Theymos's list of altcoins with some technical merit

[rowenta01]

Most altcoins are pure pump-and-dump, but there are a small handful that actually have some technical merit. I will list them here, according to my opinion/understanding.

For each one, I will assign a technical merit/innovation score. On the day of its release, Bitcoin would have had a score of 100, whereas a score of 0 would be a pure pump-and-dump built on stupid gimmicks and other nonsense -- I don't list these at all.

Ethereum

The way Ethereum's Solidity works is very interesting. It feels good to use, like magic. When people first see it, it often blows their minds. And there are several useful things that these super-smart contracts enable. However, Ethereum is built on the same technology as Bitcoin, and this technology has serious real-world issues and constraints. So although Solidity feels unlimited and magical:

- You often need to resort to centralization in order to do things, which completely defeats the point.
- Not all, but most real-world uses of Solidity can be done on Bitcoin, though it's more of a headache (like writing in assembly vs JavaScript).
- The Solidity "magic" hides many real-world issues which can still occur, such as reorgs, network-wide scaling issues, various possible attacks, etc. -- this is the cause of most of the various ETH disasters over the years.

ETH makes the power of cryptocurrency and smart contracts very plain to people, and I appreciate that, but it's not actually very good at being a cryptocurrency or securely/efficiently/reliably executing smart contracts.

Additionally, Ethereum ignored years of prior discussion regarding the safety issues of high-power scripts, and as a result of this and other design decisions, it faces serious security and scaling issues which have really started to become apparent as people try to actually use ETH for real applications. I can't see it surviving without major breaking changes or (more likely) an ever-increasing number of centralization band-aids.

Score: 1

IOTA

The tangle design is interesting and potentially useful, though I have several serious concerns about how it will actually work long-term:

 - In order to achieve lasting, stable scalability, something will need to be done to limit bandwidth. Otherwise you still have the problem that everyone needs to download everyone else's transactions in order to be a trustless node, and this simply doesn't scale no matter what else you do. How can you split the network so that one node can trustlessly ignore a lot of the network's total transactions, but transactions are still possible cross-split? Doing something like splitting the graph into a cycle of semi-separate segments might be possible, but it seems very difficult to do this and maintain security+convergence.
 - With a chain, if miners become evil and rewrite the last 6 blocks or something, everyone is going to notice and be affected, and so a unified response (PoW change, etc.) will be fairly easy. But with a graph, maybe an attacker could just nibble at the edges in such a way that 99.99% of users are able to think "well, it's not really my problem". In fact, it may not even be easily provable that an attack happened at all.
 - I am not convinced that a tangle is stable/convergent/secure in all circumstances. Even if it seems to work under all tests so far, it may well fall apart under a clever but not-too-difficult attack, or perhaps even just on its own. The whole idea that transaction volume is what adds security to the tangle makes me uneasy, since an attacker can always produce unlimited fake transactions, while the network will only produce a "natural" number of transactions unless additional measures are taken to generate good fake transactions.

Possibly due to the IOTA devs sharing similar concerns, IOTA's software currently relies on centralized checkpointing.

Score: 0.1

Monero

Monero is the most widely-used highly-fungible cryptocurrency, and it has a good record for being secure/stable. Fungibility is very useful, and the way it is done in Monero is quite good, though it's not actually mathematically private; it is theoretically possible to get some identifying clues from Monero transactions without breaking any crypto, though it's very difficult, especially after RingCT. Its method of anonymization has very severe scaling downsides, however; Monero makes Bitcoin look Visa-scale.

Score: 4

Zcash

Zcash has the same general goals as Monero. Theoretically, it should have slightly better anonymity than Monero, but you have to trust that the key ceremony was completed honestly, and you also have to trust that there are no flaws in Zcash's more esoteric/experimental cryptography.

Creating/validating anonymous Zcash transactions requires several gigabytes of memory, which is very harmful to centralization and anonymity. If you're the only person who goes to the trouble of creating anonymous transactions, then you'll stick out like a sore thumb.

