It's about time to turn off PoW mining

[inBitweTrust]

I don't like PoW precisely because I'm heavily invested in Bitcoin. Would you be happy if your 401k account charges you 10% expense each year? This is what PoW is costing Bitcoin owners

Certainly, and I will even admit that many of your criticisms are valid. What you fail to address properly is the innate weaknesses with PoS and DPoS however. This isn't about that though.... the real question is why you are still mostly invested in BTC and claiming that "PoW is dead" and pumping Bitshares? Why don't your actions match your rhetoric? If it is costing you, get out and we will soon follow if Bitshares is superior.(yes, I understand BTC is merely one DAC within the bitshares eco-system. The point is you are claiming its a flawed DAC , and thus I am suggesting you invest in non flawed DAC's)

[kokojie]

I don't like PoW precisely because I'm heavily invested in Bitcoin. Would you be happy if your 401k account charges you 10% expense each year? This is what PoW is costing Bitcoin owners

Certainly, and I will even admit that many of your criticisms are valid. What you fail to address properly is the innate weaknesses with PoS and DPoS however. This isn't about that though.... the real question is why you are still mostly invested in BTC and claiming that "PoW is dead" and pumping Bitshares? Why don't your actions match your rhetoric? If it is costing you get out and we will soon follow if Bitshares is superior.

I don't think you understand. Why would I get out if I'm still confident that Bitcoin will rise up? but my point is, for example, this year Bitcoin could have had a 20% increase in value, but with the PoW cost dragging it down, you are looking at a much smaller increase in value. But my investment would still increase in value, why would I get out instead of attacking the problem that is dragging my investment returns down?

Bitshares still has a long way to go to overtake Bitcoin, 3-4 years minimum, there's no hurry to get into Bitshares, I'm already invested in Bitshares anyway. If Bitshares does overtake Bitcoin, my current investment in Bitshares is more than enough to give me insane returns.

[krach]

claiming that "PoW is dead"

This is the new fad/trend ,anti asic, national coins, annon coins, limited pow/pos and now anti-pow "proof of stake plus" and any kind of "cryptoasset" tokens.
Parts are genuine innovation but mostly it is about "geting rich" and "us vs. them"

time will tell

[inBitweTrust]

I don't think you understand. Why would I get out if I'm still confident that Bitcoin will rise up? but my point is, for example, this year Bitcoin could have had a 20% increase in value, but with the PoW cost dragging it down, you are looking at a much smaller increase in value. But my investment would still increase in value, why would I get out instead of attacking the problem that is dragging my investment returns down?

Bitshares still has a long way to go to overtake Bitcoin, 3-4 years minimum, there's no hurry to get into Bitshares, I'm already invested in Bitshares anyway.

Aha, so you are treating bitcoin as a short term investment platform before you jump off onto a Bitshares PoS/DPoS DAC. You believe the momentum of Bitcoin will propel it to gain much more than an alternative Bitshare DAC in the short term of 3-4 years. So what you are really suggesting users to do is not invest in a Bitshares DAC but stay with Bitcoin and slowly introduce PoS into the protocol?

This is yet another reason Bitcoin will remain superior as the network effect is already taken a hold where even those that claim it is innately and fundamentally flawed are still heavily invested in it. The fact that people still are resisting from heavily investing in their preferred crypto-currency will insure that those alts never grow up.

I predict PoS/DPoS/PoSV coins will fulfill nice roles in future Bitcoin treechains or sidechains.

[SgtSpike]

Is there a rebuttal from the PoS crowd to this:
  https://download.wpsoftware.net/bitcoin/pos.pdf

... other than "sure, the original PoS ideas were flawed, but the latest MegaUberPoS system gets it right and nobody has figured out exactly how to break it!"

I am not the best person to discuss the technical details here, but how do you explain PoW altcoins are easily 51% attacked to death. But then PoS altcoins all avoided this fate, and most of them (the non scammy ones), works and works well. Clearly when put in a equal competition (altcoins), the PoS system came out on top in an equal competitive environment (without early start advantage etc...).

