SEGWIT & LN KILLING OFF the OnChain Miners (Better start looking for new Jobs)

[kiklo]

Im saying adding pow on the stack modifier computation not on the block themselves to avoid the staking on multiple chains.

The way i understand it, the problem with POS chain is that for example in blackcoin there is granulosity of 16 sec on the time nonce used to compute the proof of stake, meaning for each output you are staking on, you have 16 sec to compute the hash for it, so it leave lot of free time, and it would be very possible for an attacker to keep in permanence different valid version of the chain, and push one or the other on the network at any time. It's what make pos coin more vulnerable to transaction maleability. Even if it's not that useable in practice i think, it can still be potentially a pb. Adding some pow on the stake modifier could avoid this to be exploited too much.

Ok,
as of the moment no one has fixed transaction malleability in BTC,

http://www.coindesk.com/bitcoin-bug-guide-transaction-malleability/

Malicious individual attacks

Let's say that Alice runs an exchange, and Eve has bitcoins sitting in that exchange. Eve decides to withdraw her coins, and asks Alice to send the bitcoins to her address. When Alice sends them, this automatically creates a transaction, which is transmitted for mining so that it can be included in the bitcoin block chain.

But Eve pretends that Alice never sent them. She uses the transaction malleability flaw to reproduce Alice's original transaction, tweaking the signature slightly to produce a different hash. She then retransmits that transaction, with the different ID.

There is a chance that Eve's transaction will be confirmed on the block chain first. If that happens, the network will assume that transaction is valid, and won't record Alice's. Eve can then complain to Alice that she didn't receive the coins. When Alice checks for her transaction ID in the block chain, she won't find it, and she might try to send more bitcoins, meaning that she'll be out of pocket.

BTC allows transactions to SIT in the Mempool while they wait to be chosen (Pick the ones with higher fees) by the Miners,
which means someone could process a transaction with the mallability issue for BTC.

However Proof of Stake ,
Processes the Mempools transactions in the Order in which they Arrive, Meaning by the time Eve tries to retransmit the transaction,
the original transaction was already included in a block, as her transaction can not leap frog over the earlier transaction.  
in Other words Eve's transaction can not jump in front of Alice's transmission on a PoS Coin network,
because the transactions in the mempool are processed in the order they are received and not selected on a fee basis like BTC.

 

FYI:
The Exchange Operator can always just pull up a decent Block Explorer and look at the Sending and Receive Addresses and see if the coins were Sent & Received.
I guess that is why BTC has not hard forked to fix it , not a major issue if you check the addresses instead of the TX id.
Either way, PoS coins prove superior by not being greedy and not letting people jump their transactions in front of others.  

[kiklo]

Im saying adding pow on the stack modifier computation not on the block themselves to avoid the staking on multiple chains.

PoS clients are not designed to stake on multiple chains at the same time.


Discussions I had with some people regarding the nonsense call nothing at stake

Some authors[15][16] argue that proof-of-stake is not an ideal option for a distributed consensus protocol. One problem is usually called the "nothing at stake" problem, where (in the case of a consensus failure) block-generators have nothing to lose by voting for multiple blockchain-histories, which prevents the consensus from ever resolving. Because there is little cost in working on several chains (unlike in proof-of-work systems), anyone can abuse this problem to attempt to double-spend (in case of blockchain reorganization) "for free".[17]

Ok , above is the quote from the wiki.

Here is what is wrong with it.

BadGuy has 50 coins ,   GoodGuy1 has 10 Coin  , GoodGuy2 also staking 10 coins

GoodGuy1 is staking
[10] on the block 500 on Fork1

At the same moment another block is created by GoodGuy2
[10] on the block 500 on Fork2


Now the BadGuy
Since he has nothing to Lose , Stakes his 50 Coins on both Forks

So Now
Fork1 [60]  & Fork2 [60]

Which means by trying to stake on both blocks at the Same Time, all he did was Negate his Staking Power by adding to Both.  

