Bitcoin Forum
October 23, 2018, 03:20:09 PM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 »  All
  Print  
Author Topic: Proof that Proof of Stake is either extremely vulnerable or totally centralised  (Read 11282 times)
nexern
Hero Member
*****
Offline Offline

Activity: 597
Merit: 500



View Profile
March 07, 2016, 12:18:21 PM
 #121


pow isn't bad in general but a monetary based incentive model doesn't work. it may on the paper, in theory
but you have to deal with humans here and they have totally different demands (mostly accumulation driven).
i mean, is there really any doubt that this model already lead into a very unhealthy centralization?

perhaps for those denying reality, granted, but assuming this centralization is the case you have to accept
that pow is much, much more vulnerable by bad actors than other models. i am talking not about the weird
double spending scenarious contructed here, which are nonsense simple due to a horrible risk/reward ratio.
i you just think a minute about the details necessary to initiate an attack (real world) it comes clear nobody
would do this just for some doublespends but they would, if the goal is to create controlled mayhem.

taking this into account you can ask yourself now what gives you more confidence for a multi-billion
ecosystem. pos, where an attacker has to reveal his intention by positioning building* to get the majority
thru a very expensive asymptotically nearing or a handfull powerlines driven by an even smaller number
of miners?

well, for me this is a no-brainer. sad how things are evolved but i would bet the probability an attacker
could get the control on pos by buying old gen keys is magnitude smaller than satoshi is heavily pissed off
how things are going and therefore switching his 1mio btc stash into ethereum.

*silent positioning building is pretty hard, even in traditional markets, where most parts of the books
are closed but in crypto this much harder since most data is visible and many tracking tools already
looking exactly for those kind of pattern.

1540308009
Hero Member
*
Offline Offline

Posts: 1540308009

View Profile Personal Message (Offline)

Ignore
1540308009
Reply with quote  #2

1540308009
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
funkenstein
Legendary
*
Offline Offline

Activity: 1028
Merit: 1010


Khazad ai-menu!


View Profile WWW
March 07, 2016, 01:55:18 PM
 #122


pow isn't bad in general but a monetary based incentive model doesn't work. it may on the paper, in theory
but you have to deal with humans here and they have totally different demands (mostly accumulation driven).
i mean, is there really any doubt that this model already lead into a very unhealthy centralization?


Absolutely there is doubt.  There are what 15 million bitcoins worth of doubt.  Most of the value of PoS coins also is also based on that doubt as well, as PoW is the underlying creation of the tokens which are then staked.  I see no signs of unhealthy centralization as of yet, though this doesn't mean we shouldn't be concerned it could happen in the future and consider how to avoid / be ready. 

Quote
perhaps for those denying reality, granted, but assuming this centralization is the case you have to accept
that pow is much, much more vulnerable by bad actors than other models.


What are these attacks on PoW coins which you refer?  Curious. 

Quote

taking this into account you can ask yourself now what gives you more confidence for a multi-billion
ecosystem. pos, where an attacker has to reveal his intention by positioning building* to get the majority
thru a very expensive asymptotically nearing or a handfull powerlines driven by an even smaller number
of miners?

*silent positioning building is pretty hard, even in traditional markets, where most parts of the books
are closed but in crypto this much harder since most data is visible and many tracking tools already
looking exactly for those kind of pattern.


Show me some tracking tools that could figure out that one person had control of any amount of hashpower or stakepower.  If they don't choose to reveal anything about the keys they control, we know nothing. 

Quote

well, for me this is a no-brainer. sad how things are evolved but i would bet the probability an attacker
could get the control on pos by buying  old gen keys is magnitude smaller than satoshi is heavily pissed off
how things are going and therefore switching his 1mio btc stash into ethereum.


lol!  well certainly this is true if the coin has a max_depth_reorg parameter. 


"Give me control over a coin's checkpoints and I care not who mines its blocks."
http://vtscc.org  http://woodcoin.info
kushti
Full Member
***
Offline Offline

Activity: 193
Merit: 100


View Profile
March 11, 2016, 01:55:14 PM
 #123

This is an very informal proof, because I wanted it to be as readable as possible for the majority of readers. I hope this will finally show why Proof of Stake (PoS) is not a viable consensus design.