Currently top 6 marketcap:
1. Bitcoin (PoW) (early start)
2. Litecoin (PoW) (early start)
3. Ripple (not PoW nor PoS, possibly a scam)
4. BitsharesX (PoS) (DPoS)
5. NxT (PoS) (possibly scam distribution)
6. Peercoin (PoS) (PoW initial distribution)

As is typical with those who support PoS, no acceptable answer is given.

[Gavin Andresen]

I am not the best person to discuss the technical details here, but how do you explain PoW altcoins are easily 51% attacked to death. But then PoS altcoins all avoided this fate, and most of them (the non scammy ones), works and works well. Clearly when put in a equal competition (altcoins), the PoS system came out on top in an equal competitive environment (without early start advantage etc...).

I think we'll see non-clone coins being broken after two things happen:

1. They become valuable enough for attackers to bother, and there is some way for them to cash out.
2. The attackers have some time to do what they need to do to mount an attack-- write code, deploy botnets, hack into some big exchange(s), get their hands on some early-adopter's wallet backups, or whatever.

Once the tools and techniques are developed, then I think we'll see what we see in PoW 51% attacks: attacks against even mostly-worthless clonecoins, because if they've already got the tools then they might just attack for the lulz.

I'm surprised you count peercoin a PoS success-- they're still running with centralized checkpoints, aren't they?

[kokojie]

I am not the best person to discuss the technical details here, but how do you explain PoW altcoins are easily 51% attacked to death. But then PoS altcoins all avoided this fate, and most of them (the non scammy ones), works and works well. Clearly when put in a equal competition (altcoins), the PoS system came out on top in an equal competitive environment (without early start advantage etc...).

I think we'll see non-clone coins being broken after two things happen:

1. They become valuable enough for attackers to bother, and there is some way for them to cash out.
2. The attackers have some time to do what they need to do to mount an attack-- write code, deploy botnets, hack into some big exchange(s), get their hands on some early-adopter's wallet backups, or whatever.

Once the tools and techniques are developed, then I think we'll see what we see in PoW 51% attacks: attacks against even mostly-worthless clonecoins, because if they've already got the tools then they might just attack for the lulz.

I'm surprised you count peercoin a PoS success-- they're still running with centralized checkpoints, aren't they?

In peercoin 0.4 (current available version), yes still checkpoints. Though Sunny King has stated in 0.5 (future version coming out soon, hopefully), checkpoint will become optional and user can opt out checkpoints. Btw, at least 90% PoW altcoin use checkpoints too, otherwise they get instantly 51% attacked to death. Actually I think having checkpoints in Peercoin is due to the PoW part of the network. Since PoS is now taking over in Peercoin, producing majority of the blocks, checkpoints is no longer needed.

[jl2012]

I am not the best person to discuss the technical details here, but how do you explain PoW altcoins are easily 51% attacked to death. But then PoS altcoins all avoided this fate, and most of them (the non scammy ones), works and works well. Clearly when put in a equal competition (altcoins), the PoS system came out on top in an equal competitive environment (without early start advantage etc...).

I think we'll see non-clone coins being broken after two things happen:

1. They become valuable enough for attackers to bother, and there is some way for them to cash out.
2. The attackers have some time to do what they need to do to mount an attack-- write code, deploy botnets, hack into some big exchange(s), get their hands on some early-adopter's wallet backups, or whatever.

Once the tools and techniques are developed, then I think we'll see what we see in PoW 51% attacks: attacks against even mostly-worthless clonecoins, because if they've already got the tools then they might just attack for the lulz.

I'm surprised you count peercoin a PoS success-- they're still running with centralized checkpoints, aren't they?

