Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
March 04, 2016, 09:18:04 PM |
|
Glad to see you recognize why your proposal can't function if centralization doesn't exist.
I'm talking about Nxt, not about Iota. PS: The point was that economic relationships already enforce some level of centralization. Nxt doesn't add extra bits of centralization, it fits into existing limits.
|
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 04, 2016, 11:46:17 PM |
|
That's when you find out that you were talking to the same guy, and you bought the same private key twice.
Why wouldn't you get them to sign a their msg with each of their private keys to prove that they owned them and that they were both separate?
|
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 05, 2016, 12:06:17 AM |
|
The miners have the most skin-in-the-game and can therefore be trusted to behave in the best interests of the system. The flaw in the design is more apparent than ever right now with the blocksize debate. Essentially we have non-miners who also have skin-in-the-game in the form of STAKE in the system (e.g. Coinbase, Blockstream, BitPay, users wanting "cheap" transactions, etc.) that are at odds with the incentives of miners.
Miners create the value in the system which is then invested in by stakeholders. The value is the continually reinforced consensus which cements a partial order of transactions with asymptotic finality. If you remove the miners, you are investing in nothing. That is PoS in a nutshell.
|
|
|
|
BARR_Official
|
|
March 05, 2016, 01:23:12 AM |
|
That's when you find out that you were talking to the same guy, and you bought the same private key twice.
Why wouldn't you get them to sign a their msg with each of their private keys to prove that they owned them and that they were both separate? They can prove that they own a receiving address, but any number of receiving addresses can belong to the same private key. They can't prove that their private key is different from someone else's without revealing the private key.
|
Buying At Retail and Restaurants - BarrCryptocurrency.com
|
|
|
LiQio
Legendary
Offline
Activity: 1181
Merit: 1002
|
|
March 05, 2016, 08:32:14 AM |
|
If you remove the miners, you are investing in nothing. That is PoS in a nutshell.
As long as you believe this, any discussion is pointless. It's economic nonsense, plain and simple.
|
|
|
|
Blocktree
|
|
March 05, 2016, 08:59:38 AM |
|
In any case, arguing that old private keys have value is to say that PoS doesn't work, since the transfer of value isn't reinforced sufficiently.
I don't argue on this. I argue that it's not easy to buy private keys even if users don't understand how blockchain works. Also, according to the market laws if someone starts buying keys publicly they will raise in price. And I'm more than sure that after you privately buy 100 keys the world will know that someone is buying them. Nxt only have 73 original keys,so attack happened before the world know. LOL
|
|
|
|
anon_giraffe
Member
Offline
Activity: 63
Merit: 10
|
|
March 05, 2016, 12:42:14 PM |
|
How many possible staking inputs do these addresses have? What is the min/max staking age of this coin? How long a chain will they need to create to be longer?
Any such addresses need to have enough inputs to support not just a functional chain, also with enough aged inputs to generate a long string of blocks with obscenely fast transaction time, and also be "young" enough to ensure the chain necessary is not very long.
Not forgetting many PoS coins already have centralised checkpointing hard coded, and that active coins have regular checkpoints added to the source - so such centralisation is already a given.
|
not a sig
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 05, 2016, 01:52:14 PM |
|
If you remove the miners, you are investing in nothing. That is PoS in a nutshell.
As long as you believe this, any discussion is pointless. It's economic nonsense, plain and simple. Check the OP - that is what this entire discussion is about.
|
|
|
|
BARR_Official
|
|
March 05, 2016, 02:01:28 PM |
|
If you remove the miners, you are investing in nothing. That is PoS in a nutshell.
As long as you believe this, any discussion is pointless. It's economic nonsense, plain and simple. Check the OP - that is what this entire discussion is about. PoS is mining. It's cpu-mining, not much different than what satoshi designed for Bitcoin. But while anyone can attack a PoW coin, nobody can attack a PoS coin without investing first. Even in your scenario.
|
Buying At Retail and Restaurants - BarrCryptocurrency.com
|
|
|
funkenstein
Legendary
Offline
Activity: 1066
Merit: 1050
Khazad ai-menu!
|
|
March 05, 2016, 02:30:16 PM |
|
If you remove the miners, you are investing in nothing. That is PoS in a nutshell.