Ok, now please provide a formal proof for minority of readers who can't understand an informal one (e.g. me).

Ergo Platform. Part-time IOHK Research. Previously Nxt core dev / SmartContract.com cofounder.
jl777
Legendary
*
Offline Offline

Activity: 1176
Merit: 1089


View Profile WWW
March 11, 2016, 02:26:42 PM
 #124

This is an very informal proof, because I wanted it to be as readable as possible for the majority of readers. I hope this will finally show why Proof of Stake (PoS) is not a viable consensus design.

Ok, now please provide a formal proof for minority of readers who can't understand an informal one (e.g. me).
@kushti i think the logic used in this thread is that given that we assume A inevitably leads to B, since A is self-evident, then B is too.

It is hard to argue with that sort of logic as it allows to prove conclusively that B is true, it doesnt matter what B is, just as long as A is self-evident.

Like this:

We will assume that above absolute zero temperatures it is inevitable that the moon is made of cheese.

Since we are not all frozen at absolute zero, it is clear that the moon is made of cheese.

I think formally it would be: Assume A -> B and A is true, therefore B is true

James

http://www.digitalcatallaxy.com/report2015.html
100+ page annual report for SuperNET
Mashuri
Full Member
***
Offline Offline

Activity: 135
Merit: 100


View Profile
March 11, 2016, 05:46:50 PM
 #125

This is an very informal proof, because I wanted it to be as readable as possible for the majority of readers. I hope this will finally show why Proof of Stake (PoS) is not a viable consensus design.

Ok, now please provide a formal proof for minority of readers who can't understand an informal one (e.g. me).
@kushti i think the logic used in this thread is that given that we assume A inevitably leads to B, since A is self-evident, then B is too.

It is hard to argue with that sort of logic as it allows to prove conclusively that B is true, it doesnt matter what B is, just as long as A is self-evident.

Like this:

We will assume that above absolute zero temperatures it is inevitable that the moon is made of cheese.

Since we are not all frozen at absolute zero, it is clear that the moon is made of cheese.

I think formally it would be: Assume A -> B and A is true, therefore B is true

James

Well then the burden is to prove A. Why is it assumed "self evident"?

jl777
Legendary
*
Offline Offline

Activity: 1176
Merit: 1089


View Profile WWW
March 11, 2016, 06:19:21 PM
 #126

This is an very informal proof, because I wanted it to be as readable as possible for the majority of readers. I hope this will finally show why Proof of Stake (PoS) is not a viable consensus design.

Ok, now please provide a formal proof for minority of readers who can't understand an informal one (e.g. me).
@kushti i think the logic used in this thread is that given that we assume A inevitably leads to B, since A is self-evident, then B is too.

It is hard to argue with that sort of logic as it allows to prove conclusively that B is true, it doesnt matter what B is, just as long as A is self-evident.

Like this:

We will assume that above absolute zero temperatures it is inevitable that the moon is made of cheese.

Since we are not all frozen at absolute zero, it is clear that the moon is made of cheese.

I think formally it would be: Assume A -> B and A is true, therefore B is true

James

Well then the burden is to prove A. Why is it assumed "self evident"?
Because it is in the OP, so it has to be true

http://www.digitalcatallaxy.com/report2015.html
100+ page annual report for SuperNET
monsterer
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile
March 13, 2016, 07:49:00 PM
 #127

This is an very informal proof, because I wanted it to be as readable as possible for the majority of readers. I hope this will finally show why Proof of Stake (PoS) is not a viable consensus design.

Ok, now please provide a formal proof for minority of readers who can't understand an informal one (e.g. me).

What don't you understand?
kushti
Full Member
***
Offline Offline

Activity: 193
Merit: 100


View Profile
March 14, 2016, 08:06:45 AM
 #128

What don't you understand?

