[PPC] [PROPOSAL] PPCoin Online Stake Safety

[Sunny King]

Abstract: A proposal to relieve stake minter the risk of running online hot wallet.

Description: This proposal is simpler than the previous dual-key proposal [1]. A special transaction type called cold-locked transaction is introduced so that a designated spending address is specified in its first output. Protocol enforces that, spending of any of the outputs in the transaction must be sent to this designated address, or to itself (for stake generation purpose). When stake is generated, the stake transaction is also cold-locked and the designated key in stake must match all designated keys where all the inputs come from.

How hot wallet is protected:

By providing a cold-wallet address as the designated spending address in cold-locked transactions, stake minter can now run their entire balance online in a hot wallet to earn 1% annual interest with minimum risk, while providing maximum security to the entire network. This would allow even the exchanges, pools, and other online wallet providers to participate in network protection without risking public assets, and reduce fees or even pay interest to its users.

For public review and discussion.

References:
[1] https://bitcointalk.org/index.php?topic=115608.0

[1713933506]

1713933506

[1713933506]

1713933506

[1713933506]

1713933506

[TruCoin]

 brilliant!!!!!!!!!!   

[calian]

This is a key piece of the puzzle. There needs to be provision for the outsourcing of this to third-party "stake miners" who will pay you a certain portion of your stake rewards in exchange for being custodians of your stake generation capability without actually having access to your offline cold storage keys. Obviously if you transfer your coins they wouldn't be able to generate stake with them anymore. The fact is that while plenty of geeks don't mind keeping a computer online all the time some of us aren't into running server farms.

[kong2029]

Awesome! Any time frame for rollout?

[ripper234]

Good stuff.

[TheSeven]

Interesting approach. Seems like a clever solution for the PoS mining problem.
However, while we're at it, we should also somehow get rid of the (IMHO totally useless) block signing for PoW blocks.

IIUC implementing your proposal requires a chain fork? If so, can you, at the same time, stop requiring PoW blocks to be signed, and instead only require that for PoS blocks? And of course also allow all output script types in the coinbase. That would finally allow for p2pool to be used with ppcoin...

[TheSeven]

This is a key piece of the puzzle. There needs to be provision for the outsourcing of this to third-party "stake miners" who will pay you a certain portion of your stake rewards in exchange for being custodians of your stake generation capability without actually having access to your offline cold storage keys. Obviously if you transfer your coins they wouldn't be able to generate stake with them anymore. The fact is that while plenty of geeks don't mind keeping a computer online all the time some of us aren't into running server farms.

That wouldn't be a good idea, because it would allow that third party to have a huge amount of control over the network. They could basically do a 51% proof of stake mining attack. The key point of all of this is to keep things decentralized.

[H@ml3t]

Sounds nice so far for me.

As a solution for the staying online problem I would simply propose an Android Client with PoS Mining feature. I mean smartphones are running all day and are connected to the Internet most of the time, and modern smartphone hardware can handle PoS mining without problems and without quick battery drainage.

[calian]

I would simply propose an Android Client with PoS Mining feature.

I agree this is an elegant solution given the original proposal of this thread is achieved.

[Sunny King]

This is a key piece of the puzzle. There needs to be provision for the outsourcing of this to third-party "stake miners" who will pay you a certain portion of your stake rewards in exchange for being custodians of your stake generation capability without actually having access to your offline cold storage keys. Obviously if you transfer your coins they wouldn't be able to generate stake with them anymore. The fact is that while plenty of geeks don't mind keeping a computer online all the time some of us aren't into running server farms.

There is probably some misunderstanding here. Minting stake is not supposed to be computing intensive and all you need is a typical computer online, no server farm required.

[Jutarul]

This is a key piece of the puzzle. There needs to be provision for the outsourcing of this to third-party "stake miners" who will pay you a certain portion of your stake rewards in exchange for being custodians of your stake generation capability without actually having access to your offline cold storage keys. Obviously if you transfer your coins they wouldn't be able to generate stake with them anymore. The fact is that while plenty of geeks don't mind keeping a computer online all the time some of us aren't into running server farms.

There is probably some misunderstanding here. Minting stake is not supposed to be computing intensive and all you need is a typical computer online, no server farm required.

The question is whether the underlying incentive structure promotes the formation of stake mining pools. Is there a formula for how much % of the money supply has to be stake and what the minimum ppc amount of a stake has to be, in order for it to be executed within e.g. 3 months? Dependent on that equation there may or may not be a need for stake mining pools....

[Sunny King]

The question is whether the underlying incentive structure promotes the formation of stake mining pools. Is there a formula for how much % of the money supply has to be stake and what the minimum ppc amount of a stake has to be, in order for it to be executed within e.g. 3 months? Dependent on that equation there may or may not be a need for stake mining pools....

I think some incentive is there if people don't want to run computer 24x7 and would like to earn stake as fast as possible. It doesn't matter whether you mint yourself 24x7 or with a service provider, the rate of generation would stay the same. The size of such service provider needs to be under control otherwise it does pose risk to the network, albeit not permanently as users can withdraw from it once the attack is understood.