In peercoin 0.4 (current available version), yes still checkpoints. Though Sunny King has stated in 0.5 (future version coming out soon, hopefully), checkpoint will become optional and user can opt out checkpoints. Btw, at least 90% PoW altcoin use checkpoints too, otherwise they get instantly 51% attacked to death. Actually I think having checkpoints in Peercoin is due to the PoW part of the network. Since PoS is now taking over in Peercoin, producing majority of the blocks, checkpoints is no longer needed.

You THINK? Please read and learn the basic knowledge on this topic before you think. I'm quite sure you didn't read the article I cited, or you simply don't care and just want to promote the coins that you have invested in.

[kokojie]

I am not the best person to discuss the technical details here, but how do you explain PoW altcoins are easily 51% attacked to death. But then PoS altcoins all avoided this fate, and most of them (the non scammy ones), works and works well. Clearly when put in a equal competition (altcoins), the PoS system came out on top in an equal competitive environment (without early start advantage etc...).

I think we'll see non-clone coins being broken after two things happen:

1. They become valuable enough for attackers to bother, and there is some way for them to cash out.
2. The attackers have some time to do what they need to do to mount an attack-- write code, deploy botnets, hack into some big exchange(s), get their hands on some early-adopter's wallet backups, or whatever.

Once the tools and techniques are developed, then I think we'll see what we see in PoW 51% attacks: attacks against even mostly-worthless clonecoins, because if they've already got the tools then they might just attack for the lulz.

I'm surprised you count peercoin a PoS success-- they're still running with centralized checkpoints, aren't they?

In peercoin 0.4 (current available version), yes still checkpoints. Though Sunny King has stated in 0.5 (future version coming out soon, hopefully), checkpoint will become optional and user can opt out checkpoints. Btw, at least 90% PoW altcoin use checkpoints too, otherwise they get instantly 51% attacked to death. Actually I think having checkpoints in Peercoin is due to the PoW part of the network. Since PoS is now taking over in Peercoin, producing majority of the blocks, checkpoints is no longer needed.

You THINK? Please read and learn the basic knowledge on this topic before you think. I'm quite sure you didn't read the article I cited, or you simply don't care and just want to promote the coins that you have invested in.

Enlighten me then, why is it that when PoS is taking over in Peercoin, and checkpointing is fading out at the same time? I can only form a logical conclusion of PoS don't need checkpointing from my observation.

Btw, am I pumping Peercoin now? lol, I guess if you mention any altcoin in a discussion, you are pumping it...

[jl2012]

I am not the best person to discuss the technical details here, but how do you explain PoW altcoins are easily 51% attacked to death. But then PoS altcoins all avoided this fate, and most of them (the non scammy ones), works and works well. Clearly when put in a equal competition (altcoins), the PoS system came out on top in an equal competitive environment (without early start advantage etc...).

I think we'll see non-clone coins being broken after two things happen:

1. They become valuable enough for attackers to bother, and there is some way for them to cash out.
2. The attackers have some time to do what they need to do to mount an attack-- write code, deploy botnets, hack into some big exchange(s), get their hands on some early-adopter's wallet backups, or whatever.

Once the tools and techniques are developed, then I think we'll see what we see in PoW 51% attacks: attacks against even mostly-worthless clonecoins, because if they've already got the tools then they might just attack for the lulz.

I'm surprised you count peercoin a PoS success-- they're still running with centralized checkpoints, aren't they?

In peercoin 0.4 (current available version), yes still checkpoints. Though Sunny King has stated in 0.5 (future version coming out soon, hopefully), checkpoint will become optional and user can opt out checkpoints. Btw, at least 90% PoW altcoin use checkpoints too, otherwise they get instantly 51% attacked to death. Actually I think having checkpoints in Peercoin is due to the PoW part of the network. Since PoS is now taking over in Peercoin, producing majority of the blocks, checkpoints is no longer needed.

You THINK? Please read and learn the basic knowledge on this topic before you think. I'm quite sure you didn't read the article I cited, or you simply don't care and just want to promote the coins that you have invested in.

Enlighten me then, why is it that when PoS is taking over in Peercoin, and checkpointing is fading out at the same time? I can only form a logical conclusion of PoS don't need checkpointing from my observation.

