killerstorm (OP)
Legendary
Offline
Activity: 1022
Merit: 1033
|
|
August 20, 2012, 12:23:03 PM |
|
(It was already mentioned a couple of times in comments, but they are often buried, so I want a separate discussion.) The most 'interesting' part of a cryptocurrency design is its defense against double-spend attacks (since ownership is trivially implemented via public key crypto). In Bitcoin it is done using proof-of-work approach. In PPCoin it is done using proof-of-stake/proof-of-work hybrid. The problem is that proof-of-stake used in PPCoin does not really defend against double spend attacks. At all. If you have a large enough stash of coins you can do a history rewrite of arbitrary size. Particularly, you can rewrite last few blocks to do a practical double-spend. If it fails, you lose nothing. So only irrational person would not do double spends. If we assume that miners are rational, they will try to do these attacks, it is a legitimate business with PPCoin. It costs you nothing, but brings money (e.g. kickbacks), so why not? So, well,. this scheme of proof-of-stake does not work. Actually, authors note it in PPCoin paper, so they use a centralized checkpointing approach. So, let's summarize: - proof-of-stake is useless
- currency is secured through centralized checkpointing
Thus it is definitely not a decentralized cryptocurrency. (It's worth noting that there are better ways to implement proof-of-stake, it's just that method used in PPCoin is flawed. https://en.bitcoin.it/wiki/Proof_of_Stake )
|
|
|
|
ripper234
Legendary
Offline
Activity: 1358
Merit: 1003
Ron Gross
|
|
August 20, 2012, 12:52:41 PM |
|
In all fairness, the authors of PPCoin admit it is currently not fully decentralized, but they wish to remove these "broadcasted checkpoints" in a future software update - it is used for bootstrapping the coin.
I can't say that I support the idea myself, but it doesn't smell like yet another SolidCoin to me, just leaves a bad taste.
|
|
|
|
killerstorm (OP)
Legendary
Offline
Activity: 1022
Merit: 1033
|
|
August 20, 2012, 01:13:36 PM |
|
They hope that they'll find an algorithm to do distributed checkpointing... But that's the whole point!
So what they say essentially is: "We haven't developed the main part yet, but we hope there is some solution. Meanwhile, here's this completely centralized system with proof-of-stake used as disguise of decentralization".
I'm not claiming that they are scammers, it is just incredibly sloppy crypto design. Somebody was just too eager to release the first proof-of-stake based cryptocurrency, without thinking about security much.
|
|
|
|
cbeast
Donator
Legendary
Offline
Activity: 1736
Merit: 1006
Let's talk governance, lipstick, and pigs.
|
|
August 20, 2012, 01:20:52 PM |
|
This a fundamental flaw with PoS in general. A decentralized currency is based on game theory. In PoW we have miners competing with hash power to win blocks. In PoS we have the game owner making up the rules as they go along. That's not much of a game. A hybrid money game would work, expecially with competing verification systems, but the rules have to clear, up-front, and fair.
|
Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
|
|
|
maaku
Legendary
Offline
Activity: 905
Merit: 1011
|
|
August 20, 2012, 01:35:57 PM |
|
This a fundamental flaw with PoS in general. A decentralized currency is based on game theory. In PoW we have miners competing with hash power to win blocks. In PoS we have the game owner making up the rules as they go along. That's not much of a game. A hybrid money game would work, expecially with competing verification systems, but the rules have to clear, up-front, and fair.
No, it's not. Read the wiki page on proof-of-stake. The existing proposals have been designed to not hand the keys to the network over to anyone. Proof-of-stake must be implemented as PoW *AND* PoS. Proof-of-work is meant to add security, not take it away. But that's exactly what happens in PPCoin--PPCoin greatly lessens the security of the network.
|
I'm an independent developer working on bitcoin-core, making my living off community donations. If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
|
|
|
cbeast
Donator
Legendary
Offline
Activity: 1736
Merit: 1006
Let's talk governance, lipstick, and pigs.
|
|
August 20, 2012, 01:44:50 PM |
|
This a fundamental flaw with PoS in general. A decentralized currency is based on game theory. In PoW we have miners competing with hash power to win blocks. In PoS we have the game owner making up the rules as they go along. That's not much of a game. A hybrid money game would work, expecially with competing verification systems, but the rules have to clear, up-front, and fair.
