Noob Q: Can bitcoin be turned into POS?

[Sadlife]

Another noob question. What is this POS?
As far as i undersatnd if you hold a big amount of bitcoin you'll get a staking power to manipulate the market ?
How is it exactly?

[dinofelis]

Hi guys.
Plz don't kill me for asking.

I see a lot of hype around alt-coins.
When asked, many will point out POS as a plus vs bitcoin.

I was wondering:

1. Can Bitcoin change to POS if wanted to by the community?
2. Is POS really an advantage (if it is - is it an advantage because it saves energy, or because it diffuses power)?

Thank you!

Yes, PoS can of course be forked from bitcoin.  PoS has some theoretical problems, but at least, it doesn't need to waste $400 million a year on "cryptographic security", because PoS is cryptographically secure with digital signatures, not with "good guys can spend more electricity than an attacker".

PoS has, as a cryptographic security system, far, far more security than PoW.  However, PoS WITH REWARDS (fees and coinbase) is problematic, because you run into the problem of "nothing at stake".  PoS without any reward, purely voluntarily, like the people running bitcoin nodes right now, would be perfectly safe, because nobody has any "stakes" in minting fake blocks, apart from the ones wanting to double spend, but the PoS system can be made such that the probability that they are allowed to mint the block in which they double-spend is extremely small after a few confirmations.

My idea is that a PoS system without rewards is perfectly safe.

The way PoW is centralized in bitcoin, it would be a good thing to go to PoS.  But it won't happen, because bitcoin is "frozen in" now.  Any PoS fork of bitcoin wouldn't be called bitcoin, and as the name "bitcoin" is all it has going for it, that would be the end of it.

[YTBitcoin]

It maybe possible but no one will want to have that system who are the users of bitcoin for them bitcoin is a best and perfect in its own technology and they will feel fear of any inconvenience in any other system shift. For bitcoin I also favor for POW

[Xester]

It maybe possible but no one will want to have that system who are the users of bitcoin for them bitcoin is a best and perfect in its own technology and they will feel fear of any inconvenience in any other system shift. For bitcoin I also favor for POW

If bitcoin can be mined using POS then it will give power to the community to mine bitcoins without having to think about the difficulty. If POS is the system for bitcoin then I have purchase a huge amount of bitcoins so I can start staking my bitcoins and will be earning a significant amount from just turning on my computer. If we have POS in bitcoin then we are no longer having problems on confirmations and high miner fees.

[jakelyson]

If you change the algorithm to POS, then it will not be bitcoin anymore. It will be another alt-coin. Even though there are a lot of energy needed to run this system, I think it is way safer than just being controlled by whales.

[dinofelis]

It maybe possible but no one will want to have that system who are the users of bitcoin for them bitcoin is a best and perfect in its own technology and they will feel fear of any inconvenience in any other system shift. For bitcoin I also favor for POW

That's what I mean: bitcoin is frozen now, it is what it is (in my opinion, also with its 1MB block).

[dinofelis]

If you change the algorithm to POS, then it will not be bitcoin anymore. It will be another alt-coin. Even though there are a lot of energy needed to run this system, I think it is way safer than just being controlled by whales.

I would propose even a PoS system that is not:
- rewarding anything (you just do it to keep the system running)
- necessarily proportional to stake.  I see it more like the "masternode" scheme of DASH, where you lock a modest amount of coins (say, 1 BTC) to your node in order for you to be uniformly eligible to mint a block.  Yes, if you have 100 coins, you CAN set up 100 nodes, and lock each of the single 1 BTC addresses to one node.  Why not.  But each of these nodes are separate minters. 

Essentially, when switching to that system, the amount of bitcoin is then blocked for ever, no new coin will ever be created on that chain.  NO rewards, no fees.  Nodes mint blocks when they see they are eligible, with the transactions they feel fit to put in a block.  They don't care if their block is finally orphaned by a "higher-value" block or not, they are just making the network run.  No greed, just altruism to make the node run.

