Poll - Should Proof of Stake be implemented in Litecoin?

[ripper234]

Proof of Stake is a proposed modification/addition to Proof of Work. Its main motivation is prevention of monopolistic 51% attacks that might naturally arise when transaction fees are lowered, due to miners' incentive structure.

Litecoin thus far has not been extremely innovative (no offense), but is still IMHO filling the intended role of "Silver to Bitcoin's Gold". If PoS were implemented in the main Litecoin chain, this might elevate the status of Litecoin as a beta group for new candidate ideas, before they are introduced or even seriously considered in the main Bitcion chain.

In your opinion, should Proof of Stake be implemented in the official Litecoin blockchain?

See also https://bitcointalk.org/index.php?topic=96255.0;all

Edit - if you support the idea, you might want to contribute to a bounty.

[1715544386]

1715544386

[1715544386]

1715544386

[1715544386]

1715544386

[1715544386]

1715544386

[NASDAQEnema]

http://litecoinforums.org/index.php?/topic/18-proof-of-stake-is-a-scam/#

this is relevant to my interests
this is relevant to my interests
this is relevant to my interests
this is relevant to my interests
this is relevant to my interests
this is relevant to my interests
this is relevant to my interests
this is relevant to my interests
this is relevant to my interests
this is relevant to my interests
this is relevant to my interests
this is relevant to my interests

[tgsrge]

No, never. such a system will grow to serve its own interests (NOT the interests of the network)

people need to keep in mind "proof of stake" might sound like a very fancy name, but please research what you are voting for first.

and you have refused to address the issue of ddos and the fact you are introducing central points of failure into the network (places for governments to put pressure, botherders to ddos, and just generally bad things arising from centralization)

[markm]

How about proof of noble birth? Nobles will have a stake in preserving the nobility of the behavior of those designated noble, right?

I wonder if economists ever talk to historians at all?

-MarkM-

[ripper234]

How about proof of noble birth? Nobles will have a stake in preserving the nobility of the behavior of those designated noble, right?

I wonder if economists ever talk to historians at all?

-MarkM-

Jokes aside, I think Proof of Stake is an interesting concept, and has merit (combined with PoW).
If you wish to debate these points, you can do it on the main PoS thread.

[ripper234]

If PoS is such a good thing, why you still not get convinced Bitcoin community
 to implement it in Bitcoin ?!

Why stalk it to Litecoiners ? 

The market cap and adoption of Bitcoin is much larger than Litecoin. As such, it will be slower to take riskier moves like changing its economical fundamentals.

Litecoin is still young enough that it can change with relative ease.
This experiment (implementing PoS) can give it real life. It might be bad, and might be good, but at least it will be interesting to test.

Of course, this can be done as a fork ... but in that case I think it should be a fork of Bitcoin, not Litecoin, and in any case it would be hard to attract a large following at this stage.

If coblee and other supports of Litecoin could be convinced to think about this idea and change the official Litecoin chain to include PoS,
it might have a real chance to gain adoption in this community. Of course the original PoS-less Litecoin would continue alongside, but I think a lot of people will flock to where the leaders of a chain point, and will consider upgrading to a PoS-based system.

Maybe the time is not right yet, and another PoS alt-chain should be built as a PoC before this is even considered.

[ripper234]

If coblee and other supports of Litecoin could be convinced to think about this idea and change the official Litecoin chain to include PoS,
it might have a real chance to gain adoption in this community. Of course the original PoS-less Litecoin would continue alongside, but I think a lot of people will flock to where the leaders of a chain point, and will consider upgrading to a PoS-based system.

Thanks for your explanations.
So if PoS will be implemented,
Litecoin likely will have hard-fork chain split.
Not good.

I personally once thought Litecoin is interesting, but have lost interest in it a long time ago.
Right now, as it stands, it is simply not relevant.

This is one proposal to make it relevant.

[Etlase2]

Instead of a potentially complex and fork-inducing proof of stake change, why not make a fork-free smart-chain?

https://bitcointalk.org/index.php?topic=64637.0

All clients agree that competing blocks will have priority weight based on number of transactions, average age of coins in transactions, and other factors.

Really comes down to using a "bitcoin days destroyed" metric.

Say two blocks were created at the exact same time, but one had 500LTC days destroyed, one had 200LTC days destroyed, so the 500LDD wins and becomes the next block. Not only does it reduce the likelihood of the miner that ignores transactions scenario, but it also effectively prevents a sustained 51% attack. Anyone attacking the network will need lots of old coins and must destroy those days each block they create. It will also probably be more difficult to pull off a finney double spend attack because a pre-mined block will likely have less days destroyed than a legitimate one.

As long as no one actually attacks the network, this change could be made over time and be completely compatible with old clients. If someone does attack the network, old clients would be fooled and a fork may be created. Additionally, if there is some large change that happens due to an attack or a network split or some other big event, instead of (stupidly) picking longest chain wins, the user will be notified that there are multiple chains, beware, find out what's going on, etc.

All you have to do is create some slightly complex algorithms to determine block acceptance rules and a smarter interface.

[ripper234]

Instead of a potentially complex and fork-inducing proof of stake change, why not make a fork-free smart-chain?

https://bitcointalk.org/index.php?topic=64637.0

All clients agree that competing blocks will have priority weight based on number of transactions, average age of coins in transactions, and other factors.

Really comes down to using a "bitcoin days destroyed" metric.

Say two blocks were created at the exact same time, but one had 500LTC days destroyed, one had 200LTC days destroyed, so the 500LDD wins and becomes the next block. Not only does it reduce the likelihood of the miner that ignores transactions scenario, but it also effectively prevents a sustained 51% attack. Anyone attacking the network will need lots of old coins and must destroy those days each block they create. It will also probably be more difficult to pull off a finney double spend attack because a pre-mined block will likely have less days destroyed than a legitimate one.

As long as no one actually attacks the network, this change could be made over time and be completely compatible with old clients. If someone does attack the network, old clients would be fooled and a fork may be created. Additionally, if there is some large change that happens due to an attack or a network split or some other big event, instead of (stupidly) picking longest chain wins, the user will be notified that there are multiple chains, beware, find out what's going on, etc.

All you have to do is create some slightly complex algorithms to determine block acceptance rules and a smarter interface.

I don't understand how the TL;DR of the linked thread relates to the pargraph you wrote here:

Resolved: Design a cryptocurrency based off of Bitcoin where the purchasing power in any given account remains relatively unchanged over time

[Etlase2]

Then why not just read the quote and the paragraph in context? I had to come up with a way to make sure that a bitcoin-based block chain where difficulty would be intentionally lowered but still be safe against attacks. For that proposal. The idea still applies and would be useful for bitcoin or litecoin. It is a much less dramatic step than proof of stake, yet I believe it can still be extremely effective when fine-tuned.

[ripper234]

Say two blocks were created at the exact same time, but one had 500LTC days destroyed, one had 200LTC days destroyed, so the 500LDD wins and becomes the next block. Not only does it reduce the likelihood of the miner that ignores transactions scenario, but it also effectively prevents a sustained 51% attack. Anyone attacking the network will need lots of old coins and must destroy those days each block they create. It will also probably be more difficult to pull off a finney double spend attack because a pre-mined block will likely have less days destroyed than a legitimate one.

What is "at the exact same time"? Bitcoin is, in fact, a timestamping service, so it's important to be specific about this.

If a 500 LTC block is released at time X, and 10-60 seconds afterwards a competing block with 700 LTC is released, that claims it was actually released at the same time. Does the 700 LTC block win? But miners have already started to work on the continuation to the 500 LTC block...

Also, there is no "becomes the next block" in Bitcoin - every miner decides on the history he prefers. Clients and standard, rational miners will go along with the longest history, so an incentivized Bitcoin miner should always pick the longest chain.

Perhaps more details, and some more examples, can help clarify this point.
Given its distributed nature, I don't think shorts forks can be avoided in a good Bitcoin-based protocol (hunch).

[coblee]

Instead of a potentially complex and fork-inducing proof of stake change, why not make a fork-free smart-chain?

https://bitcointalk.org/index.php?topic=64637.0

All clients agree that competing blocks will have priority weight based on number of transactions, average age of coins in transactions, and other factors.

Really comes down to using a "bitcoin days destroyed" metric.

Say two blocks were created at the exact same time, but one had 500LTC days destroyed, one had 200LTC days destroyed, so the 500LDD wins and becomes the next block. Not only does it reduce the likelihood of the miner that ignores transactions scenario, but it also effectively prevents a sustained 51% attack. Anyone attacking the network will need lots of old coins and must destroy those days each block they create. It will also probably be more difficult to pull off a finney double spend attack because a pre-mined block will likely have less days destroyed than a legitimate one.

As long as no one actually attacks the network, this change could be made over time and be completely compatible with old clients. If someone does attack the network, old clients would be fooled and a fork may be created. Additionally, if there is some large change that happens due to an attack or a network split or some other big event, instead of (stupidly) picking longest chain wins, the user will be notified that there are multiple chains, beware, find out what's going on, etc.

All you have to do is create some slightly complex algorithms to determine block acceptance rules and a smarter interface.

Sounds interesting. I can see how this makes it hard to do a sustained 51% attack. But it's still not hard to do a one time 51% attack. Let's say the attacker just needs to do 51% for about 10 blocks in order to do a double spend at the exchange. He just needs destroy enough coins to match the network for those 10 blocks.

[coblee]

Instead of a potentially complex and fork-inducing proof of stake change, why not make a fork-free smart-chain?

https://bitcointalk.org/index.php?topic=64637.0

All clients agree that competing blocks will have priority weight based on number of transactions, average age of coins in transactions, and other factors.

Really comes down to using a "bitcoin days destroyed" metric.