As long as you believe this, any discussion is pointless. It's economic nonsense, plain and simple. Check the OP - that is what this entire discussion is about. PoS is mining. It's cpu-mining, not much different than what satoshi designed for Bitcoin. But while anyone can attack a PoW coin, nobody can attack a PoS coin without investing first. Even in your scenario. Anyone can mine a PoW coin, nobody can mine a PoS coin without investing first. FTFY
|
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 05, 2016, 02:47:57 PM |
|
PoS is mining. It's cpu-mining, not much different than what satoshi designed for Bitcoin.
But while anyone can attack a PoW coin, nobody can attack a PoS coin without investing first. Even in your scenario.
That's entirely inaccurate. The whole point of this thread is to get people to realise that PoS does not reinforce consensus; that's what PoW miners do.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
March 05, 2016, 02:56:12 PM |
|
That's entirely inaccurate. The whole point of this thread is to get people to realise that PoS does not reinforce consensus; that's what PoW miners do.
ASIC speed grows in bursts. Eventually one of the bursts will allow to rewrite the whole blockchain from the genesis within a day. I wouldn't say that PoW is that secure as you think.
|
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 05, 2016, 03:26:39 PM |
|
ASIC speed grows in bursts. Eventually one of the bursts will allow to rewrite the whole blockchain from the genesis within a day. I wouldn't say that PoW is that secure as you think.
That would be a 51% attack.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
March 05, 2016, 03:58:13 PM |
|
That would be a 51% attack.
Ah, right. I didn't notice that you emphasized on achieving a consensus, not on security. My bad.
|
|
|
|
BARR_Official
|
|
March 05, 2016, 04:08:19 PM |
|
PoS is mining. It's cpu-mining, not much different than what satoshi designed for Bitcoin.
But while anyone can attack a PoW coin, nobody can attack a PoS coin without investing first. Even in your scenario.
That's entirely inaccurate. Then why does your attack require buying a private key that has mined on the network?
|
Buying At Retail and Restaurants - BarrCryptocurrency.com
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 05, 2016, 04:36:08 PM |
|
That would be a 51% attack.
Ah, right. I didn't notice that you emphasized on achieving a consensus, not on security. My bad. Your point doesn't make any sense in any other context. Mining is necessarily a competition, so if ASIC performance spikes then unless one entity has control of more than 50% of the network then they cannot rewrite the blockchain from the genesis, since all miners complete to create blocks.
|
|
|
|
nexern
|
|
March 05, 2016, 04:37:57 PM |
|
ASIC speed grows in bursts. Eventually one of the bursts will allow to rewrite the whole blockchain from the genesis within a day. I wouldn't say that PoW is that secure as you think.
That would be a 51% attack. pos is much more secure than pow. you can't attack pos without notice or real world feedback but you can on pow. on pow an evil entity could easily aggregate +50% silent, in the dark, without any chance to prevent this. even without any new fancy, more powerfull asic design, this attack could occur anytime and compared to a pos with a similar macap it would also be cheap, very cheap. to follow your crude 'pico-probabillity-attack-vectors' on pos, here is a crude pow one for you. just imagine that for whatever reason, the power-lines to the three chinese mining-warehouses randomly gets broken. i guess in this case the attack would be much cheaper, perhaps close to free compared to pos and as said, just out of the dark without any chance or sign to prevent it. this is impossible with pos. however, whatever possible attack vector you are constructing, it boils down to this. if you try to find a solution to fix users, having the goal to destroy their own stuff serving them (your gen key example) you will fail, no matter how fancy your math is. there is no solution for lunatic or planed selfdestroying behaviour simple because even if it would, it has no value because the target and reason for this solution dissapears.
|
|
|
|
freshman777
|
|
March 06, 2016, 11:41:26 AM |
|
to follow your crude 'pico-probabillity-attack-vectors' on pos, here is a crude pow one for you. just imagine that for whatever reason, the power-lines to the three chinese mining-warehouses randomly gets broken. i guess in this case the attack would be much cheaper, perhaps close to free compared to pos and as said, just out of the dark without any chance or sign to prevent it. this is impossible with pos.
|
ARDOR - Blockchain as a Service. Three birds with one stone. /// Do not hold NXT at exchanges, NXT wallets: core+lite, mobile Android
|
|
|
bumbacoin
Legendary
Offline
Activity: 1638
Merit: 1036
|
|
March 07, 2016, 10:12:45 AM |
|
ASIC speed grows in bursts. Eventually one of the bursts will allow to rewrite the whole blockchain from the genesis within a day. I wouldn't say that PoW is that secure as you think.
