Bitcoin Forum
November 10, 2024, 12:49:59 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 ... 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 [177] 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 ... 256 »
  Print  
Author Topic: rpietila Altcoin Observer  (Read 387511 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
smooth
Legendary
*
Offline Offline

Activity: 2968
Merit: 1198



View Profile
August 20, 2014, 05:24:44 PM
 #3521

AnonyMint seems abosolutely convinced that PoS cannot work.

If he says so, it has to be true. PoS should shut down all operations within 24 hours and go home.

If 99% of all PoS coins shut down and went home the only thing that would happen is people would stop losing money buying the pump-and-dump shitcoin-of-the-day from the Altcoin Announcments forum.

The greatly increased scam potential alone that has resulted in almost all new shitcoins being PoS coins should be enough to scare away most careful investors. But if you want to bet on trying to find that 1% of PoS coins that are not outright scams and on PoS being sound enough to actually work despite warnings from nearly all competent analysts, go right ahead. And I really do mean this. Being willing to go up against the prevailing wisdom of experts is a great thing and important to progress. Just know that the odds are very much against you.



devphp
Sr. Member
****
Offline Offline

Activity: 336
Merit: 260


View Profile
August 20, 2014, 05:27:41 PM
 #3522

My understanding is that PoS has attack vectors that are not present in PoW, giving the attacker a cheaper way to totally control/destroy the network.

Can you elaborate? I have observed exchange price action and noticed that when 1% of NXT is purchased at market price, this drives the price up 25%. If that is extrapolated to 51%, the funding would have to be in billions of USD, not to mention there is no single place where that amount of coins can be purchased. At the same time there are calculations that buying up hardware to control 51% of Bitcoin hashrate only requires $500 mln.
devphp
Sr. Member
****
Offline Offline

Activity: 336
Merit: 260


View Profile
August 20, 2014, 05:29:04 PM
 #3523

If 99% of all PoS coins shut down and went home the only thing that would happen is people would stop losing money buying the pump-and-dump shitcoin-of-the-day from the Altcoin Announcments forum.

The greatly increased scam potential alone that has resulted in almost all new shitcoins being PoS coins should be enough to scare away most careful investors. But if you want to bet on trying to find that 1% of PoS coins that are not outright scams and on PoS being sound enough to actually work despite warnings from nearly all competent analysts, go right ahead. And I really do mean this. Being willing to go up against the prevailing wisdom of experts is a great thing and important to progress. Just know that the odds are very much against you.


Definition of a scam: something you haven't profited from and don't hope to Smiley
tromp
Legendary
*
Offline Offline

Activity: 990
Merit: 1110


View Profile
August 20, 2014, 05:42:31 PM
 #3524

My understanding is that PoS has attack vectors that are not present in PoW, giving the attacker a cheaper way to totally control/destroy the network.

Can you elaborate? I have observed exchange price action and noticed that when 1% of NXT is purchased at market price, this drives the price up 25%.

As I pointed out in the other bitcointalk thread, my basic NXT PoS soundness questions raised in

https://nxtforum.org/general/forging-questions/

remain unanswered.

So one attack vector is forging with timestamps artifiically advanced by almost 15 secs,
and having many nodes disagree on whether the new block is valid or not...
devphp
Sr. Member
****
Offline Offline

Activity: 336
Merit: 260


View Profile
August 20, 2014, 05:44:40 PM
 #3525

So one attack vector is forging with timestamps artifiically advanced by almost 15 secs,
and having many nodes disagree on whether the new block is valid or not...

You need coins to forge, a lot of them, that's why it's called Proof-of-Stake Smiley Why would you destroy your own investment if you spent billions of USD to buy up 51% of coins (or 90% of coins when TF is implemented)?
tromp
Legendary
*
Offline Offline

Activity: 990
Merit: 1110


View Profile
August 20, 2014, 05:48:49 PM
 #3526

So one attack vector is forging with timestamps artifiically advanced by almost 15 secs,
and having many nodes disagree on whether the new block is valid or not...

