Do you think Bitcoin should modify to POW + POS ? █████ Poll █████

[onemorebtc]

They won't because either they want others to do the heavy lifting for them or they aren't really interested in bitcoin anyways and this is just an indirect way to plug their project..

FYI... both NXT and Bitshares are losing ground to bitcoin and weakening during the last 6 months so they are getting more desperate.

you are right... markets collapsing and sorting out black sheeps
afterwards we can do businness again

[jonald_fyookball]

Where is the proof POS is insecure that isn't argument from authority or strong belief?

Even Vitalik admits there is a fundamental flaw in PoS which is essentially
the nothing-at-stake issue, meaning anyone can attempt stake grinding
to extend the chain at essentially no cost.  Vitalik's article on
"weak subjectivity" attempts to solve this issue by requiring minters
to post security deposits, but this doesn't really help because one
can still fake the deposit and/or extend block history.  It also opens another attack vector where
stake holders can start to block security deposits from others and monopolize
the network.
 
Please note I'm not saying "because Vitalik said so"...You can understand
the logic for yourself with regards to how conensus and blockchains
work.  (If you don't , just ask and I will explain).

I do take all this with a grain of salt because in practice
PoS systems appear to be doing fine such as NXT, however
that doesn't necessarily mean they are secure or wouldn't be attacked if
the incentive was greater. 

[Flashman]

The "TL;DR" for me is that everything else can be simulated and faked by sufficient ingenuity, except large amounts of computational power (Given a strenuous test against the network, not figures on a website like fake cloud hashing)  Hash is no BS.


PoS schemes to me roughly translate to trusting people not to lie, because they bribe them slightly not to.

[achimsmile]

Where is the proof POS is insecure that isn't argument from authority or strong belief?

Even Vitalik admits there is a fundamental flaw in PoS which is essentially
the nothing-at-stake issue, meaning anyone can attempt stake grinding
to extend the chain at essentially no cost.  Vitalik's article on
"weak subjectivity" attempts to solve this issue by requiring minters
to post security deposits, but this doesn't really help because one
can still fake the deposit.  It also opens another attack vector where
stake holders can start to block security deposits from others and monopolize
the network.
 

You only read papers that fit your agenda, and when they don't, you interpret them in a way that makes them fit. "Weak subjectivity" may indeed be necessary, but please go on: How would you grind stake for free? Your pos.pdf doesn't state any specifics, but this paper here uses hard math to state that long range attacks are not possible, and short range attacks are very hard (for Nxt) and the worst case is that the will delay blocks, or the attacker will get some fees:

https://nxtforum.org/consensus-research/the-paper-on-long-range-attack-nothing-at-stake

Vitalik talks about a time frame from where you receive funds to where you are able to mint/forge. How would you fake deposits?

[achimsmile]

PoS schemes to me roughly translate to trusting people not to lie, because they bribe them slightly not to.

Code does not lie.

[Flashman]

Code does not lie.

10 Print "The sky is green not blue"
20 GOTO 10

Disproven, next.

[jonald_fyookball]

Where is the proof POS is insecure that isn't argument from authority or strong belief?

Even Vitalik admits there is a fundamental flaw in PoS which is essentially
the nothing-at-stake issue, meaning anyone can attempt stake grinding
to extend the chain at essentially no cost.  Vitalik's article on
"weak subjectivity" attempts to solve this issue by requiring minters
to post security deposits, but this doesn't really help because one
can still fake the deposit.  It also opens another attack vector where
stake holders can start to block security deposits from others and monopolize
the network.
 

You only read papers that fit your agenda, and when they don't, you interpret them in a way that makes them fit. "Weak subjectivity" may indeed be necessary, but please go on: How would you grind stake for free? Your pos.pdf doesn't state any specifics, but this paper here uses hard math to state that long range attacks are not possible, and short range attacks are very hard (for Nxt) and the worst case is that the will delay blocks, or the attacker will get some fees:

https://nxtforum.org/consensus-research/the-paper-on-long-range-attack-nothing-at-stake

Vitalik talks about a time frame from where you receive funds to where you are able to mint/forge. How would you fake deposits?

