iamnotback (OP)
|
|
July 14, 2016, 08:58:44 PM |
|
kiklo, you can't just claim that 'difficulty' field has any relevant meaning in PoS, unless you know what in code is driving the value of that field. Programming isn't like "the UI is always correct". We have to actually understand what the hell "difficulty" means in this PoS algorithm your code is using. Who knows maybe the programmer is setting some value there what is random or just some gibberish hash of some other data. The programmer might have just wanted to use a consistent set of fields between the two UI (PoW and PoS). I really can't determine any thing from that. I'd have to dig into the code, which really isn't fair since I am not being paid to do that.
Every reference I have studied on PoS has never mentioned a difficulty. There is some talk about strategies that an attacker might use which end up using a lot of computation thus being sort of like PoW, except these aren't in the official client and there is no record of the level of that difficulty recorded (since it is an attack, thus not designed into the protocol).
I am sorry but your point about PoS having difficulty doesn't make sense as far as what I know about PoS and the numerous references I have read. The reason your coin hasn't been attacked is it isn't worth doing so. Ethereum wasn't attacked until the marketcap reached $billion and DAO $160m. It has nothing to do with you not needing to use checkpoints. You just got lucky because your coin doesn't have a large enough marketcap to be worth attacking.
That is not intended to be an insult to your coin effort. Everyone should be free to create and market an altcoin. I am not out to destroy all these smaller coins with my words. If you ever manage to reach your larger goals with it, I assume you'll hire a full time programmer then you will start to deal with some of the issues I am pointing out.
Frankly it is pretty rude of you to argue programming issues with me, as I have written perhaps a few 100,000s lines of code in my lifetime ranging from 68000 assembly to C to C++ to PHP to SQL to Android to Java to Javascript to Scala to Haskell, etc, etc, etc
Not trying to get in a heated debate or anything, but trying to wrap my head around the claims that difficulty is different from PoW to PoS. From my understanding, both difficulty adjustment algorithms (although altered from coin to coin) are looking at the time it took to produce a new block. If the time is greater than the targeted block time, then difficulty goes down so that it is easier to produce the next block, if the time it took was less than the target difficulty goes up so that it is harder to produce the next block. I don't see any real conceptional difference in the difficulty adjustment algorithms. I suppose that maybe its an argument about the valid proof required to create that block rather than the adjustment algorithm itself (sorry the thread has been a bit difficult to follow). Admittedly, I am not a crazy expert programmer. I am still working on my masters in CS, and learn new things all the time. I have however, what I consider a pretty good fundamental understanding of Bitcoin and Peercoin code bases. As I explained already (see quote below), the coin age time employed to threshold the delay for signing in the variant of PoS you are using, isn't delayed by PoW computation delay. The coin age delay is a fabrication of the UXTO at that point in time. Since the attacker can construct a UXTO from his own stake and since in PoS there is no PoW computational delay impeding the attacker from rebuilding a Long Range chain attack, then the only way to prevent such an attack (i.e. the nothing-at-stake problem) in PoS is to employ checkpoints. This is is known to every expert who has studied PoS. I was also referring to the accumulated sum of the thresholds you call difficulty. That is irrelevant and that you don't understand why, goes directly to the heart of your slobbering Dunning-Kruger ignorance.
I already explained to you there is no computational cost. Adding thresholds which have no computation cost does not prevent the fast construction of a chain from any point in history. The coin age delays are entirely relative to what the attacker constructs on the chain of transactions.