You need coins to forge, a lot of them, that's why it's called Proof-of-Stake Smiley Why would you destroy your own investment if you spent billions of USD to buy up 51% of coins (or 90% of coins when TF is implemented)?

I only need a small fraction of the active stake to forge the occasional block.

My question remains, what happens when many nodes disagree on whether some block is valid?
devphp
Sr. Member
****
Offline Offline

Activity: 336
Merit: 260


View Profile
August 20, 2014, 05:52:32 PM
 #3527

We are discussing the technical soundness of PoS here, not the economical soundness of attacks.


You mean we just skip straight to you possessing 51% of the coins? Smiley

rpietila mentioned it's cheaper to attack PoS, that's economical soundness, I was answering to him.

Perhaps you should keep asking on nxtforum.org to get answers, be persistent, if you're interested, don't expect being spoon-fed answers.
ArticMine
Legendary
*
Offline Offline

Activity: 2282
Merit: 1050


Monero Core Team


View Profile
August 20, 2014, 06:03:34 PM
 #3528

AnonyMint seems abosolutely convinced that PoS cannot work.

If he says so, it has to be true. PoS should shut down all operations within 24 hours and go home.

My understanding is that PoS has attack vectors that are not present in PoW, giving the attacker a cheaper way to totally control/destroy the network. On the other hand, even credit cards "work", in a way. Nothing is perfect, even PoW.

One way to attack a POS coin is to hedge a 51% attack using derivatives. In this scenario the attacker purchases the coin and hedges the position by selling short in the derivatives market. The net effect is that attacker's stake does not equal the attacker's exposure. The main reason this kind of attack has not happened is that none of the POS coins have developed to the point where a strong and liquid derivatives markets has developed.

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
Este Nuno
Legendary
*
Offline Offline

Activity: 826
Merit: 1002


amarha


View Profile
August 20, 2014, 06:08:00 PM
 #3529


PoS being sound enough to actually work despite warnings from nearly all competent analysts, go right ahead. And I really do mean this. Being willing to go up against the prevailing wisdom of experts is a great thing and important to progress. Just know that the odds are very much against you.


But there are experts on both sides. Vitalik just recently being a convert. And SlipperySlope here as well.

I know gmaxwell has posted about 'Nothing at Stake' attacks, but that appears now to be a solveable issue. Infact, Vitalik wrote a whole article about them and it appears as a result of his article sparking debate, a solution was found.

I certainly don't claim to have the anwser, but it would appear that this is something that's headed towards being solved. Unless of course AnonyMint is correct and it's totally unworkable.

If it comes down to one entity controlling 51% of the money supply and that's the main issue, then I think it's already better than PoW since theoretically it should cost more to mount that sort of attack than attempt a similar 51% attack on a PoW network(edit: unless someone can borrow 51% of the money supply on leverage). If there are other issues then of course all of those will need to be solved.
jaybny
Sr. Member
****
Offline Offline

Activity: 410
Merit: 250


Proof-of-Skill - protoblock.com


View Profile WWW
August 20, 2014, 06:13:50 PM
 #3530


PoS being sound enough to actually work despite warnings from nearly all competent analysts, go right ahead. And I really do mean this. Being willing to go up against the prevailing wisdom of experts is a great thing and important to progress. Just know that the odds are very much against you.


But there are experts on both sides. Vitalik just recently being a convert. And SlipperySlope here as well.

I know gmaxwell has posted about 'Nothing at Stake' attacks, but that appears now to be a solveable issue. Infact, Vitalik wrote a whole article about them and it appears as a result of his article sparking debate, a solution was found.

I certainly don't claim to have the anwser, but it would appear that this is something that's headed towards being solved. Unless of course AnonyMint is correct and it's totally unworkable.

If it comes down to one entity controlling 51% of the money supply and that's the main issue, then I think it's already better than PoW since theoretically it should cost more to mount that sort of attack than attempt a similar 51% attack on a PoW network. If there are other issues then of course all of those will need to be solved.