What you have provided is not a proof at all. We can go into meaningless and long discussions, and that crap is not what you can get by providing a (formal) proof. So please provide a real (i.e. formal) proof.

Ergo Platform. Part-time IOHK Research. Previously Nxt core dev / SmartContract.com cofounder.
monsterer
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile
March 14, 2016, 09:18:01 AM
 #129

What you have provided is not a proof at all. We can go into meaningless and long discussions, and that crap is not what you can get by providing a (formal) proof. So please provide a real (i.e. formal) proof.

The only point of disagreement in general has been centered on the difficulty of acquiring a majority of recent private keys. That is sadly unprovable.
ustin
Jr. Member
*
Offline Offline

Activity: 95
Merit: 4

Cryptocoin fanat


View Profile
February 08, 2018, 04:15:14 AM
 #130

Sorry for necroposting, but my considerations was moderated to AltCoins board and drown.
So, the problem simplifies to needing trusted third-party for checkpointing POS network and it is preferable to be independent from developer (because in this scenario most presumable evil is near coin developer).
Please follow https://bitcointalk.org/index.php?topic=2895120 - is this conception implementable?
Ucy
Sr. Member
****
Offline Offline

Activity: 644
Merit: 267


View Profile
February 08, 2018, 08:31:15 AM
 #131

Everything about PoS is creepy though. Where in the Universe is creating Value without Energy possible?
Well, I don't know much about the technical side of PoS but I have a feeling it'll be massively Centralized by government and the elites. Won't be surprised if this is the original goal.



Wonder if there are maths that support the PoS concept? Is stuff like that even possible in real World without burning massive amount of Energy.
ustin
Jr. Member
*
Offline Offline

Activity: 95
Merit: 4

Cryptocoin fanat


View Profile
February 08, 2018, 10:39:50 AM
 #132

Everything about PoS is creepy though.

Wonder if there are maths that support the PoS concept? Is stuff like that even possible in real World without burning massive amount of Energy.
All depends of consensus.
So, records in various registries are not costs anything, but trusting them is result of consensus.
Question is cost of possibitily to change it in hindsight.

Blockchain is immutable by cryptographics only within consensus agreement borders.
I can build alternate branch of bitcoin in my kitchen, but it will be only satisfied to my kitchen consensus, no one of widespreaded nodes approve my branch. It means, that main chain is shielded by computer work in single consensus concept of bitcoin network.

POS consensus is so less harmful, but vulnerable for a number of attacks, which can be simplified in majority to absence independent trusted authority inside network, as i can see. If we can verify some checkpoint independently, we can prevent, in particular, subj historical attack.

One question is how to find and automate this authority, and it was  proposition to bind POS blockchain to other blockchains, that I wish to discuss
cloud.runner
Newbie
*
Offline Offline

Activity: 65
Merit: 0


View Profile
February 08, 2018, 01:49:52 PM
 #133

Instead of Proof of Stake, I would like to vote for Proof of Work. It is not only for creating blocks, but also for making consensus, which is a great advantage.
monsterer2
Full Member
***
Offline Offline

Activity: 308
Merit: 104


View Profile
February 26, 2018, 12:11:00 PM
 #134

ironic that Proof of Anti-stake may work
the idea is, that user destroys it's coins and by doing so confirms a block

Doesn't work because to burn stake you must send a transaction, and you cannot come to a consensus on the current set of valid transactions by sending more transactions, it's a chicken and egg problem.

I did some analysis on it a while back, and long story short, it degenerates into PoS.

yj1190590
Member
**
Offline Offline

Activity: 126
Merit: 13


View Profile
May 12, 2018, 03:24:20 AM
 #135

I've found a solution in an other post for this problem that might help.
https://bitcointalk.org/index.php?topic=3603859.msg36995026#msg36995026

Quote
First of all the reorganizition is designed to prevent forks. Under normal circumstances,  some stakeholders would be active(trading or mining) in both branches (caused by NaS too) if there appears a fork. According to the probability there will be similar stake proportion of "double-active" users between both branches.