Say two blocks were created at the exact same time, but one had 500LTC days destroyed, one had 200LTC days destroyed, so the 500LDD wins and becomes the next block. Not only does it reduce the likelihood of the miner that ignores transactions scenario, but it also effectively prevents a sustained 51% attack. Anyone attacking the network will need lots of old coins and must destroy those days each block they create. It will also probably be more difficult to pull off a finney double spend attack because a pre-mined block will likely have less days destroyed than a legitimate one.

As long as no one actually attacks the network, this change could be made over time and be completely compatible with old clients. If someone does attack the network, old clients would be fooled and a fork may be created. Additionally, if there is some large change that happens due to an attack or a network split or some other big event, instead of (stupidly) picking longest chain wins, the user will be notified that there are multiple chains, beware, find out what's going on, etc.

All you have to do is create some slightly complex algorithms to determine block acceptance rules and a smarter interface.

Sounds interesting. I can see how this makes it hard to do a sustained 51% attack. But it's still not hard to do a one time 51% attack. Let's say the attacker just needs to do 51% for about 10 blocks in order to do a double spend at the exchange. He just needs destroy enough coins to match the network for those 10 blocks.

Also, the attacker will likely just want to revert his one transaction to the exchange. He (or she ) can include all the other transactions that don't conflict. So in his own chain, he just sends the coins to himself instead of the exchange. And the days destroyed metric would be the same as the main chain.

[iddo]

http://litecoinforums.org/index.php?/topic/18-proof-of-stake-is-a-scam/#

3. By putting the voting power in the hands of high coin account holders you create greater possibility of attack.
4. It creates the opportunity for those with more coins to hire those with somewhat less to attack those who have much less.

How did you come up with these claims? Are they based on any technical analysis?
Did you read what I described at https://bitcointalk.org/index.php?topic=96255.msg1062538#msg1062538 ?
The idea is simply to cement the blockchain with special checkpoint blocks, and in order to avoid conflict between competing attempts to cement the blockchain we use signatures by those who hold the large amounts of coins when cementing, because these signatures cannot be faked. Anyone who wishes to protect himself from double-spending attack can simply wait past a special checkpoint block. The high coin holders who already signed that special block cannot reverse their decision, because the distributed network respects their initial signature but wouldn't respect their subsequent conflicting signature. Therefore, I don't see how high coin holders can use this distributed proof-of-stake protocol to attack anything. Do you see any concrete attack?

[ripper234]

coblee, while you're here, it's a shame I haven't seen you respond to the OP (perhaps you voted, but I think a proper response is better).

[coblee]

coblee, while you're here, it's a shame I haven't seen you respond to the OP (perhaps you voted, but I think a proper response is better).

Sorry, I've talked to iddo about this previously on IRC. Hard to keep track of what I've said where and when.
Anyways, I'm looking into Proof of Stake. And I'm willing to experiment with Litecoin if I think proof of stake is a good solution to our 51% problem.

[ripper234]

coblee, while you're here, it's a shame I haven't seen you respond to the OP (perhaps you voted, but I think a proper response is better).

Sorry, I've talked to iddo about this previously on IRC. Hard to keep track of what I've said where and when.
Anyways, I'm looking into Proof of Stake. And I'm willing to experiment with Litecoin if I think proof of stake is a good solution to our 51% problem.

Good to know, thanks for sharing.

[tgsrge]

Sorry, I've talked to iddo about this previously on IRC. Hard to keep track of what I've said where and when.
Anyways, I'm looking into Proof of Stake. And I'm willing to experiment with Litecoin if I think proof of stake is a good solution to our 51% problem.

please dont do it. the majority of people clearly are against this, and i am sure they do not want to lose their investment either, but this is clearly not the solution the community is looking for.

[coblee]

Sorry, I've talked to iddo about this previously on IRC. Hard to keep track of what I've said where and when.
Anyways, I'm looking into Proof of Stake. And I'm willing to experiment with Litecoin if I think proof of stake is a good solution to our 51% problem.

please dont do it. the majority of people clearly are against this, and i am sure they do not want to lose their investment either, but this is clearly not the solution the community is looking for.

Are you basing this statement on this poll alone or have you talked to a lot of Litecoin users about this? I think a lot of people are against this because they actually don't understand the proof of stake proposal.  People think that with proof of stake, it means we give the control back to the wealthy and it's no different than what we currently have with fiat currencies. This is not true. (At least with Meni's implentation) Please read the wiki page: https://en.bitcoin.it/wiki/Proof_of_Stake

With the proof of stake proposal, blocks are found the same way as they are currently with hashrate. And every 100 block, there will be a signature block. People who have a lot at stake (a lot of coins) sign signature blocks. They want to do that so that they protect their investment. If there are more than one block for that signature block, then block with the most signatures weighted by coins wins. Think of it in terms of checkpointing. Right now, one person (me) decides which blocks are checkpointed. With proof of stake, people how have a lot at stake gets to checkpoint signature blocks. So they can't control which transactions are included when. Miners still control that. All that the stake holders can do is that if there are more than one fork (if there's an attacker trying to 51% the chain), they can sign the signature blocks to help make sure that the fork with no malicious attack is the "true" chain.

[coblee]

Sorry, I've talked to iddo about this previously on IRC. Hard to keep track of what I've said where and when.
Anyways, I'm looking into Proof of Stake. And I'm willing to experiment with Litecoin if I think proof of stake is a good solution to our 51% problem.

please dont do it. the majority of people clearly are against this, and i am sure they do not want to lose their investment either, but this is clearly not the solution the community is looking for.

Are you basing this statement on this poll alone or have you talked to a lot of Litecoin users about this? I think a lot of people are against this because they actually don't understand the proof of stake proposal.  People think that with proof of stake, it means we give the control back to the wealthy and it's no different than what we currently have with fiat currencies. This is not true. (At least with Meni's implentation) Please read the wiki page: https://en.bitcoin.it/wiki/Proof_of_Stake

With the proof of stake proposal, blocks are found the same way as they are currently with hashrate. And every 100 block, there will be a signature block. People who have a lot at stake (a lot of coins) sign signature blocks. They want to do that so that they protect their investment. If there are more than one block for that signature block, then block with the most signatures weighted by coins wins. Think of it in terms of checkpointing. Right now, one person (me) decides which blocks are checkpointed. With proof of stake, people how have a lot at stake gets to checkpoint signature blocks. So they can't control which transactions are included when. Miners still control that. All that the stake holders can do is that if there are more than one fork (if there's an attacker trying to 51% the chain), they can sign the signature blocks to help make sure that the fork with no malicious attack is the "true" chain.

In order for an attacker to succeed, they need 51% of the network AND they need to sign their signature blocks with more coins than those that sign the regular signature blocks. This way, it's much harder to attack the network, and the attacker has a lot more to lose if they attack the network.

[tgsrge]

as far as i understand it this puts too much power into the hands of the people who own the most ltcs.

for example lets say there is a 51% attack, conflicting blocks and the biggest coin holders sign the blocks of the attacker anyway.

what then?


and before you ask stuff like "but if they hold the most amount of coins, why would they want to destroy their investment?"
idk, maybe they are even more heavily invested into bitcoins and another cryptocurrency being succesful is not in their interests?maybe the attacker convinced them it was for the best ?maybe they got their investment "refunded" by the attacker in bitcoins?there are countless other possibilities as well. humans are complex machines.


also again the biggest pool is being ddosed (so this show people with bots (which i might add atleast iirc are or were the biggest bitcoin holders) are clearly willing to go to any lengths to attack the network.) what happens if when the person releases his 51%ed chain into the network he ddoses the biggest stake holders?wouldnt this make the entire POS thing useless?

as for you checkpointing i am fine with that because you are the developer.

if i said anything too wrong you are free to correct me.

[coblee]

as far as i understand it this puts too much power into the hands of the people who own the most ltcs.

for example lets say there is a 51% attack, conflicting blocks and the biggest coin holders sign the blocks of the attacker anyway.

what then?


and before you ask stuff like "but if they hold the most amount of coins, why would they want to destroy their investment?"
idk, maybe they are even more heavily invested into bitcoins and another cryptocurrency being succesful is not in their interests?maybe the attacker convinced them it was for the best ?maybe they got their investment "refunded" by the attacker in bitcoins?there are countless other possibilities as well. humans are complex machines.


also again the biggest pool is being ddosed (so this show people with bots (which i might add atleast iirc are or were the biggest bitcoin holders) are clearly willing to go to any lengths to attack the network.) what happens if when the person releases his 51%ed chain into the network he ddoses the biggest stake holders?wouldnt this make the entire POS thing useless?

as for you checkpointing i am fine with that because you are the developer.

if i said anything too wrong you are free to correct me.

Your arguments are using too many what ifs. The point is that proof of stake makes a 51% attack cost more financially to the attacker. You argument is like an argument against proof of work: what if the attacker can convince everyone else to stop mining while he performs that attack? The point is that the incentives aren't there. Could the attacker convince one large stake holder to sign his block? Sure. But the chances that he can convince a majority of stake holders to sign his block is slim to none. And the chance that the majority of stake holders are heavily invested in Bitcoin and would be willing to see their Litecoin investment go to 0 just to see it die is slim to none. As Litecoins grow in value, this will cost even more. Also realize that exchanges have a lot of incentives to prevent a 51% attack and they will have a lot of litecoins. So they will likely sign all the signature blocks on the chain that their withdrawal/deposits are on.

How would someone DDoS the biggest stake holders? You wouldn't know which IPs they are at. Even if if you do, there would be hundreds or thousands of IPs that make up the largest stake holders. Are you going to DDoS all of them?

[tgsrge]

i have made my point. i do not consider the trade off to be worth it, or to be one i am willing to make.

specially when the 51% is still possible (just harder) lets say there is another 51% "attack" threat, do we just keep centralizing the litecoin more and more until we end up with something that doesnt even look remotely like a cryptocurrency is supposed to be?

others have said this as well as me, but cryptocurrencies are succeptible to 51% "attacks", period. if you do not like being succeptible to 51% "attacks" do not deal with cryptocurrencies, or dump in as much hasing power as you can yourself to protect your investment. there is no easy way out.