Nothing-at-stake solved. 

http://satoshifantasy.com/bergstake-2/
http://satoshifantasy.com/breakoutcoin-with-bergstake/



Protoblock turns knowledge of American football into Fantasybit coin, a margin token used to monetize leveraged skill.

https://twitter.com/jaybny/status/1022596877332762624
ArticMine
Legendary
*
Offline Offline

Activity: 2282
Merit: 1050


Monero Core Team


View Profile
August 20, 2014, 06:25:33 PM
 #3531


The first question that comes to mind is how does one prevent the transfer of the bergstake?

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
jaybny
Sr. Member
****
Offline Offline

Activity: 410
Merit: 250


Proof-of-Skill - protoblock.com


View Profile WWW
August 20, 2014, 06:34:05 PM
 #3532


The first question that comes to mind is how does one prevent the transfer of the bergstake?

its not a currency, its locked onto the original address,  so only way to transfer is to share the private-key.  

Protoblock turns knowledge of American football into Fantasybit coin, a margin token used to monetize leveraged skill.

https://twitter.com/jaybny/status/1022596877332762624
rpietila (OP)
Donator
Legendary
*
Offline Offline

Activity: 1722
Merit: 1036



View Profile
August 20, 2014, 07:10:24 PM
 #3533

So one attack vector is forging with timestamps artifiically advanced by almost 15 secs,
and having many nodes disagree on whether the new block is valid or not...

You need coins to forge, a lot of them, that's why it's called Proof-of-Stake Smiley Why would you destroy your own investment if you spent billions of USD to buy up 51% of coins (or 90% of coins when TF is implemented)?

No. You need the majority of stake in any point of time past, to forge all the history of the future from that point of time on. So any group who ever had 51% of the currency/votes/etc. can rewrite the history at will. Or any group that can coerce any group at any point of time. There is also no mechanism to keep track which of the forks is the correct one.

This is called NaS (nothing-at-stake) attack, because you risk nothing in the present (you may have sold your coins already) to destroy everybody.

With PoW, you permanently need a knowable amount of hashrate and still can accomplish very little really.

HIM TVA Dragon, AOK-GM, Emperor of the Earth, Creator of the World, King of Crypto Kingdom, Lord of Malla, AOD-GEN, SA-GEN5, Ministry of Plenty (Join NOW!), Professor of Economics and Theology, Ph.D, AM, Chairman, Treasurer, Founder, CEO, 3*MG-2, 82*OHK, NKP, WTF, FFF, etc(x3)
devphp
Sr. Member
****
Offline Offline

Activity: 336
Merit: 260


View Profile
August 20, 2014, 07:20:28 PM
 #3534

No. You need the majority of stake in any point of time past, to forge all the history of the future from that point of time on. So any group who ever had 51% of the currency/votes/etc. can rewrite the history at will. Or any group that can coerce any group at any point of time. There is also no mechanism to keep track which of the forks is the correct one.

Yes, there is a mechanism to keep track which fork is correct. It's called Economic Clustering. But it will likely never be utilized, as getting private keys of 51% coins seems a much more insurmountable task than coercing 2-3 biggest PoW pool operators to follow a certain agenda. But EC will be there just in case, so yes, nodes can know which fork is correct and be in consensus. There is also a penalty in EC for forgers who forge on an incorrect fork.
SlipperySlope
Hero Member
*****
Offline Offline

Activity: 686
Merit: 501

Stephen Reed


View Profile
August 20, 2014, 07:56:50 PM
 #3535

AnonyMint seems absolutely convinced that PoS cannot work. You both seem confident in your respective opinions. Does your CPoS system address any of his concerns?

The CPoS system is not yet deployed so we do not know its vulnerabilies, but it's design is very unlike existing PoS systems and so AnonyMint's criticisms of PoS would not apply. His other criticisms of how far incumbent special interests would go to stop the replacement of fiat would hold however.