That would be a 51% attack. pos is much more secure than pow. you can't attack pos without notice or real world feedback but you can on pow. on pow an evil entity could easily aggregate +50% silent, in the dark, without any chance to prevent this. even without any new fancy, more powerfull asic design, this attack could occur anytime and compared to a pos with a similar macap it would also be cheap, very cheap. to follow your crude 'pico-probabillity-attack-vectors' on pos, here is a crude pow one for you. just imagine that for whatever reason, the power-lines to the three chinese mining-warehouses randomly gets broken. i guess in this case the attack would be much cheaper, perhaps close to free compared to pos and as said, just out of the dark without any chance or sign to prevent it. this is impossible with pos. however, whatever possible attack vector you are constructing, it boils down to this. if you try to find a solution to fix users, having the goal to destroy their own stuff serving them (your gen key example) you will fail, no matter how fancy your math is. there is no solution for lunatic or planed selfdestroying behaviour simple because even if it would, it has no value because the target and reason for this solution dissapears. the reason Bumbacoin switched to PoS was to protect against PoW random hashes. any shitcoin that is not worth people pointing mega-peta-hashes at the chain is at risk of multi-pools or even random arse's with a bunch of miners in their spare room. BCX? used to make a thing about attacking shit coins, that capability is with in the hands of many more people now. even with apparently fancy difficulty re-targeting algorithms , the chain will still get shat on when mega-hash gets pointed at it.
|
💦☔️🐳💚💖💛 | ★ | | ★
| | ████████████████ ████████████████ ████████████████ ████████████████ ████████████████ ████████████████ ████████████████ ████████████████ ████████████████ ████████████████ ████████████████ ████████████████ ████████████████ ████████████████ ████████████████ ████████████████ | | ★ | 🐠👻🍗🌳🐵
|
|
|
|
stdset
|
|
March 07, 2016, 10:24:21 AM Last edit: March 07, 2016, 11:08:12 AM by stdset |
|
It is so tiring to reply to the hordes of ignorant trolls.
I wrote upthread that one could buy and sell the coins on an exchange. They would then hold the historic private keys to attack with. This would only cost them the average spread between buy and sell prices, so they don't actually have to buy 50%.
Even monsterer doesn't claim that collecting historic priv keys is a viable attack vector. It was explained why it isn't. He claims that it's easy to collect enough priv keys for this attack in a short timeframe. There is no way to objectively distinguish a historic key that is respent from a historic transaction that had spent that historic key. This is a double-spend with two chains arguing about which was first. The only way to distinguish which was first is either a decentralized objectivity which is the PoW longest-chain-rule, or for PoS a centralized objectivity such as community/developer checkpoints. Please stop wasting my time with nonsense replies. The problem is not to acquire a historic key and make a doublespending transaction, the problem is to acquire enough historic keys to outweigh the honest stake. When you acquire the first key, you must start your fork before it was emptied. In the scenario you describe, your fork must start very far in the past, but that's not a problem. The problem is, you now have a transaction that must be censored on your fork (in your scenario it's the transaction that deposits the funds back to an exchange). Since this transaction (let's call it transaction A) is excluded from your fork, you must exclude all transactions that depend on it, i.e. a transaction B that spends that output, and all descendant transactions (that's all on your fork, the main fork continues to function as it supposed to). Now, when you make the second withdrawal from the exchange, it may happen, that you must exclude this withdrawal on your fork too, because it indirectly depends on the transaction A, so you fail to acquire new keys this time. If the second withdrawal doesn't depend on transaction A, than OK, you got the second key, but you must again censor depositing transaction on your fork, therefore your fork inevitably drifts away from the main fork and it becomes more and more difficult to find suitable keys. Given that for a successful attack you need a lot of stake/keys, the only plausible scenario is to acquire them all in a very short timeframe. P.S. I don't know, whether my explanation is easy to understand, English isn't my native language. If it's not clear enough, maybe other people may help you (most people here seem to understand this issue with this kind of attack).
|
|
|
|
|