Which Fork is chosen will be decided by someone else , not trying to play both sides.
He makes his staking power irrelevant.

The other flaw with the Nothing at Stake Lie, which must be beyond the concept of PoW miners.
When Proof of Stake stakes a Block , Coin Age is used up, meaning those coins will now be offline and unable to stake until their minimum stake age is reached again.
It would be the same as when a PoW miner mined a coin and then immediately turned off his ASICS for a prescribed amount of time.
Which would mean he could mine no other block until , he was allowed to turn his ASICS back on.
Which is why PoS is superior to PoW , as random Chaos is entered into it.
PoW miners can maintain the ~ same HashRate thruout mining while a PoS Staker Amounts & Coin Age are in constant Flux every time they stake.
So what is burned when you stake, Coin Age & Staking Weight is burned, and it takes a minimum stake age before it can be recovered.

 

FYI:
As far as the DoubleSpend , PoW or PoS is susceptible to doublespend with Zero Confirmations .
Solutions for both PoW & PoS is to wait the prescribed amount of Confirmations, and never accept Zero Confirmations.

In nothing at stake attack, as I understand, attackers doesn't stake on both forks. They argue that stable strategy for all honest miners is to mine on all the fork. Then attacker assumes that everyone is doing this and stakes on the double spend fork (or whatever he wants to use instead of main-chain). That is why it doesn't matter how much attacker has. I do find this valid objection, just something not fundamental and trivial to prevent, hence I started this thread.

OK , so you think

Attacker has 1 coin ,   GoodGuy1 has 10 coins GoodGuy2 also staking 10 coins

Fork1
GoodGuy1 is staking
GoodGuy2 is staking
[20]  

At the same moment on Fork2
GoodGuy1 is staking
GoodGuy2 is staking
[20]

Now the Attacker
Places a transaction on Fork1
Stakes his 1 coin on Fork 2

So Now
Fork1 [20] only 2 blocks & Fork2 [21] 3 blocks

Fork2 now has more coins in 3 Blocks, and becomes the longest chain with the most difficulty.

All of this in an attempt at a double spend.
1st off
Standard PoS wallets don't Multi-stake, you would have to code one your self.

Let's say you do and it works exactly as you described and you spend coins on Fork1 and overwrote it when Fork2 became the longest Chain.
Basically a History rewrite.

This is why it will Fail.  Once the fork2 becomes the longest chain, all of the wallets will reorg to fork2 and it will be the correct chain.
This means the coins you sent in the transaction on fork1 will not confirm, and the wallet you sent it too will not reach even 1 confirmation.

Longest chain with the most difficulty wins , just wait the recommend # of confirmations and all zero confirmation attacks fail.


 

FYI:
Double spending if someone accepts zero confirmations is easy on Proof of Work.
I don't even need to be a miner, just paid a higher transaction fee to pull it off.
I had 2 devices with the same BTC wallet , send the coins from the 1st device to the vendor with no fee,
then send all of my BTC from the same wallet on 2nd device to another BTC address I control, including a high fee for faster transactions.
If the Vendor accepts Zero confirmations, he will see the BTC sent from the 1st device, and I exit the store with his product for free.
5 to 10 minutes later after the 1 confirmation, all of my BTC will have arrived at my other BTC address and the Vendor just saw his payment never Confirmed.
Moral is PoW or PoS wait the recommend confirmations.  

[kiklo]

Latest on Dangers posed by Segwit,
Words of a Former Segwit Supporter Who has Realized the Truth!

Initially, I liked SegWit. But then I learned SegWit-as-a-SOFT-fork is dangerous (making transactions "anyone-can-spend"??) & centrally planned (1.7MB blocksize??). Instead, Bitcoin Unlimited is simple & safe, with MARKET-BASED BLOCKSIZE. This is why more & more people have decided to REJECT SEGWIT

https://www.reddit.com/r/btc/comments/5vbofp/initially_i_liked_segwit_but_then_i_learned/

You wanted people like me to support you and install your code, Core / Blockstream?

