain is, by checking the un-fakeable POW chain.

This leaves only the short range attacks, and as andytoshi says, there is always the 'costless simulation' that can be used to manufacture many-many chains until you find one you like.

There seem to be 2 counter arguments to that currently.

1) Vitalik's ideas about a punitive POS chain (Slasher) that stops this sort of nonsense..

2) NeuCoin's paper appears to show that the number of possible iterations is SOO massive, that the search space is basically too large to.. err.. search.

Are both these ideas to fix short range attacks flawed ?

Because if not, well, POS chains branching off a POW chain would seem like a great idea..


 

come on.. no 'spite' please.. that's a mug's game. (You can't just 'KEEP RUNNING CORE' if the network went with XT or vice versa.. Sorry.. That's not how it works.. Unless you want to mine a worthless chain)

there is ONLY EVER ONE SOLUTION TO END WAR.

It's called PEACE..

or 'Kiss and Make Up'

The Core Boys, Mike, Gavin and the rest of them need to sit the F**K down and have some milk and cookies.

The really cool thing is - IT'S NEVER TOO LATE.

YADaminer - I like your enthusiasm.

Now - just because 1 twat with a computer can't hack your network, does not mean your network is secure.

What if the Hack costs more than $2000 to perform ?

I need a 100 computer network at my disposal, which I don't have.

If VNL was actually worth anything, I can assure you many MANY hackers with armies of zombie computers would tear into it. But knowing that this is the case, the network will never be worth enough for them to bother. Catch 22.

How about just answering the questions posed in this thread ? There are 15 points in my previous post but let's start with the BIG one..

How is a sybil attack prevented ?

Is John Connor from the future where he saves us from SkyNet ?

Are you his pet terminator ?