The Deathblow to Proof of Stake

[masterOfDisaster]

In either case - PoW or PoS - the security of the network is based on a limited resource that can't be created at will. If an attacker gains control of an amount of that limited resource that is enough to undermine the security of the network it will get nasty.
In PoS the limited resource is derived from the currency units in the network itself.
In PoW the limited resource is computational power.
PoS's security suffers from big holders of currency units which have malicious intents.
PoW' security suffers from big holders of computational power which have malicious intents (imagine someone is abusing a PoW pool's computational power; even if that power is below 50% all that is needed, is to DDoS another big pool...).
Same shit, different color.

The big difference lies in the economical aspects of attacks on PoS and PoW.
For PoW attacks you need computational power. If you have killed a specific PoW network with that power, you can still use it for other PoW networks.
For PoS attacks you need currency units of the network you intend to attack. If you succeed, you diminish the value of the owned currency units - estimatively by vast amounts; there's no reuse for different networks.

[1714858428]

1714858428

[1714858428]

1714858428

[1714858428]

1714858428

[Brangdon]

Proof of stake is useless to people who want to use online wallets for their altcoin, since most online wallets keep the income for themselves. As do exchanges that gain POS shares in balances.

"Useless" if you think the use of crypto-currency is to increase wealth by mining/forging. In Nxt, forging is more about securing the network than it is about gaining revenue. In PoS, anyone can forge, but no-one will get rich from it.

Does NXT suffer from the "nothing at stake" vulnerability?

"Nothing at Stake" is a chimera; a theoretical problem that has never been seen in the wild. Currently Nxt does not suffer from forgers forging on every chain they see. There is reason to believe it never will.

Or all IPO+PoS coins for that matter, because in the beginning someone had 100% of the coins.

Are you confusing "Nothing at Stake" with "History Attack"? Nxt mitigates history attacks by not allowing block-chain re-organisations past 720 blocks. That means we don't have to worry about the founders mounting an attack with ancient coins.

[Nullu]

Seems like the biggest problem of cryptocurrency is centralisation. Given that it's meant to be a decentralised currency, it's pretty logical. The problem is centralisation of decentralised currency.

Holding too many coins in one place is like keeping your life savings under your mattress. Keeping large amounts of coins on an exchange, well that just flies in the face of decentralised currency.

[devphp]

Are you confusing "Nothing at Stake" with "History Attack"? Nxt mitigates history attacks by not allowing block-chain re-organisations past 720 blocks. That means we don't have to worry about the founders mounting an attack with ancient coins.

Yes, he does confuse them, many people do, because they simply parrot others' wrong opinions.

History attack is impossible because all blocks older than 720 in the past are irreversible, there are decentralized rolling checkpoints in NXT which take care of that.

Here is how Vitalik Buterin formulated the "Nothing at stake" issue" two weeks ago:
https://nxtforum.org/general-discussion/bounty-for-successful-nothing-at-stake-attack/msg60114/#msg60114
read that thread from that post to the end to see that he was apparently satisfied with the replies he got that NXT is not vulnerable to N@S, or at least he had nothing else to retort.

[Chillin_with_beer]

pos is the only sustainable solution so far. What you describe is the problem of one young coin, not pos. See https://www.youtube.com/watch?v=A2jx1TlkMBs , he does a very thorough and clear analysis of pos in the long term.

[Brangdon]

Sorry my ignorance regarding NXT, but someone could just start as many nodes as he wants and have majority of them?

Yes.

Nxt also has the notion of "hallmarking" a node, which means it is associated with an account and therefore a stake. Other nodes tend to trust hallmarked nodes more.

I would still rather have big centralized pools than someone having the power to control the network without owning any hashing power or even 51% of the coins (even if he had them at one point, he can sell them off and then attack the network - attacking it at no cost).