No, it's not. Read the wiki page on proof-of-stake. The existing proposals have been designed to not hand the keys to the network over to anyone. Proof-of-stake must be implemented as PoW *AND* PoS. Proof-of-work is meant to add security, not take it away. But that's exactly what happens in PPCoin--PPCoin greatly lessens the security of the network. As long as it's based on a game theory with both competition and cooperation, then it can be fair. I did not mean that the blockchain is controlled by network keys, but by monopolists that have control simply by being early adopters.
|
Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
|
|
|
maaku
Legendary
Offline
Activity: 905
Merit: 1011
|
|
August 20, 2012, 01:51:13 PM |
|
But in the existing, community-vetted proof-of-stake proposals nobody is given control because of a high balance. In Mini's proposal, for example, PoS is simply a method of voting on checkpoints. It's therefore reactionary and you'd have both significant mining power *and* a significant balances to execute a double-spend attack. With PPCoin you need either significant mining power *or* a significant balance to execute a double-spend. That's not a trivial difference.
|
I'm an independent developer working on bitcoin-core, making my living off community donations. If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
|
|
|
cbeast
Donator
Legendary
Offline
Activity: 1736
Merit: 1006
Let's talk governance, lipstick, and pigs.
|
|
August 20, 2012, 02:09:57 PM |
|
I hope the issue of checkpoints can be automated without any human intervention. Competing strategies for block and fee rewards should serve to keep each other from gaining overwhelming advantage. I suppose a two-factor strategy will work once the game is fully developed. PPCoin (or a version of) may work in the long run but it seems a very complex set of rules would be needed to manage the network. I would prefer a third player for simpler game balance, but it looks promising for now.
|
Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
|
|
|
killerstorm (OP)
Legendary
Offline
Activity: 1022
Merit: 1033
|
|
August 20, 2012, 03:01:36 PM |
|
Well, I believe proof-of-stake can work if there is a way for someone to lose his stake if he is caught participating in malicious activity.
E.g. you use 1000 coins to sign a double-spend transaction and you're caught, your 1000 coins are banned. If chances to get caught are high, incentive from this double-spend must be much higher.
This means that for a transaction worth 100 coins you can trust 1000 coins worth of confirmations, as nobody in his sane mind will risk his 1000 coins for 100 coin double-spend.
Now there is a question: how do we detect and punish a double-spend? Well, detection is trivial, but we don't know which miner is guilty. (Or maybe miners are not guilty at all.)
I believe it's tricky, but not impossible.
One way is to implement is to make it manual: if there is a large reorg, simply half operation and let human operator to decide which blockchain we trust. Eventually consensus will be reached and guilty party would be punished.
So under these conditions double-spends will never be done for profit, but only as a form of DoS attack. But this DoS attack costs money, so we can expect that there won't be a lot of that.
Also, monopolization isn't such a problem: if monopolist pisses off people they can just ban his stake. (For this to work stakes must be identifiable, i.e. one needs to move his money from transactional account to stake account, and this move should take a lot of time to mature so it's not easy to switch.)
So back to your game theory analogy, it is a game where if you play by rules you get profit, but if you try to break the rules you lose. Makes sense, no?
|
|
|
|
passerby
Member
Offline
Activity: 112
Merit: 10
|
|
August 20, 2012, 06:03:43 PM |
|
In all fairness, the authors of PPCoin admit it is currently not fully decentralized, but they wish to remove these "broadcasted checkpoints" in a future software update - it is used for bootstrapping the coin.
I can't say that I support the idea myself, but it doesn't smell like yet another SolidCoin to me, just leaves a bad taste.
It seems to me that in order for a coin to become soiledcoin, the coin's dev must pick a fight with an uber-hacker.
|
|
|
|
MAD_MAD
Newbie
Offline
Activity: 27
Merit: 0
|
|
August 20, 2012, 07:37:31 PM |
|
In all fairness, the authors of PPCoin admit it is currently not fully decentralized, but they wish to remove these "broadcasted checkpoints" in a future software update - it is used for bootstrapping the coin.
I can't say that I support the idea myself, but it doesn't smell like yet another SolidCoin to me, just leaves a bad taste.