Zcash's underlying technology may have theoretical scaling advantages; probably better than Monero, and perhaps better than even Bitcoin. But I don't think that this is being exploited at all in the current code, and I haven't been able to find an exact quantification of how good it could be.

Score: 1

Unlisted

I have investigated these coins, and give them a score of zero. Note that when a family of coins have almost the same technical features/properties, I give the one which seems "most major" its proper score, and the rest in that family a score of zero. If you very much prefer a clone's economic properties, tiny changes in constants, etc., then it is maybe not unreasonable for you to prefer that clone instead, but in this post I am concerned with highlighting the most prominent examples of major innovation.

 - Bcash - clone of Bitcoin
 - Bytecoin - very similar to Monero, and Monero is bigger / more active, even though Bytecoin came first
 - CounterParty - an even more inefficient/unscalable way of trying to do what Ethereum does
 - Dogecoin - clone of Bitcoin
 - ETC - clone of ETH
 - Litecoin - clone of Bitcoin
 - NMC - mostly a clone of Bitcoin with some not-very-innovative extras tacked on
 - Ripple - 100% centralized
 - zcoin - clone of zcash

Not yet evaluated

I haven't investigated these enough yet to give them scores.

 - BitBay
 - Blocknet
 - Byteball
 - CloakCoin
 - Dash
 - GameCredits
 - Neo
 - PIVX
 - Waves
 - XEM
 - XtraBYtes
 - Zencash

"- zcoin - clone of zcash"

No comment..

https://zcoin.io/faq/

Zcoin is not a clone of Zcash ..

Zcoin is simply not a clone ..

At least do your study properly! Thank you!

[1713542728]

1713542728

[1713542728]

1713542728

[aeternus]

What do you think of Dash?

I've heard that it's highly centralized, but I haven't looked into it in depth yet.

Maybe it is time you do look into it in depth instead of repeating hearsay. It would be interesting
to have someone analyse Dash on its technical merit, which is after all the focus of your thread.

Theymos gave its insight of the coins he thought were worthy, he has not looked into dash deeply because I’m sure that he is a very busy individual, there is not a way to keep track of every single project so I think this is an unfair critic to him since Theymos stated directly he has not looked at Dash in depth yet.

[25hashcoin]

Most altcoins are pure pump-and-dump, but there are a small handful that actually have some technical merit. I will list them here, according to my opinion/understanding.

For each one, I will assign a technical merit/innovation score. On the day of its release, Bitcoin would have had a score of 100, whereas a score of 0 would be a pure pump-and-dump built on stupid gimmicks and other nonsense -- I don't list these at all.

Ethereum

The way Ethereum's Solidity works is very interesting. It feels good to use, like magic. When people first see it, it often blows their minds. And there are several useful things that these super-smart contracts enable. However, Ethereum is built on the same technology as Bitcoin, and this technology has serious real-world issues and constraints. So although Solidity feels unlimited and magical:

- You often need to resort to centralization in order to do things, which completely defeats the point.
- Not all, but most real-world uses of Solidity can be done on Bitcoin, though it's more of a headache (like writing in assembly vs JavaScript).
- The Solidity "magic" hides many real-world issues which can still occur, such as reorgs, network-wide scaling issues, various possible attacks, etc. -- this is the cause of most of the various ETH disasters over the years.

ETH makes the power of cryptocurrency and smart contracts very plain to people, and I appreciate that, but it's not actually very good at being a cryptocurrency or securely/efficiently/reliably executing smart contracts.

Additionally, Ethereum ignored years of prior discussion regarding the safety issues of high-power scripts, and as a result of this and other design decisions, it faces serious security and scaling issues which have really started to become apparent as people try to actually use ETH for real applications. I can't see it surviving without major breaking changes or (more likely) an ever-increasing number of centralization band-aids.