(even though i would like a magical solution to the problem that doesnt actually change what cryptocurrencies are, there is no such magical solution thus far propossed and i doubt there will be one.)

the same thing has been propposed for bitcoins and it failed to get ANY serious support at all. this speaks for itself.

[iddo]

as far as i understand it this puts too much power into the hands of the people who own the most ltcs.

for example lets say there is a 51% attack, conflicting blocks and the biggest coin holders sign the blocks of the attacker anyway.

what then?

I've tried to explain specifically why this comment of yours isn't meaningful, both in the previous thread and in my first reply in this thread.
I think that there's some barrier in the way that people who are familiar with the Bitcoin protocol think about this proof-of-stake idea, which causes some confusion.

Again: an attacker with 51% hashpower who releases his forked branch and get it signed by the high coin holders didn't actually attack anything, because his forked branch is just as legitimate as the competing branch of all the other distributed hashpower. The attacker has to start his forked branch after the last signed checkpoint block, and everyone who wishes to protect himself from double-spending can simply wait until the next special checkpoint block in order to be sure that the relevant transactions until this next checkpoint block cannot be reversed. Therefore, the attacker cannot double-spend, the worst that the attacker can do is not including other transactions in his forked branch, but he gains nothing (if he participated normally along with the other miners then he'd both earn more and have less risk that his hashpower goes to waste).

[tgsrge]

not including other transactions in his forked branch is still a VERY VERY BAD thing to happen.

edit
ok you want a reason for the big stake holders to sign the blocks of the attacker/cooperate with the attacker/attack? fine, i will give it to you.

so the signing is not reversible. this is fine.
you do  the "attack", get the big stake holders to sign it through whatever means. you then list litecoins for sale in an exchange. the attacker does not include these transactions in his forked branch at all.
when the next checkpoint is reached, whoever bought/exchanged these litecoins will then be left with IMAGINARY LITECOINS, but a real money/btc loss.

this provides a clear incentive for the big stake holders and the attacker to collaborate, and provides a good example as to why centralization (whether or not you want to call it something else is another matter) grows to serve its own interests rather than the interests of the network.

[coblee]

not including other transactions in his forked branch is still a VERY VERY BAD thing to happen.

edit
ok you want a reason for the big stake holders to sign the blocks of the attacker/cooperate with the attacker/attack? fine, i will give it to you.

so the signing is not reversible. this is fine.
you do  the "attack", get the big stake holders to sign it through whatever means. you then list litecoins for sale in an exchange. the attacker does not include these transactions in his forked branch at all.
when the next checkpoint is reached, whoever bought/exchanged these litecoins will then be left with IMAGINARY LITECOINS, but a real money/btc loss.

this provides a clear incentive for the big stake holders and the attacker to collaborate.

Yes, you just described a 51% attack with a double spend. Trust in Litecoin then quickly disappears and price of Litecoin goes to 0. All the stake holders just lost a lot of money. Tell me why any one of the big stake holders would want to do that, let alone most of them doing it together at the same time.

[Tittiez]

Are you basing this statement on this poll alone or have you talked to a lot of Litecoin users about this? I think a lot of people are against this because they actually don't understand the proof of stake proposal.  People think that with proof of stake, it means we give the control back to the wealthy and it's no different than what we currently have with fiat currencies. This is not true. (At least with Meni's implentation) Please read the wiki page: https://en.bitcoin.it/wiki/Proof_of_Stake

With the proof of stake proposal, blocks are found the same way as they are currently with hashrate. And every 100 block, there will be a signature block. People who have a lot at stake (a lot of coins) sign signature blocks. They want to do that so that they protect their investment. If there are more than one block for that signature block, then block with the most signatures weighted by coins wins. Think of it in terms of checkpointing. Right now, one person (me) decides which blocks are checkpointed. With proof of stake, people how have a lot at stake gets to checkpoint signature blocks. So they can't control which transactions are included when. Miners still control that. All that the stake holders can do is that if there are more than one fork (if there's an attacker trying to 51% the chain), they can sign the signature blocks to help make sure that the fork with no malicious attack is the "true" chain.

That helps me understand this concept a lot more. I personally like the idea, it would be no different then you releasing your own checkpoint and having the network agree to that, except this way is much more decentralized because the largest parts of the network still has to agree to it. I think?

[tgsrge]

Yes, you just described a 51% attack with a double spend. Trust in Litecoin then quickly disappears and price of Litecoin goes to 0. All the stake holders just lost a lot of money. Tell me why any one of the big stake holders would want to do that, let alone most of them doing it together at the same time.

this is just one example i could come up with in less than 5 minutes as to why the biggest stake holders could be incentivized to collaborate with the attacker or even BE the attacker.

the reason is clear:
financial benefit from selling imaginary litecoins that will no longer exist when they sign the next checkpoint.

also, trust in litecoins wouldnt be ruined because of it (the attack) unless they did it to a really big number of people (or with a really big number of litecoins), just as a single bank being robbed doesnt create a bank run.

[coblee]

Are you basing this statement on this poll alone or have you talked to a lot of Litecoin users about this? I think a lot of people are against this because they actually don't understand the proof of stake proposal.  People think that with proof of stake, it means we give the control back to the wealthy and it's no different than what we currently have with fiat currencies. This is not true. (At least with Meni's implentation) Please read the wiki page: https://en.bitcoin.it/wiki/Proof_of_Stake

With the proof of stake proposal, blocks are found the same way as they are currently with hashrate. And every 100 block, there will be a signature block. People who have a lot at stake (a lot of coins) sign signature blocks. They want to do that so that they protect their investment. If there are more than one block for that signature block, then block with the most signatures weighted by coins wins. Think of it in terms of checkpointing. Right now, one person (me) decides which blocks are checkpointed. With proof of stake, people how have a lot at stake gets to checkpoint signature blocks. So they can't control which transactions are included when. Miners still control that. All that the stake holders can do is that if there are more than one fork (if there's an attacker trying to 51% the chain), they can sign the signature blocks to help make sure that the fork with no malicious attack is the "true" chain.

That helps me understand this concept a lot more. I personally like the idea, it would be no different then you releasing your own checkpoint and having the network agree to that, except this way is much more decentralized because the largest parts of the network still has to agree to it. I think?

Yes, it's decentralized. Basically the concept is that every 100 blocks, there will be a signature block, which is like the checkpoint blocks. And the stake holders (people who own litecoins) decide to sign the block or not. If there is a competing signature block, then the block signed by the most coins wins out and is accepted as part of the real chain. And if so happens that more stake holders sign an attacker's signature block, then that chain will win out. But if you think about it... if the majority stake holders agree that the attacking chain is the "right" chain, so it makes sense for it to be accepted as the "right" chain. So it's equivalent to if BCX came out last week and released a new version of the Litecoin binaries with his/her chain checkpointed AND the majority of Litecoin users decided to run his binary instead of the binary I released. Then BCX's chain is the "right" chain and I'm the "attacker". But with proof of stake, instead of one client getting one vote, it's just one coin gets one vote.

[coblee]

Yes, you just described a 51% attack with a double spend. Trust in Litecoin then quickly disappears and price of Litecoin goes to 0. All the stake holders just lost a lot of money. Tell me why any one of the big stake holders would want to do that, let alone most of them doing it together at the same time.

this is just one example i could come up with in less than 5 minutes as to why the biggest stake holders could be incentivized to collaborate with the attacker or even BE the attacker.

the reason is clear:
financial benefit from selling imaginary litecoins that will no longer exist when they sign the next checkpoint.

also, trust in litecoins wouldnt be ruined because of it (the attack) unless they did it to a really big number of people (or with a really big number of litecoins), just as a single bank being robbed doesnt create a bank run.

Did you not see that a single threat of a 51% attack caused massive panic and for the price to be almost halved. If a real attack happened, it's not going to be pretty. If you had 1,000,000 litecoins, would you attack the network to steal 10,000 coins and risk it?

Also, your criticism applies to the current proof of work. Currently if you have 51% of the network, you can perform this double spend attack. With proof of stake, you need both 51% of hashrate and 51% of stake. So how is it worse than Today?

[tgsrge]

Did you not see that a single threat of a 51% attack caused massive panic and for the price to be almost halved. If a real attack happened, it's not going to be pretty. If you had 1,000,000 litecoins, would you attack the network to steal 10,000 coins and risk it?

Also, your criticism applies to the current proof of work. Currently if you have 51% of the network, you can perform this double spend attack. With proof of stake, you need both 51% of hashrate and 51% of stake. So how is it worse than Today?

it is worse because holding the biggest amount of coins is not supposed to be a way the network determines whether or not something is valid in a cryptocurrency, and because you are giving different nodes different weights (AKA SUPERNODES) whether or not you want to admit it, too.

supernodes are BAD BAD BAD, normal currencies already have super nodes (the government, banks) and this would work the same way.


cryptocurrencies are not supposed to be assigning different weights to different nodes.

[Etlase2]

What is "at the exact same time"? Bitcoin is, in fact, a timestamping service, so it's important to be specific about this.

If a 500 LTC block is released at time X, and 10-60 seconds afterwards a competing block with 700 LTC is released, that claims it was actually released at the same time. Does the 700 LTC block win? But miners have already started to work on the continuation to the 500 LTC block...

The exact same time is whatever the block acceptance rules says it is. I didn't go that far into processing this idea because I'm not using it, but the greater the days destroyed in the block that came second, the longer it has to replace, with a maximum amount of time (and blocks) before notifying the user that there is a competitor but not replacing the block.

It actually won't be fork free, but it will be impossible to fool honest users connected to the network. New users could be temporarily fooled, but once the days destroyed ran out, the real chain would eventually get a greater weight of LTC days destroyed and win out.

Sounds interesting. I can see how this makes it hard to do a sustained 51% attack. But it's still not hard to do a one time 51% attack. Let's say the attacker just needs to do 51% for about 10 blocks in order to do a double spend at the exchange. He just needs destroy enough coins to match the network for those 10 blocks.