Unlike your Dunning-Kruger idiot troll colleague kiklo, at least you are apparently smart (humble/wise) enough to understand you should phrase your thoughts as an inquiry and see what my rebuttal is, so I can explain to you what your myopia is. I can appreciate a calm and rational discussion with you, if you keep it that way. Thank you. Tangentially, note I am in some areas of programming, "a crazy expert programmer". Did you not for example see my schooling of Bitcoin core developer (also key member of Blockstream) Gregory Maxwell on the cost of a correct index missing from the Ogg container format for which he is supposed to be a resident expert given he was the co-inventor of one of the Ogg codecs. Did you not see where I was designing a new programming language which is one of the most expert tasks in computer science. I don't say this to be boastful, but because it is an enormous waste of my time when someone doesn't respect that I am, and trolls their slobbering ignorance on one of my threads, dragging me into wasting hours and hours of my scarce time. kiklo has now earned the asshat medal, which will be permanently affixed to his reputation from my perspective. After this debate has concluded with kiklo walking away with his tail between his legs, he will go on my Ignore and disappear into a black hole far from my productive life because he has negative worth in life (from my perspective). I make mistakes like any human. None of us are omniscient and I am not expert about every corner of the programming universe (e.g. I am not a cryptographer nor am I a networking expert), but I am orders-of-magnitude more knowledgeable about programming issues than kiklo and in his messed up sense of pecking order; he seems to somehow think I would go on for 4 pages in a thread if I were not expertly 99% confident that I am correct about the issue he and I have been debating. Would not be the 1st Time, I corrected People who thought they knew everything and they were wrong. Been doing that for ~80 years now. That is your own Fault , No one told you to spread misinformation about a topic, even you admit you do not have a complete understanding of. Take a pill and calm down or pop a blood vessel , your choice , but don't expect me to let you spread misinformation like it is gospel when it is not. Nice fantasy you have asshat.
|
|
|
|
|
iamnotback (OP)
|
|
July 14, 2016, 09:08:23 PM |
|
Duplicate blocks are not propagated by the network and a limit is imposed on how often an attack can be attempted, by the coin age being consumed by staking. Secondly the top block is removed when a duplicate stake (using the same output more then once) is received directly punishing the attacker by delaying the reward, thus loosing out on compounding interest.
Incorrect. This is only known to nodes which were online at the time. The entire point about nothing-at-stake is that new nodes that come online can't verify which chain is valid without some adhoc social contract and checkpoints. We experts don't have time to run around correcting all the places that these asshats promulgate their nonsense. Another protection is that because the attacker has to own a considerable amount of coins, it exposes the attacker to exchange rate risk (the value of their investment collapsing); a risk that is increased by the person's own attempt to attack the network. The argument is flawed because it argues that the attacker has nothing at stake, when in reality the attacker has to spend resources to acquire the coins used in the attack, thereby exposing themselves to exchange rate risk.
Incorrect. The attacker can short the token (which btw is one reason why attacking these tiny PoS coins is not worth it). Etc, etc., etc...
|
|
|
|
kiklo
Legendary
Offline
Activity: 1092
Merit: 1000
|
|
July 14, 2016, 09:10:55 PM |
|
FYI: Want to know what is funny , My Favorite coin is already up and running going on ~3 years. Yours is still a fart bubble in your head, and the more misinformation you spread about Proof of Stake, the less likely your fart bubble ever becomes a reality. Or did you just want to admit , a new coin design from you is just fantasy and you rather just proclaim your greatness instead of proving it. FYI: Mr. Pretender Those that can, Do. Those that can't , Pretend like they can.
|
|
|
|
iamnotback (OP)
|
|
July 14, 2016, 09:13:32 PM Last edit: July 14, 2016, 09:46:31 PM by iamnotback |
|
My Favorite coin is already up and running going on ~3 years.
Whoopee-doo. The famous unfalsifiable shitcoin illogical excuse, "you didn't attack my worthless shitcoin, therefor my shitcoin is secure". Either it is not PoS, or it has adhoc social contract checkpoints (i.e. a centralized clusterfuck) and a large marketcap ($billion), or it has a tiny marketcap (< $100 million) that isn't worth attacking. Goodbye asshat, you are now on Ignore because you write nonsense and you are not even a programmer.kiklo you are not qualified to debate me. Any person who is qualified and reads what I have written to you, is shaking their head wondering how you can be such a dumb jackass. I have been warned to never argue with an idiot, because an idiot doesn't know when they are incorrect.
|
|
|
|
kiklo
Legendary
Offline
Activity: 1092
Merit: 1000
|
|
July 14, 2016, 09:15:41 PM Last edit: July 15, 2016, 07:25:25 AM by kiklo |
|
Incorrect. The attacker can short the token (which btw is one reason why attacking these tiny PoS coins is not worth it).