Score: 1

IOTA

The tangle design is interesting and potentially useful, though I have several serious concerns about how it will actually work long-term:

 - In order to achieve lasting, stable scalability, something will need to be done to limit bandwidth. Otherwise you still have the problem that everyone needs to download everyone else's transactions in order to be a trustless node, and this simply doesn't scale no matter what else you do. How can you split the network so that one node can trustlessly ignore a lot of the network's total transactions, but transactions are still possible cross-split? Doing something like splitting the graph into a cycle of semi-separate segments might be possible, but it seems very difficult to do this and maintain security+convergence.
 - With a chain, if miners become evil and rewrite the last 6 blocks or something, everyone is going to notice and be affected, and so a unified response (PoW change, etc.) will be fairly easy. But with a graph, maybe an attacker could just nibble at the edges in such a way that 99.99% of users are able to think "well, it's not really my problem". In fact, it may not even be easily provable that an attack happened at all.
 - I am not convinced that a tangle is stable/convergent/secure in all circumstances. Even if it seems to work under all tests so far, it may well fall apart under a clever but not-too-difficult attack, or perhaps even just on its own. The whole idea that transaction volume is what adds security to the tangle makes me uneasy, since an attacker can always produce unlimited fake transactions, while the network will only produce a "natural" number of transactions unless additional measures are taken to generate good fake transactions.

Possibly due to the IOTA devs sharing similar concerns, IOTA's software currently relies on centralized checkpointing.

Score: 0.1

Monero

Monero is the most widely-used highly-fungible cryptocurrency, and it has a good record for being secure/stable. Fungibility is very useful, and the way it is done in Monero is quite good, though it's not actually mathematically private; it is theoretically possible to get some identifying clues from Monero transactions without breaking any crypto, though it's very difficult, especially after RingCT. Its method of anonymization has very severe scaling downsides, however; Monero makes Bitcoin look Visa-scale.

Score: 4

Zcash

Zcash has the same general goals as Monero. Theoretically, it should have slightly better anonymity than Monero, but you have to trust that the key ceremony was completed honestly, and you also have to trust that there are no flaws in Zcash's more esoteric/experimental cryptography.

Creating/validating anonymous Zcash transactions requires several gigabytes of memory, which is very harmful to centralization and anonymity. If you're the only person who goes to the trouble of creating anonymous transactions, then you'll stick out like a sore thumb.

Zcash's underlying technology may have theoretical scaling advantages; probably better than Monero, and perhaps better than even Bitcoin. But I don't think that this is being exploited at all in the current code, and I haven't been able to find an exact quantification of how good it could be.

Score: 1

Unlisted

I have investigated these coins, and give them a score of zero. Note that when a family of coins have almost the same technical features/properties, I give the one which seems "most major" its proper score, and the rest in that family a score of zero. If you very much prefer a clone's economic properties, tiny changes in constants, etc., then it is maybe not unreasonable for you to prefer that clone instead, but in this post I am concerned with highlighting the most prominent examples of major innovation.

 - Bcash - clone of Bitcoin
 - Bytecoin - very similar to Monero, and Monero is bigger / more active, even though Bytecoin came first
 - CounterParty - an even more inefficient/unscalable way of trying to do what Ethereum does
 - Dogecoin - clone of Bitcoin
 - ETC - clone of ETH
 - Litecoin - clone of Bitcoin
 - NMC - mostly a clone of Bitcoin with some not-very-innovative extras tacked on
 - Ripple - 100% centralized
 - zcoin - clone of zcash

Not yet evaluated

I haven't investigated these enough yet to give them scores.

 - BitBay
 - Blocknet
 - Byteball
 - CloakCoin
 - Dash
 - GameCredits
 - Neo
 - PIVX
 - Waves
 - XEM
 - XtraBYtes
 - Zencash

"- zcoin - clone of zcash"

No comment..

https://zcoin.io/faq/

Zcoin is not a clone of Zcash ..

Zcoin is simply not a clone ..

At least do your study properly! Thank you!

Yep. This thread is worthless.