Proof of stake does nothing to fix this either. Both solutions prevent the network from being destroyed, one solution is much simpler and compatible with existing clients.

[iddo]

edit
ok you want a reason for the big stake holders to sign the blocks of the attacker/cooperate with the attacker/attack? fine, i will give it to you.

so the signing is not reversible. this is fine.
you do  the "attack", get the big stake holders to sign it through whatever means. you then list litecoins for sale in an exchange. the attacker does not include these transactions in his forked branch at all.
when the next checkpoint is reached, whoever bought/exchanged these litecoins will then be left with IMAGINARY LITECOINS, but a real money/btc loss.

Either I've failed to understand you, or you've failed to understand me.
To "list litecoins for sale in an exchange", you have to deposit them by doing a litecoin transfer on the blockchain, so if the exchange waited for the signed checkpoint block then we agree that the deposit isn't reversible. Now you trade on the exchange and the ownership of those litecoin changes hands to someone else, who wishes to withdraw these litecoins so he tells the exchange to initiate a litecoin transfer on the blockchain to his personal litecoin address (assume again that the exchange waits until the next signed checkpoint to verify that the withdrawal transaction really took place, otherwise if the exchange sees that the withdrawal transaction was reversed so that the litecoins are back under the control of the exchange then it considers it a failed withdrawal attempt and restores the litecoins to the person's account on the exchange). If the attacker prepared a forked branch while this is going on, and didn't include this withdrawal transaction in his forked branch, then he denied the withdrawal attempt, but nobody is left with "imaginary litecoins", it's again simply an attack that denies transactions.
You should note that an attacker who just denies transaction does it at a financial loss to himself while he competes with the distributed hashpower, so such attacks cannot be sustained for long. There's no financial incentive to do such an attack, it's purely malicious, so these kinds of attacks are less likely.

[tgsrge]

Either I've failed to understand you, or you've failed to understand me.
To "list litecoins for sale in an exchange", you have to deposit them by doing a litecoin transfer on the blockchain, so if the exchange waited for the signed checkpoint block then we agree that the deposit isn't reversible. Now you trade on the exchange and the ownership of those litecoin changes hands to someone else, who wishes to withdraw these litecoins so he tells the exchange to initiate a litecoin transfer on the blockchain to his personal litecoin address (assume again that the exchange waits until the next signed checkpoint to verify that the withdrawal transaction really took place, otherwise if the exchange sees that the withdrawal transaction was reversed so that the litecoins are back under the control of the exchange then it considers it a failed withdrawal attempt and restores the litecoins to the person's account on the exchange). If the attacker prepared a forked branch while this is going on, and didn't include this withdrawal transaction in his forked branch, then he denied the withdrawal attempt, but nobody is left with "imaginary litecoins", it's again simply an attack that denies transactions.
You should note that an attacker who just denies transaction does it at a financial loss to himself while he competes with the distributed hashpower, so such attacks cannot be sustained for long. There's no financial incentive to do such an attack, it's purely malicious, so these kinds of attacks are less likely.

you assume exchanges are trustworthy. your assumption does not work with malicious exchanges.

this takes scamming/malicious exchanges to the next level.

[coblee]

Either I've failed to understand you, or you've failed to understand me.
To "list litecoins for sale in an exchange", you have to deposit them by doing a litecoin transfer on the blockchain, so if the exchange waited for the signed checkpoint block then we agree that the deposit isn't reversible. Now you trade on the exchange and the ownership of those litecoin changes hands to someone else, who wishes to withdraw these litecoins so he tells the exchange to initiate a litecoin transfer on the blockchain to his personal litecoin address (assume again that the exchange waits until the next signed checkpoint to verify that the withdrawal transaction really took place, otherwise if the exchange sees that the withdrawal transaction was reversed so that the litecoins are back under the control of the exchange then it considers it a failed withdrawal attempt and restores the litecoins to the person's account on the exchange). If the attacker prepared a forked branch while this is going on, and didn't include this withdrawal transaction in his forked branch, then he denied the withdrawal attempt, but nobody is left with "imaginary litecoins", it's again simply an attack that denies transactions.
You should note that an attacker who just denies transaction does it at a financial loss to himself while he competes with the distributed hashpower, so such attacks cannot be sustained for long. There's no financial incentive to do such an attack, it's purely malicious, so these kinds of attacks are less likely.

you assume exchanges are trustworthy. your assumption does not work with malicious exchanges.

I don't think this discussion is going anywhere. You are really throwing out too many what ifs. If the exchanges are malicious, then they can steal your coins outright without anymore having to perform a 51% attack. So the point is moot.

[tgsrge]

I don't think this discussion is going anywhere. You are really throwing out too many what ifs. If the exchanges are malicious, then they can steal your coins outright without anymore having to perform a 51% attack. So the point is moot.

i am "throwing out" too many what ifs just as you "throw out" too many assumptions to support yourself as to why this is a good thing for litecoins.


also are we REALLY going to make ANOTHER trade off in order to make this work?even MORE time to confirm transactions? really?...


bitcoin = 1 block every ten minutes so for bitcoins this would take almost (1000 minutes) 17 HOURS for every transaction to be "safe" against this.
so if litecoin takes half as much time to generate the same amount of blocks, we would need (500 minutes) 8.5 HOURS for transactions to be "safe". is this really practical ? you tell me.

[coblee]

I don't think this discussion is going anywhere. You are really throwing out too many what ifs. If the exchanges are malicious, then they can steal your coins outright without anymore having to perform a 51% attack. So the point is moot.

i am "throwing out" too many what ifs just as you "throw out" too many assumptions to support yourself as to why this is a good thing for litecoins.


also are we REALLY going to make ANOTHER trade off in order to make this work?even MORE time to confirm transactions? really?...


bitcoin = 1 block every ten minutes so for bitcoins this would take almost (1000 minutes) 17 HOURS for every transaction to be "safe" against this.
so if litecoin takes half as much time to generate the same amount of blocks, we would need (500 minutes) 8.5 HOURS for transactions to be "safe". is this really practical ? you tell me.

Litecoin blocks are 2.5 mins. So 100 blocks is about 4 hours. But you don't have to wait for a signature block for every transaction. You can choose to wait for large transactions similar to how most people don't wait for 6 confirmations.

In the end, this is just an idea that we are discussing. Nothing is set in stone. Even the 100 blocks was just something thrown out there. We could do signature blocks every 6 blocks, but we have to find a tradeoff between bloating the blockchain and the security provided by the signature blocks.

[ripper234]

+1 for coblee in this discussion, you did a really good job of explaining the idea, despite resistance.

Here is a bounty for someone to make a Proof of Stake altcoin.

[passerby]

I don't think spawning a yet-another-coin-now-with-PoS is a good idea.

Having said that, I support the general concept of PoS (assuming "decent" implementation) and I do think that litecoin should implement it. Litecoin is way overdue for some innovation...

[Tittiez]

I don't think spawning a yet-another-coin-now-with-PoS is a good idea.

Having said that, I support the general concept of PoS (assuming "decent" implementation) and I do think that litecoin should implement it. Litecoin is way overdue for some innovation...

+1

[ripper234]

The reason for this coin & bounty is because at least a proof-of-concept coin needs to be implemented before it's integrated into Bitcoin/Litecoin. This needs to be designed & developed.

The bounty is to "pay" for this work. The coin doesn't necessarily need to be an investment vehicle, just a playground. The goal is to test this coin for a bit, and then integrate the ideas/code from it into other chains.

[Etlase2]

I am going to point out some the clear differences and advantages I see in using a days destroyed weighted block chain over proof of stake. I am going to go by some of the things I see written in the wiki as reference to PoS.

Proof of stake problems:

* Monopoly is still possible under proof-of-stake. ... [A] proof-of-stake monopolist is more likely to behave benevolently exactly because of his stake in Bitcoin.
The idea can already be written off as a joke.
* stakeholders (people who have bitcoins) are expected to sign it by using a private key associated with their address which contains coins to sign the block hash.
So everybody who owns a bitcoin is supposed to sign? Are there any minimums on this? This is just left wide open. How many thousands of extra transactions and signature verifications will this take? This may be an extreme imposition on the entire network.
* The signatures are broadcast on the network and included in a future block.
Or not. A miner has no incentive to put signatures in a block. Verifying them is work, they add lots of data to the miner's payload, and if the signatures are signing a block-chain different from the one he's working on, he will simply drop them. This is a problem because nodes may never see these signatures.
* Cementing is a node's reluctance to do a blockchain reorganization. A node will reject any new block found if it contradicts a 6-block deep branch it is already aware of and currently considers valid. That is, once a node receives 6 confirmations for a block, it will not accept a competing block even if it is part of a longer branch.
This does not require any form of proof of stake and can be implemented on its own. It is inherent in the design of a proper algorithm for a days destroyed weighted block-chain.
* In a pure PoW system this is problematic to do because a node could be stuck on "the wrong version" - if an attacker isolates the node and feeds him bogus data, it will not embrace the true, longer chain when he learns of it. However, using PoS to have the final say in such situations makes this possible.
PoS only has the final say when? When 51% of all coins in existence have signed one chain or another? This is insanity.
* If an address signs two conflicting blocks, its weight is reset to 0. This is to limit the power of malicious stakeholders.
Where exactly is all of this information going to be stored? How much immense amounts of data will this add to the block-chain? Denials of service attacks will be everywhere.