How does your PoS deal with that, fork it to an earlier stage? haha

Nxt deals with it by not allowing block-chain re-organisations past 720 blocks. That means the attacker has a narrow window for making the attack. That is in addition to the usual difficulty of acquiring a large enough stake to make the attack feasible. For comparison, in a PoW currency it would go:

• Buy hashpower.
• Attack PoW.
• Sell hashpower.

for a near-zero cost attack. In Nxt it would go:

• Buy stake.
• Wait 1440 blocks so that stake can forge.
• Sell stake.
• Attack PoS (within 720 blocks).

In both cases, the hard part is step 1. The difference in the ordering of last two steps is just a few hours. The PoW attacker has the advantage that they can sell off their hashpower at a gradual pace, without crashing the market. With Nxt, they'd have to carry out their attack within 12 hours of selling, so they'd have to sell quickly. Basically, buying 51% of Nxt is going to cost a fortune, and dumping 51% of Nxt would itself crash the price never mind the attack; and the attacker would lose a lot of money from the price crashing before they could sell their entire stake. So the notion that this attack has no cost is ludicrous.

[illodin]

Or all IPO+PoS coins for that matter, because in the beginning someone had 100% of the coins.

Are you confusing "Nothing at Stake" with "History Attack"? Nxt mitigates history attacks by not allowing block-chain re-organisations past 720 blocks. That means we don't have to worry about the founders mounting an attack with ancient coins.

Thanks for the reply.

Does any other PoS coin have such a "rewind" limitation like NXT's 720?

[devphp]

As price action and market volume observations show, buying 51% of NXT would be at least two orders of magnitude more costly ($50+ bln) than buying 51% of hash power for Bitcoin ($500 mln), because each time 1% of NXTs is purchased the price goes up 25%, that would be exponential growth of capital required to buy 51% of all NXTs in existance.

[Brangdon]

Or all IPO+PoS coins for that matter, because in the beginning someone had 100% of the coins.

Are you confusing "Nothing at Stake" with "History Attack"? Nxt mitigates history attacks by not allowing block-chain re-organisations past 720 blocks. That means we don't have to worry about the founders mounting an attack with ancient coins.

Thanks for the reply.

My pleasure.

Does any other PoS coin have such a "rewind" limitation like NXT's 720?

I don't know. Nxt is open source and has its clones, and I guess the clones have the same rules, but I don't know about PoS coins which are more original. I gather Peercoin use centralised check-points instead.

[micax1]

extreme attacks requires extreme measures... so rollback is justified
however i consider mintpal story bullshit.

[micax1]

also I think we need a lot of time to get to pure PoS as mainstream
maybe 5-10 years

[superresistant]

Sorry my ignorance regarding NXT, but someone could just start as many nodes as he wants and have majority of them?

Yes.

Nxt also has the notion of "hallmarking" a node, which means it is associated with an account and therefore a stake. Other nodes tend to trust hallmarked nodes more.

I would still rather have big centralized pools than someone having the power to control the network without owning any hashing power or even 51% of the coins (even if he had them at one point, he can sell them off and then attack the network - attacking it at no cost).

How does your PoS deal with that, fork it to an earlier stage? haha

Nxt deals with it by not allowing block-chain re-organisations past 720 blocks. That means the attacker has a narrow window for making the attack. That is in addition to the usual difficulty of acquiring a large enough stake to make the attack feasible. For comparison, in a PoW currency it would go:

• Buy hashpower.
• Attack PoW.
• Sell hashpower.

for a near-zero cost attack. In Nxt it would go:

• Buy stake.
• Wait 1440 blocks so that stake can forge.
• Sell stake.
• Attack PoS (within 720 blocks).

In both cases, the hard part is step 1. The difference in the ordering of last two steps is just a few hours. The PoW attacker has the advantage that they can sell off their hashpower at a gradual pace, without crashing the market. With Nxt, they'd have to carry out their attack within 12 hours of selling, so they'd have to sell quickly. Basically, buying 51% of Nxt is going to cost a fortune, and dumping 51% of Nxt would itself crash the price never mind the attack; and the attacker would lose a lot of money from the price crashing before they could sell their entire stake. So the notion that this attack has no cost is ludicrous.