[tribessh]

Do you want technical merit? What about this:

GitHub: https://github.com/skycoin
Development Blog: https://blog.skycoin.net/

That is technical merit, they lack of marketing but they do have software and huge improvements not as many coins lately.

Their project is ambitious yes, but they atleast has been working for years in something they believe it is necessary for the future.
Internet is more an more controlled and manipulated everyday, we must take precautions and start building a decentralised network replacing ISPs, the developers are quiet aware of the numerous backdoors that exists in nowadays servers and smart devices and they want to prevent the fatal consequences of corrupted internet. We must avoid miners to get control over the blockchains, this is the main flaw of the Bitcoins original vision , skycoin has been doing research the last 4 years to solve that problem.

Please, just have a look at the development blog, and tell us your thoughts!

[d5000]

@Hyperme.sh: (AnonyMint?)

So your theory is that in PoS currencies like NXT, whales use a special client to coordinate their choices when the chain forks, and impose these to smaller nodes? Well, NXT's Economic Clustering, as far as I know, is indeed doing something similar ("it shows you where the whales are"), but it doesn't force other nodes to follow their chain. So I interpret it to be different than centralized coordination. For whales (and other nodes, too), however, it may be rational to follow other whales because they're those who most lose in a chain split event.

Of course I'm aware of the limitations of "altruism-prime" and about short term N@S attacks.

I propose you to present your "shocking document" here (in a dedicated thread) once it's ready, I'll read it and then decide if it's convincing for me or not. The first lines Traxo quoted, however, didn't present nothing new for me, these lines are based on documents presented in 2014 or 2015. Maybe however, labeling the document as superficial was premature, but to be able to judge about that, I must read it completely.

(PS: I had already deleted the section about Steem before you answered. Here I made a mistake, it's a long time ago I last dealt with Steem, and you are right, its current iteration is DPOS.)

[zcoinofficial]

@theymos

To clarify Zcoin ($XZC) doesn't use Zcash code in any way! So it is not a clone at all...

We use the Zerocoin protocol which isn't the same as the Zerocash protocol.

While the Zerocoin protocol and a proof of concept software library (libzerocoin) was coded by the same guys who then moved on to the Zerocash paper and Zcash project, the implementation of Zerocoin is not trivial and indeed we're the first project to implement it.

We're in the midst of also improving libzerocoin as well and should be releasing updates soon.

The Zerocash protocol used in Zcash was meant to be an improvement of the Zerocoin protocol and it does achieve
a) smaller proof sizes
b) very fast verification time
c) no need for fixed denominations
d) hides tx amounts
e) allows direct send of z-balances compared to Zerocoin which requires conversion to base coin.

So if that's the case, why are we at Zcoin bothering with the Zerocoin protocol?

a) we retain supply auditability so if coins are minted out of thin air due to a flaw or the trapdoor discovered, it is easy to detect. Zcash's setup combined with its trusted setup allows creation and sending of forged coins which cannot be detected if there's a problem.
b) trusted setup in Zerocoin is far less controversial comprising of two huge prime numbers. There is also research on removing the trusted setup for Zerocoin using Sigma protocol (https://zcoin.io/zcoin-moving-beyond-trusted-setup-in-zerocoin/).
c) Zerocoin private tx are easily created with a few seconds of computation time compared to Zcash private tx which requires a few minutes.
d) We use RSA cryptography compared to new zkSNARKs.

Note that proof sizes and verification times are something that we're actively working on. Sigma allows proof sizes to be in the 1 kb range as well. We continue to evaluate and test.

While we do agree that the Zerocash paper and its technologies are pretty amazing, we do think that pursuing active research and development into Zerocoin should be encouraged and it's thanks to Zcoin and our team that many other coins now are adopting our work and re-looking into Zerocoin.

Supply auditability in a system that allows destruction and creation of coins is pretty important especially when a trusted setup is employed. Also in encouraging anonymous tx use, a few seconds of computation time is much more palatable compared to minutes and also allows weaker devices to continue to do private tx.