Btw, am I pumping Peercoin now? lol, I guess if you mention any altcoin in a discussion, you are pumping it...

I have no fxxking connection with PPC's dev. How do I know their intention? You should ask them to provide a reason, not me.

[inBitweTrust]

Enlighten me then, why is it that when PoS is taking over in Peercoin, and checkpointing is fading out at the same time? I can only form a logical conclusion of PoS don't need checkpointing from my observation.

You aren't addressing the cited flaws in the research paper. Here it is if you fear clicking on the link:

What is wrong with this mechanism for consensus?
On a high level, by tying our stake to (temporarily) sacrificed cryptographic resources, we
are begging the question of consensus on who is in possession of what resources. Proof of
stake advocates attempt to evade this accusation by pointing out that false histories can only
be created by stakeholders, and their power is limited to a short interval of time (the time
when they are the chosen signers) during which they are incentivized not to do so. Therefore
conflicting histories simply will not appear, and we can appeal to synchronicity of the network
to obtain consensus on the one existing history.
The problem with this argument is simple: the “short interval of time” is only short as mea-
sured by the consensus history, which only corresponds to a short interval in real time if there
exists a consensus history. So we are still begging the question. In fact, if a stakeholder later
irreversibly sells his stake for some resource outside the system (e.g. at an exchange), he no
longer has incentive not to fork the history (or worse, expose his keys and let others fork the
history) at the point in consensus time when he had control.
This is a bit abstruse. We can illustrate it with an example. Suppose that at some early
point in consensus time, a single person has the ability to extend history. (For example,
they have control over every key which a new block is required to be signed by.) This may
have happened organically, if this person’s keys were chosen randomly by the stake-choosing
algorithm, but it could also happen if this person tracks down the other keyholders and buys
their keys. This may happen much later in consensus time (and real time), so there is no
reason to believe these keyholders are still incentivized to keep their keys secret. Alternately,
they may have revealed the keys through some honest mistake, the chances of which increase
as time passes, backups are lost, etc.

Now, we have a consensus history and an attacker who is able to fork it at some early time.
To actually replace the entire consensus history, he needs to produce an alternate history,
starting from his fork, which is longer than the existing history. But every block needs a
new random selection of signers, so is this possible? The answer is absolutely yes: we have
been using this word “random”, but in fact we have required consensus on the set of signers
(otherwise forks would trivially happen), so even a random selection must be seeded from
past consensus history. Therefore, an attacker with enough past signing keys can modify the
history he has direct control over, causing future signer selections to always happen in his
favour. (It is likely he needs to “grind” through many choices of block before he finds one
which lets him keep control of the signer selection. In effect, he has replaced proof-of-stake
with proof-of-work, but a centralized one.)

Further, this ability to control the future selection of stakeholders (and even the
set of stake-holders, by controlling which transactions appear in blocks) has serious consequences. This
is because even without a deliberate attacker, the signers who extend the history at every point
have an incentive to direct the history toward one in which they have more stake (and there-
fore more reward), which causes the system to trend toward centralization. They may do this
by skewing the stake selection of future blocks, or more insidiously by censoring transactions
which (may eventually) increase the set of stakeholders.

[kokojie]

I am not the best person to discuss the technical details here, but how do you explain PoW altcoins are easily 51% attacked to death. But then PoS altcoins all avoided this fate, and most of them (the non scammy ones), works and works well. Clearly when put in a equal competition (altcoins), the PoS system came out on top in an equal competitive environment (without early start advantage etc...).

I think we'll see non-clone coins being broken after two things happen:

1. They become valuable enough for attackers to bother, and there is some way for them to cash out.
2. The attackers have some time to do what they need to do to mount an attack-- write code, deploy botnets, hack into some big exchange(s), get their hands on some early-adopter's wallet backups, or whatever.

Once the tools and techniques are developed, then I think we'll see what we see in PoW 51% attacks: attacks against even mostly-worthless clonecoins, because if they've already got the tools then they might just attack for the lulz.