Etc, etc., etc...
Blackcoin is ~ $3 million on market cap, Mintcoin is ~ $2 million on market cap, now that you explained they are a sitting ducks , someone will destroy them. Oh Wait, No Worries, You don't know what you are talking about. FYI: 5 Pages to get you to ignore me, I must say it was worth every post. Going to work on that fart bubble in your head?kiklo you are not qualified to debate me. Any person who is qualified and reads what I have written to you, is shaking their head wondering how you can be such a dumb jackass. I have been warned to never argue with an idiot, because an idiot doesn't know when they are incorrect.
That's funny , I've read what you wrote and all I see is an arrogant prick that is too stupid to actually have a decent conversation, hiding behind a pretense of intelligence, I have taken your measure, and you are lacking in intelligence and civility. You are always sprouting Nash , like it is a big deal, kind of shows there are NO ORIGINAL THOUGHTS IN YOUR HEAD. You Repeat yourself with the Repetition of Stupidity.
|
|
|
|
kiklo
Legendary
Offline
Activity: 1092
Merit: 1000
|
|
July 14, 2016, 09:28:38 PM |
|
Your Op Title is Proof-of-stake can never scale without blowing up, because PoS isn't trustless IMO this is more accurate iamnotback makes up opinions without researching the facts , so iamnotback's opinions can not be Trusted
|
|
|
|
presstab
Legendary
Offline
Activity: 1330
Merit: 1000
Blockchain Developer
|
|
July 14, 2016, 09:41:06 PM |
|
The proof hash for PoS coins has always been hashed in SHA, the block hash algorithm really has no direct relevance to the difficulty of producing a PoS block.
Hmm, Just to clear it up for everyone myself included. Aside from PoW generation, when Blackcoin whitepaper say scrypt and moving to sha, what exactly did Rat4 mean by the block hash was changing from Scrypt to Sha, in your opinion? FYI: This was a tangent conversation , and has nothing to do with the fact iamnotback is Wrong in his Slandering of proof of stake.The block hash is not the same thing as the proof hash. The block hash is the identifier for a particular block, it hashes various elements of the block together and produces a hash of the inputs. The proof hash is what you are producing when you are attempting to stake. Given your stake inputs, you hash them together using the timestamp instead of a nonce, and then have successfully produced a stake if your hash is less than the targeted value. The proof hash has always been done in SHA, lots of people don't realize this especially the type that say they are using Blake for light weight staking... The proof hash is part of the block, but is not the block hash.
|
|
|
|
presstab
Legendary
Offline
Activity: 1330
Merit: 1000
Blockchain Developer
|
|
July 14, 2016, 10:05:57 PM |
|
As I explained already (see quote below), the coin age time employed to threshold the delay for signing in the variant of PoS you are using, isn't delayed by PoW computation delay. The coin age delay is a fabrication of the UXTO at that point in time. Since the attacker can construct a UXTO from his own stake and since in PoS there is no PoW computational delay impeding the attacker from rebuilding a Long Range chain attack, then the only way to prevent such an attack (i.e. the nothing-at-stake problem) in PoS is to employ checkpoints. This is is known to every expert who has studied PoS.
What is "PoW computation delay" in this context. If you are building a side chain you can assign whatever arbitrary timestamp you want to a PoW block, so there is no required delay. On the true chain, yes there will be delay because it is an honest chain. But on a fraudulent chain, you can do assign whatever timestamp you want, build the next block ten seconds or whatever later, all the while holding the chain privately. Or am I missing an important aspect, I could definitely be and would appreciate you expanding on that if you could. Edit: Or maybe is the argument that... yes you could build a side chain that could confuse nodes up to a certain time, but that side chain will never catch up to the work added to the main chain?
|
|
|
|
iamnotback (OP)
|
|
July 14, 2016, 10:11:55 PM |
|
As I explained already (see quote below), the coin age time employed to threshold the delay for signing in the variant of PoS you are using, isn't delayed by PoW computation delay. The coin age delay is a fabrication of the UXTO at that point in time. Since the attacker can construct a UXTO from his own stake and since in PoS there is no PoW computational delay impeding the attacker from rebuilding a Long Range chain attack, then the only way to prevent such an attack (i.e. the nothing-at-stake problem) in PoS is to employ checkpoints. This is is known to every expert who has studied PoS.