I hope this clarifies any doubts you may have that Zcoin is merely a Zcash clone. The truth couldn't be any further and I hope that the OP can be updated.

[Yba Muse]

Theymos, I see that you put Litecoin in the 0 category since it is a clone of Bitcoin.

I am curious of your thoughts on Litecoin after segwit activation & the work the devs are doing on lightning networks & cross chain swaps.

I'm speculating that you will say that Litecoin is not really "innovative" necessarily because the devs are mostly working on tech that was theorized & proposed for Bitcoin proper, but I'm curious to hear your thoughts.

[Traxo]

So your theory is that in PoS currencies like NXT, whales use a special client to coordinate their choices when the chain forks, and impose these to smaller nodes? Well, NXT's Economic Clustering, as far as I know, is indeed doing something similar ("it shows you where the whales are"), but it doesn't force other nodes to follow their chain. So I interpret it to be different than centralized coordination. For whales (and other nodes, too), however, it may be rational to follow other whales because they're those who most lose in a chain split event.

In chat he wrote afahcs mathematically the client used by smaller nodes would sometimes diverge without some coordination due to propagation variances. So what ever the whales are doing, it has to be some form of coordination which is mathematically different than what is advertised.

He updated his public document as follows:

There’s no mathematical nor algorithmic way to decide amongst all the potential forks that can be forged within any interval, which is the legitimate one. In PoS unlike in PoW, due to the nothing-at-stake problem because the interval is relative to the autonomous choice of timestamp and nothing is burned, then forgers (i.e. stake-based miners) have the incentive to build their forged blocks on top of every forged block. The choice of of which forged blocks to mine upon is either based on enforcement power (e.g. the grouping of stake with the most stake) else PoS devolves as stated. Even if the stake grouping with the most stake is not a majority of the stake, it must necessarily be coordinated (not randomly autonomous) in order to maintain the longest chain—thus fulfills the definition of an oligarchy in control. Algorithmic changes that attempt to penalize those who forge on more than chain are necessarily always going to be flawed and not resolve the issue, because there is nothing-at-stake. Transactions as Proof-of-Stake (TaPoS) isn’t a solution to this near-term forking divergence issue. Andrew Poelstra failed to note that penalizing for signing multiple histories doesn’t resolve the power vacuum that no unique near-term history is distinguished from all the others in the absence of coordination and thus definitionally an oligarchy:

This scarcity may be recoverable by punishing stakeholders who sign multiple histories. For example, if they use Schnorr or ECDSA signatures and are constrained to a specific choice of nonce, they must sign two messages with the same (key, nonce) pair in order to sign multiple histories, and this allows anyone to algebraically solve for their private key.

I explained in more detail along with explanatory condemnation of NEM, Nxt, and IOTA. The leadership election process for PoS is ambiguous. Even if the potential stakers are ranked such that the one with the highest ranking forges the next block, and forgers are penalized for forging on more than one chain, this is a security hole because the highest ranked staker can pretend to be offline and so the next ranked must forge the next block. Then after honest stakers have done so, the higher ranked staker forges a block orphaning those, which creates an ambiguity over who is cheating. Propagation is not objective in an asynchronous network. The Ouroboros^† “provably secure” PoS alternative may solve this coordination issue by creating objective entropy via secure multiparty computation presuming a majority of the stake is honest, but requires a majority of the stake to remain online and the network to remain bounded synchronous for said majority.

And delegated PoS is all about delegating from smaller stakes to coordinated delegates. Whales dictate the elected delegates due to the power-law distribution. Whales can disagree such that they each control a delegate yet still they must coordinate, because DPoS has 1/3 liveness and 2/3 double-spend fault of Byzantine agreement.

I'm speculating that you will say that Litecoin is not really "innovative" necessarily because the devs are mostly working on tech that was theorized & proposed for Bitcoin proper, but I'm curious to hear your thoughts.

