nexern
|
|
March 07, 2016, 12:18:21 PM |
|
pow isn't bad in general but a monetary based incentive model doesn't work. it may on the paper, in theory but you have to deal with humans here and they have totally different demands (mostly accumulation driven). i mean, is there really any doubt that this model already lead into a very unhealthy centralization?
perhaps for those denying reality, granted, but assuming this centralization is the case you have to accept that pow is much, much more vulnerable by bad actors than other models. i am talking not about the weird double spending scenarious contructed here, which are nonsense simple due to a horrible risk/reward ratio. i you just think a minute about the details necessary to initiate an attack (real world) it comes clear nobody would do this just for some doublespends but they would, if the goal is to create controlled mayhem.
taking this into account you can ask yourself now what gives you more confidence for a multi-billion ecosystem. pos, where an attacker has to reveal his intention by positioning building* to get the majority thru a very expensive asymptotically nearing or a handfull powerlines driven by an even smaller number of miners?
well, for me this is a no-brainer. sad how things are evolved but i would bet the probability an attacker could get the control on pos by buying old gen keys is magnitude smaller than satoshi is heavily pissed off how things are going and therefore switching his 1mio btc stash into ethereum.
*silent positioning building is pretty hard, even in traditional markets, where most parts of the books are closed but in crypto this much harder since most data is visible and many tracking tools already looking exactly for those kind of pattern.
|
|
|
|
funkenstein
Legendary
Offline
Activity: 1066
Merit: 1050
Khazad ai-menu!
|
|
March 07, 2016, 01:55:18 PM |
|
pow isn't bad in general but a monetary based incentive model doesn't work. it may on the paper, in theory but you have to deal with humans here and they have totally different demands (mostly accumulation driven). i mean, is there really any doubt that this model already lead into a very unhealthy centralization?
Absolutely there is doubt. There are what 15 million bitcoins worth of doubt. Most of the value of PoS coins also is also based on that doubt as well, as PoW is the underlying creation of the tokens which are then staked. I see no signs of unhealthy centralization as of yet, though this doesn't mean we shouldn't be concerned it could happen in the future and consider how to avoid / be ready. perhaps for those denying reality, granted, but assuming this centralization is the case you have to accept that pow is much, much more vulnerable by bad actors than other models.
What are these attacks on PoW coins which you refer? Curious. taking this into account you can ask yourself now what gives you more confidence for a multi-billion ecosystem. pos, where an attacker has to reveal his intention by positioning building* to get the majority thru a very expensive asymptotically nearing or a handfull powerlines driven by an even smaller number of miners?
*silent positioning building is pretty hard, even in traditional markets, where most parts of the books are closed but in crypto this much harder since most data is visible and many tracking tools already looking exactly for those kind of pattern.
Show me some tracking tools that could figure out that one person had control of any amount of hashpower or stakepower. If they don't choose to reveal anything about the keys they control, we know nothing. well, for me this is a no-brainer. sad how things are evolved but i would bet the probability an attacker could get the control on pos by buying old gen keys is magnitude smaller than satoshi is heavily pissed off how things are going and therefore switching his 1mio btc stash into ethereum.
lol! well certainly this is true if the coin has a max_depth_reorg parameter.
|
|
|
|
kushti
|
|
March 11, 2016, 01:55:14 PM |
|
This is an very informal proof, because I wanted it to be as readable as possible for the majority of readers. I hope this will finally show why Proof of Stake (PoS) is not a viable consensus design.
Ok, now please provide a formal proof for minority of readers who can't understand an informal one (e.g. me).
|
Ergo Platform core dev. Previously IOHK Research / Nxt core dev / SmartContract.com cofounder.
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
March 11, 2016, 02:26:42 PM |
|
This is an very informal proof, because I wanted it to be as readable as possible for the majority of readers. I hope this will finally show why Proof of Stake (PoS) is not a viable consensus design.
Ok, now please provide a formal proof for minority of readers who can't understand an informal one (e.g. me). @kushti i think the logic used in this thread is that given that we assume A inevitably leads to B, since A is self-evident, then B is too. It is hard to argue with that sort of logic as it allows to prove conclusively that B is true, it doesnt matter what B is, just as long as A is self-evident. Like this: We will assume that above absolute zero temperatures it is inevitable that the moon is made of cheese. Since we are not all frozen at absolute zero, it is clear that the moon is made of cheese. I think formally it would be: Assume A -> B and A is true, therefore B is true James
|
|
|
|
Mashuri
|
|
March 11, 2016, 05:46:50 PM |
|
This is an very informal proof, because I wanted it to be as readable as possible for the majority of readers. I hope this will finally show why Proof of Stake (PoS) is not a viable consensus design.
