Sunny King (OP)
Legendary
Offline
Activity: 1205
Merit: 1010
|
|
August 21, 2012, 09:37:10 PM Last edit: August 21, 2012, 10:02:07 PM by Sunny King |
|
I think I may have found a solution in response to the various criticisms related to checkpoint and double-spending attacks.
Here is the new proposal for main chain protocol:
The main chain protocol will now score based on proof-of-stake difficulty. Each proof-of-stake block is scored its proof-of-stake difficulty (proof-of-work block scores 0 or something small like 0.01) The chain with highest total score is the main chain.
This will work quite similar to Bitcoin's main chain protocol.
Double spending attack will be much much harder. Checkpoint may be weakened in the future when proof-of-stake protection is strong enough.
I may include this in a 0.2 release. The implementation of this is likely trivial and not affecting current users.
Let me know what you think,
Sunny
|
|
|
|
iddo
|
|
August 21, 2012, 10:06:18 PM |
|
The main chain protocol will now score based on proof-of-stake difficulty.
Please elaborate? Neither your article nor your previous replies were clear enough, and I didn't try to analyse the source code just to understand the protocol specifications. If I understood correctly, the blockchain can be extended either by proof-of-work or by proof-of-stake as the next block? My guess is that since the main property that your protocol tries to accomplish is to avoid the energy waste of proof-of-work hashpower, you won't be able to achieve security from double-spending attacks by stakeholders. It's an interesting experiment, we'll see if I'm wrong...
|
|
|
|
markm
Legendary
Offline
Activity: 3010
Merit: 1121
|
|
August 21, 2012, 10:19:09 PM |
|
Experts have gone over this proof of stake stuff for what, months for sure maybe a year or more?
Did you read their wiki pages?
They already solved this didn't they?
What you say above still sounds like you are just cementing in place the ability of stakeholders to periodically do a double spend?
-MarkM-
|
|
|
|
Sunny King (OP)
Legendary
Offline
Activity: 1205
Merit: 1010
|
|
August 21, 2012, 10:21:51 PM |
|
Double spending will be hard exactly the same way as in Bitcoin, because generating one proof-of-stake block on demand is already hard, generating multiple of them to force reorg is way way harder.
Energy-efficiency is still preserved if proof-of-work blocks get scored 0.
|
|
|
|
markm
Legendary
Offline
Activity: 3010
Merit: 1121
|
|
August 21, 2012, 10:36:04 PM |
|
Scored zero what? Work? Why have proof of work blocks if their work is irrelevant?
Are you adding up some kind of weighted sum of work plus stake for the proof of stake blocks?
Why do you even have tow types of blocks if indeed you are implying some blocks are proof of work and others are proof of stake?
Shouldn't each block have both work and stake, each weighted somehow into total of how much that block counts toward being a longer chain?
-MarkM-
|
|
|
|
iddo
|
|
August 21, 2012, 10:38:46 PM |
|
Double spending will be hard exactly the same way as in Bitcoin, because generating one proof-of-stake block on demand is already hard, generating multiple of them to force reorg is way way harder.
Energy-efficiency is still preserved if proof-of-work blocks get scored 0.
You're quite economic with providing exact details of how your protocol behaves, I have to make guesses. If I understand correctly, you now say the proof-of-work will be used just to bring new coins into existence, and protection from double-spending will be done just via proof-of-stake? What makes you think that large stakeholders couldn't easily prepare a secret forked branch when they wish to double-spend? Isn't it true that generating a proof-of-stake block on demand is easier if you're a large stakeholder?
|
|
|
|
Sunny King (OP)
Legendary
Offline
Activity: 1205
Merit: 1010
|
|
August 21, 2012, 10:45:43 PM |
|
You're quite economic with providing exact details of how your protocol behaves, I have to make guesses. If I understand correctly, you now say the proof-of-work will be used just to bring new coins into existence, and protection from double-spending will be done just via proof-of-stake? What makes you think that large stakeholders couldn't easily prepare a secret forked branch when they wish to double-spend? Isn't it true that generating a proof-of-stake block on demand is easier if you're a large stakeholder?
That's basically comparable to a 51% attack on proof-of-work. They would stand to lose a lot more than they gain.
|
|
|
|
markm
Legendary
Offline
Activity: 3010
Merit: 1121
|
|
August 21, 2012, 10:53:34 PM Last edit: August 22, 2012, 01:55:35 AM by markm |
|
Yeah but the weighted sum of both work and stake on each block means to doublespend you need lots of work and lots of stake, having just one or the other is way less likely to succed? Maybe Meni and Cunicula can weigh in on this, though likely they figure it was all thoroughly explained in their wiki entries and all the many many threads that argued it all out back and forth to lead ultimately to the wiki entries?