As @Spoetnik alluded to, Litecoin innovated Scrypt for the proof-of-work algorithm, which enabled it to receive much of the GPU mining that were pushed off of Bitcoin by ASICs in 2013 sending the price to $50 and 0.05 BTC.
Also Litecoin was the first major to activate SegWit sending the price to $50+ and 0.021 BTC; and if BTC-SegWit fails (which is not a totally implausible theory), then Litecoin probably remains the major offchain scaling alternative (possibly sending it to $80+/0.03 and beyond).

[Spoetnik]

BlockNET ? ahahha scam coin 

And i love how the noobs know squat about Litecoin.
If it's a clone then go ahead and mine it with your BTC miners then.
Oh wait.... it's SCRYPT ?
Wait WHAT ?

Hmm what is this SCRYPT the penguin speaks of ?

Oh you mean the new hashing algo launched with Litecoin cloned by a thousand others later on ?
Yup.. the one that was implemented for a REASON.
Hence the creation of Litecoin in the first place.

Why ?

Hmmmmmm.. any ideas pajeets ?

Fairness.
The intention was to even the playing field on mining and it actually succeeded in doing so.
At least for a time..
It was about mining guys.  

But ya ya.. it's just a clone, so by all means point your BTC miners at it and go nuts LOL

I'm curious, why do you say blocknet is a scam when they have a working product?

Google it.

[d5000]

@Traxo:

The leadership election process for PoS is ambiguous. Even if the potential stakers are ranked such that the one with the highest ranking forges the next block, and forgers are penalized for forging on more than one chain, this is a security hole because the highest ranked staker can pretend to be offline and so the next ranked must forge the next block. Then after honest stakers have done so, the higher ranked staker forges a block orphaning those, which creates an ambiguity over who is cheating.

Okay, this attack is one I was unaware of. But this kind of attack should only be a problem if the participants are "slashed" for voting on the wrong chain (e.g. "Slasher 2.0" as presented by Buterin), but not if they are slashed when voting on more than one chain (like in the first Slasher version and also in Poelstra's example). In the latter, the attacker cannot create a history where another participant is double-voting and so is punished, so in this sense there is no ambiguity. The nodes should simply follow the attacker's chain because it should have more "chain trust" (or similar "score"), but in that situation he is the "legit" validator so I don't see the problem.

I have to analyze this attack further, however. This is only a first thought on it. It may be wrong.

You guys may think I'm a stubborn PoS (e.g. NXT) shill. But I may even reconsider my position on PoS - in fact, after I read Vlad's blog posts about the Casper history about one year ago, I already got pretty skeptic on it, or at least I thought it would lead to over-complicated (and thus more exploitable) algorithms. The reason I got more optimistic on it were several forum discussions where it seemed that all really dangerous attacks on PoS would depend on very unlikely assumptions (e.g. stakeholders accepting cheap bribes) because of "altruism-prime" being stronger than initially thought.

The Ouroboros^† “provably secure” PoS alternative may solve this coordination issue by creating objective entropy via secure multiparty computation presuming a majority of the stake is honest, but requires a majority of the stake to remain online and the network to remain bounded synchronous for said majority.

Will read about that.

And delegated PoS is all about delegating from smaller stakes to coordinated delegates. Whales dictate the elected delegates due to the power-law distribution. Whales can disagree such that they each control a delegate yet still they must coordinate, because DPoS has 1/3 liveness and 2/3 double-spend fault of Byzantine agreement.

Here I fully agree.

As @Spoetnik alluded to, Litecoin innovated Scrypt for the proof-of-work algorithm [...]

As far as I remember, that was Tenebrix. It was however pre-mined and thus "lost" the race to the "fairer" Litecoin.

[volyova]

@Traxo:

The leadership election process for PoS is ambiguous. Even if the potential stakers are ranked such that the one with the highest ranking forges the next block, and forgers are penalized for forging on more than one chain, this is a security hole because the highest ranked staker can pretend to be offline and so the next ranked must forge the next block. Then after honest stakers have done so, the higher ranked staker forges a block orphaning those, which creates an ambiguity over who is cheating.