Ok, now please provide a formal proof for minority of readers who can't understand an informal one (e.g. me). @kushti i think the logic used in this thread is that given that we assume A inevitably leads to B, since A is self-evident, then B is too. It is hard to argue with that sort of logic as it allows to prove conclusively that B is true, it doesnt matter what B is, just as long as A is self-evident. Like this: We will assume that above absolute zero temperatures it is inevitable that the moon is made of cheese. Since we are not all frozen at absolute zero, it is clear that the moon is made of cheese. I think formally it would be: Assume A -> B and A is true, therefore B is true James Well then the burden is to prove A. Why is it assumed "self evident"?
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
March 11, 2016, 06:19:21 PM |
|
This is an very informal proof, because I wanted it to be as readable as possible for the majority of readers. I hope this will finally show why Proof of Stake (PoS) is not a viable consensus design.
Ok, now please provide a formal proof for minority of readers who can't understand an informal one (e.g. me). @kushti i think the logic used in this thread is that given that we assume A inevitably leads to B, since A is self-evident, then B is too. It is hard to argue with that sort of logic as it allows to prove conclusively that B is true, it doesnt matter what B is, just as long as A is self-evident. Like this: We will assume that above absolute zero temperatures it is inevitable that the moon is made of cheese. Since we are not all frozen at absolute zero, it is clear that the moon is made of cheese. I think formally it would be: Assume A -> B and A is true, therefore B is true James Well then the burden is to prove A. Why is it assumed "self evident"? Because it is in the OP, so it has to be true
|
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 13, 2016, 07:49:00 PM |
|
This is an very informal proof, because I wanted it to be as readable as possible for the majority of readers. I hope this will finally show why Proof of Stake (PoS) is not a viable consensus design.
Ok, now please provide a formal proof for minority of readers who can't understand an informal one (e.g. me). What don't you understand?
|
|
|
|
kushti
|
|
March 14, 2016, 08:06:45 AM |
|
What don't you understand?
What you have provided is not a proof at all. We can go into meaningless and long discussions, and that crap is not what you can get by providing a (formal) proof. So please provide a real (i.e. formal) proof.
|
Ergo Platform core dev. Previously IOHK Research / Nxt core dev / SmartContract.com cofounder.
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 14, 2016, 09:18:01 AM |
|
What you have provided is not a proof at all. We can go into meaningless and long discussions, and that crap is not what you can get by providing a (formal) proof. So please provide a real (i.e. formal) proof.
The only point of disagreement in general has been centered on the difficulty of acquiring a majority of recent private keys. That is sadly unprovable.
|
|
|
|
ustin
Jr. Member
Offline
Activity: 117
Merit: 4
|
|
February 08, 2018, 04:15:14 AM |
|
Sorry for necroposting, but my considerations was moderated to AltCoins board and drown. So, the problem simplifies to needing trusted third-party for checkpointing POS network and it is preferable to be independent from developer (because in this scenario most presumable evil is near coin developer). Please follow https://bitcointalk.org/index.php?topic=2895120 - is this conception implementable?
|
|
|
|
Ucy
Sr. Member
Offline
Activity: 2674
Merit: 403
Compare rates on different exchanges & swap.
|
|
February 08, 2018, 08:31:15 AM |
|
Everything about PoS is creepy though. Where in the Universe is creating Value without Energy possible? Well, I don't know much about the technical side of PoS but I have a feeling it'll be massively Centralized by government and the elites. Won't be surprised if this is the original goal.
Wonder if there are maths that support the PoS concept? Is stuff like that even possible in real World without burning massive amount of Energy.
|
████████████████████ OrangeFren.com ████████████████████instant KYC-free exchange comparison████████████████████ Clearnet and onion available #kycfree + (prepaid Visa & Mastercard) ████████████████████
|
|
|
ustin
Jr. Member
Offline
Activity: 117
Merit: 4
|
|
February 08, 2018, 10:39:50 AM |
|
Everything about PoS is creepy though.
Wonder if there are maths that support the PoS concept? Is stuff like that even possible in real World without burning massive amount of Energy.
All depends of consensus. So, records in various registries are not costs anything, but trusting them is result of consensus. Question is cost of possibitily to change it in hindsight. Blockchain is immutable by cryptographics only within consensus agreement borders. I can build alternate branch of bitcoin in my kitchen, but it will be only satisfied to my kitchen consensus, no one of widespreaded nodes approve my branch. It means, that main chain is shielded by computer work in single consensus concept of bitcoin network. POS consensus is so less harmful, but vulnerable for a number of attacks, which can be simplified in majority to absence independent trusted authority inside network, as i can see. If we can verify some checkpoint independently, we can prevent, in particular, subj historical attack. One question is how to find and automate this authority, and it was proposition to bind POS blockchain to other blockchains, that I wish to discuss
|
|
|
|
cloud.runner
Newbie
Offline
Activity: 62
Merit: 0
|
|
February 08, 2018, 01:49:52 PM |
|
Instead of Proof of Stake, I would like to vote for Proof of Work. It is not only for creating blocks, but also for making consensus, which is a great advantage.