Days destroyed weighted block-chain advantages:

* Clients have a say in the matter. Every client. Miners are forced to include every transaction possible because if someone else comes along and does them one better, their block may be invalidated. Even if only a single miner is doing the right thing, the clients will be using his chain over a malicious one. So as long as one miner is honest, the honest network wins.
* Clients have the power to choose which block-chain is the correct one, not basing it off of hashing power. This is the ultimate blow to any 51% attack. Want to create a monopoly? Oh well someone else came along and is offering cheaper tx fees, goodbye.
* Absolutely no additional data is added to the block-chain. Nothing to keep track of except mini-forks which may be slightly more likely depending on how the final algorithm works.
* Money is given no more power than it already has. There is a veritable check and balance system between clients, miners, and the wealthy.
* Difficulty CAN GO DOWN without opening the network to attack. This means transaction fees can go down. And stakeholders don't have to be paid to cancel out this effect.


Proof of stake is a waste of time in a bitcoin-like block-chain. Completely.

[coblee]

I am going to point out some the clear differences and advantages I see in using a days destroyed weighted block chain over proof of stake. I am going to go by some of the things I see written in the wiki as reference to PoS.

Proof of stake problems:

* Monopoly is still possible under proof-of-stake. ... [A] proof-of-stake monopolist is more likely to behave benevolently exactly because of his stake in Bitcoin.
The idea can already be written off as a joke.
* stakeholders (people who have bitcoins) are expected to sign it by using a private key associated with their address which contains coins to sign the block hash.
So everybody who owns a bitcoin is supposed to sign? Are there any minimums on this? This is just left wide open. How many thousands of extra transactions and signature verifications will this take? This may be an extreme imposition on the entire network.
* The signatures are broadcast on the network and included in a future block.
Or not. A miner has no incentive to put signatures in a block. Verifying them is work, they add lots of data to the miner's payload, and if the signatures are signing a block-chain different from the one he's working on, he will simply drop them. This is a problem because nodes may never see these signatures.
* Cementing is a node's reluctance to do a blockchain reorganization. A node will reject any new block found if it contradicts a 6-block deep branch it is already aware of and currently considers valid. That is, once a node receives 6 confirmations for a block, it will not accept a competing block even if it is part of a longer branch.
This does not require any form of proof of stake and can be implemented on its own. It is inherent in the design of a proper algorithm for a days destroyed weighted block-chain.
* In a pure PoW system this is problematic to do because a node could be stuck on "the wrong version" - if an attacker isolates the node and feeds him bogus data, it will not embrace the true, longer chain when he learns of it. However, using PoS to have the final say in such situations makes this possible.
PoS only has the final say when? When 51% of all coins in existence have signed one chain or another? This is insanity.
* If an address signs two conflicting blocks, its weight is reset to 0. This is to limit the power of malicious stakeholders.
Where exactly is all of this information going to be stored? How much immense amounts of data will this add to the block-chain? Denials of service attacks will be everywhere.

Days destroyed weighted block-chain advantages:

* Clients have a say in the matter. Every client. Miners are forced to include every transaction possible because if someone else comes along and does them one better, their block may be invalidated. Even if only a single miner is doing the right thing, the clients will be using his chain over a malicious one. So as long as one miner is honest, the honest network wins.
* Clients have the power to choose which block-chain is the correct one, not basing it off of hashing power. This is the ultimate blow to any 51% attack. Want to create a monopoly? Oh well someone else came along and is offering cheaper tx fees, goodbye.
* Absolutely no additional data is added to the block-chain. Nothing to keep track of except mini-forks which may be slightly more likely depending on how the final algorithm works.
* Money is given no more power than it already has. There is a veritable check and balance system between clients, miners, and the wealthy.
* Difficulty CAN GO DOWN without opening the network to attack. This means transaction fees can go down. And stakeholders don't have to be paid to cancel out this effect.


Proof of stake is a waste of time in a bitcoin-like block-chain. Completely.

I agree that proof of stake will likely add a lot of bloat to the blockchain and possibly add a lot of strain to the network to propage all those signatures. Etlase2, I am also thinking about your days destroyed solution. It seems like a good solution, but can you think of how it can help solve the problem of an attacker forking the chain for 10 blocks so that he can do a double spend on the exchange?

[Etlase2]

I agree that proof of stake will likely add a lot of bloat to the blockchain and possibly add a lot of strain to the network to propage all those signatures. Etlase2, I am also thinking about your days destroyed solution. It seems like a good solution, but can you think of how it can help solve the problem of an attacker forking the chain for 10 blocks so that he can do a double spend on the exchange?

This would have to be part of the design algorithm. Something that first needs to be designed, tested, and fine-tuned.

I think a good place to start is for each client to follow the block-chain back a couple thousand blocks or so and see what the typical Litecoin Days Destroyed is for each block, and use that as a base line. If 6 blocks in a row meet or beat the average LDD, the 6th block (in bitcoin terms, perhaps this would be 20 or so in litecoin, but 6 may still be fine, needs testing) in the past could be cemented in stone and can only be replaced if the user agrees to it. If the LDD is say, between 20-40% below normal, it will take perhaps 4x the 6 or 20 blocks before this block will be cemented unless 6 or 20 blocks come after that meet or beat LDD avg. If it's 40-60% below normal, then 8x, and so on.

Something along those lines. An exchange could wait a few extra blocks to be fairly sure that everyone has the block it is interested in cemented.

[ripper234]

Please don't hijack this thread for designing other, alternative improvement.

Can you create another dedicated thread?

[Etlase2]

Proof of stake was designed without any real thought behind it. It won't work on any reasonable scale.

[passerby]

Wouldn't Coin-Day-Destroyed allow me to trigger a reorg by simply stocking up on old coins and sending them to myself without broadcasting (I'm a miner, remember) just to "increase weight" of my blocks ?


Wouldn't that make Finneys and other such small doublespend-reorgs easier to make (you just need a big stash of old coins in the right time) ?

Wouldn't it also make "deep" reorgs (and big doublespends "eating" 5 confirms or more) easier for a 51 attacker with a big stash of old coins (just increase the "weight" of your chain by stuffing your own old-coin spending tx-es into them) ?

[dreamwatcher]

One question that keeps coming up to me in this debate about proof of stake:

Why would those with large wallets of Litecoin, KEEP THAT WALLET/CLIENT ON LINE 24/7?

If I had a particularity large wallet of litecoins, I would keep it on an USB drive only to be used when I needed to do a transaction, and keep a much smaller wallet for quick access.

It seems to me, that this would put the exchanges and large pools in charge of signing the blocks, and we know they are susceptible to DDoS.

[Etlase2]

Wouldn't Coin-Day-Destroyed allow me to trigger a reorg by simply stocking up on old coins and sending them to myself without broadcasting (I'm a miner, remember) just to "increase weight" of my blocks ?

Assuming a thriving network, you would have to control some not insignificant portion of the network's GDP and the hashing power for this to matter.

Wouldn't that make Finneys and other such small doublespend-reorgs easier to make (you just need a big stash of old coins in the right time) ?

A big stash of old coins to pull off tiny heists, plus significant enough hashing power to create your own blocks. In the standard bitcoin and litecoin model, you only need significant hashing power.

Wouldn't it also make "deep" reorgs (and big doublespends "eating" 5 confirms or more) easier for a 51 attacker with a big stash of old coins (just increase the "weight" of your chain by stuffing your own old-coin spending tx-es into them) ?

No, because you prevent deep-reorgs without user intervention. The only time a deep reorg could ever possibly happen is in one of two scenarios: 1) the network is unhealthy and has split, 2) someone is attacking the network. 1) means there are already other massive issues, 2) means the network is being attacked and it's probably an idiotic idea to reorg but bitcoin will do it anyway for the sake of unity.

[ripper234]

One question that keeps coming up to me in this debate about proof of stake:

Why would those with large wallets of Litecoin, KEEP THAT WALLET/CLIENT ON LINE 24/7?

If I had a particularity large wallet of litecoins, I would keep it on an USB drive only to be used when I needed to do a transaction, and keep a much smaller wallet for quick access.

It seems to me, that this would put the exchanges and large pools in charge of signing the blocks, and we know they are susceptible to DDoS.

They wouldn't have to keep the wallet online, there are solutions to this.
You can send a network message committing your coin for the next N blocks.


Everyone, PLEASE DO NOT USE THIS THREAD TO DESIGN OTHER ALTERNATIVES.

You can open a dedicate thread an link to it, and post occasional message about them, but don't do the design work on top of this thread.

[Etlase2]

Why are you whining? what the heck does it matter? There is a valid discussion regardless if it has strayed slightly off-topic.

[tgsrge]

i think etlase's proposal sounds more decent (and less broken) if it can be implemented decently.

i still think new ideas (no matter which) should be tested in a separate test blockchain/currency to hopefuly correct any implementation errors and possibly deal with new not so intuitive attacks which were not considered during the initial discussion/implementation, though.


and also, the community needs to seriously consider whether we want to be "artificially" tougher against 51% and maybe throw the entire thing out of balance or if we should consider 51% "attacks" a feature/characteristic of sorts of the currency. any modification to the design might make it inherently unsafer. security is the lack of functionality, and complexity (even if sometimes introduced to bring in "additional security") more often than not, due to various factors leads to insecurity.

[Etlase2]

and also, the community needs to seriously consider whether we want to be "artificially" tougher against 51% and maybe throw the entire thing out of balance or if we should consider 51% "attacks" a feature/characteristic of sorts of the currency. any modification to the design might make it inherently unsafer. security is the lack of functionality, and complexity (even if sometimes introduced to bring in "additional security") more often than not, due to various factors leads to insecurity.

As the Ben Laurie hyperbole originally put it, bitcoin is not secure unless 51% of the universe's computing power is securing the network. So I don't think it is possible to come up with anything worse. 51% attacks are most certainly not a feature and saying it is is like agreeing that 640K should be enough for anybody.

[markm]

51% of the universe's computing power should be enough for anybody.

-MarkM-

[maaku]

@coblee, thanks for fighting the good fight

[iddo]

* Cementing is a node's reluctance to do a blockchain reorganization. A node will reject any new block found if it contradicts a 6-block deep branch it is already aware of and currently considers valid. That is, once a node receives 6 confirmations for a block, it will not accept a competing block even if it is part of a longer branch.
This does not require any form of proof of stake and can be implemented on its own. It is inherent in the design of a proper algorithm for a days destroyed weighted block-chain.