It seems to me that in order for a coin to become soiledcoin, the coin's dev must pick a fight with an uber-hacker. Do you know something about solidcoin that I do not ?
|
|
|
|
Bitcoin Oz
|
|
August 21, 2012, 01:23:32 AM |
|
In all fairness, the authors of PPCoin admit it is currently not fully decentralized, but they wish to remove these "broadcasted checkpoints" in a future software update - it is used for bootstrapping the coin.
I can't say that I support the idea myself, but it doesn't smell like yet another SolidCoin to me, just leaves a bad taste.
It seems to me that in order for a coin to become soiledcoin, the coin's dev must pick a fight with an uber-hacker. Pretty much this.
|
|
|
|
smoothie
Legendary
Offline
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
|
|
October 13, 2012, 07:07:57 PM |
|
(It was already mentioned a couple of times in comments, but they are often buried, so I want a separate discussion.) The most 'interesting' part of a cryptocurrency design is its defense against double-spend attacks (since ownership is trivially implemented via public key crypto). In Bitcoin it is done using proof-of-work approach. In PPCoin it is done using proof-of-stake/proof-of-work hybrid. The problem is that proof-of-stake used in PPCoin does not really defend against double spend attacks. At all. If you have a large enough stash of coins you can do a history rewrite of arbitrary size. Particularly, you can rewrite last few blocks to do a practical double-spend. If it fails, you lose nothing. So only irrational person would not do double spends. If we assume that miners are rational, they will try to do these attacks, it is a legitimate business with PPCoin. It costs you nothing, but brings money (e.g. kickbacks), so why not? So, well,. this scheme of proof-of-stake does not work. Actually, authors note it in PPCoin paper, so they use a centralized checkpointing approach. So, let's summarize: - proof-of-stake is useless
- currency is secured through centralized checkpointing
Thus it is definitely not a decentralized cryptocurrency. (It's worth noting that there are better ways to implement proof-of-stake, it's just that method used in PPCoin is flawed. https://en.bitcoin.it/wiki/Proof_of_Stake ) +1 PPCoin is NOT DECENTRALIZED!
|
███████████████████████████████████████
,╓p@@███████@╗╖, ,p████████████████████N, d█████████████████████████b d██████████████████████████████æ ,████²█████████████████████████████, ,█████ ╙████████████████████╨ █████y ██████ `████████████████` ██████ ║██████ Ñ███████████` ███████ ███████ ╩██████Ñ ███████ ███████ ▐▄ ²██╩ a▌ ███████ ╢██████ ▐▓█▄ ▄█▓▌ ███████ ██████ ▐▓▓▓▓▌, ▄█▓▓▓▌ ██████─ ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─ ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩ ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀ ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀` ²²² ███████████████████████████████████████
| . ★☆ WWW.LEALANA.COM My PGP fingerprint is A764D833. History of Monero development Visualization ★☆ . LEALANA BITCOIN GRIM REAPER SILVER COINS. |
|
|
|
Greedi
|
|
October 13, 2012, 07:08:21 PM |
|
(It was already mentioned a couple of times in comments, but they are often buried, so I want a separate discussion.) The most 'interesting' part of a cryptocurrency design is its defense against double-spend attacks (since ownership is trivially implemented via public key crypto). In Bitcoin it is done using proof-of-work approach. In PPCoin it is done using proof-of-stake/proof-of-work hybrid. The problem is that proof-of-stake used in PPCoin does not really defend against double spend attacks. At all. If you have a large enough stash of coins you can do a history rewrite of arbitrary size. Particularly, you can rewrite last few blocks to do a practical double-spend. If it fails, you lose nothing. So only irrational person would not do double spends. If we assume that miners are rational, they will try to do these attacks, it is a legitimate business with PPCoin. It costs you nothing, but brings money (e.g. kickbacks), so why not? So, well,. this scheme of proof-of-stake does not work. Actually, authors note it in PPCoin paper, so they use a centralized checkpointing approach. So, let's summarize: - proof-of-stake is useless
- currency is secured through centralized checkpointing
Thus it is definitely not a decentralized cryptocurrency. (It's worth noting that there are better ways to implement proof-of-stake, it's just that method used in PPCoin is flawed. https://en.bitcoin.it/wiki/Proof_of_Stake ) +1 PPCoin is NOT DECENTRALIZED!+ 2
|
|
|
|
smoothie
Legendary
Offline
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
|
|
October 13, 2012, 07:12:26 PM |
|
They hope that they'll find an algorithm to do distributed checkpointing... But that's the whole point!