I'm surprised you count peercoin a PoS success-- they're still running with centralized checkpoints, aren't they?

In peercoin 0.4 (current available version), yes still checkpoints. Though Sunny King has stated in 0.5 (future version coming out soon, hopefully), checkpoint will become optional and user can opt out checkpoints. Btw, at least 90% PoW altcoin use checkpoints too, otherwise they get instantly 51% attacked to death. Actually I think having checkpoints in Peercoin is due to the PoW part of the network. Since PoS is now taking over in Peercoin, producing majority of the blocks, checkpoints is no longer needed.

You THINK? Please read and learn the basic knowledge on this topic before you think. I'm quite sure you didn't read the article I cited, or you simply don't care and just want to promote the coins that you have invested in.

Enlighten me then, why is it that when PoS is taking over in Peercoin, and checkpointing is fading out at the same time? I can only form a logical conclusion of PoS don't need checkpointing from my observation.

Btw, am I pumping Peercoin now? lol, I guess if you mention any altcoin in a discussion, you are pumping it...

I have no fxxking connection with PPC's dev. How do I know their intention? You should ask them to provide a reason, not me.

Then there's nothing to discredit my conclusion. The document from Gavin does explain "potential scenarios" where PoS may fail. But still it does not explain why PoS haven't failed in reality, not a single one of them failed, even the scammy ones. Non of them were 51% attacked successfully.

I can think of multiple scenarios where PoW will fail too, and a ton of PoW altcoin has indeed failed due to these scenarios in reality.

[silversurfer1958]

That's a very interesting point actually, about money flowing to hardware manufacturers and energy companies.  it might be Bitcoin's achilles heel,    

[kokojie]

Enlighten me then, why is it that when PoS is taking over in Peercoin, and checkpointing is fading out at the same time? I can only form a logical conclusion of PoS don't need checkpointing from my observation.

You aren't addressing the cited flaws in the research paper. Here it is if you fear clicking on the link:

What is wrong with this mechanism for consensus?
On a high level, by tying our stake to (temporarily) sacrificed cryptographic resources, we
are begging the question of consensus on who is in possession of what resources. Proof of
stake advocates attempt to evade this accusation by pointing out that false histories can only
be created by stakeholders, and their power is limited to a short interval of time (the time
when they are the chosen signers) during which they are incentivized not to do so. Therefore
conflicting histories simply will not appear, and we can appeal to synchronicity of the network
to obtain consensus on the one existing history.
The problem with this argument is simple: the “short interval of time” is only short as mea-
sured by the consensus history, which only corresponds to a short interval in real time if there
exists a consensus history. So we are still begging the question. In fact, if a stakeholder later
irreversibly sells his stake for some resource outside the system (e.g. at an exchange), he no
longer has incentive not to fork the history (or worse, expose his keys and let others fork the
history) at the point in consensus time when he had control.
This is a bit abstruse. We can illustrate it with an example. Suppose that at some early
point in consensus time, a single person has the ability to extend history. (For example,
they have control over every key which a new block is required to be signed by.) This may
have happened organically, if this person’s keys were chosen randomly by the stake-choosing
algorithm, but it could also happen if this person tracks down the other keyholders and buys
their keys. This may happen much later in consensus time (and real time), so there is no
reason to believe these keyholders are still incentivized to keep their keys secret. Alternately,
they may have revealed the keys through some honest mistake, the chances of which increase
as time passes, backups are lost, etc.

Now, we have a consensus history and an attacker who is able to fork it at some early time.
To actually replace the entire consensus history, he needs to produce an alternate history,
starting from his fork, which is longer than the existing history. But every block needs a
new random selection of signers, so is this possible? The answer is absolutely yes: we have
been using this word “random”, but in fact we have required consensus on the set of signers
(otherwise forks would trivially happen), so even a random selection must be seeded from
past consensus history. Therefore, an attacker with enough past signing keys can modify the
history he has direct control over, causing future signer selections to always happen in his
favour. (It is likely he needs to “grind” through many choices of block before he finds one
which lets him keep control of the signer selection. In effect, he has replaced proof-of-stake
with proof-of-work, but a centralized one.)

