Proof of Stake technical dicussion

[Wind_FURY]

Long-range/nothing-at-stake attacks are known vulnerabilities in Proof of Stake, and the known solution is to rely on third-party checkpoints.

Someone sent me a PM that told me, "no, not necessarily, because long-range attacks are blocked by coin age".

I will quote the message, but removing the name of the coin, and keep it strictly technical. I'm not a very technical person, I need your help. In fact, I'm the stupid one in the forum.

His/her message,

Long Range attacks against ---'s design of PoS are blocked by the coin age.

Unlike bitcoin where miners hold the same % control of mining.

In ---'s PoS everytime you stake your % Drops for a specified length of time.

Sustained Long Range History attacks are blocked by the dormancy feature.

Collusion in Proof of Stake would mean actually giving your coins to a 3rd party , as such they could just sell your coins for fiat and leave you holding nothing.

If --- Stakers did ever collude , they destroyed all of the money they used to buy zeitcoins.
There are no other networks for them to jump too, that preserved their initial investment.

[1714902772]

1714902772

[1714902772]

1714902772

[darosior]

Proof Of Stake isn't suitable for a "cryptocurrency". To avoid endless quoting and repeating, here is a great summary by Andrew Poelstra about why it is not.

[Wind_FURY]

Proof Of Stake isn't suitable for a "cryptocurrency". To avoid endless quoting and repeating, here is a great summary by Andrew Poelstra about why it is not.

Interesting enough the main lie repeated in said article is one made by GMaxwell.

The Nothing at Stake Myth is Literally a Nothing to Gain.

Stop it.

The Facts are you need a Multistaking Client to even attempt a N@S,
no one has written one, because people that looked at making one realized it would create a PoW style system which actually gains the user nothing but wasting computer resources.

OK, let's be constructive. Explain that, or post links about that.

Fact is , if you have enough coins to shortly control the chain, then you are earning coins,
you gain nothing by trying to control the chain as your coins go dormant immediately after staking.

As the stupid one in the forum, I request for a ELI5.

It is like this, say you are calculating a reality, which requires a % of CPU and Memory, now calculate paralleled realities for each fork that you are trying to dominate with your staking resources out to say 100 future blocks with each of those having parallel forks.
With every new parallel fork calculation your CPU & Memory requirements increase exponentially, evolving into another wasteful version of proof of work.

OK, then we're in agreement that POW-style incentives + the game theory works?

The Majority of PoS coins Destroy the Transactions fees, so dominating a PoS chain won't earn you anything extra.
Your rewards are all you get, and that is fixed by the code and time, even if multistaking was not insanely stupid waste of resources their is literally nothing to gain from it.

What about another POS coin killing the competition?

So let's end this stupid myth,
Gmax why don't you write a Multistaking PoS client and destroy all PoS coins,
Surely that will raise the price of all PoW coins for all PoW holders.
Unless of course you like to admit you were wrong.  

It's not a myth, it's a theory that SHOULD be explored in my opinion.

FYI:
If one really studies the PoW verses PoS debates.
One thing they learn is PoW has to end rewards and switch to a Transaction fee based economic model.
*Which causes all kinds of problems for miner profitability , due to the winner take all design in PoW.*

There's no written rule, Dogecoin has infinite supply. Unpopular opinion, but I believe Bitcoin could hard fork, and change supply rules IF there was consensus.

In PoS, Ultra Low Inflation Rewards can continue forever and by burning all transaction fees to keep supply in check.
This also allows a low fixed transaction fee model in PoS which is impossible in a PoW model that needs ever increasing fees to offset the loss in their winner take all ever increasing energy wasting design.

I believe the pro-POS have also never proven convincingly that long range/nothing at stake attacks are impossible too. It's an open debate.

[tromp]

One thing they learn is PoW has to end rewards and switch to a Transaction fee based economic model.
*Which causes all kinds of problems for miner profitability , due to the winner take all design in PoW.*

There's no written rule, Dogecoin has infinite supply. Unpopular opinion, but I believe Bitcoin could hard fork, and change supply rules IF there was consensus.

Dogecoin and Monero have tail emissions, i.e. after an initial period of decreasing rewards, at some time they switch to constant rewards.

Grin is the first example of a coin with a never changing reward, from launch and forever at 1 Grin per second.

[mda]

Proof of Stake and Lightning Network require private keys to be online, so both are security disasters. No wonder they are getting support and funding from certain headquarters.

[tromp]

And if you want to see the results of endless rewards and why it is a failure,
look at mooncoin or newyorkcoin, both PoW coins.