Then you shouldn't have a released messy, dangerous, centrally planned hack like SegWit-as-a-soft-fork - with its random, arbitrary, centrally planned,
ridiculously tiny 1.7MB blocksize - and its dangerous "anyone-can-spend" soft-fork semantics.

Now it's too late. The market will reject SegWit - and it's all Core / Blockstream's fault.

The market prefers simpler, safer, future-proof, market-based solutions such as Bitcoin Unlimited.

The damage which would be caused by SegWit (at the financial, software, and governance level) would be massive:

    Millions of lines of other Bitcoin code would have to be rewritten (in wallets, on exchanges, at businesses) in order to become compatible with all the messy non-standard kludges and workarounds which Blockstream was forced into adding to the code (the famous "technical debt") in order to get SegWit to work as a soft fork.

    SegWit was originally sold to us as a "code clean-up". Heck, even I intially fell for it when I saw an early presentation by Pieter Wuille on YouTube from one of Blockstream's many, censored Bitcoin scaling stalling conferences)

    But as we all later all discovered, SegWit is just a messy hack.

    Probably the most dangerous aspect of SegWit is that it changes all transactions into "ANYONE-CAN-SPEND" without SegWit - all because of the messy workarounds necessary to do SegWit as a soft-fork. The kludges and workarounds involving SegWit's "ANYONE-CAN-SPEND" semantics would only work as long as SegWit is still installed.

    This means that it would be impossible to roll-back SegWit - because all SegWit transactions that get recorded on the blockchain would now be interpreted as "ANYONE-CAN-SPEND" - so, SegWit's dangerous and messy "kludges and workarounds and hacks" would have to be made permanent - otherwise, anyone could spend those "ANYONE-CAN-SPEND" SegWit coins!

    Segwit cannot be rolled back because to non-upgraded clients, ANYONE can spend Segwit txn outputs. If Segwit is rolled back, all funds locked in Segwit outputs can be taken by anyone. As more funds gets locked up in segwit outputs, incentive for miners to collude to claim them grows.

 

FYI:
Segwit => Trojan Virus for a Blockchain  

[kiklo]

How do the signatures work?  They are separated into two separate blocks so there would be two blockchains running? One would store a block of transactions and a block of signatures?

blockstream put in the FIBRE network to change the topology of the network (as gatekeepers) so that if segwit activates the segwit nodes control what gets filtered down to old native nodes.

in simple terms segwit nodes receive a cluster of data which is one lump of data called the blockweight where the signatures have their own txid to link back to the txid of the baseblock. if they have whitelisted old native nodes they have to send the smaller 'base' block' to old native nodes

its bait and switched to pretend its one network but because the old nodes are not receiving the same data as the segwit nodes. a fresh segwit node wont sync from a native node.

a native node wont receive segwit unconfirmed transactions. so its a 'pretend' single network. but with differing data held and/or relayed.
same goes with segwits pruned nodes. a segwit node wanting a full sync wont sync from a pruned node. so again all these core features are causing issues for the REAL full node count.because not all the nodes hold all the same data.

core have swept under the carpet how they have made anything not segwit as being second class. but pretended its all good because its "compatible"

as you can see below.
on the left is what people for 6-7 years thought the node network looked like. with pools sending out data and EVERYONE sharing the same data.
on the right is how how segwit/fibre has changed the network topology. to centralise segwit as the gate keepers of what data non segwit nodes get


and yes, segwit nodes could simply not whitelist old native nodes and make it reliant on the pools to send data to old nodes, which looking at this image below is the one on the right.(very worse case scenario, but plausible)

EDIT:gmaxwell buzzwords
downstream(old) <-> upstream(segwit) <-> pool

upstream(segwit) <-> pool<-> downstream(old)

its all explained here including the bit about signature/tx data
https://bitcointalk.org/index.php?topic=1760149.msg17607565#msg17607565