Further, this ability to control the future selection of stakeholders (and even the
set of stake-holders, by controlling which transactions appear in blocks) has serious consequences. This
is because even without a deliberate attacker, the signers who extend the history at every point
have an incentive to direct the history toward one in which they have more stake (and there-
fore more reward), which causes the system to trend toward centralization. They may do this
by skewing the stake selection of future blocks, or more insidiously by censoring transactions
which (may eventually) increase the set of stakeholders.

This is a great theory, but still doesn't explain why it haven't happened in reality. You can make up scenarios and theories all day of "what may happen", but when it doesn't actually happen in reality, you have to question your theory, not question reality.

[jl2012]

Enlighten me then, why is it that when PoS is taking over in Peercoin, and checkpointing is fading out at the same time? I can only form a logical conclusion of PoS don't need checkpointing from my observation.

You aren't addressing the cited flaws in the research paper. Here it is if you fear clicking on the link:

What is wrong with this mechanism for consensus?
On a high level, by tying our stake to (temporarily) sacrificed cryptographic resources, we
are begging the question of consensus on who is in possession of what resources. Proof of
stake advocates attempt to evade this accusation by pointing out that false histories can only
be created by stakeholders, and their power is limited to a short interval of time (the time
when they are the chosen signers) during which they are incentivized not to do so. Therefore
conflicting histories simply will not appear, and we can appeal to synchronicity of the network
to obtain consensus on the one existing history.
The problem with this argument is simple: the “short interval of time” is only short as mea-
sured by the consensus history, which only corresponds to a short interval in real time if there
exists a consensus history. So we are still begging the question. In fact, if a stakeholder later
irreversibly sells his stake for some resource outside the system (e.g. at an exchange), he no
longer has incentive not to fork the history (or worse, expose his keys and let others fork the
history) at the point in consensus time when he had control.
This is a bit abstruse. We can illustrate it with an example. Suppose that at some early
point in consensus time, a single person has the ability to extend history. (For example,
they have control over every key which a new block is required to be signed by.) This may
have happened organically, if this person’s keys were chosen randomly by the stake-choosing
algorithm, but it could also happen if this person tracks down the other keyholders and buys
their keys. This may happen much later in consensus time (and real time), so there is no
reason to believe these keyholders are still incentivized to keep their keys secret. Alternately,
they may have revealed the keys through some honest mistake, the chances of which increase
as time passes, backups are lost, etc.

Now, we have a consensus history and an attacker who is able to fork it at some early time.
To actually replace the entire consensus history, he needs to produce an alternate history,
starting from his fork, which is longer than the existing history. But every block needs a
new random selection of signers, so is this possible? The answer is absolutely yes: we have
been using this word “random”, but in fact we have required consensus on the set of signers
(otherwise forks would trivially happen), so even a random selection must be seeded from
past consensus history. Therefore, an attacker with enough past signing keys can modify the
history he has direct control over, causing future signer selections to always happen in his
favour. (It is likely he needs to “grind” through many choices of block before he finds one
which lets him keep control of the signer selection. In effect, he has replaced proof-of-stake
with proof-of-work, but a centralized one.)

Further, this ability to control the future selection of stakeholders (and even the
set of stake-holders, by controlling which transactions appear in blocks) has serious consequences. This
is because even without a deliberate attacker, the signers who extend the history at every point
have an incentive to direct the history toward one in which they have more stake (and there-
fore more reward), which causes the system to trend toward centralization. They may do this
by skewing the stake selection of future blocks, or more insidiously by censoring transactions
which (may eventually) increase the set of stakeholders.

This is a great theory, but still doesn't explain why it haven't happened in reality. You can make up scenarios and theories all day of "what may happen", but when it doesn't actually happen in reality, you have to question your theory, not question reality.