How do you cement a checkpoint block without proof-of-stake?

[iddo]

One question that keeps coming up to me in this debate about proof of stake:

Why would those with large wallets of Litecoin, KEEP THAT WALLET/CLIENT ON LINE 24/7?

If I had a particularity large wallet of litecoins, I would keep it on an USB drive only to be used when I needed to do a transaction, and keep a much smaller wallet for quick access.

It seems to me, that this would put the exchanges and large pools in charge of signing the blocks, and we know they are susceptible to DDoS.

It's a free market, you collect fees by signing the special checkpoint blocks, so you should evaluate the risk of your wallet being stolen versus the reward. I suppose that with grandma's PC it's better to skip trying to collecting signing fees, but for someone with a properly secure computer it should be fine.
In one sense having an incentive to keep coins under your control and continuously use them actually contributes to the health of the network, because with Bitcoin there appears to be a trend to send your coins to 3rd-parties that (supposedly) give you high interest or simply the convenience of using an online wallet, and this should be even more risky than someone hacking into your personal computer.

[ripper234]

Updated OP:

Edit - if you support the idea, you might want to contribute to a bounty.

[Etlase2]

* Cementing is a node's reluctance to do a blockchain reorganization. A node will reject any new block found if it contradicts a 6-block deep branch it is already aware of and currently considers valid. That is, once a node receives 6 confirmations for a block, it will not accept a competing block even if it is part of a longer branch.
This does not require any form of proof of stake and can be implemented on its own. It is inherent in the design of a proper algorithm for a days destroyed weighted block-chain.

How do you cement a checkpoint block without proof-of-stake?

It's written right there in the wiki quote for proof of stake. The stake is not required to cement a block, it is up to the client. A "dumb" way to do it is to just to cement 6 blocks in the past, but this leaves everyone open to the sustained 51% attack still, though it does prevent private in parallel mining to rewrite history. A smarter way to do it is base it around LDD so that an attacker can't sustain a 51% denial of service attack.

There is the potential with proof of stake that there exist two forks and both have less than 50% stake signing it. The only penalty for abstaining from a stake signing is that you lose reputation. That is not a sufficient penalty. In this scenario, the forks can stay completely unresolved. Regardless, a competitor may offer lower tx fees but the stakeholders refuse to sign and so on. It takes power away from the people.

Using the LDD model and user intervention, the people get to decide which fork they want to use. Monopolies can be prevented. Selective transaction approval can be prevented. Sustained 51% attack can be prevented. Proof of stake does not prevent monopolies, it does not prevent selective transaction approval, and its 51% attack prevention is only as good as whatever automated code selects the correct chain for the stake signers. And if stake signers manually choose, then you may as well give that ability to everyone so that everyone can determine what is in their best interest, not a select few. Aren't we all about overthrowing the establishment and such around here? Why is anyone looking to hard-code that in?

[iddo]

I don't understand, are you suggesting that each node will simply cement after seeing 6 consecutive blocks? That would cause the blockchain to fork into many branches that will never reunite.
I'm asking about the basic concept, please avoid the added complexities of cementing 6 consecutive blocks and consider the proof-of-stake cementing of the 100th signatures block. With proof-of-stake, we can cement the (say) 100th block with signatures that cannot be faked by an attacker with 51% hashpower, so everyone can protect themselves from a double-spending attack by waiting past the checkpoint signatures block in order to be sure that the relevant transactions couldn't be reversed. Do you claim that it's possible to cement a checkpoint block (with this desirable property of protecting from an attacker with 51% hashpower) without proof-of-stake? How?
What is LDD? Litecoin Days Destroyed? How is it relevant?

[Etlase2]

are you suggesting that each node will simply cement after seeing 6 consecutive blocks?

No, but the proof of stake wiki is. But then it turns around and says it's all up for grabs depending on what the stake holders do.

That would cause the blockchain to fork into many branches that will never reunite.

No it wouldn't. Has bitcoin ever even had an orphan chain go 2 blocks deep? If, as I alluded to in another post, there is a problem with the internet to the point that entire sections of the network are cut off from each other, there are bigger problems than which chain is the right one. The situation is going to cause chaos no matter what. Proof of stake proposes to let a select few determine who wins. This is not at all ideal because it has very, very bad implications in any situation other than a network split. And, as I mentioned, proof of stake can get locked just the same with multiple chains.

I'm asking about the basic concept, please avoid the added complexities of cementing 6 consecutive blocks and consider the proof-of-stake cementing of the 100th signatures block. With proof-of-stake, we can cement the (say) 100th block with signatures that cannot be faked by an attacker with 51% hashpower, so everyone can protect themselves from a double-spending attack by waiting past the checkpoint signatures block in order to be sure that the relevant transactions couldn't be reversed.

"rah rah rah my idea is better and I won't read what you've written throughout the thread or attempt to understand because clashes in the face of what I think is right so I will therefore treat you like an idiot"

Do you claim that it's possible to cement a checkpoint block (with this desirable property of protecting from an attacker with 51% hashpower) without proof-of-stake? How?
What is LDD? Litecoin Days Destroyed? How is it relevant?

it was the next post after the one you responded to...

I agree that proof of stake will likely add a lot of bloat to the blockchain and possibly add a lot of strain to the network to propage all those signatures. Etlase2, I am also thinking about your days destroyed solution. It seems like a good solution, but can you think of how it can help solve the problem of an attacker forking the chain for 10 blocks so that he can do a double spend on the exchange?

This would have to be part of the design algorithm. Something that first needs to be designed, tested, and fine-tuned.

I think a good place to start is for each client to follow the block-chain back a couple thousand blocks or so and see what the typical Litecoin Days Destroyed is for each block, and use that as a base line. If 6 blocks in a row meet or beat the average LDD, the 6th block (in bitcoin terms, perhaps this would be 20 or so in litecoin, but 6 may still be fine, needs testing) in the past could be cemented in stone and can only be replaced if the user agrees to it. If the LDD is say, between 20-40% below normal, it will take perhaps 4x the 6 or 20 blocks before this block will be cemented unless 6 or 20 blocks come after that meet or beat LDD avg. If it's 40-60% below normal, then 8x, and so on.

Something along those lines. An exchange could wait a few extra blocks to be fairly sure that everyone has the block it is interested in cemented.

The *only* theoretical problem that PoS solves that LDD WBC doesn't is a huge network split. And PoS does not completely solve it because signing is optional. With the LDD WBC individual clients will have to choose which chain they want to use. This will probably be apparent in the closest potential real-world scenario such as an individual country cutting off its people from the internet at large. It will be obvious for those users when and if they reconnect that they must use the chain that the world is using and not their split. In the case of a split like this, because mining would also be heavily reduced, blocks will come in much slower and the LDD will be much lower so they will not even likely cement any blocks unless the split is for a very significant period of time.

[iddo]

I'm asking about the basic concept, please avoid the added complexities of cementing 6 consecutive blocks and consider the proof-of-stake cementing of the 100th signatures block. With proof-of-stake, we can cement the (say) 100th block with signatures that cannot be faked by an attacker with 51% hashpower, so everyone can protect themselves from a double-spending attack by waiting past the checkpoint signatures block in order to be sure that the relevant transactions couldn't be reversed.

"rah rah rah my idea is better and I won't read what you've written throughout the thread or attempt to understand because clashes in the face of what I think is right so I will therefore treat you like an idiot"

I use the word "cement" or "solidify" to represent the idea that the distributed network arrives to an agreement on a special checkpoint block that won't be reversed, which determines the true blockchain even if a 51% attacker prepared the branch that ends in a special checkpoint block. If the word "cement" also has other meanings, please choose a different word for what I described to be sure that we discuss the same thing. It's true that I haven't read yet your other ideas, because I'm trying to understand first whether your ideas solve the same problem or different problems. If you'd be so kind, please answer the basic question: do you have a suggestion regarding how to cement a checkpoint block (that cannot be reversed by 51% attack) in a way that doesn't require proof-of-stake? I don't claim that there isn't such a way, I've tried to think of another way to do it for several minutes, but didn't come up with anything.

If your ideas are orthogonal and try to solve/improve other properties of the Bitcoin protocol, what are the (supposed) deficiencies of Bitcoin that you're trying to improve? Is it waste of energy of PoW, or other deficiencies?

[Etlase2]

If you'd be so kind, please answer the basic question: do you have a suggestion regarding how to cement a checkpoint block (that cannot be reversed by 51% attack) in a way that doesn't require proof-of-stake?

With LDD WBC, there is no need for a specific checkpoint block, every block becomes a checkpoint after it is buried deep enough.

Say we use the last 5,000 blocks as our LDD metric. The average LDD in each block is say, 1,000.
You, an exchange, are interested in a transaction in block 2,001.
Block 2,002 comes along with 1,050 LDD.
Block 2,003 comes along with 800 LDD.
Block 2,004 comes along with 1,500 LDD.
Block 2,005 comes along with 1,110 LDD.
Block 2,006 comes along with 900 LDD.
Block 2,007 comes along with 1,200 LDD.
Block 2,008 comes along with 1,500 LDD.
Block 2,009 comes along with 1,300 LDD.
Block 2,001 becomes cemented because there are 6 blocks that follow that meet or beat the average LDD. This is a client-side operation and the software must notify the user if a competing chain attempts to reverse block 2,001, but it will NOT automatically replace it. In reality, litecoin would probably use 20-30 blocks before cementing since its block time is 2.5 minutes instead of 10. An hour should be more than enough time for that block to have propagated the network. If you're extra paranoid, you could wait until block 2,009 is cemented.