[JasonXG]

Instead of pos you could benefit off a node instead I think. Bitcoin doesn't really need pos. Pos is normally for quick and short term investments and sometimes coin burning is required.

[d5000]

@dinofelis: It's unfortunately not that easy. N@S is a potential threat, above all because of the infamous "history attack". It's difficult to perform on a mature chain and very probably won't give the attacker any profits (even if he shorts the coins), but in the case a big malicious actor (banks, governments) conspire, they could do more harm with this kind of attack than with 51%ing a PoW currency.

There have been numerous ways to deal with it, including centralized checkpoints (Peercoin and clones), rolling decentralized checkpoints ("reorg prohibition" of NXT), trust inclusion (NEM) and Byzantine Agreement (Casper, DPOS), but all have drawbacks. They however work, for now, buit in most sources you will hear that they are less secure than PoW and depend on "weak subjectivity" (having a trusted party as a source for the blockchain when you first connect to the network).

I heard, however, that there is a "famous" Bitcoin Core dev that could imagine a switch to PoS if it's secure enough for him.

The best bet for a really secure algorithm would be, in my opinion, for now a hybrid design like Decred. It could save ~50-70% of Bitcoin's energy use.

[kiklo]

@dinofelis: It's unfortunately not that easy. N@S is a potential threat, above all because of the infamous "history attack". It's difficult to perform on a mature chain and very probably won't give the attacker any profits (even if he shorts the coins), but in the case a big malicious actor (banks, governments) conspire, they could do more harm with this kind of attack than with 51%ing a PoW currency.

There have been numerous ways to deal with it, including centralized checkpoints (Peercoin and clones), rolling decentralized checkpoints ("reorg prohibition" of NXT), trust inclusion (NEM) and Byzantine Agreement (Casper, DPOS), but all have drawbacks. They however work, for now, buit in most sources you will hear that they are less secure than PoW and depend on "weak subjectivity" (having a trusted party as a source for the blockchain when you first connect to the network).

I heard, however, that there is a "famous" Bitcoin Core dev that could imagine a switch to PoS if it's secure enough for him.

The best bet for a really secure algorithm would be, in my opinion, for now a hybrid design like Decred. It could save ~50-70% of Bitcoin's energy use.

Nothing at Stake , the Biggest Lie out there.
If N@S was a big deal, which it is not, all that has to be done to stop it is a rolling checkpoint , say after 100 blocks , No reorgs are allowed.
But that is unnecessary because N@S is a LIE.

Details
https://bitcointalk.org/index.php?topic=1709776.msg17135430#msg17135430

https://bitcointalk.org/index.php?topic=1709776.msg17136990#msg17136990

Theymos proposed a Hybrid PoW / PoS system for BTC.
https://bitcointalk.org/index.php?topic=1654457


 

[d5000]

It's not a lie, kiklo. It's an attack with at least theoretical relevance, although practically as far as I know the only time a PoS coin was successfully attacked was CynicSOB's APEXcoin attack in 2014 (?) and that was a pretty dead coin.

Why would NXT have a "reorg prohibition"?

The problem of rolling checkpoints is:
- if you connect to the chain and just at this moment an attacker is trying to do a long-range attack and you connect first to him, you will follow his fake chain. You will never catch up to the "real" chain because of reorg prohibition. If you want to use your coins you could get even double-spent by the attacker because in that chain he probably has a large stake majority.
- if the network splits for more blocks than the reorg prohibition because of an external factor (bandwidth problems between parts of the world) then the "minor" split will have to redownload the whole blockchain.

Both cases are, above all, problems for users without technical knowledge. But the "longest chain" rule in PoW coins avoids them.

[kiklo]

It's not a lie, kiklo. It's an attack with at least theoretical relevance, although practically as far as I know the only time a PoS coin was successfully attacked was CynicSOB's APEXcoin attack in 2014 (?) and that was a pretty dead coin.