BS. They are all protected by centralized checkpoint. (And you KNOW that)

[kokojie]

Enlighten me then, why is it that when PoS is taking over in Peercoin, and checkpointing is fading out at the same time? I can only form a logical conclusion of PoS don't need checkpointing from my observation.

You aren't addressing the cited flaws in the research paper. Here it is if you fear clicking on the link:

What is wrong with this mechanism for consensus?
On a high level, by tying our stake to (temporarily) sacrificed cryptographic resources, we
are begging the question of consensus on who is in possession of what resources. Proof of
stake advocates attempt to evade this accusation by pointing out that false histories can only
be created by stakeholders, and their power is limited to a short interval of time (the time
when they are the chosen signers) during which they are incentivized not to do so. Therefore
conflicting histories simply will not appear, and we can appeal to synchronicity of the network
to obtain consensus on the one existing history.
The problem with this argument is simple: the “short interval of time” is only short as mea-
sured by the consensus history, which only corresponds to a short interval in real time if there
exists a consensus history. So we are still begging the question. In fact, if a stakeholder later
irreversibly sells his stake for some resource outside the system (e.g. at an exchange), he no
longer has incentive not to fork the history (or worse, expose his keys and let others fork the
history) at the point in consensus time when he had control.
This is a bit abstruse. We can illustrate it with an example. Suppose that at some early
point in consensus time, a single person has the ability to extend history. (For example,
they have control over every key which a new block is required to be signed by.) This may
have happened organically, if this person’s keys were chosen randomly by the stake-choosing
algorithm, but it could also happen if this person tracks down the other keyholders and buys
their keys. This may happen much later in consensus time (and real time), so there is no
reason to believe these keyholders are still incentivized to keep their keys secret. Alternately,
they may have revealed the keys through some honest mistake, the chances of which increase
as time passes, backups are lost, etc.

Now, we have a consensus history and an attacker who is able to fork it at some early time.
To actually replace the entire consensus history, he needs to produce an alternate history,
starting from his fork, which is longer than the existing history. But every block needs a
new random selection of signers, so is this possible? The answer is absolutely yes: we have
been using this word “random”, but in fact we have required consensus on the set of signers
(otherwise forks would trivially happen), so even a random selection must be seeded from
past consensus history. Therefore, an attacker with enough past signing keys can modify the
history he has direct control over, causing future signer selections to always happen in his
favour. (It is likely he needs to “grind” through many choices of block before he finds one
which lets him keep control of the signer selection. In effect, he has replaced proof-of-stake
with proof-of-work, but a centralized one.)

Further, this ability to control the future selection of stakeholders (and even the
set of stake-holders, by controlling which transactions appear in blocks) has serious consequences. This
is because even without a deliberate attacker, the signers who extend the history at every point
have an incentive to direct the history toward one in which they have more stake (and there-
fore more reward), which causes the system to trend toward centralization. They may do this
by skewing the stake selection of future blocks, or more insidiously by censoring transactions
which (may eventually) increase the set of stakeholders.

This is a great theory, but still doesn't explain why it haven't happened in reality. You can make up scenarios and theories all day of "what may happen", but when it doesn't actually happen in reality, you have to question your theory, not question reality.

BS. They are all protected by centralized checkpoint.

There's no checkpoints in Bitshares, users will be able to opt out checkpoints in Peercoin 0.5, and I don't know enough about NxT checkpointing to comment.

[inBitweTrust]

This is a great theory, but still doesn't explain why it haven't happened in reality. You can make up scenarios and theories all day of "what may happen", but when it doesn't actually happen in reality, you have to question your theory, not question reality.

Gavin already addressed your question about why it hasn't already happened in reality. The fact that an attack has yet to occur historically is no way to design a secure protocol either. The fact that you are even using this as an argument shows you aren't serious about security or PoS flaws.