I try to stay open minded.  If something is good
and works, I would advocate it for Bitcoin.
I did advocate PoS at one point before I learned
more about it.  I still advocate that PoW+PoS
would be a good thing for Bitcoin given the
right implementation.

I followed your link to the "multistrategy.pdf"
paper.  I have seen this paper before.

Please note it says:

Following
this section it is reasonable to get the impression that this problem
actually matters

 

(this problem = nothing at stake problem)

and:

The open question for the future work are... ...the ways to avoid N@S attack if any

Regarding the stake grinding attack, suppose you must
keep coins for 1000 blocks with a security deposit in
order to mint.  You buy coins at block 1000, keep them
till block 2000, get your deposit back, and
sell them at block 2001, and then broadcast
a fake chain from block 2000.   

[Daedelus]

You're repeating yourself. Your misrepresentation has been debunked once.

I don't have the time/energy to fully digest what the paper
is saying, but the conclusions of the author seem to say that
Nothing at stake is a real problem that hasn't been solved.

As we have all the algorithms developed to simulate N@S attack we
present result in the separate paper along with possible ways to resist it.
Giving some results now we present not the full picture of the problem. Fol-
lowing this section it is reasonable to get the impression that this problem
actually matters and we concentrate to possible solutions at the moment....


...The open question for the future work are: (1) the PoS consensus depen-
dence on the measure function (2) the ways to avoid N@S attack if any (3)
the optimal confirmation length investigation (4) the optimal multibranch
depth investigation.

Actually, the td;dr version is:

- multibranch forging gives measurable possibility to earn more fees. I guess Nxt should not ignore it in long-term as the profitable activity will be implemented by somebody sooner or later

- there's no long-range attack against a blockchain V. Buterin described, only short-range. The short-range attack doesn't allow double-spending but gives multibranching forger possibility to earn more fees in singlebranch environment by producing few blocks in a row. However producing few blocks in a row could be an issue too (e.g. evil forger may postpones orders submissions etc) but not critical at the moment.

- not explicitly stated in the paper but easily derived, a long delay between blocks not only annoying but also a security problem as it's the moment for short-range attack could happens

- we have formally defined nothing-at-stake attack(again, using Buterin's informal definition) and made initial simulations. We haven't included their results in paper as they are seems to be too raw, but I can reveal them here: N@S attack could happens only in short-range, e.g. for within 20 blocks for 10% stake, so with 30 confirmations we haven't observed the successful attack. Also please note the attack has pretty unpredictable nature for attacker, so he can hardly enforce it, even in theory(in practice it's even harder to get it done properly). The correlation with stake size is still the open question, but it's nearly impossible to attack a proof-of-stake currency with "1% stake even" as stated by Buterin

So yes, there máy be problems with certain forms of N@S, and that needs to be researched. Research means keeping an open mind, not cherrypicking and taking out the last sentence and twisting it to mean what you want to mean.

They do nót say "Nothing at stake is a real problem that hasn't been solved." They say "We have made a simulation that produces a N@S as described and we are going to find out what it does."

You have seen the paper but it is still obvious you haven't read it.

There is a fourth paper being written with the results, as jonald well knows. The authors aren't worried about N@S being a problem.

[jonald_fyookball]

You're repeating yourself.

That's true.

Your misrepresentation has been debunked once.

No, it hasn't.

[Daedelus]

You're repeating yourself.

That's true.

Your misrepresentation has been debunked once.

No, it hasn't.

Cool story bro

[jonald_fyookball]

You're repeating yourself.

That's true.

Your misrepresentation has been debunked once.

No, it hasn't.

Cool story bro

 

The paper says in plain English that Nothing at Stake is a problem
as I quoted above. 