Why would NXT have a "reorg prohibition"?

The problem of rolling checkpoints is:
- if you connect to the chain and just at this moment an attacker is trying to do a long-range attack and you connect first to him, you will follow his fake chain. You will never catch up to the "real" chain because of reorg prohibition. If you want to use your coins you could get even double-spent by the attacker because in that chain he probably has a large stake majority.
- if the network splits for more blocks than the reorg prohibition because of an external factor (bandwidth problems between parts of the world) then the "minor" split will have to redownload the whole blockchain.

Both cases are, above all, problems for users without technical knowledge. But the "longest chain" rule in PoW coins avoids them.

It is an attack that HAS NEVER BEEN EXECUTED ON ANY COIN!

None of the CURRENT PoS WALLETS ARE MULTISTAKING, until MULTISTAKING POS WALLETS ARE CREATED , an attack from that BS LIE, can not even be attempted.

LONG RANGE ATTACKS ARE IMPOSSIBLE , past a Checkpoint!  

If a Network Splits the internet in Half , then it will cause problems for any coins.
But only if it happen for a time period longer than the rolling or hard coded checkpoint.
Reorgs would happen , if no checkpoint was in place, BTC & most Alts use Hard coded Checkpoints, so a PoW coin could also be affected.
But either way redownloading a blockchain is no big deal if some catastrophe just cut the internet in half for a week or two.
You seem to not understand that PoS coins also reorg to the Longest Chain with the Highest Difficulty.  

I said rolling checkpoint could be used if N@S was a problem,
but it is not a problem, if you have bothered to read my links where I detailed out the 2 different concerns of a N@S and why it was a non issue.  

LONG RANGE ATTACKS ARE BLOCKED IN PoS by Proof of Hash : proofhash< coinage * target
So the higher the Difficulty and the longer the chain , the harder a history rewrite attack becomes.

The people that want you to believe that lie state, a staker will stake a block on 2 separate forks at the same time.

The Staker will receive the exact same reward of coins on either fork,
if the block was strong enough to stake on both forks , it definitely would have staked on the single fork.
So by trying to stake on 2 forks all he does is allow someone else to determine the stronger fork, it is stupidly at its worst.
If some asshat ever does write a multistaking Wallet ,
it will look like so
Forks
2
4
8
16
32
64
128
256
512
1024
2048
4096
8192
16384
32768  Different Forks drain CPU & Memory & Bandwidth

That is only a 15 Blocks long multistaking chain, anyone that can't see it will drive your Ram & CPU & Bandwith Sky high is an idiot.
Which will also increase power consumption , destroying the energy efficiency of PoS.

And for what, absolutely nothing , you earn the same amount of coins on a single chain as a multiforked chain, you just waste more resources on a multifork.
Waste of time.

 

FYI:
Attempting to Multistake on a PoS coin does not make you a smooth criminal , it makes you an idiot , because there is no reward for doing it.
G.Maxwell Started the N@S Lie, and now he spreads lies about how BTC can't increase block size or move to a faster blockspeed, when alts have been doing it for years.

[Amph]

what about the notorious case of mintcoin and mint exchange, where users were holding the majority of their coins in the exchange, who was then hacked and therefore there was the possibility to do an attack because the hacker had the majority of the coins under his control?

it's dangerous for pos to have all the coins in the same place, and with people rushing to sell them at certain price they end deposit a large amount on the exchange

[robelneo]

It's possible but I doubt if miners and stakes holders will want to change the algo now that mining is already finished but in case Bitcoin changed from pow to pos at the end of the mining,there's a possibility that the price of bitcoin will increase as big whales will prefer to stake their coins.