Where were your weird out of the blue approaches during all those months of deep work on how it can be done right?
-MarkM-
|
|
|
|
galambo
|
|
August 22, 2012, 01:54:32 AM Last edit: August 22, 2012, 03:18:12 AM by galambo |
|
I think associating the block reward to the difficulty target is a bad idea. How did you test this?
Your idea seems to be more sensitive to correct timestamps. How did you test this?
This seems like a pyramid scheme rather than a currency because you center your work on an idea which will paralyze money velocity, "coin age."
I don't understand the problem you claim to be solving "energy efficiency" could you please expand on this idea, since it is so central to your coin?
What algorithm did you use to "continuously adjust" the difficulty? Sounds dangerous.
|
|
|
|
VelvetLeaf
Member
Offline
Activity: 98
Merit: 10
|
|
August 22, 2012, 02:34:32 AM |
|
Is this mean the blockchain will be restarted ?
|
BTC : 1GN81dxzxyFPQsyAtdocXr5S9Mcg4wcfFG LTC : LgmYvXsYXc4xdjsMKXJWqtagxVvioK6iaw FC : 6dpSnKMtttUUYzaRu1EB7Lu18PBRVHU3V7
|
|
|
Sunny King (OP)
Legendary
Offline
Activity: 1205
Merit: 1010
|
|
August 22, 2012, 02:40:28 AM |
|
Yeah but the weighted sum of both work and stake on each block means to doublespend you need lots of work and lots of stake, having just one or the other is way less likely to succed? Maybe Meni and Cunicula can weigh in on this, though likely they figure it was all thoroughly explained in their wiki entries and all the many many threads that argued it all out back and forth to lead ultimately to the wiki entries?
Where were your weird out of the blue approaches during all those months of deep work on how it can be done right?
-MarkM-
Oh well I think that's fairly enough as far as I am concerned if their competing designs are so nice and thorough why don't they bring out the implementation and prove it to the Market. They could even fork and reuse some of our code if they want and I would be glad of being some help. I'd like to hear more constructive opinions instead. Please keep in mind our goal is to solve energy efficiency instead of implementing someone else's ideas.
|
|
|
|
Sunny King (OP)
Legendary
Offline
Activity: 1205
Merit: 1010
|
|
August 22, 2012, 02:44:24 AM |
|
Is this mean the blockchain will be restarted ?
No. This change has no effect on block format and only affects the decision of when to do reorganization. So block chain does not need to be restarted.
|
|
|
|
Bitcoin Oz
|
|
August 22, 2012, 02:45:47 AM |
|
Yeah but the weighted sum of both work and stake on each block means to doublespend you need lots of work and lots of stake, having just one or the other is way less likely to succed? Maybe Meni and Cunicula can weigh in on this, though likely they figure it was all thoroughly explained in their wiki entries and all the many many threads that argued it all out back and forth to lead ultimately to the wiki entries?
Where were your weird out of the blue approaches during all those months of deep work on how it can be done right?
-MarkM-
Oh well I think that's fairly enough as far as I am concerned if their competing designs are so nice and thorough why don't they bring out the implementation and prove it to the Market. They could even fork and reuse some of our code if they want and I would be glad of being some help. I'd like to hear more constructive opinions instead. Please keep in mind our goal is to solve energy efficiency instead of implementing someone else's ideas. I dont think you can rely on POS or POW alone you need to have them working together. If you only use POW or POS by themselves its no good. PoW+PoS not PoW OR PoS. If one needs 50% of mining power + 50% of the entire stake to attack its practically impossible.
|
|
|
|
markm
Legendary
Offline
Activity: 3010
Merit: 1121
|
|
August 22, 2012, 05:13:47 AM |
|
Yeah but the weighted sum of both work and stake on each block means to doublespend you need lots of work and lots of stake, having just one or the other is way less likely to succed? Maybe Meni and Cunicula can weigh in on this, though likely they figure it was all thoroughly explained in their wiki entries and all the many many threads that argued it all out back and forth to lead ultimately to the wiki entries?
Where were your weird out of the blue approaches during all those months of deep work on how it can be done right?
-MarkM-
Oh well I think that's fairly enough as far as I am concerned if their competing designs are so nice and thorough why don't they bring out the implementation and prove it to the Market. They could even fork and reuse some of our code if they want and I would be glad of being some help. Unlike some people their goal does not seem to be to rush to market to make a quick buck without full peer review of their proposals and maybe some kind of ultimate settling upon exactly which approach to implement (or possibly even to try both, in which case which one being tried first would best move forward the whole matter of whether either are quite right enough yet to be ready to move to implementation. I'd like to hear more constructive opinions instead. Please keep in mind our goal is to solve energy efficiency instead of implementing someone else's ideas.