Okay, this attack is one I was unaware of. But this kind of attack should only be a problem if the participants are "slashed" for voting on the wrong chain (e.g. "Slasher 2.0" as presented by Buterin), but not if they are slashed when voting on more than one chain (like in the first Slasher version and also in Poelstra's example). In the latter, the attacker cannot create a history where another participant is double-voting and so is punished, so in this sense there is no ambiguity. The nodes should simply follow the attacker's chain because it should have more "chain trust" (or similar "score"), but in that situation he is the "legit" validator so I don't see the problem.

I have to analyze this attack further, however. This is only a first thought on it. It may be wrong.

You guys may think I'm a stubborn PoS (e.g. NXT) shill. But I may even reconsider my position on PoS - in fact, after I read Vlad's blog posts about the Casper history about one year ago, I already got pretty skeptic on it, or at least I thought it would lead to over-complicated (and thus more exploitable) algorithms. The reason I got more optimistic on it were several forum discussions where it seemed that all really dangerous attacks on PoS would depend on very unlikely assumptions (e.g. stakeholders accepting cheap bribes) because of "altruism-prime" being stronger than initially thought.

The Ouroboros^† “provably secure” PoS alternative may solve this coordination issue by creating objective entropy via secure multiparty computation presuming a majority of the stake is honest, but requires a majority of the stake to remain online and the network to remain bounded synchronous for said majority.

Will read about that.

And delegated PoS is all about delegating from smaller stakes to coordinated delegates. Whales dictate the elected delegates due to the power-law distribution. Whales can disagree such that they each control a delegate yet still they must coordinate, because DPoS has 1/3 liveness and 2/3 double-spend fault of Byzantine agreement.

Here I fully agree.

As @Spoetnik alluded to, Litecoin innovated Scrypt for the proof-of-work algorithm [...]

As far as I remember, that was Tenebrix. It was however pre-mined and thus "lost" the race to the "fairer" Litecoin.

Correct, Charlie forked Tenebrix to create "Fairbrix". That was his first attempt at "doing" a coin. This was all before LTC was ever created.

[volyova]

So your theory is that in PoS currencies like NXT, whales use a special client to coordinate their choices when the chain forks, and impose these to smaller nodes? Well, NXT's Economic Clustering, as far as I know, is indeed doing something similar ("it shows you where the whales are"), but it doesn't force other nodes to follow their chain. So I interpret it to be different than centralized coordination. For whales (and other nodes, too), however, it may be rational to follow other whales because they're those who most lose in a chain split event.

In chat he wrote afahcs mathematically the client used by smaller nodes would sometimes diverge without some coordination due to propagation variances. So what ever the whales are doing, it has to be some form of coordination which is mathematically different than what is advertised.

He updated his public document as follows:

There’s no mathematical nor algorithmic way to decide amongst all the potential forks that can be forged within any interval, which is the legitimate one. In PoS unlike in PoW, due to the nothing-at-stake problem because the interval is relative to the autonomous choice of timestamp and nothing is burned, then forgers (i.e. stake-based miners) have the incentive to build their forged blocks on top of every forged block. The choice of of which forged blocks to mine upon is either based on enforcement power (e.g. the grouping of stake with the most stake) else PoS devolves as stated. Even if the stake grouping with the most stake is not a majority of the stake, it must necessarily be coordinated (not randomly autonomous) in order to maintain the longest chain—thus fulfills the definition of an oligarchy in control. Algorithmic changes that attempt to penalize those who forge on more than chain are necessarily always going to be flawed and not resolve the issue, because there is nothing-at-stake. Transactions as Proof-of-Stake (TaPoS) isn’t a solution to this near-term forking divergence issue. Andrew Poelstra failed to note that penalizing for signing multiple histories doesn’t resolve the power vacuum that no unique near-term history is distinguished from all the others in the absence of coordination and thus definitionally an oligarchy:

This scarcity may be recoverable by punishing stakeholders who sign multiple histories. For example, if they use Schnorr or ECDSA signatures and are constrained to a specific choice of nonce, they must sign two messages with the same (key, nonce) pair in order to sign multiple histories, and this allows anyone to algebraically solve for their private key.