[kiklo]

what about the notorious case of mintcoin and mint exchange, where users were holding the majority of their coins in the exchange, who was then hacked and therefore there was the possibility to do an attack because the hacker had the majority of the coins under his control?

it's dangerous for pos to have all the coins in the same place, and with people rushing to sell them at certain price they end deposit a large amount on the exchange

What about it, it had nothing to do with N@S.

PoS or PoW Coin gets hacked, odds are the thief will sell on another exchange and crash the market.
Time Passes and the price recovers or the coin dies , no difference PoS or PoW.

or are you afraid of 1 entity controlling network.
Hate to break it to you , all PoW coins will become over 51% controlled by 1 entity. (Due to economic factors.)
BTC with China having ~67% for over a year now. (already happened)

PoS Coins not as big a deal, because the ones that use coin age ,
PoS coins deactivate after staking for a prescribed amount of time, unlike ASICS where they maintain the exact same % of ASICS.
So you can have 60% of the coins and someone else with a higher coin age per block can outstake you,
PoS is in constant flux, not static like PoW.  

 

[freedomno1]

I was wondering:
1. Can Bitcoin change to POS if wanted to by the community?
2. Is POS really an advantage (if it is - is it an advantage because it saves energy, or because it diffuses power)?

Thank you!

1.
A Proof Of Stake can be done the variations of how it can be done can be debated from simply owning the coin and running a node to receive some rewards every block aka completely movable stake rewards.
https://just-dice.com/#a27 (IN FAQ)

Requiring a certain amount of coins to have a staking position as an example a node with a 1000 coin minimum investment to be rewarded a portion of the miner rewards.  The rest would be non-rewarded nodes.
https://www.dash.org/masternodes2/

To dedicating your node exclusively to staking in order to receive rewards and as a result needing to park your coins for a certain time period before rewards begin to be distributed.
https://en.wikipedia.org/wiki/Proof-of-stake#Coin_age_based_selection

2. POS is an advantage in that it splits rewards between miners and node operators and compensates them for keeping secure copies of the blockchain it also allows another input in the decisions of the coin instead of only rewarding miners.

Applied to Bitcoin it would result in a fork due to the likely need to change the block reward to compensate users based on the format involved, it would ensure more reliability in the long run due to the incentive to receive rewards by operating a full node. Where current node operators receive no rewards unless they are a mining pool leading to quicker centralization and node concentration.

https://en.bitcoin.it/wiki/Proof_of_Stake

In this case while it is likely some nodes would move to the new chain that offers rewards the miners may not like splitting rewards and the mining difficulty will adjust proportionately at the time of the fork based on the value of the coin.

[dinofelis]

@dinofelis: It's unfortunately not that easy. N@S is a potential threat, above all because of the infamous "history attack". It's difficult to perform on a mature chain and very probably won't give the attacker any profits (even if he shorts the coins), but in the case a big malicious actor (banks, governments) conspire, they could do more harm with this kind of attack than with 51%ing a PoW currency.

If a big economic actor, especially a state, wants to destroy a coin, just any coin, it can.  Central banks can destroy immediately any coin that is available, not by technical means, but by economical means.  It doesn't cost them anything.

How does it work ?  A central bank can, if it is legally allowed to do so, buy up any "asset" and issue fresh fiat against it.  The central bank can hence print as much fiat as necessary to buy up 95% of the stash of any coin.  The FED can print, fully legally if bitcoin is recognized as an "asset", the 20 billions needed to buy up all bitcoin.  In doing so, they pump the price to the sky.  But no problem, the FED can print just as much dollars as needed to buy up the whole stash, because the stash itself serves as "asset backing the printing".  As the price of the asset is rising, the FED's balance becomes more and more positive.  People will fight for the few bitcoins still around, and spend huge amounts of their savings on it, while the liquidity of bitcoin decreases like hell.  Bitcoin to the moon.
And then, the FED will sell bitcoins, first slowly, to destroy the amount of dollars they printed on it, now that it is "to the moon".  Once they have gotten most of the printed dollars back out of circulation, they dump the whole stash to oblivion by putting the 95% of the stash in circulation the same week.  So many people will have lost their savings, that bitcoin is done for ever.