If you do not have faith that blocks will be properly passed around to achieve this, then you can't possibly have faith that the proof of stake signatures will be immune to the same problem. If you're worried about some miraculous chain of events that might cause a significant, temporary fork, then use more blocks to be safe. You have suggested 100 blocks to be a checkpoint for PoS, the same number could be used for the LDD WBC. But I think it's overkill considering, AFAIK, bitcoin has never gotten past 1 orphan block. I do not know about LTC, but it would be interesting to see since it's 4 times faster. Is 1 block still the biggest orphan?

If your ideas are orthogonal and try to solve/improve other properties of the Bitcoin protocol, what are the (supposed) deficiencies of Bitcoin that you're trying to improve? Is it waste of energy of PoW, or other deficiencies?

https://bitcointalk.org/index.php?topic=91183.0
https://bitcointalk.org/index.php?topic=64637.0
https://bitcointalk.org/index.php?topic=49683.0

Days destroyed weighted block-chain advantages:

* Clients have a say in the matter. Every client. Miners are forced to include every transaction possible because if someone else comes along and does them one better, their block may be invalidated. Even if only a single miner is doing the right thing, the clients will be using his chain over a malicious one. So as long as one miner is honest, the honest network wins.
* Clients have the power to choose which block-chain is the correct one, not basing it off of hashing power. This is the ultimate blow to any 51% attack. Want to create a monopoly? Oh well someone else came along and is offering cheaper tx fees, goodbye.
* Absolutely no additional data is added to the block-chain. Nothing to keep track of except mini-forks which may be slightly more likely depending on how the final algorithm works.
* Money is given no more power than it already has. There is a veritable check and balance system between clients, miners, and the wealthy.
* Difficulty CAN GO DOWN without opening the network to attack. This means transaction fees can go down. And stakeholders don't have to be paid to cancel out this effect.

[Bitcoin Oz]

What if you needed 51% of all he coins in existence before you could fork the chain ?

The likelihood of any 1 attacker having that many coins is what ?

[iddo]

OK, apologies, when I read this part of your first post,

* Cementing is a node's reluctance to do a blockchain reorganization. A node will reject any new block found if it contradicts a 6-block deep branch it is already aware of and currently considers valid. That is, once a node receives 6 confirmations for a block, it will not accept a competing block even if it is part of a longer branch.
This does not require any form of proof of stake and can be implemented on its own. It is inherent in the design of a proper algorithm for a days destroyed weighted block-chain.

I wrongly assumed that the discussion is still generally related to the Bitcoin protocol framework, and took your comment to mean that as a standalone claim you're saying that cementing a checkpoint could be done without proof-of-stake. I didn't realize that you claim that these ideas hold for a substantially different protocol that doesn't use hashpower for proof-of-work etc., sorry for my confusion.

[Etlase2]

Whatever dude, be intentionally dense.

[MicroCashMike]

It's great to see LTC wanting to evolve beyond the limitations that effect major adoption by the larger financial community. Coblee should contact Realsolid  as Solidcoin was out in front of the very issue by a distance.


Mike

[coblee]

It's great to see LTC wanting to evolve beyond the limitations that effect major adoption by the larger financial community. Coblee should contact Realsolid  as Solidcoin was out in front of the very issue by a distance.


Mike

Thanks for your awesome advice, CoinHunter.

[MicroCashMike]

It's great to see LTC wanting to evolve beyond the limitations that effect major adoption by the larger financial community. Coblee should contact Realsolid  as Solidcoin was out in front of the very issue by a distance.


Mike

Thanks for your awesome advice, CoinHunter.

I'm not Coinhunter, Charles.

My name is Michael Westin, from New York City but temporarily live in LA. I've been a long time lurker but never posted till I registered yesterday and was whitelisted after moderators looked at my profile and info. I am also an LTC miner that happens to be pissed about your market manipulation scheme with BTC-e and BCEX. You knew a head of time and admitted you knew as of 8:00 am on Tuesday July 24th, less than 8 hours after BCEX posted his "attack" plans. This was market manipulation and I would love to hear your take on it.

Can you tell us why you didn't inform us for over four days you knew the attack was a hoax? You went through the charade of planning a defense in private IRC? What's up with that?

Mike

[coblee]

It's great to see LTC wanting to evolve beyond the limitations that effect major adoption by the larger financial community. Coblee should contact Realsolid  as Solidcoin was out in front of the very issue by a distance.


Mike

Thanks for your awesome advice, CoinHunter.

I'm not Coinhunter, Charles.

My name is Michael Westin, from New York City but temporarily live in LA. I've been a long time lurker but never posted till I registered yesterday and was whitelisted after moderators looked at my profile and info. I am also an LTC miner that happens to be pissed about your market manipulation scheme with BTC-e and BCEX. You knew a head of time and admitted you knew as of 8:00 am on Tuesday July 24th, less than 8 hours after BCEX posted his "attack" plans. This was market manipulation and I would love to hear your take on it.

Can you tell us why you didn't inform us for over four days you knew the attack was a hoax? You went through the charade of planning a defense in private IRC? What's up with that?

Mike

I've already posted my take and I assume you've read it: https://bitcointalk.org/index.php?topic=96186.msg1060442#msg1060442
So should I have told everyone that it was a bluff? Would you then call me irresponsible if BCX did indeed pull off a 51% attack because we were not ready?
What would you have done MicroCashMike?

I assume you hangout in #microcash, right? What's your username?

[Tittiez]

I'm not Coinhunter, Charles.

My name is Michael Westin, from New York City but temporarily live in LA. I've been a long time lurker but never posted till I registered yesterday and was whitelisted after moderators looked at my profile and info. I am also an LTC miner that happens to be pissed about your market manipulation scheme with BTC-e and BCEX. You knew a head of time and admitted you knew as of 8:00 am on Tuesday July 24th, less than 8 hours after BCEX posted his "attack" plans. This was market manipulation and I would love to hear your take on it.

Can you tell us why you didn't inform us for over four days you knew the attack was a hoax? You went through the charade of planning a defense in private IRC? What's up with that?

Mike

I talked with coblee a few times during the events of the attack, and he had thought that /maybe/ it was a hoax, he had his doubts. He was unsure though, and from what he posted in that thread it seems he wasn't aware it was a hoax until BCEX PM'd him outright, and by then announcing it was a hoax wouldn't have changed anything.

[MicroCashMike]

I'm not Coinhunter, Charles.

My name is Michael Westin, from New York City but temporarily live in LA. I've been a long time lurker but never posted till I registered yesterday and was whitelisted after moderators looked at my profile and info. I am also an LTC miner that happens to be pissed about your market manipulation scheme with BTC-e and BCEX. You knew a head of time and admitted you knew as of 8:00 am on Tuesday July 24th, less than 8 hours after BCEX posted his "attack" plans. This was market manipulation and I would love to hear your take on it.

Can you tell us why you didn't inform us for over four days you knew the attack was a hoax? You went through the charade of planning a defense in private IRC? What's up with that?

Mike

I talked with coblee a few times during the events of the attack, and he had thought that /maybe/ it was a hoax, he had his doubts. He was unsure though, and from what he posted in that thread it seems he wasn't aware it was a hoax until BCEX PM'd him outright, and by then announcing it was a hoax wouldn't have changed anything.

By his own admission Coblee knew at 8:00am Tuesday July 24th less than 8 hours after the initial BCEX post, later that evening Coblee arranges for a private IRC to mount a defense. Coblee allowed many members of the LTC community to incur a loss during a huge panic sell. He knowingly allowed miners to solo mine to protect the coin in vain, again incurring losses. I want an explanation on how or what justified him deceiving the whole LTC community.

Mike

[Gladamas]

I'm not Coinhunter, Charles.

My name is Michael Westin, from New York City but temporarily live in LA. I've been a long time lurker but never posted till I registered yesterday and was whitelisted after moderators looked at my profile and info. I am also an LTC miner that happens to be pissed about your market manipulation scheme with BTC-e and BCEX. You knew a head of time and admitted you knew as of 8:00 am on Tuesday July 24th, less than 8 hours after BCEX posted his "attack" plans. This was market manipulation and I would love to hear your take on it.

Can you tell us why you didn't inform us for over four days you knew the attack was a hoax? You went through the charade of planning a defense in private IRC? What's up with that?

Mike

I talked with coblee a few times during the events of the attack, and he had thought that /maybe/ it was a hoax, he had his doubts. He was unsure though, and from what he posted in that thread it seems he wasn't aware it was a hoax until BCEX PM'd him outright, and by then announcing it was a hoax wouldn't have changed anything.

By his own admission Coblee knew at 8:00am Tuesday July 24th less than 8 hours after the initial BCEX post, later that evening Coblee arranges for a private IRC to mount a defense. Coblee allowed many members of the LTC community to incur a loss during a huge panic sell. He knowingly allowed miners to solo mine to protect the coin in vain, again incurring losses. I want an explanation on how or what justified him deceiving the whole LTC community.

Mike

Really? Insulting and flaming other users? Please take this elsewhere, CoinHunter. We all know you are against LTC.

[MicroCashMike]

I'm not Coinhunter, Charles.

My name is Michael Westin, from New York City but temporarily live in LA. I've been a long time lurker but never posted till I registered yesterday and was whitelisted after moderators looked at my profile and info. I am also an LTC miner that happens to be pissed about your market manipulation scheme with BTC-e and BCEX. You knew a head of time and admitted you knew as of 8:00 am on Tuesday July 24th, less than 8 hours after BCEX posted his "attack" plans. This was market manipulation and I would love to hear your take on it.

Can you tell us why you didn't inform us for over four days you knew the attack was a hoax? You went through the charade of planning a defense in private IRC? What's up with that?

Mike

I talked with coblee a few times during the events of the attack, and he had thought that /maybe/ it was a hoax, he had his doubts. He was unsure though, and from what he posted in that thread it seems he wasn't aware it was a hoax until BCEX PM'd him outright, and by then announcing it was a hoax wouldn't have changed anything.