I explained in more detail along with explanatory condemnation of NEM, Nxt, and IOTA. The leadership election process for PoS is ambiguous. Even if the potential stakers are ranked such that the one with the highest ranking forges the next block, and forgers are penalized for forging on more than one chain, this is a security hole because the highest ranked staker can pretend to be offline and so the next ranked must forge the next block. Then after honest stakers have done so, the higher ranked staker forges a block orphaning those, which creates an ambiguity over who is cheating. Propagation is not objective in an asynchronous network. The Ouroboros^† “provably secure” PoS alternative may solve this coordination issue by creating objective entropy via secure multiparty computation presuming a majority of the stake is honest, but requires a majority of the stake to remain online and the network to remain bounded synchronous for said majority.

And delegated PoS is all about delegating from smaller stakes to coordinated delegates. Whales dictate the elected delegates due to the power-law distribution. Whales can disagree such that they each control a delegate yet still they must coordinate, because DPoS has 1/3 liveness and 2/3 double-spend fault of Byzantine agreement.

I'm speculating that you will say that Litecoin is not really "innovative" necessarily because the devs are mostly working on tech that was theorized & proposed for Bitcoin proper, but I'm curious to hear your thoughts.

As @Spoetnik alluded to, Litecoin innovated Scrypt for the proof-of-work algorithm, which enabled it to receive much of the GPU mining that were pushed off of Bitcoin by ASICs in 2013 sending the price to $50 and 0.05 BTC.
Also Litecoin was the first major to activate SegWit sending the price to $50+ and 0.021 BTC; and if BTC-SegWit fails (which is not a totally implausible theory), then Litecoin probably remains the major offchain scaling alternative (possibly sending it to $80+/0.03 and beyond).

@Spoetnik obviously "doesn't know shit". Like theymos...smh, you legends are...pathetically ignorant/under-informed, and what's worse is that you THINK you know everything! Theymos is so embarrassed he won't even respond to his own thread LOL.

[volyova]

So much for the "crypto-heads"...smh PATHETIC. WOT A FUCKING JOKE.

[Aki4real]

*Grabs popcorn and waits until everyone starts promoting the coin they're invested in*

Oh wait.. that already happened? Shit.. ok..

*waits for the coinbashing to happen*

What? I missed that fun as well.. pff ok

Close this topic Theymos, it will turn into a circlejerk of coinshillers. mark my words

[titulng]

sometimes, we are too superstitious in technology

[volyova]

*Grabs popcorn and waits until everyone starts promoting the coin they're invested in*

Oh wait.. that already happened? Shit.. ok..

*waits for the coinbashing to happen*

What? I missed that fun as well.. pff ok

Close this topic Theymos, it will turn into a circlejerk of coinshillers. mark my words

Why should anybody mark YOUR words? You aren't important.

[DarkOps]

So  you're saying that on a scale of 1-100, Ethereum gets a 1?
And nothing gets more than a 4?

 

I'm a BTC maximalist, but this is pretty ridiculous 

Any further info on centralization of DAG based currencies likes IOTA and Byte?

[Ipwich]

Thank you Theymos for this wonderful list, I would just choose Ethereum as it's older and it has a solid platform.
As what I have noticed, there's plenty of projects build under ETH so I will expect it to be more valuable in the future.

[volyova]

Thank you Theymos for this wonderful list, I would just choose Ethereum as it's older and it has a solid platform.
As what I have noticed, there's plenty of projects build under ETH so I will expect it to be more valuable in the future.

What's "wonderful" about it? All the glaring errors? Or the ridiculous scoring "system"? Or maybe you mean theymos's "rigorous" evaluations? Or is ur tongue merely trying to worm it's way up theymos's arse?

[volyova]

I think the latter.