No finite resource asset can win an attack from a printing FED, because all other actors have to bring in true value, and the FED can print for nothing.  This is why "one big crypto currency" is a lunacy.  Any big fiat central bank can destroy it when it wants on the market.

As you say, the nothing at stake attack is very difficult to perform on a mature chain.  The "value function" should be chosen well, in such a way that a historical reorganization is essentially impossible to perform, because you would need, in redoing the chain, so many collusions of former stake holders (which were stake holders by PoW not by PoS) that you will not be able to find all the signatures necessary to do so.

The problem with most PoS systems right now is that they also reward the staker.  This reward has to be unique, and will be fought over.  If there is no reward, then there's no battle to be had.  There's no incentive for a random stake holder to absolutely want to stake on a secondary chain and hence increasing the risk that the system he has a stake in, crumbles down.

[dinofelis]

Hello,

As you've seen, I'm quite favourable for PoS, but I'm against any erroneous argument in favour of anything.  Arguments should hold water.  I think you are having PoS arguments which are not always correct.

It is an attack that HAS NEVER BEEN EXECUTED ON ANY COIN!

None of the CURRENT PoS WALLETS ARE MULTISTAKING, until MULTISTAKING POS WALLETS ARE CREATED , an attack from that BS LIE, can not even be attempted.

==> this is not a valid argument of course.  That is like saying "no hacking software is available right now, so hacking is not possible"

LONG RANGE ATTACKS ARE IMPOSSIBLE , past a Checkpoint!  

This is not a solution, because the "checkpoint" itself is a consensus resolution.  You could just as well say that blocks that have been confirmed once, shouldn't be orphaned.  In fact, "checkpoints" are nothing else but "blocks of blocks" in the same way that blocks are "blocks of transactions", and the consensus resolution is: WHICH BLOCK ? on the block level, so the check point is the consensus resolution of "which block of blocks ?".

Nothing fundamentally irreversible is done with check points that wasn't already done with the blocks themselves ; unless you introduce trust, at which point, the whole consensus resolution becomes simple: the trusted party will determine consensus, and we don't need block chains any more, just a digital signature.

You can introduce checkpoint-like PoS signatures, but you have to realize that they do not grave in stone anything more than block resolution already did.  Orphaning checkpoints is not different in principle from orphaning blocks.

[kiklo]

The problem with most PoS systems right now is that they also reward the staker.  This reward has to be unique, and will be fought over.  If there is no reward, then there's no battle to be had.  There's no incentive for a random stake holder to absolutely want to stake on a secondary chain and hence increasing the risk that the system he has a stake in, crumbles down.

I glad you get the no reward point. 

==> this is not a valid argument of course.  That is like saying "no hacking software is available right now, so hacking is not possible"

Hmm, it is impossible to make the attempt until the code is written.
Others talk like multistaking has been proven , and it has not.

If I said , Flying was possible by using my anti-gravity belt I was building in my garage ,
you telling me it is impossible to attempt flight before I even finished making the belt would be accurate. The above is no different.

LONG RANGE ATTACKS ARE IMPOSSIBLE , past a Checkpoint! 

This is not a solution, because the "checkpoint" itself is a consensus resolution.  You could just as well say that blocks that have been confirmed once, shouldn't be orphaned.  In fact, "checkpoints" are nothing else but "blocks of blocks" in the same way that blocks are "blocks of transactions", and the consensus resolution is: WHICH BLOCK ? on the block level, so the check point is the consensus resolution of "which block of blocks ?".

Nothing fundamentally irreversible is done with check points that wasn't already done with the blocks themselves ; unless you introduce trust, at which point, the whole consensus resolution becomes simple: the trusted party will determine consensus, and we don't need block chains any more, just a digital signature.