But if the branch is a fake chain built by the attackers, they will be disproportionate —— the proportion mentioned above in the mainchain will be much less than that in the fake one, unless you have bought every account, which is impossible. Under this circumstance, the branch should never be accepted no matter how long it is. This operation is also nessesary to prevent some group of users from getting extra advantage by unfair means when forks come.

By the way, the situation you have mentioned:"any syncing node querying at random will find his fake nodes with fake history" could be resolved by controling the p2p links——
Quote
each node only needs to build connection with a certain number of nodes with the fastest response speed.

The attacker needs to try through a lot of past blocks so that the longer range he seeks, the better chance he would success. But the longer range he starts the fork, the more obvious the disproportion will be. I think that might increase the difficulty you launch an attack, after all you gain those private keys by "buying".
AnnSerg77
Newbie
*
Offline Offline

Activity: 140
Merit: 0


View Profile
May 13, 2018, 08:13:40 PM
 #136

I have 3 q. How many possible staking inputs do these addresses have?
What is the min/max staking age of this coin?
How long a chain will they need to create to be longer?
inashed
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
May 28, 2018, 04:32:06 PM
 #137

Would change anything if two miners were picked by proof of stake or proof of hold (lowest amount of coin wallet had at some point of time at the last X days is the stake), and then select the real miner between those 2 miners by using proof of work?
metro.software
Jr. Member
*
Offline Offline

Activity: 75
Merit: 1


View Profile
May 29, 2018, 08:25:07 AM
 #138

ironic that Proof of Anti-stake may work
the idea is, that user destroys it's coins and by doing so confirms a block

Doesn't work because to burn stake you must send a transaction, and you cannot come to a consensus on the current set of valid transactions by sending more transactions, it's a chicken and egg problem.

I did some analysis on it a while back, and long story short, it degenerates into PoS.
Perhaps coins can be burned on a POW sidechain, e.g. Litecoin.
I guess in this scenario Proof-of-Sacrifice would work.

►►► Metro – become an co-owner of decentralized exchange. Mine or buy your share ◄◄◄ (https://bitcointalk.org/index.php?topic=4211306)
desmodiAN
Member
**
Offline Offline

Activity: 111
Merit: 10


View Profile
June 01, 2018, 09:37:52 AM
 #139

2. He uses these historical keys to generate a new chain of history starting just before the keys were emptied and which is longer in cumulative difficulty than the canonical chain. He can do this first time with 100% probability since he has a majority of historical stake

Read about finality in proof of stake. a once written and accepted block cannot be exchanged or rewritten. only with a big financial loss of 2/3rds of all validators.

"
The intention is to make 51% attacks extremely expensive, so that even a majority of validators working together cannot roll back finalized blocks without undertaking an extremely large economic loss — a loss so large that a successful attack would likely on net increase the price of the underlying cryptocurrency as the market would more strongly react to the reduction in total coin supply than it would to the need for an emergency hard fork to correct the attack
"

vitalik continued with an example of the loss:
"
A fully "finalized" block is one where > 2/3 of Casper validators will lose their entire deposits if the block ends up being not in the main chain (estimate this at being ~2-20 million ETH depending on how many people stake).
"

...
Traxo
Full Member
***
Offline Offline

Activity: 337
Merit: 125



View Profile
June 01, 2018, 09:43:11 AM
 #140

ironic that Proof of Anti-stake may work
the idea is, that user destroys it's coins and by doing so confirms a block

Doesn't work because to burn stake you must send a transaction, and you cannot come to a consensus on the current set of valid transactions by sending more transactions, it's a chicken and egg problem.


@anonymint says that your conclusion is not quite right or let's say it's incomplete.
After sufficient time the TaPoS combined with burning has inertia because users don't want to have the tokens reverted by a fork.
So essentially it's a more decentralized variant of checkpointing.
Will not help objectify consensus in the short-range case though.

I had relayed what @anonymint wrote about proof-of-stake:
https://gist.github.com/shelby3/e0c36e24344efba2d1f0d650cd94f1c7#oligarchy-if-pos-is-functioning
Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!