You can sit there and say "nuh uh" till you're blue in the face
for all I care.  Anyone can read the paper and make their own
judgement.

[Daedelus]

[Anyone interested in the discussion Jonald is trying to repeat can read the link above]

Tl:dr

Thread states A and B.

Jonald says "see, it says A"

You say "It also says B"

Jonald "It clearly says A"

You "It says A and it says B"

Jonald "In plain english, it says A"...


And you can go around in circes until you're blue in the face. Then repeat yourself a few weeks later  Jonald, you are misrepresenting what the authors are saying by excluding what you don't like.

I refer you to the thread above in response to you next post  I am tired.

[Flashman]

Whatever we think it proves, the "still working on it" implication should be a clear signal that PoS is immature, and as such, why should the devs take the Karpeles approach ? ....

[VectorChief]

It is important to recognize the differences between two systems (PoW and PoS) and equally validate both of them on their own right. Only from that perspective we would be able to make a neutral choice. As was mentioned before, converting one system to another will take that choice away from us. Would you like to paint everything blue?

In short the differences are as follows:
PoS - tends towards privatization of the whole system as rich get richer and at the same time automatically acquire more control.
PoW - forces rich to compete for control on a common ground judged by a neutral algorithm thus automatically taxing them.

All in all, PoW is more suitable for global money system as (enough degrees of freedom for) competition is built-in, while PoS is better for private hierarchical organizations and businesses that require outside competititon to stay robust, because acquisition of 51% stake depends solely on major stakeholders' permission to sell, while 51% of hashing power in PoW is permission-less.

Satoshi gave people tool for freedom, and yet they urge to build yet another fiat zoo with it.
How bitcoiner of you!

[achimsmile]

Regarding the stake grinding attack, suppose you must
keep coins for 1000 blocks with a security deposit in
order to mint.  You buy coins at block 1000, keep them
till block 2000, get your deposit back, and
sell them at block 2001, and then broadcast
a fake chain from block 2000.   

The protocol does not allow you to forge for 1440 blocks, from the moment when you bought your stake. (security margin)
The protocol forbids blockchain reorgs of more than 720 blocks.

Your chain would violate the protocol and not be accepted.

This is a real world example.

You could argue that a fake chain <720 would be enough to do nasty stuff (which is right).


I don't quite get the magic that happens between buying and:

broadcast a fake chain

In your example, if you bought 51% (good luck!), and waited 1440 blocks, you could not build a fake chain during that time because you're not allowed to produce any blocks... so, you have 1 blocks time to build a longer chain (and be sure to trick the algo so that you're always the one to be selected for generating the next block... again, good luck!)

tl:dr

PoS is safe.

[achimsmile]

the "still working on it" implication

Where did you get that? And I didn't know technological advances were bad.

[achimsmile]

In short the differences are as follows:
PoS - tends towards privatization of the whole system as rich get richer and at the same time automatically acquire more control.
PoW - forces rich to compete for control on a common ground judged by a neutral algorithm thus automatically taxing them.

I disagree

Please tell me where Nxt tends towards privatization,
and tell me if big mining companies are private companies.

[inBitweTrust]

One undeniable bit of evidence Bitcoin has is the fact that it has been extremely secure after 6 years and a market cap of 4-10billion for over a year thus has maintained much higher level of scrutiny from both hackers and security researchers alike vs any other alt.

[inBitweTrust]

Please tell me where Nxt tends towards privatization,
and tell me if big mining companies are private companies.

Nxt started extremely centralized and remains so. 7 to 10 people have over 50% of the coins .
http://charts.nxtcrypto.org/cDistribution.aspx
https://web.archive.org/web/20140825040132/http://charts.nxtcrypto.org/

[Flashman]

And I didn't know technological advances were bad.

Oh good, I've got this home power system you can try out for me, uses thorium, there's a few unresolved questions about spontaneous criticality, but we can probably handwave them away if it holds off for the duration of your participation.