On the other hand, since there is no risk of losing your balance with the service provider in the cold-locked scenario (providing you can easily verify that your balance is cold-locked properly) then maybe there will be lower barrier of entry to compete as a service provider as it doesn't need to earn users trust at first.

[calian]

The size of such service provider needs to be under control otherwise it does pose risk to the network, albeit not permanently as users can withdraw from it once the attack is understood.

Yeah, I think plenty of Bitcoin miners check http://blockchain.info/pools before deciding which pool to mine with to avoid anyone getting over 51%. Is it as easy to recognize who has mined a stake block though?

[Jutarul]

On the other hand, since there is no risk of losing your balance with the service provider in the cold-locked scenario (providing you can easily verify that your balance is cold-locked properly) then maybe there will be lower barrier of entry to compete as a service provider as it doesn't need to earn users trust at first.

I think this is the main innovation point. This allows you to monetize stake generation power, since you don't need to sell the coins in order to transfer stake generation power. However, you may want to elaborate on how to determine the maturity of stake. Logic would suggest that it should be the time at which the original stake was created - not the cold-locked transaction.

For the purpose of clarity let me define:
1) cold key: gives access to the actual coins, for arbitrary usage
2) mining/spending key: used to spend the cold-locked transaction

If I understood it correctly, the current proposal assumes that the holder of the cold-locked transaction and the owner of the cold wallet are the same entity. In that case the cold key resides within a cold wallet and the mining key resides on the validation node. What happens when people lose access to the mining key, but not the cold key? Should there be a time-out, after which the cold key can be used as mining/spending key?

Also, the issue is more pronounced if the holder of the cold-locked transaction and the cold key are not the same entity. What happens if the holder of the cold-locked transaction decides not to spend the transaction?

[calian]

What happens when people lose access to the mining key, but not the cold key? Should there be a time-out, after which the cold key can be used as mining/spending key?

It seems like the cold key should be able to generate the mining key, just like a private key can generate an address.

[Sunny King]

If I understood it correctly, the current proposal assumes that the holder of the cold-locked transaction and the owner of the cold wallet are the same entity. In that case the cold key resides within a cold wallet and the mining key resides on the validation node. What happens when people lose access to the mining key, but not the cold key? Should there be a time-out, after which the cold key can be used as mining/spending key?

You shouldn't lose either the cold wallet or the minting wallet, otherwise the balance is lost, as you need the minting key to move the balance to your cold address for spending. But you can share the minting private key with the service provider.

Yes a cold-locked transaction is assumed to be solely controlled by one cold address, which is specified in its first output. You can think of the cold key as a savings account, when you receive coins you can move some of your balance to the savings account, this transaction (moving coins to your savings account) would be a cold-locked transaction. If the cold key directly receive some balance from other people that is not via cold-locked transaction, then those coins are not cold-locked despite of belonging to the cold key, and cannot participate in online stake generation if the key stays in cold wallet.

[Jutarul]

What happens when people lose access to the mining key, but not the cold key? Should there be a time-out, after which the cold key can be used as mining/spending key?

It seems like the cold key should be able to generate the mining key, just like a private key can generate an address.

You may not want to do this, because then you cannot reliably transfer the stake generation power, because the original holder of the cold key can also perform stake mining, without telling the holder of the cold-locked transaction, thus defrauding the stake mining operator.

[brenzi]

This is a key piece of the puzzle. There needs to be provision for the outsourcing of this to third-party "stake miners" who will pay you a certain portion of your stake rewards in exchange for being custodians of your stake generation capability without actually having access to your offline cold storage keys. Obviously if you transfer your coins they wouldn't be able to generate stake with them anymore. The fact is that while plenty of geeks don't mind keeping a computer online all the time some of us aren't into running server farms.

That wouldn't be a good idea, because it would allow that third party to have a huge amount of control over the network. They could basically do a 51% proof of stake mining attack. The key point of all of this is to keep things decentralized.

We should really discuss PPC's strategy towards PoS pooling. I'm convinced that pooling should NOT be encouraged. So please do not include features that allow outsourcing PoS minting.
It would just end in a centralized banking system shared by very few PoS pools (AKA banks).
If people do not want to run a (low performance) machine 24/7, then - well - just don't do it. PoS reward is meant for those that want to contribute to network security. A PoS pool is not good at that because of centralization. And even worse: A pool could perform a 51% attack without risking own money ( a key argument for PoS in the first place)

[calian]

And even worse: A pool could perform a 51% attack without risking own money ( a key argument for PoS in the first place)

Could it though? It seems like it would have to be both a PoS and PoW pool to be able to get away with that. Since PoW is already pooled perhaps we should be careful about making PoS pools doable. However if the economic incentive exists (people wanting to get the last marginal scrap of interest without having to keep their program up to date all the time) then I think it can be assumed PoS pools will develop in some form or other.

[brenzi]

However if the economic incentive exists (people wanting to get the last marginal scrap of interest without having to keep their program up to date all the time) then I think it can be assumed PoS pools will develop in some form or other.

In todays PPC version you would have to trust a PoS pool with all you coins. This might not be a big barrier when crypto reaches wide adoption and trustworthy companies are established. Still I don't see why PPC protocol should ease pooling.