You can introduce checkpoint-like PoS signatures, but you have to realize that they do not grave in stone anything more than block resolution already did.  Orphaning checkpoints is not different in principle from orphaning blocks.

Hard Coded Check Points can not be orphaned, and they can be weeks or months or years old.
(I am in favor of, and see no downside or security problems with them.)

Checkpoint servers ,
I disagree with , because they do add too much centralization for my taste. Control the checkpoint server and you control the coin.

Rolling Checkpoints ,
I am still on the fence about, depending on the # of blocks before they hit , they may be a possible security issue that is better handled just by creating a stronger chain.
Where as a 10 block rolling checkpoint could cause more damage than good. A rolling Checkpoint , of a Day or Week or Month, less concerned with because the chain has been allowed to form normally and odds are would not be overwritten anyway.
I even proposed that Bitcoin adopt rolling checkpoints , to keep the ASICS Miners with 51% control from overwriting transaction data.
Blackcoin @(500 blocks) & Nxt@(720 Blocks) are the only ones using them at the current time , to the best of my knowledge.
Checkpoints are not a PoS only issue as PoW coins can use them also.
Time will tell on rolling checkpoints.

 

[dfd1]

@dinofelis: It's unfortunately not that easy. N@S is a potential threat, above all because of the infamous "history attack". It's difficult to perform on a mature chain and very probably won't give the attacker any profits (even if he shorts the coins), but in the case a big malicious actor (banks, governments) conspire, they could do more harm with this kind of attack than with 51%ing a PoW currency.

If a big economic actor, especially a state, wants to destroy a coin, just any coin, it can.  Central banks can destroy immediately any coin that is available, not by technical means, but by economical means.  It doesn't cost them anything.

How does it work ?  A central bank can, if it is legally allowed to do so, buy up any "asset" and issue fresh fiat against it.  The central bank can hence print as much fiat as necessary to buy up 95% of the stash of any coin.  The FED can print, fully legally if bitcoin is recognized as an "asset", the 20 billions needed to buy up all bitcoin.  In doing so, they pump the price to the sky.  But no problem, the FED can print just as much dollars as needed to buy up the whole stash, because the stash itself serves as "asset backing the printing".  As the price of the asset is rising, the FED's balance becomes more and more positive.  People will fight for the few bitcoins still around, and spend huge amounts of their savings on it, while the liquidity of bitcoin decreases like hell.  Bitcoin to the moon.
And then, the FED will sell bitcoins, first slowly, to destroy the amount of dollars they printed on it, now that it is "to the moon".  Once they have gotten most of the printed dollars back out of circulation, they dump the whole stash to oblivion by putting the 95% of the stash in circulation the same week.  So many people will have lost their savings, that bitcoin is done for ever.

No finite resource asset can win an attack from a printing FED, because all other actors have to bring in true value, and the FED can print for nothing.  This is why "one big crypto currency" is a lunacy.  Any big fiat central bank can destroy it when it wants on the market.

As you say, the nothing at stake attack is very difficult to perform on a mature chain.  The "value function" should be chosen well, in such a way that a historical reorganization is essentially impossible to perform, because you would need, in redoing the chain, so many collusions of former stake holders (which were stake holders by PoW not by PoS) that you will not be able to find all the signatures necessary to do so.

The problem with most PoS systems right now is that they also reward the staker.  This reward has to be unique, and will be fought over.  If there is no reward, then there's no battle to be had.  There's no incentive for a random stake holder to absolutely want to stake on a secondary chain and hence increasing the risk that the system he has a stake in, crumbles down.

Pure madness, bro. All they do is a
1)Ban to legal payments
2)Seize domains
3)Close github repository
Tadam! Bitcoin is over forever.


Also N@S is much less possible than POW regular fork. If one city in China will have short electricity cut off due to hydro plant planned maintenance bitcoin is over, ethereum miners will fork it and 51% to oblivion, because, well, economic incentive.