Escrow attack on Proof-of-Stake

[Sunny King]

In a Proof-of-Stake system similar to bitcoin, a large number of coins could lie dormant and accrue 'coin days'.   If these coins are in escrow, like on Mt.Gox, their 'coin days' could be used to do an attack on the network.

Thus any large escrow service would be a threat to the network, in addition to large miners.

Thus either escrow services must pay interest, or the need for escrow should be eliminated by a better block chain design and p2p exchanges.

It's true that an exchange or wallet service could use it's wallet to launch attack on proof-of-stake, although unlikely. The current plan is to implement reorg depth limit and relegate checkpoint to be advisory be default, so if this type of attack (considered to be equivalence of 51% attack on proof-of-work) occurrs users can subscribe to checkpoint so that transaction processing can continue on block chain.

Miners don't have a play in double-spending attack, unless they wait and become stake owner. Security comes from proof-of-stake, proof-of-work only provides minting. Please don't confuse ppcoin's design with other proof-of-stake proposals. Our design is the only one that gives full respect to the concept of proof-of-stake and is the only one that actually has an implementation rather than just talks.

[1714842297]

1714842297

[1714842297]

1714842297

[Balthazar]

Thus any large escrow service would be a threat to the network, in addition to large miners.

Yes, they can, but technically it will be suicide for them. Anyway, it's possible to prevent such attacks by implementing another REORGANIZE algo.

[xorxor]

Thus any large escrow service would be a threat to the network, in addition to large miners.

Yes, they can, but technically it will be suicide for them. Anyway, it's possible to prevent such attacks by implementing another REORGANIZE algo.

why reorganize? it is still harder and extremally expensive to 51% a PoS blockchain, than a PoW only one.

beauty of PoS concept is that atacker to be succesfuf has to attack himself.   

[passerby]

Thus any large escrow service would be a threat to the network, in addition to large miners.

Yes, they can, but technically it will be suicide for them. Anyway, it's possible to prevent such attacks by implementing another REORGANIZE algo.

why reorganize? it is still harder and extremally expensive to 51% a PoS blockchain, than a PoW only one.

beauty of PoS concept is that atacker to be succesfuf has to attack himself.    

Because clearly, all human creatures are rational (or at least L-rational) and economically motivated.

"man shall not live by bread alone" - said no human, ever  

Miners don't have a play in double-spending attack, unless they wait and become stake owner. Security comes from proof-of-stake, proof-of-work only provides minting. Please don't confuse ppcoin's design with other proof-of-stake proposals. Our design is the only one that gives full respect to the concept of proof-of-stake and is the only one that actually has an implementation rather than just talks.

So, basically, this entire ppcoin thing is a bit like Solidcoin sans massive egotism and with less retarded pignode implementation?

Why not discard the PoW component altogether, if it has no "say" in choosing which chain is "goodchain" ?

P.S.:
Disclosure - passerby is affectionately fond of hybrid PoW/PoS things, and hybrid things in general

[Sunny King]

Miners don't have a play in double-spending attack, unless they wait and become stake owner. Security comes from proof-of-stake, proof-of-work only provides minting. Please don't confuse ppcoin's design with other proof-of-stake proposals. Our design is the only one that gives full respect to the concept of proof-of-stake and is the only one that actually has an implementation rather than just talks.

So, basically, this entire ppcoin thing is a bit like Solidcoin sans massive egotism and with less retarded pignode implementation?

Why not discard the PoW component altogether, if it has no "say" in choosing which chain is "goodchain" ?

P.S.:
Disclosure - passerby is affectionately fond of hybrid PoW/PoS things, and hybrid things in general

From FAQ:

How is it energy-efficient when there is still mining?

The energy efficiency we refer to is long-term energy efficiency, as in long term we do not require the use of energy to sustain the network.

Currently proof-of-work remains the most practical way of providing initial minting of a crypto-currency. So we decided to keep it as part of our hybrid design.

Ripple founders chose to do just that, eliminating proof-of-work and using a centralized model of initial minting and distribution, which I found against the spirit of bitcoin. I am not against people making profit, but in a larger picture, cryptocurrency is way more important than the success of one company or a small group of people. Putting the distribution in a central administration makes the currency highly vulnerable to confiscation as there is no plausible deniability.

[passerby]

The reason for compensating miners (with fees, subsidy, or anything at all) is that because in a PoW scheme they provide a service that is vital to the entire market.

In a scheme where solving progressively complex cryptopuzzles does not serve to secure the ledger against doublespends and other shenanigans, mining is, frankly speaking, a waste and should have been replaced with a more reasonable initial wealth distribution routine - of which there are many options (including collusion-proof cryptographic lotteries)

In fact, mining provides outright perverse initial wealth distribution in pure PoS because you are essentially rewarding folks for the investment they have made into another, different crypto-currency scheme (by buying BTC mining equipment), an investment that has been likely already paid off via that other scheme.

That's like if Microsoft started paying me money for the fact that I own Google shares

[astor]

The reason for compensating miners (with fees, subsidy, or anything at all) is that because in a PoW scheme they provide a service that is vital to the entire market.

In a scheme where solving progressively complex cryptopuzzles does not serve to secure the ledger against doublespends and other shenanigans, mining is, frankly speaking, a waste and should have been replaced with a more reasonable initial wealth distribution routine - of which there are many options (including collusion-proof cryptographic lotteries)

In fact, mining provides outright perverse initial wealth distribution in pure PoS because you are essentially rewarding folks for the investment they have made into another, different crypto-currency scheme (by buying BTC mining equipment), an investment that has been likely already paid off via that other scheme.

That's like if Microsoft started paying me money for the fact that I own Google shares

Interesting point, and I agree with the wealth distribution argument.  However this can be fixed by not using SHA256 which is not designed to be a technology-neutral algorithm.

Regarding a crypto lottery, where is the collusion-proof cryptographic lottery that is immune to a sybil attack?

[passerby]

The reason for compensating miners (with fees, subsidy, or anything at all) is that because in a PoW scheme they provide a service that is vital to the entire market.

In a scheme where solving progressively complex cryptopuzzles does not serve to secure the ledger against doublespends and other shenanigans, mining is, frankly speaking, a waste and should have been replaced with a more reasonable initial wealth distribution routine - of which there are many options (including collusion-proof cryptographic lotteries)

In fact, mining provides outright perverse initial wealth distribution in pure PoS because you are essentially rewarding folks for the investment they have made into another, different crypto-currency scheme (by buying BTC mining equipment), an investment that has been likely already paid off via that other scheme.

That's like if Microsoft started paying me money for the fact that I own Google shares

Interesting point, and I agree with the wealth distribution argument.  However this can be fixed by not using SHA256 which is not designed to be a technology-neutral algorithm.

Well, yeah, a different PoW might have alleviated the issue a bit, though designing a PoW that would be hostile to modern mining equipment turns out to be a pretty hard task it seems...

Regarding a crypto lottery, where is the collusion-proof cryptographic lottery that is immune to a sybil attack?

Immune ? No.

But significant sybil-resistance could be achieved by various tricks (an obvious and somewhat imperfect one would be to use v4 IPs as "identities". Admittedly, you can still sybil a lot, especially if you are a botty op, but during initial wealth distribution a botnet is not likely to show up and anyone who honestly buys a crapton of IPs just to win MORE PPCOINS is probably an individual with quite a bit of interest in your specific coin)