When I first discussed proof-of-stake ideas with Bitcoin core developers, they said that solving the distributed consensus problem was the main issue. I thought about it and sidestepped that problem by starting with a conventional financial transaction network design and altering it to maximally preserve the Satoshi Social Contract and protocol compatibility with the existing Bitcoin network.  I designed geographic dispersion and non-affiliated node ownership to achieve resistance to government shutdown. I used a cognitive architecture to enable trust-free software agents to transparently operate the system. I achieve all the technical and performance advantages of a central mint, but avoid a single point of failure or trust by using a nomadic software agent to create new blocks.

There can be no 51% percent attack unless an attacker successfully impersonates a majority of the paid-for full nodes. CPoS makes this hard in the same way that VisaNet safeguards credit card transactions. CPoS full nodes are authenticated by X.509 certificates issued from the Texai certificate authority. All traffic between nodes is encrypted with TLS/SSL. Each CPoS full node does not use DNS to navigate the network, rather static IP addresses are securely transmitted offline. Private keys will be secured by hardware. A paid-for set of network operations centers will actively manage the network with regard to intrusion detection and mitigation.

In CPoS there is one canonical copy of the non-forking blockchain that paid-for full nodes will replicate. Volunteers may download CPoS software to replicate and verify the blockchain too. In CPoS there is no competition of miners to create the longest chain, rather the single nomadic mint agent creates new blocks for the whole network without competition, and at no effort. Bitcoind already has this no-effort PoW ability for regression testing.

There can be no Finney attacks because CPoS transactions are immutable once they enter the network. An issued transaction is routed directly to the nomadic mint agent's current full node along redundant paths. An acknowledgement of the accepted transaction is immediately broadcast into the network so that users know their transaction will be contained in the next block. This method also prevents lost or ignored transactions. Unlike the Satoshi Bitcoin network and its altcoin clones having best-effort volunteer full nodes, CPoS paid-for full nodes are high availability, high bandwidth, and rationally connected for maximum performance and redundancy.

There can be no double spends in the CPoS network because there is one canonical blockchain and issued transactions are routed to the nomadic mint along the fastest path. The CPoS is not peer-to-peer allowing full nodes to join and leave at will - rather it is a permanent network of peers with an optimal topology.

I am keeping proof-of-stake in the project title but my thinking is evolving away from using block rewards to pay dividends to existing coin holders. Users can migrate from PoW to CPoS forks because of features and transparent investment of the block rewards directly into making the Bitcoin Core and other infrastructure better.

-Stephen Reed
dga
Hero Member
*****
Offline Offline

Activity: 737
Merit: 511


View Profile WWW
August 20, 2014, 08:02:52 PM
 #3536

No. You need the majority of stake in any point of time past, to forge all the history of the future from that point of time on. So any group who ever had 51% of the currency/votes/etc. can rewrite the history at will. Or any group that can coerce any group at any point of time. There is also no mechanism to keep track which of the forks is the correct one.

Yes, there is a mechanism to keep track which fork is correct. It's called Economic Clustering. But it will likely never be utilized, as getting private keys of 51% coins seems a much more insurmountable task than coercing 2-3 biggest PoW pool operators to follow a certain agenda. But EC will be there just in case, so yes, nodes can know which fork is correct and be in consensus. There is also a penalty in EC for forgers who forge on an incorrect fork.

As I stated a month or so ago in this thread, I think people mis-estimate the ease of borrowing large amounts of money if you already have large amounts of money.

https://bitcointalk.org/index.php?topic=624223.msg7689885#msg7689885

If you're a billionaire, you could borrow a billion dollars of a coin (or buy it outright, use it as rpietila said, and then re-sell), and if you worked through proxies, you could probably do it without people even realizing you'd done it.

Well hedged bets like this make people a lot of money.

Heck - you could even do the attack, make money off of it, and then short the currency hard as it looks like it's going to drop and then reveal that it was owned, causing it to collapse faster...

Adversarial finance is tricky.

And let me make this very concrete:  I've actually had a conversation along these lines with someone who works at a private investment firm.  It was speculative, and probably won't go anywhere, but don't think that people aren't already starting to plan for things like this in the event that bitcoin or foo-coin becomes successful.

AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
August 20, 2014, 08:06:36 PM
Last edit: August 20, 2014, 08:51:39 PM by AnonyMint
 #3537

AnonyMint seems absolutely convinced that PoS cannot work. You both seem confident in your respective opinions. Does your CPoS system address any of his concerns?

It can't. Let them go ahead and waste their time (and probably other people's money). I have no desire to try to stop them from failing or doing another investment pump.

They will invent more and more verbose obfuscations of the fundamental issue of why PoS can't.

Btw, traditional financial systems are not fully decentralized.

Even if you did solve the insoluble issue of centralization as it applies to security of the block chain (in the most general sense where control to fork or influence the design of the system is considered an insecurity), you can never solve the problem that it doesn't redistribute coin from the accumulators in the power-law distribution of wealth back to the spenders, thus just like gold, it can never be a currency. The way society has solved that is socialism. PoW could in theory solve it by routing the debasement decentrally to the spenders, especially if the spenders are the ones mining (and no one seems to know how to make this happen but I think I do).

Nothing at Stake wasn't the problem. The argument that stakeholders won't destroy their investment is a red-herring strawman or off-topic! Our overlords who own our financial system now don't destroy their investment when they destroy us with their control of the financial system. Stakeholders can drive the system in directions that benefit the oligarchy, without destroying the double-spend security.

A Benevolent Dictator is preferable over an rent seeking oligarchy, because the latter can never do good due to a Tragedy of the Commons, at least former does sometimes (e.g. Julius Caesar).

PoS will always trend towards control by the accumulators in the power-law distribution of wealth. Even PoW does too unless you make mining uneconomic yet necessary. So that is why people have argued that it makes no difference and might as well use the one that consumes less energy and is more efficient.

But there are experts on both sides. Vitalik just recently being a convert. And SlipperySlope here as well.

I know gmaxwell has posted about 'Nothing at Stake' attacks, but that appears now to be a solveable issue. Infact, Vitalik wrote a whole article about them and it appears as a result of his article sparking debate, a solution was found.

Two very smart guys (cryptographers I believe), but my intuition is they lack holistic economics and political science understanding. They are math nerds.

SlipperySlope I believe is outside his field of expertise in crypto-currency. I don't think he is a cryptographer nor a programmer nor an economist nor a political scientist. He has an applied math background if I remember correctly, which is pretty general if considered in this context. If were in an applied math forum, I better shut up and listen more to him.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
ArticMine
Legendary
*
Offline Offline

Activity: 2282
Merit: 1050


Monero Core Team


View Profile
August 20, 2014, 08:40:23 PM
 #3538


The first question that comes to mind is how does one prevent the transfer of the bergstake?

its not a currency, its locked onto the original address,  so only way to transfer is to share the private-key.  

So what happens when the original bergstake holders die? I can see an attack here. Sell heavily discounted mining equipment to people with very low life expectancy, wait for them to die and then launch the attack.

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
SlipperySlope
Hero Member
*****
Offline Offline

Activity: 686
Merit: 501

Stephen Reed


View Profile
August 20, 2014, 08:40:49 PM
 #3539

Here is the one-week resolution chart of LTC vs CNY from the liquid OKCoin exchange. The rightmost green candle could be a long-awaited trend reversal for litecoin prices, given the relatively high volume . . .

dEBRUYNE
Legendary
*
Offline Offline

Activity: 2268
Merit: 1141


View Profile
August 20, 2014, 08:47:58 PM
 #3540

Here is the one-week resolution chart of LTC vs CNY from the liquid OKCoin exchange. The rightmost green candle could be a long-awaited trend reversal for litecoin prices, given the relatively high volume . . .



Personally I think LTC will keep falling untill BTC is really "bubbling", look at the last two bubbles and compare them with the ltc/btc ratio.. Probably this is just a bulltrap for LTC or maybe they will move sideways for a little while

Privacy matters, use Monero - A true untraceable cryptocurrency
Why Monero matters? http://weuse.cash/2016/03/05/bitcoiners-hedge-your-position/
Pages: « 1 ... 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 [177] 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 ... 256 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!