What is "PoW computation delay" in this context. If you are building a side chain you can assign whatever arbitrary timestamp you want to a PoW block, so there is no required delay. The delay to compute the proof-of-work. You can't just magically pull proof-of-work out of thin air as it requires expending electricity. Although an attacker could muck around with timestamps on his chain, he has start from some known block and he must produce a longer chain of PoW computation, which requires he consume more electricity than one the current longest chain. These are Bitcoin101 concepts. On the true chain, yes there will be delay because it is an honest chain. But on a fraudulent chain, you can do assign whatever timestamp you want, build the next block ten seconds or whatever later, all the while holding the chain privately. Or am I missing an important aspect, I could definitely be and would appreciate you expanding on that if you could.
I do not know what you are thinking about. Sounds weird. Are you thinking about Blockstream's Side-chains proposal (which is known to be insecure)?
|
|
|
|
presstab
Legendary
Offline
Activity: 1330
Merit: 1000
Blockchain Developer
|
|
July 14, 2016, 10:28:12 PM |
|
As I explained already (see quote below), the coin age time employed to threshold the delay for signing in the variant of PoS you are using, isn't delayed by PoW computation delay. The coin age delay is a fabrication of the UXTO at that point in time. Since the attacker can construct a UXTO from his own stake and since in PoS there is no PoW computational delay impeding the attacker from rebuilding a Long Range chain attack, then the only way to prevent such an attack (i.e. the nothing-at-stake problem) in PoS is to employ checkpoints. This is is known to every expert who has studied PoS.
What is "PoW computation delay" in this context. If you are building a side chain you can assign whatever arbitrary timestamp you want to a PoW block, so there is no required delay. The delay to compute the proof-of-work. You can't just magically pull proof-of-work out of thin air as it requires expending electricity. Although an attacker could muck around with timestamps on his chain, he has start from some known block and he must produce a longer chain of PoW computation, which requires he consume more electricity than one the current longest chain. These are Bitcoin101 concepts. I added this after: Or maybe is the argument that... yes you could build a side chain that could confuse nodes up to a certain time, but that side chain will never catch up to the work added to the main chain? So I suppose now if I am understanding the argument correctly is that.. sure you can alter the timestamps and perhaps make a confusing fork on a PoW coin, but at the end of the day it is going to be pretty much impossible to be able to have a chain that ends with the same level of computation that the main chain has. On the other hand, using PoS, and supposing that there are no checkpoints... it would be possible to re-mine and restake all the way from the genesis block and and result in a chain that has higher trust than the main chain.
|
|
|
|
iamnotback (OP)
|
|
July 14, 2016, 10:31:03 PM |
|
As I explained already (see quote below), the coin age time employed to threshold the delay for signing in the variant of PoS you are using, isn't delayed by PoW computation delay. The coin age delay is a fabrication of the UXTO at that point in time. Since the attacker can construct a UXTO from his own stake and since in PoS there is no PoW computational delay impeding the attacker from rebuilding a Long Range chain attack, then the only way to prevent such an attack (i.e. the nothing-at-stake problem) in PoS is to employ checkpoints. This is is known to every expert who has studied PoS.