Mooncoin claims to have an eventual emission of

INT(0.29531*INT(19697202017/(INT(nHeight/100000)*100000)))

which becomes 0 at height 19697300000, so it's not not endless rewards.

Anyway, your argument would be better served by looking at less obscure coins with uncapped emission, such as Monero. Please explain how Monero is a failure.

[HeRetiK]

You're trying to imagine Game Theory will protect bitcoin ,
and it would if bitcoin was the only network the miners could mine.
But since the Miners have access to mining multiple networks, they will be true to their greedy nature and play them against each other,
untiil they decide for certain which one gives them personally the most profit.
Which due to the decreased rewards and ever growing reliance on transactions fees,
the transaction fees profit will lead the miners away from bitcoin as LN will dominate it's fees.

There's very little to no competition for Bitcoin's hashpower which probably won't change for two reasons:

1) Transaction-fees-only from a highly valued cryptocurrency is still more profitable (ie. able to pay for more hashpower) than transaction-fees-with-block-subsidy from a cryptocurrency that has very little value. LN is unlikely to "steal" fees from miners as there's still transactions to be made and mining fees to be paid -- just shared across a much larger user base, decreasing the cost for the individual. That's if LN succeeds. If it fails its impact on mining fees will be -- obviously -- nil.

2) The largest cryptocurrencies sharing their hashing algorithms with Bitcoin are (currently) Bitcoin hard forks that follow the same emission rate, so they have no advantage in terms of transaction-fees-with-block-subsidy vs transaction-fees-only. All other SHA256 coins are way out in the water, the introduction of new SHA256 coins (apart from the stray Bitcoin hard fork) is unlikely to happen.


That being said, what's your opinion on Ethereum's Casper?

[Wind_FURY]

Proof Of Stake isn't suitable for a "cryptocurrency". To avoid endless quoting and repeating, here is a great summary by Andrew Poelstra about why it is not.

Interesting enough the main lie repeated in said article is one made by GMaxwell.

The Nothing at Stake Myth is Literally a Nothing to Gain.

Stop it.

Nope, it is truthful, ask someone to explain to you what they think they would gain from it.
And I 'll explain why it wastes their time.

It's not a "myth", but a theory. Refute, but no mudslinging/name-calling. We're to learn and find answers.

The Facts are you need a Multistaking Client to even attempt a N@S,
no one has written one, because people that looked at making one realized it would create a PoW style system which actually gains the user nothing but wasting computer resources.

OK, let's be constructive. Explain that, or post links about that.

PoS coins are designed to run on a single chain and follow the stronger chain, which is the one with the most coins and the oldest age.

How does POS consider the strongest chain? Most stake? What stops a group of attackers to collude with most of the "stake", and create healthy looking chains they control?

A entire design change has to be made to make a client run on staking on Multiple chains at the same time, trying to game a single chain

In theory, it's impossible to make this multi-chain client? Honestly, it's the first time I've heard of it, I will ask around about this.

like I said earlier it actually converts PoS into a weird PoW  that constantly gobbles up CPU & memory.

By how much? .00000000000001% of the cost of an attack on Bitcoin?

It is like this, say you are calculating a reality, which requires a % of CPU and Memory, now calculate paralleled realities for each fork that you are trying to dominate with your staking resources out to say 100 future blocks with each of those having parallel forks.
With every new parallel fork calculation your CPU & Memory requirements increase exponentially, evolving into another wasteful version of proof of work.

OK, then we're in agreement that POW-style incentives + the game theory works?

Actually explaining that endless calculations that have very little meaning or use are just a waste of resources.

You're trying to imagine Game Theory will protect bitcoin ,
and it would if bitcoin was the only network the miners could mine.
But since the Miners have access to mining multiple networks, they will be true to their greedy nature and play them against each other,
untiil they decide for certain which one gives them personally the most profit.
Which due to the decreased rewards and ever growing reliance on transactions fees,
the transaction fees profit will lead the miners away from bitcoin as LN will dominate it's fees.

Your theory. OK.

The Majority of PoS coins Destroy the Transactions fees, so dominating a PoS chain won't earn you anything extra.
Your rewards are all you get, and that is fixed by the code and time, even if multistaking was not insanely stupid waste of resources their is literally nothing to gain from it.

What about another POS coin killing the competition?

PoW will destroy itself, due to miner greed and energy waste,
it was a failed design the moment ASICS were introduced and the poor blocked from mining.

No, I was asking, what about a competing POS coin attacking another POS coin?

So let's end this stupid myth,
Gmax why don't you write a Multistaking PoS client and destroy all PoS coins,
Surely that will raise the price of all PoW coins for all PoW holders.
Unless of course you like to admit you were wrong.  