By his own admission Coblee knew at 8:00am Tuesday July 24th less than 8 hours after the initial BCEX post, later that evening Coblee arranges for a private IRC to mount a defense. Coblee allowed many members of the LTC community to incur a loss during a huge panic sell. He knowingly allowed miners to solo mine to protect the coin in vain, again incurring losses. I want an explanation on how or what justified him deceiving the whole LTC community.

Mike

Really? Insulting and flaming other users? Please take this elsewhere, CoinHunter. We all know you are against LTC.

I've given my name, location and where I work....any intellegnt person can figure who I am. I have nothing to hide.

My questions are legit, I just want an honest answer on why Coblee participated in deceiving the entire LTC community, that's reasonable.

Mike

[smoothie]

I'm not Coinhunter, Charles.

My name is Michael Westin, from New York City but temporarily live in LA. I've been a long time lurker but never posted till I registered yesterday and was whitelisted after moderators looked at my profile and info. I am also an LTC miner that happens to be pissed about your market manipulation scheme with BTC-e and BCEX. You knew a head of time and admitted you knew as of 8:00 am on Tuesday July 24th, less than 8 hours after BCEX posted his "attack" plans. This was market manipulation and I would love to hear your take on it.

Can you tell us why you didn't inform us for over four days you knew the attack was a hoax? You went through the charade of planning a defense in private IRC? What's up with that?

Mike

I talked with coblee a few times during the events of the attack, and he had thought that /maybe/ it was a hoax, he had his doubts. He was unsure though, and from what he posted in that thread it seems he wasn't aware it was a hoax until BCEX PM'd him outright, and by then announcing it was a hoax wouldn't have changed anything.

By his own admission Coblee knew at 8:00am Tuesday July 24th less than 8 hours after the initial BCEX post, later that evening Coblee arranges for a private IRC to mount a defense. Coblee allowed many members of the LTC community to incur a loss during a huge panic sell. He knowingly allowed miners to solo mine to protect the coin in vain, again incurring losses. I want an explanation on how or what justified him deceiving the whole LTC community.

Mike

Really? Insulting and flaming other users? Please take this elsewhere, CoinHunter. We all know you are against LTC.

I've given my name, location and where I work....any intellegnt person can figure who I am. I have nothing to hide.

My questions are legit, I just want an honest answer on why Coblee participated in deceiving the entire LTC community, that's reasonable.

Mike

Coblee has already answered you. Obviously because you aren't getting the answer you WANT you keep asking for an answer.

Just STFU.

MicroCash has its own forum to wipe your ass on.

[MicroCashMike]

Coblee has already answered you. Obviously because you aren't getting the answer you WANT you keep asking for an answer.

Just STFU.

MicroCash has its own forum to wipe your ass on.

This is the alt currency forum, Microcash is a part of it. Coblee has not answered the question of why he didn't tell people that BCEX had PM'd that it was all a hoax very early on. What his reason behind that?

It's a fair question.

Mike

[tgsrge]

people, just ignore him. obvious troll is obvious.

[coblee]

Coblee has already answered you. Obviously because you aren't getting the answer you WANT you keep asking for an answer.

Just STFU.

MicroCash has its own forum to wipe your ass on.

This is the alt currency forum, Microcash is a part of it. Coblee has not answered the question of why he didn't tell people that BCEX had PM'd that it was all a hoax very early on. What his reason behind that?

It's a fair question.

Mike

I thought I already answered this question. Here, let me try again.

I normally don't expose someone's private messages without getting permission from them first. And she did not come out and say that it was a hoax and that she wasn't going to do anything. What she said was: "Geez, don't sweat it, I'm not going to hit it hard enough to hurt it." I still don't understand what that means. Was she going to do a 51% attack but not do a double spend so that "it's not hard enough to hurt it." I sent her a few PMs to ask for clarification, but she did not respond to them. So I had to assume the threat was real, and the PM was just BCX trying to manipulate me. Or maybe she was smart enough to give herself a way out if the attack fails. Who knows. And at that point in time, some of the Litecoin pools were getting DDoS'd. So if it wasn't BCX, someone else might be launching a 51% attack.

So I had to act assuming the threat was real. And that's why I started a channel on IRC to discuss possible ways to defend this attack. And also why I checkpointed the block in the middle of the attack. I spent a lot of time trying to defend against this attack. I definitely did not collude with BCX. I've asked BCX to meet in person so that I can know once and for all who he/she is, but so far she has not responded to that PM. I have a feeling she won't.

I hope I have answered your questions.

[MicroCashMike]

Coblee has already answered you. Obviously because you aren't getting the answer you WANT you keep asking for an answer.

Just STFU.

MicroCash has its own forum to wipe your ass on.

This is the alt currency forum, Microcash is a part of it. Coblee has not answered the question of why he didn't tell people that BCEX had PM'd that it was all a hoax very early on. What his reason behind that?

It's a fair question.

Mike

I thought I already answered this question. Here, let me try again.

I normally don't expose someone's private messages without getting permission from them first. And she did not come out and say that it was a hoax and that she wasn't going to do anything. What she said was: "Geez, don't sweat it, I'm not going to hit it hard enough to hurt it." I still don't understand what that means. Was she going to do a 51% attack but not do a double spend so that "it's not hard enough to hurt it." I sent her a few PMs to ask for clarification, but she did not respond to them. So I had to assume the threat was real, and the PM was just BCX trying to manipulate me. Or maybe she was smart enough to give herself a way out if the attack fails. Who knows. And at that point in time, some of the Litecoin pools were getting DDoS'd. So if it wasn't BCX, someone else might be launching a 51% attack.

So I had to act assuming the threat was real. And that's why I started a channel on IRC to discuss possible ways to defend this attack. And also why I checkpointed the block in the middle of the attack. I spent a lot of time trying to defend against this attack. I definitely did not collude with BCX. I've asked BCX to meet in person so that I can know once and for all who he/she is, but so far she has not responded to that PM. I have a feeling she won't.

I hope I have answered your questions.

Fair enough for the time being.

I still think you should have warned the community and prevented a panic sell, then mounted your defense against a 51% attack. So in effect are you supporting the contention this was designed to protect Litecoin in some sort of twisted BCEX way?

Mike

[coblee]

Coblee has already answered you. Obviously because you aren't getting the answer you WANT you keep asking for an answer.

Just STFU.

MicroCash has its own forum to wipe your ass on.

This is the alt currency forum, Microcash is a part of it. Coblee has not answered the question of why he didn't tell people that BCEX had PM'd that it was all a hoax very early on. What his reason behind that?

It's a fair question.

Mike

I thought I already answered this question. Here, let me try again.

I normally don't expose someone's private messages without getting permission from them first. And she did not come out and say that it was a hoax and that she wasn't going to do anything. What she said was: "Geez, don't sweat it, I'm not going to hit it hard enough to hurt it." I still don't understand what that means. Was she going to do a 51% attack but not do a double spend so that "it's not hard enough to hurt it." I sent her a few PMs to ask for clarification, but she did not respond to them. So I had to assume the threat was real, and the PM was just BCX trying to manipulate me. Or maybe she was smart enough to give herself a way out if the attack fails. Who knows. And at that point in time, some of the Litecoin pools were getting DDoS'd. So if it wasn't BCX, someone else might be launching a 51% attack.

So I had to act assuming the threat was real. And that's why I started a channel on IRC to discuss possible ways to defend this attack. And also why I checkpointed the block in the middle of the attack. I spent a lot of time trying to defend against this attack. I definitely did not collude with BCX. I've asked BCX to meet in person so that I can know once and for all who he/she is, but so far she has not responded to that PM. I have a feeling she won't.

I hope I have answered your questions.

Fair enough for the time being.

I still think you should have warned the community and prevented a panic sell, then mounted your defense against a 51% attack. So in effect are you supporting the contention this was designed to protect Litecoin in some sort of twisted BCEX way?

Mike

I guess that's why they say hindsight is 20/20. If you ask me now, I would tell you yeah I should have just told everyone it was a hoax. Not sure if it would have prevented a panic though. Since BCX would just come out and say that the PM was a lie and that I fell for it.

There's also a small possibility that BCX sent me that PM to give herself a way out. Think about it. If you (if you were BCX) knew that you might not be able to actually get enough hashrate to successfully attack Litecoin, the smartest thing to do is to PM me and tell me that it was a bluff beforehand. If the attack fails, then you can claim that it was all a hoax and that I knew about it all along.

[MicroCashMike]

I guess that's why they say hindsight is 20/20. If you ask me now, I would tell you yeah I should have just told everyone it was a hoax. Not sure if it would have prevented a panic though. Since BCX would just come out and say that the PM was a lie and that I fell for it.

There's also a small possibility that BCX sent me that PM to give herself a way out. Think about it. If you (if you were BCX) knew that you might not be able to actually get enough hashrate to successfully attack Litecoin, the smartest thing to do is to PM me and tell me that it was a bluff beforehand. If the attack fails, then you can claim that it was all a hoax and that I knew about it all along.

Thank you for a credible answer and finally owning up that you made a mistake by not telling people.

I accept that answer as I am sure a lot people in the LTC community will.

Topic is closed in my books.



Mike

[Ja¥1337]

I guess that's why they say hindsight is 20/20. If you ask me now, I would tell you yeah I should have just told everyone it was a hoax. Not sure if it would have prevented a panic though. Since BCX would just come out and say that the PM was a lie and that I fell for it.

There's also a small possibility that BCX sent me that PM to give herself a way out. Think about it. If you (if you were BCX) knew that you might not be able to actually get enough hashrate to successfully attack Litecoin, the smartest thing to do is to PM me and tell me that it was a bluff beforehand. If the attack fails, then you can claim that it was all a hoax and that I knew about it all along.

Makes total sense to me!

Seems to me that BCX is a very egotistical person, a person that would not take something like losing lightly.. So in this way BCX would cover herself at both ends..  An attempt to make sure she would win.. Basically a backup plan...

And now another backup plan must be in the works because of that very reason stated above^^

So lets keep on our toes..

[NASDAQEnema]

[forzendiablo]

add PoS guys!