What is "PoW computation delay" in this context. If you are building a side chain you can assign whatever arbitrary timestamp you want to a PoW block, so there is no required delay. The delay to compute the proof-of-work. You can't just magically pull proof-of-work out of thin air as it requires expending electricity. Although an attacker could muck around with timestamps on his chain, he has start from some known block and he must produce a longer chain of PoW computation, which requires he consume more electricity than one the current longest chain. These are Bitcoin101 concepts. I added this after: Or maybe is the argument that... yes you could build a side chain that could confuse nodes up to a certain time, but that side chain will never catch up to the work added to the main chain? So I suppose now if I am understanding the argument correctly is that.. sure you can alter the timestamps and perhaps make a confusing fork on a PoW coin, but at the end of the day it is going to be pretty much impossible to be able to have a chain that ends with the same level of computation that the main chain has. On the other hand, using PoS, and supposing that there are no checkpoints... it would be possible to re-mine and restake all the way from the genesis block and and result in a chain that has higher trust than the main chain. Congratulations for realizing what all of us had realized.
|
|
|
|
presstab
Legendary
Offline
Activity: 1330
Merit: 1000
Blockchain Developer
|
|
July 14, 2016, 10:43:13 PM |
|
I added this after: Or maybe is the argument that... yes you could build a side chain that could confuse nodes up to a certain time, but that side chain will never catch up to the work added to the main chain?
So I suppose now if I am understanding the argument correctly is that.. sure you can alter the timestamps and perhaps make a confusing fork on a PoW coin, but at the end of the day it is going to be pretty much impossible to be able to have a chain that ends with the same level of computation that the main chain has.
On the other hand, using PoS, and supposing that there are no checkpoints... it would be possible to re-mine and restake all the way from the genesis block and and result in a chain that has higher trust than the main chain.
Congratulations for realizing what all of us had realized. Don't know what the hostility is for... Superiority complex I suppose. So I guess my conclusion here would be, so long as there are hard checkpoints set into proof of stake chains after the coin has been widely distributed to many different individuals, and such that it turns into a proof-of-working-stake style coin, then there should not be any risk. At such a point it is not feasible to get enough coinage to launch an attack that would build a larger trust score. Of course thats just my opinion. And I am not here to be in a PoS is better than PoW argument. PoW that has significant hash power is that is widely distributed (ie not a few pools running the show) would probably be the safest system IMO. But at the end of the day, PoS is easy to use and you don't need to buy equipment from a select few group of companies that produce that equipment.
|
|
|
|
iamnotback (OP)
|
|
July 14, 2016, 10:46:17 PM |
|
Don't know what the hostility is for... Superiority complex I suppose.
I wasn't expressing any hostility. Why did you think so? If I learn something from you, then you congratulate me for realizing what you had known, then I would be denying my gratitude by presuming you were gloating. I had to deal with 5 pages of trolling by your colleague (well he claims some affiliation to you). I am entitled to acknowledge your realization. There is no animosity intended. You are being rational and so am I. I was just relieved the trolling had come to an end finally. Carry on. We both have work to do.
|
|
|
|
presstab
Legendary
Offline
Activity: 1330
Merit: 1000
Blockchain Developer
|
|
July 14, 2016, 11:04:38 PM |
|
Don't know what the hostility is for... Superiority complex I suppose.
I wasn't expressing any hostility. Why did you think so? If I learn something from you, then you congratulate me for realizing what you had known, then I would be denying my gratitude by presuming you were gloating. I had to deal with 5 pages of trolling by your colleague (well he claims some affiliation to you). I am entitled to acknowledge your realization. There is no animosity intended. You are being rational and so am I. I was just relieved the trolling had come to an end finally. Carry on. We both have work to do. I have no affiliation with Kiklo. I was pointed to this thread by someone else. I think people just tend to throw out my name at times when PoS code is being talked about.
|
|
|
|
kito
Newbie
Offline
Activity: 13
Merit: 0
|
|
July 14, 2016, 11:22:37 PM |
|
So much anger. I have read previous posts debating this topic. One thing that comes up is POS needs checkpoints but POW doesn't. I believe POW and POS needs to have checkpoints. Here are my thoughts. Actually these ideas are not mine just what I have read previously on the same topic. But for new users this might help.