It's not a myth, it's a theory that SHOULD be explored in my opinion.

Funny , how the guy who came up with the so called theory , has done absolutely nothing to make it happen in ~6 years.
I mean he could kill ethereum overnight , if he can release a multistaking client for it.
But yet he sits on his hands, maybe you should ask GMAX directly why he does not write one to totally end the PoS/PoW debates.
* Because it won't do anything but waste his time.*

I will say it again, it's a theory that should be explored, and discussion open-ended. Why are you mad? It's not a personal attack vs. you.

FYI:
If one really studies the PoW verses PoS debates.
One thing they learn is PoW has to end rewards and switch to a Transaction fee based economic model.
*Which causes all kinds of problems for miner profitability , due to the winner take all design in PoW.*

There's no written rule, Dogecoin has infinite supply. Unpopular opinion, but I believe Bitcoin could hard fork, and change supply rules IF there was consensus.

It is Satoshi's rule for bitcoin, and he wrote it directly in the code.
And if you want to see the results of endless rewards and why it is a failure,
look at mooncoin or newyorkcoin, both PoW coins.

Is Satoshi, God?

Mooncoin and NYcoin failed because of other reasons. Look at the names of those coins.

Core Devs seem to weak to hard fork , otherwise they would have hard forked segwit , which would have been a lot smarter than what they did with the soft fork retardation.

Another discussion/debate for another topic.

In PoS, Ultra Low Inflation Rewards can continue forever and by burning all transaction fees to keep supply in check.
This also allows a low fixed transaction fee model in PoS which is impossible in a PoW model that needs ever increasing fees to offset the loss in their winner take all ever increasing energy wasting design.

I believe the pro-POS have also never proven convincingly that long range/nothing at stake attacks are impossible too. It's an open debate.

You can open debate anything, but PoS has been here since 2013.

With most of them having trusted-3rd-party checkpoints. Why? What do they fear?

Nothing at Stake has been a Nothing to Gain , which is why in 7 years their have been no N@S attacks whatsoever on any PoS coin.

In theory a competing POS coin will gain if they attack another POS coin.

Long Range History attacks can happen to a weak PoW or a weak PoS coin,
any coin with any strength will easily block long range attacks.

FYI:
N@S nonsense myth and Long Range History attacks are two different attacks

It's a merely theory, until something happens.

[el kaka22]

Of course, proof of stake has issues as well, that is why the current proof of stake ones are trying to figure that out, or even ethereum for example who is working towards being proof of stake wants to as well, however that doesn't mean they are bad or shouldn't exist.

Proof of work has troubles as well, proof of stake just has different versions, maybe nothing at stake could be a problem, maybe it will be solved, however in the end all proof of xxx has some troubles if you are good enough hacker to find the loop hole. Trashing proof of stake for one loop hole which may not even exist in some of the coins is not constructive at all.

[Viper1]

My "perfect" coin would be a hybrid that minimizes the flaws inherent in both methods in order to produce something far more decentralized and fair for everyone. It would ensure that the inherent flaws that will always exist are so reduced and/or counteracted by the other that they are in effect rendered null and void. It's a dream but maybe one day someone will come along and chase the dream and not money like everyone does these days.

[Febo]

Monero
1.  No blockchain can be public and forever hidden,
anything they store publicly will eventually be broken
https://cointelegraph.com/news/monero-transactions-history-can-be-revealed-and-exposed-research

So anyone that uses them should be prepared for it all to be public within 3 years from the date of using it.


3.  Bitmain was selling an ASIC capable of mining Monero,
Monero changed the algorithm to disable the ASIC ability to mine monero.
But the fact is , a Monero ASIC was created and bitmain can modify it's original asic to support the changes, the only difference is now they are smart enough not to publicly acknowledge it, they will just keep it quiet and out mine everyone in monero with just a few asics.
PoW is always a winner take all dead end.

* Note: Monero being a failure is not a supply issue because of endless supply generation, but a failure it still will be. *

I used Monero 3 years ago and my transactions are not revealed yet although protocol was way less private built as today. How many more years I will have to wait that my 3 years old transactions will be revealed on your opinion?

No one ever was selling ASIC miner for Monero before they realize mining alghorythm will be changed in few weeks time. This is the only reason why ASIC miners are bad thing. You never know is there is someone secretly mining with more advanced ASIC miner then everyone else. 

Monero solved this problem with RandomX. You can buy best ASIC miner in your local computer store. It is called Ryzen.  True Satoshi Nakamoto & Nicolas van Saberhagen vision.