So what they say essentially is: "We haven't developed the main part yet, but we hope there is some solution. Meanwhile, here's this completely centralized system with proof-of-stake used as disguise of decentralization".
I'm not claiming that they are scammers, it is just incredibly sloppy crypto design. Somebody was just too eager to release the first proof-of-stake based cryptocurrency, without thinking about security much.
The creator, Sunny Drag Queen, claims to have spent $100k-$200k of development time on PEEPEE COIN.
|
███████████████████████████████████████
,╓p@@███████@╗╖, ,p████████████████████N, d█████████████████████████b d██████████████████████████████æ ,████²█████████████████████████████, ,█████ ╙████████████████████╨ █████y ██████ `████████████████` ██████ ║██████ Ñ███████████` ███████ ███████ ╩██████Ñ ███████ ███████ ▐▄ ²██╩ a▌ ███████ ╢██████ ▐▓█▄ ▄█▓▌ ███████ ██████ ▐▓▓▓▓▌, ▄█▓▓▓▌ ██████─ ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─ ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩ ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀ ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀` ²²² ███████████████████████████████████████
| . ★☆ WWW.LEALANA.COM My PGP fingerprint is A764D833. History of Monero development Visualization ★☆ . LEALANA BITCOIN GRIM REAPER SILVER COINS. |
|
|
|
DiCE1904
Legendary
Offline
Activity: 1118
Merit: 1002
|
|
October 13, 2012, 07:13:37 PM |
|
interesting thread
|
|
|
|
AndyRossy
|
|
October 13, 2012, 07:20:50 PM |
|
If you have a large enough stash of coins you can do a history rewrite of arbitrary size. Particularly, you can rewrite last few blocks to do a practical double-spend.
Not the case at all (see the white papers please.), and even if you it *was* the case... consider bitcoin, to buy even 10% of bitcoin market, would cost $12million. This is more expensive than a 51% attack, and, and you'd need more than 10% of the cap.
|
|
|
|
AndyRossy
|
|
October 13, 2012, 07:22:11 PM |
|
In all fairness, the authors of PPCoin admit it is currently not fully decentralized, but they wish to remove these "broadcasted checkpoints" in a future software update - it is used for bootstrapping the coin.
I can't say that I support the idea myself, but it doesn't smell like yet another SolidCoin to me, just leaves a bad taste.
It seems to me that in order for a coin to become soiledcoin, the coin's dev must pick a fight with an uber-hacker. Pretty much this. And this. Most the complaints about PPC are from smoothie, and dice/greedi. All well known LTC speculators.
|
|
|
|
ElectricMucus
Legendary
Offline
Activity: 1666
Merit: 1057
Marketing manager - GO MP
|
|
October 13, 2012, 07:24:13 PM |
|
The PPCoin proof of stake system does exactly what it is supposed to do:
Amplifying the early adopter benefit to the point where it becomes useless for any other useage except pump & dump. If you have lots of cash and think you can corner the market you can probably get quite a bit of profit by doing it.
|
|
|
|
smoothie
Legendary
Offline
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
|
|
October 13, 2012, 07:25:33 PM |
|
The PPCoin proof of stake system does exactly what it is supposed to do:
Amplifying the early adopter benefit to the point where it becomes useless for any other useage except pump & dump.
+1...now Pump and dump that shit...lol...oh wait....no just dump lol
|
███████████████████████████████████████
,╓p@@███████@╗╖, ,p████████████████████N, d█████████████████████████b d██████████████████████████████æ ,████²█████████████████████████████, ,█████ ╙████████████████████╨ █████y ██████ `████████████████` ██████ ║██████ Ñ███████████` ███████ ███████ ╩██████Ñ ███████ ███████ ▐▄ ²██╩ a▌ ███████ ╢██████ ▐▓█▄ ▄█▓▌ ███████ ██████ ▐▓▓▓▓▌, ▄█▓▓▓▌ ██████─ ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─ ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩ ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀ ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀` ²²² ███████████████████████████████████████
| . ★☆ WWW.LEALANA.COM My PGP fingerprint is A764D833. History of Monero development Visualization ★☆ . LEALANA BITCOIN GRIM REAPER SILVER COINS. |
|
|
|
|