+1
Great explanation.

Please everyone, read that quote before commenting on PoW vs PoS.
No system is perfect but don't let people spread FUD.

[DeathAndTaxes]

For PoS attacks you need currency units of the network you intend to attack. If you succeed, you diminish the value of the owned currency units - estimatively by vast amounts; there's no reuse for different networks.

No you need to have currency units in the PAST.  That is the basis for the nothing at stake problem.

Say the active stake is 10% of the money supply.
In block X I have >5% of the money supply.
In block X+1 I sell my coins. 
By x+10 the transaction is confirmed the new owner(s) have the coins.

I now have NOTHING as in nothing at stake.
I can still re-org the network by building an alternate chain back at block x when I did have the majority of the stake.   It doesn't cost me anything to try, there is nothing I can lose in the process.  I am using not coins but the history of coins I once had to perform the attack.

[DeathAndTaxes]

As price action and market volume observations show, buying 51% of NXT would be at least two orders of magnitude more costly ($50+ bln) than buying 51% of hash power for Bitcoin ($500 mln), because each time 1% of NXTs is purchased the price goes up 25%, that would be exponential growth of capital required to buy 51% of all NXTs in existance.

You don't need 51% of the coins just 51% of the active stake.  In no currency can 100% of the money supply be used for minting.  If it was then the currency couldn't be used for anything else.

[farl4web]

The difference is this. When people do a 51% attack on some mid-altcoin and kill it, they can later point there miners to the next victim. In Proof-of-Stake, you will lose your own stake. Then you not happy, you're done.  

[devphp]

As price action and market volume observations show, buying 51% of NXT would be at least two orders of magnitude more costly ($50+ bln) than buying 51% of hash power for Bitcoin ($500 mln), because each time 1% of NXTs is purchased the price goes up 25%, that would be exponential growth of capital required to buy 51% of all NXTs in existance.

You don't need 51% of the coins just 51% of the active stake.  In no currency can 100% of the money supply be used for minting.  If it was then the currency couldn't be used for anything else.

There are not many reasons for people not to forge/stake in NXT, either solo (bigger stakes) or through pools (smaller ones). That's why most of the coins are forging, hence, yes, you need 51% or close to that and the capital two orders of magnitude larger to buy all those coins than the capital needed to buy hardware to hashrate attack Bitcoin.

[farl4web]

It's simpler to buy a lot of ASIC miners than to buy 51% of NXT for example. Good luck with that! 

[Istanbul34]

As price action and market volume observations show, buying 51% of NXT would be at least two orders of magnitude more costly ($50+ bln) than buying 51% of hash power for Bitcoin ($500 mln), because each time 1% of NXTs is purchased the price goes up 25%, that would be exponential growth of capital required to buy 51% of all NXTs in existance.

You don't need 51% of the coins just 51% of the active stake.  In no currency can 100% of the money supply be used for minting.  If it was then the currency couldn't be used for anything else.

The NXT community discussed this matter with Vitalik Buterin from Ethereum. He was surprised about the solution of NXT and said there is no fatal flaw in NXT after he understood the solution.

https://nxtforum.org/general-discussion/bounty-for-successful-nothing-at-stake-attack/msg60166/#msg60166

Read his analysis and come back. If you still can describe how you can perform a succesful Nothing at Stake attack against NXT, I will believe you and I will bow for you.

[XbladeX]

POS in general is secure as they stake holders are if they are stupid and keep 1/3 of all coin at one place they can suffer like VRC..
If they are smarter like PPC they wont have such problem.

Here even didn't see any blow in POS security becouse attacked have to know how attack coin...


Here was panic fear of dumping 8m coin on market nothing more...
if they wanted  secure network they could do it other way.

[Propulsion]

A lot of discussion is specifically about NXT.

Is there any difference in NXT's PoS implementation vs most of these new altcoins with PoS?