Yes, in Network and Information security one must analyze and prepare for all hypothetical attack vectors. This is the reason most Bitcoin proponents who understand Information Security still suggest Bitcoin is "fragile", 7k average active nodes is too few, and how they would prefer other implementations like libbitcoin to exist alongside Bitcoincore that interact with the blockchain.

There's no checkpoints in Bitshares, users will be able to opt out checkpoints in Peercoin 0.5, and I don't know enough about NxT checkpointing to comment.

Bitshares PTS is DPoS thus is centralized amongst delegates by design. The criticism of checkpoints lies within the fact that they depend upon centralization which introduces an added security flaw above PoW.

You are speculating about future changes of Peercoin and Peercoin is a PoS / PoW hybrid anyways so can always fall back on PoW for added security without checkpoints.

[kokojie]

This is a great theory, but still doesn't explain why it haven't happened in reality. You can make up scenarios and theories all day of "what may happen", but when it doesn't actually happen in reality, you have to question your theory, not question reality.

Gavin already addressed your question about why it hasn't already happened in reality. The fact that an attack has yet to occur historically is no way to design a secure protocol either. The fact that you are even using this as an argument shows you aren't serious about security or PoS flaws.

Yes, in Network and Information security one must analyze and prepare for all hypothetical attack vectors. This is the reason most Bitcoin proponents who understand Information Security still suggest Bitcoin is "fragile", 7k average active nodes is too few, and how they would prefer other implementations like libbitcoin to exist alongside Bitcoincore that interact with the blockchain.

Gaven's response was basically "they aren't big enough yet". I can't really see the logic behind "being bigger makes it easier to attack". Tiny PoW altcoins gets 51% attacked all the time, even sizable PoW like Dogecoin gets 51% attacked several times, while the biggest ones Bitcoin and Litecoin never got attacked.

If anything, I would think being bigger makes it much more difficult to attack.

[inBitweTrust]

Gaven's response was basically "they aren't big enough yet". I can't really see the logic behind "being bigger makes it easier to attack". Tiny PoW altcoins gets 51% attacked all the time, even sizable PoW like Dogecoin gets 51% attacked several times, while the biggest ones Bitcoin and Litecoin never got attacked.

PoW alts are very vulnerable because any mining pool or large miner can easily create a 51% attack for a brief moment and than point their miners back to securing litecoin or bitcoin .

PoS can be attacked by either covertly leasing, buying or hijacking the 50% of the original stakeholders assets. This takes time and an organized effort, thus the bigger these currencies get the more incentive their is to fund such an effort.

[kokojie]

Gaven's response was basically "they aren't big enough yet". I can't really see the logic behind "being bigger makes it easier to attack". Tiny PoW altcoins gets 51% attacked all the time, even sizable PoW like Dogecoin gets 51% attacked several times, while the biggest ones Bitcoin and Litecoin never got attacked.

If anything, I would think being bigger makes it much more difficult to attack.

PoW alts are very vulnerable because any mining pool or large miner can easily create a 51% attack for a brief moment and than point their resources miners back to securing litecoin or bitcoin .

PoS can be attacked by either covertly leasing, buying or hijacking the 50% of the original stakeholders assets. This takes time and an organized effort, thus the bigger these currencies get the more incentive their is to fund such an effort.

Except, in PoW, you don't even need to lease/buy/hijack 50%, you need roughly 10% of Bitcoin marketcap value to buy enough hardware to 51% attack Bitcoin. Basically if you could simultaneously hack discus fish and ghash.io, you could 51% attack Bitcoin today, right now.

PoS CAN be attacked, of course I agree, but it's still much more difficult to attack than PoW, therefore it's a better alternative to PoW.

Buying 51% stakes in a PoS will cost you astronomical amount of resources, while buying hardware to 51% a PoW is easy and won't push up price.

I have already explained all of these points earlier in this tread.

Again, you have to question why these attack theories doesn't happen to PoS altcoins in reality, but does happen to PoW altcoins. "Not big enough yet" is not the answer, I assure you.