Merged mining. The energy is already spent, it is not going to stop being spent, so it makes more sense to do more with it than to come up with more ways to use more energy. Properly set up proof of stake + proof of work combo should adequately protect it from being victimised by merged miners compared to the way some chains have found enabling merged mining led to their being attacked rather than secured. I do wonder though how effective proof of stake can be if stake is obtained by using work to mine. Seems like miners maybe can retain superior stake simply by only selling a minority of coins... -MarkM-
|
|
|
|
Sunny King (OP)
Legendary
Offline
Activity: 1205
Merit: 1010
|
|
August 22, 2012, 05:36:40 AM |
|
Merged mining. The energy is already spent, it is not going to stop being spent, so it makes more sense to do more with it than to come up with more ways to use more energy.
In our opinion it is by no means clear that energy will not going to stop being spent on Bitcoin. It's a concious choice by us to not support merge mining as it introduces additional long term risks. Let's just settle at that.
|
|
|
|
VelvetLeaf
Member
Offline
Activity: 98
Merit: 10
|
|
August 22, 2012, 06:25:16 AM |
|
Merged mining.
Merged mining is a joke. Difficulty will skyrocket and the price will stay the same while mining get harder. The only advantage of merged mining is that you won't be afraid that late-adopter will crash the market by mining loads of coin and dump it on the market at once.
|
BTC : 1GN81dxzxyFPQsyAtdocXr5S9Mcg4wcfFG LTC : LgmYvXsYXc4xdjsMKXJWqtagxVvioK6iaw FC : 6dpSnKMtttUUYzaRu1EB7Lu18PBRVHU3V7
|
|
|
killerstorm
Legendary
Offline
Activity: 1022
Merit: 1033
|
|
August 22, 2012, 07:03:44 AM |
|
Experts have gone over this proof of stake stuff for what, months for sure maybe a year or more?
Did you read their wiki pages?
They already solved this didn't they?
Existing proposals are not energy-efficient. I believe that the only way to make it energy-efficient is to make people lose their stakes in case of double-spend or other malicious act. This will attacks economically unfeasible. Double-spend can be trivially detected. If people can do attacks without downsides, they WILL do these attacks. So you need PoS+PoW scheme, then a downside of an attack is money lost on PoW part. But PoS+PoW is not energy efficient, since it still requires PoW.
|
|
|
|
markm
Legendary
Offline
Activity: 3010
Merit: 1121
|
|
August 22, 2012, 07:15:09 AM |
|
Right, which is why merged mining is still useful. Re-using already-spent energy is about as energy-efficient as it is possible to be.
-MarkM-
|
|
|
|
iddo
|
|
August 22, 2012, 12:01:33 PM |
|
You're quite economic with providing exact details of how your protocol behaves, I have to make guesses. If I understand correctly, you now say the proof-of-work will be used just to bring new coins into existence, and protection from double-spending will be done just via proof-of-stake? What makes you think that large stakeholders couldn't easily prepare a secret forked branch when they wish to double-spend? Isn't it true that generating a proof-of-stake block on demand is easier if you're a large stakeholder?
That's basically comparable to a 51% attack on proof-of-work. They would stand to lose a lot more than they gain. Why is it comparable? PoW is costly, PoS is costless. Are you saying that your protocol is less secure than pure-PoW, and that's the price to pay for energy-efficiency? I'm still throwing darts randomly, pending detailed description of your protocol.
|
|
|
|
Sunny King (OP)
Legendary
Offline
Activity: 1205
Merit: 1010
|
|
August 22, 2012, 02:02:48 PM |
|
Why is it comparable? PoW is costly, PoS is costless. Are you saying that your protocol is less secure than pure-PoW, and that's the price to pay for energy-efficiency? I'm still throwing darts randomly, pending detailed description of your protocol.
PoW is costly in energy and capital investment, but PoS is costly too to the attackers as they will lose the value of their currency holdings as Market loses confidence in the currency. If someone actually accumulated such vast wealth and be crazy enough to mount the attack, I suspect that he would not be able to remain anonymous, and folks would find out about him and mobs probably would lynch him. So I doubt any reasonably rational rich people would attempt to do that, other than some established institution. Which bring it back to the point, it is comparable to a 51% attack on proof-of-work.
|
|
|
|
|