|
|
|
|
monsterer2
|
|
February 26, 2018, 12:11:00 PM |
|
ironic that Proof of Anti-stake may work the idea is, that user destroys it's coins and by doing so confirms a block
Doesn't work because to burn stake you must send a transaction, and you cannot come to a consensus on the current set of valid transactions by sending more transactions, it's a chicken and egg problem. I did some analysis on it a while back, and long story short, it degenerates into PoS.
|
|
|
|
yj1190590
Member
Offline
Activity: 199
Merit: 15
|
|
May 12, 2018, 03:24:20 AM |
|
I've found a solution in an other post for this problem that might help. https://bitcointalk.org/index.php?topic=3603859.msg36995026#msg36995026First of all the reorganizition is designed to prevent forks. Under normal circumstances, some stakeholders would be active(trading or mining) in both branches (caused by NaS too) if there appears a fork. According to the probability there will be similar stake proportion of "double-active" users between both branches. But if the branch is a fake chain built by the attackers, they will be disproportionate —— the proportion mentioned above in the mainchain will be much less than that in the fake one, unless you have bought every account, which is impossible. Under this circumstance, the branch should never be accepted no matter how long it is. This operation is also nessesary to prevent some group of users from getting extra advantage by unfair means when forks come. By the way, the situation you have mentioned:"any syncing node querying at random will find his fake nodes with fake history" could be resolved by controling the p2p links—— each node only needs to build connection with a certain number of nodes with the fastest response speed. The attacker needs to try through a lot of past blocks so that the longer range he seeks, the better chance he would success. But the longer range he starts the fork, the more obvious the disproportion will be. I think that might increase the difficulty you launch an attack, after all you gain those private keys by "buying".
|
|
|
|
AnnSerg77
Newbie
Offline
Activity: 140
Merit: 0
|
|
May 13, 2018, 08:13:40 PM |
|
I have 3 q. How many possible staking inputs do these addresses have? What is the min/max staking age of this coin? How long a chain will they need to create to be longer?
|
|
|
|
inashed
Jr. Member
Offline
Activity: 89
Merit: 4
|
|
May 28, 2018, 04:32:06 PM |
|
Would change anything if two miners were picked by proof of stake or proof of hold (lowest amount of coin wallet had at some point of time at the last X days is the stake), and then select the real miner between those 2 miners by using proof of work?
|
|
|
|
metro.software
Jr. Member
Offline
Activity: 75
Merit: 1
|
|
May 29, 2018, 08:25:07 AM |
|
ironic that Proof of Anti-stake may work the idea is, that user destroys it's coins and by doing so confirms a block
Doesn't work because to burn stake you must send a transaction, and you cannot come to a consensus on the current set of valid transactions by sending more transactions, it's a chicken and egg problem. I did some analysis on it a while back, and long story short, it degenerates into PoS. Perhaps coins can be burned on a POW sidechain, e.g. Litecoin. I guess in this scenario Proof-of-Sacrifice would work.
|
|
|
|
desmodiAN
Member
Offline
Activity: 164
Merit: 19
|
|
June 01, 2018, 09:37:52 AM |
|
2. He uses these historical keys to generate a new chain of history starting just before the keys were emptied and which is longer in cumulative difficulty than the canonical chain. He can do this first time with 100% probability since he has a majority of historical stake
Read about finality in proof of stake. a once written and accepted block cannot be exchanged or rewritten. only with a big financial loss of 2/3rds of all validators.
" The intention is to make 51% attacks extremely expensive, so that even a majority of validators working together cannot roll back finalized blocks without undertaking an extremely large economic loss — a loss so large that a successful attack would likely on net increase the price of the underlying cryptocurrency as the market would more strongly react to the reduction in total coin supply than it would to the need for an emergency hard fork to correct the attack "
vitalik continued with an example of the loss: " A fully "finalized" block is one where > 2/3 of Casper validators will lose their entire deposits if the block ends up being not in the main chain (estimate this at being ~2-20 million ETH depending on how many people stake). "
...
|
|
|
|
Traxo
|
|
June 01, 2018, 09:43:11 AM Last edit: June 02, 2018, 12:07:38 PM by Traxo |
|
ironic that Proof of Anti-stake may work the idea is, that user destroys it's coins and by doing so confirms a block
Doesn't work because to burn stake you must send a transaction, and you cannot come to a consensus on the current set of valid transactions by sending more transactions, it's a chicken and egg problem. @anonymint says that your conclusion is not quite right or let's say it's incomplete. After sufficient time the TaPoS combined with burning has inertia because users don't want to have the tokens reverted by a fork. So essentially it's a more decentralized variant of checkpointing. Will not help objectify consensus in the short-range case though. I had relayed what @anonymint wrote about proof-of-stake: https://gist.github.com/shelby3/e0c36e24344efba2d1f0d650cd94f1c7#oligarchy-if-pos-is-functioning
|
|
|
|
|