There is a perception that a long POW chain has a lot computation work behind it. This is not always true. POW difficulty changes to meet the target block generation period. There is no guarantee that a longer block chain has more work than a shorter chain.
On POW chain it is implied that work is being done and a longer POW chain has more work on it. This is because on honest chains which have equal difficulty targets are for most part true. But on this topic we are not worried about honest nodes trying to reach consensus with long running nodes which already have the honest chains.
In this case we are talking "checkpoint POS vs POW". Or as I like to say, "what happens when a new node comes online in a hostile hacker zone- how does a client trust one long chain vs another."
A hacker / attacker could basically fake blocks /w fake creation times for POS and POW chains. For POW, the attacker would generate chains with lowest allowed difficulty level and then keep it this way while generating a longer block chain. In this way an attacker can create a valid long POW block chain with low work / energy while following all the rules. This is sometimes overlooked because people look at bitcoin chain and see tons of energy expended in the mining races. The difficulty target in POW is to maintain block generation time not to insure there is a provable amount of work being done on the chain.
Enter the trusty checkpoint. Without the checkpoints a POS or POW would fail in this scenario. A checkpoint hash however cements the block chain up to a given date. With checkpoints an attacker has to mount the attack after this point which is more difficult to do with both POW or POS coins. For POW, the attacker has to reduce the difficulty target using energy. For POS, he would have to purchase a stake to reduce difficulty to generate a new fake chain.
So I accept checkpoints. They are cheap and make it highly difficult for attackers to workaround it.
|
|
|
|
iamnotback (OP)
|
|
July 14, 2016, 11:24:00 PM Last edit: July 14, 2016, 11:37:49 PM by iamnotback |
|
So much anger.
You'd be pissed off too if some troll wasted your $300 per hour (opportunity cost) time for several hours. He could have raised his points with much less verbiage, rancor, and direct to the point on specifics. We could have concluded his education with a few cordial posts. But no, he was determined to be an asshat and was trying to humiliate me. It backfired on him, because I am somewhat expert. There is a perception that a long POW chain has a lot computation work behind it. This is not always true. POW difficulty changes to meet the target block generation period. There is no guarantee that a longer block chain has more work than a shorter chain.
Incorrect. A correctly programmed PoW block chain will compute the cumulative difficulty of the chain. This can be computed/verified mathematically from the number of leading 0s in each PoW hash for each block. So I accept checkpoints. They are cheap and make it highly difficult for attackers to workaround it.
They are not cheap. They waste the entire block chain on a power vacuum clusterfuck. Please read the OP and all the links and think more carefully about the critical importance of the Nash equilibrium. Study what happened to Ethereum. This issue becomes critical as your block chain scales to a $billion valuation and is a serious contender in CC.
|
|
|
|
kiklo
Legendary
Offline
Activity: 1092
Merit: 1000
|
|
July 15, 2016, 04:01:47 AM |
|
As I explained already (see quote below), the coin age time employed to threshold the delay for signing in the variant of PoS you are using, isn't delayed by PoW computation delay. The coin age delay is a fabrication of the UXTO at that point in time. Since the attacker can construct a UXTO from his own stake and since in PoS there is no PoW computational delay impeding the attacker from rebuilding a Long Range chain attack, then the only way to prevent such an attack (i.e. the nothing-at-stake problem) in PoS is to employ checkpoints. This is is known to every expert who has studied PoS.
What is "PoW computation delay" in this context. If you are building a side chain you can assign whatever arbitrary timestamp you want to a PoW block, so there is no required delay. The delay to compute the proof-of-work. You can't just magically pull proof-of-work out of thin air as it requires expending electricity. Although an attacker could muck around with timestamps on his chain, he has start from some known block and he must produce a longer chain of PoW computation, which requires he consume more electricity than one the current longest chain. These are Bitcoin101 concepts. I added this after: Or maybe is the argument that... yes you could build a side chain that could confuse nodes up to a certain time, but that side chain will never catch up to the work added to the main chain? So I suppose now if I am understanding the argument correctly is that.. sure you can alter the timestamps and perhaps make a confusing fork on a PoW coin, but at the end of the day it is going to be pretty much impossible to be able to have a chain that ends with the same level of computation that the main chain has. On the other hand, using PoS, and supposing that there are no checkpoints... it would be possible to re-mine and restake all the way from the genesis block and and result in a chain that has higher trust than the main chain.This part is where I have a problem, to achieve the above you need to be able to have a higher difficulty per chain than the main chain. How do you accomplish this if , even without checkpoints 1. The Main Chain has more coins than you. 2. The Coin has months or years of blocks built up. 3. Coins require time before they can stake again , staking is not a continuous system. This would hamper the attempt. I don't see how you can build up enough difficulty unless you own all of the coins, and if you do no one else cares what you do with it. What % of the coins would you need to even attempt this as it seems you would need way more than 51% to reach the genesis block. Also if you consider this as an issue why don't your coins use a checkpoint server?
|
|
|
|
kiklo
Legendary
Offline
Activity: 1092
Merit: 1000
|
|
July 15, 2016, 04:18:00 AM |
|
You'd be pissed off too if some troll wasted your $300 per hour (opportunity cost) time for several hours. He could have raised his points with much less verbiage, rancor, and direct to the point on specifics. We could have concluded his education with a few cordial posts. But no, he was determined to be an asshat and was trying to humiliate me. It backfired on him, because I am somewhat expert. If you can find someone to pay you $300 per hour , why is your dumb ass running your mouth in the forum. Go to work !!! So I accept checkpoints. They are cheap and make it highly difficult for attackers to workaround it.
They are not cheap. They waste the entire block chain on a power vacuum clusterfuck. Please read the OP and all the links and think more carefully about the critical importance of the Nash equilibrium. Study what happened to Ethereum. BTC & Monero use checkpoints in their wallet updates, is Nash upset about that too, or is it ok since they are PoW.
|
|
|
|
presstab
Legendary
Offline
Activity: 1330
Merit: 1000
Blockchain Developer
|
|
July 15, 2016, 04:19:38 AM |
|
I added this after: Or maybe is the argument that... yes you could build a side chain that could confuse nodes up to a certain time, but that side chain will never catch up to the work added to the main chain?
So I suppose now if I am understanding the argument correctly is that.. sure you can alter the timestamps and perhaps make a confusing fork on a PoW coin, but at the end of the day it is going to be pretty much impossible to be able to have a chain that ends with the same level of computation that the main chain has.
On the other hand, using PoS, and supposing that there are no checkpoints... it would be possible to re-mine and restake all the way from the genesis block and and result in a chain that has higher trust than the main chain.
This part is where I have a problem, to achieve the above you need to be able to have a higher difficulty per chain than the main chain. How do you accomplish this if , even without checkpoints 1. The Main Chain has more coins than you. 2. The Coin has months or years of blocks built up. 3. Coins require time before they can stake again , staking is not a continuous system. This would hamper the attempt. I don't see how you can build up enough difficulty unless you own all of the coins, and if you do no one else cares what you do with it. What % of the coins would you need to even attempt this as it seems you would need way more than 51% to reach the genesis block. Also if you consider this as an issue why don't your coins use a checkpoint server? 1. You get all the premine to yourself, and then create a chain that is longer with more difficulty. If you have all of the possible coins to stake to yourself and have them all competing, you will no doubt be able to create a chain with more trust. Most PoS coins do not have all coins available for staking attempting to stake. 2. You fudge with the timestamps and using some computation build a chain that would appear to have been created over months or years. There is no way of proving that you created a block 1 year ago other than the timestamp of that block. 3. Again you can change your timestamps. Instead of actually waiting for the time to stake, you just adjust your timestamp as if that time passed. This whole scenario that I can see being feasible would rely on having absolutely no timestamps, as well as having no connections to active nodes. Either one of those two would make the attack not work. I guess all you could do is trick a first time syncer into being on the wrong fork. It doesn't really do anything of significance in my opinion.
|
|
|
|
|