Topic: [ANN][YAC] YACoin ongoing development - page 95. (Read 379983 times)

I would leave the target spacing for PoW and PoS as is. It really doesn't matter anyway with this scheme, so why bother.

As far as I can see now, using difficulty as score for POW blocks, and let POS blocks inherit that score from the previous POW block is a good enough solution for the problem on hand. Whether one POS block following another POS block is explicitly ruled out or not, I think it should be ok either way.

The Novacoin solution of encouraging a hybrid chain only make sense because they have 1:1 POW:POS blocks ratio. YACoin is 10:1 with POW:POS. You'll need to check pretty deep into the past to encourage a 10:1 ratio. The score consistency problem I mentioned above could lurk in such schemes. Of course, we can also talk about the POW:POS ratio if people want to change it.

And none works well AFAIK, that's one of the reasons PPC is centrally checkpointed ATM. Please, correct me if I am wrong.

There are enough possible solutions and BCP is not a one of these. It's just a workaround.

Considering pools are a source of risk in themselves for little advantage to the network, that's not a problem.

Why not use centralized checkpointing ?? That's what PPC does because there is no solution to the problem (yet).

I didn't think forcing alternation was on the roadmap, just disallowing consecutive POS blocks.  If a chain that has both POW and POS blocks in it has a higher trust than a purely POW or a purely POS chain, doesn't that go a long way toward what we're trying to accomplish?

Here is an example I had in mind:
Rogue miner is mining private chain and when he gets far into the future he starts mining with higher difficulty than he thinks real difficulty will be at that time. If you just compare latest blocks when he releases his chain you might prefer his fork.

Remind you that I do not know how chain forks get compared in detail.

Yeah, but another flaw is that the protocol does not enforce alternation of PoW and PoS. Say an attacker somehow manages to make a chain that 100% alternates between PoW and PoS - it WILL have higher trust score and WILL overwrite the old chain. Also note that this type of attack will have lower energy cost than the network spent on its non-perfect chain. Perfect chain costs less (!!) than imperfect one.

However, if we were to actually enforce such alternation, pools will be starving when PoS block should be generated.

I think block reward (excluding transfer fees) is completely determined by difficulty of the block, and therefore, does not provide any information independent of difficulty. Not sure if it may simplify certain computation though.

I mentioned the PoS interval not as something directly related to chain trust calculation. Just that since we're going to have a hard fork anyway, may as well think broader about what else we may want to put in and change things in one go.

As mentioned before: PoS block spacing and thus occurrence can be controlled.

Difficulty alone is most useful for block to block comparrisson (but not only that).
I am trying to point out that PoW currency supply can be used as additional input for calculating chaintrust. It can be looked at as a historical difficulty average.

Even if you leave the attacker control over number of PoS blocks, you can still average the sum of PoW rewards over number of PoW blocks and use that as factor.

Not neccessarily true with eg. 50% PoS blocks in the attacker's chain.
Relying of PoW difficulty itself might be ok, though - see the pastebin a few posts higher.

Another thing regarding chaintrust calculation:

Since reward considers difficulty and get's lowered with higher difficulty, private miners would produce higher supply in equal timeframe.
EDIT: presuming PoS block count is equal or similar (but that can be enforced)

What we need is a proper way to calculate the chain trust.

Can we define the criteria that no one POS-block can orphan more than N POW-blocks? Where N for example = 7.

I had a similar idea a while ago (with no-consecutive-PoS rule, though): http://pastebin.com/L8THNBZ4
Not sure if lowering the PoS interval would help us much.

Is it ok to set the trust score for a POW block to be the difficulty? For a POS block, if the previous block is POW, assign the same trust score as that POW block; if the previous block is POS, divide that POS block score by 2 (or a similar factor)? The propagation of a POW block score through the following POS blocks would then die down quickly. The score for any chain is just the sum of scores from individual blocks. I'm not sure whether N factor need to be accounted for here.

The basic issue seems to be that there is no obvious way to compare the trustworthiness of a POW and a POS block. POW blocks can be compared with difficulty, which is tied to how costly it is to generate them on average. POS block doesn't have any obvious cost of generation that can be compared. If I'm not mistaken, YACoin is currently using coin-age for this comparison in a way that greatly favours POS, hence the potential for a POS block to be selected over a long sequence of POW blocks. However, coin-age isn't a cost at all because there is no alternative use for it. The money you use in POW mining is a cost because there are some other nice things you can use the money on, and you sacrificed that opportunity. In the above suggestion, I'm just trying to rate a POS block similarly as a POW block at the time, unless it's following another POS block. The part about getting lower trust score if the previous block is POS, is not because I want to put POS on a lesser footing. It's just because I don't want the influence of an individual POW block to propagate far.

In any case, regarding some kind of criteria for keeping POS:POW blocks ratio near an expected/optimum value, the following need to be considered. Let's say you increase or decrease the score of a chain based on how close the POS:POW ratio is to 1:10. Denote POS block by S and POW by W. A short sequence like WWW may then be chosen over a sequence like SWS at some point in time. However, that could then quite easily be followed by 20 W's. Considered as a 23 blocks chain together with the 20 W's, the previously rejected SWS segment could then have a very favourable role to play in the score. The point is if trust score depends on some larger scale features of the blockchain which span many blocks, the score contribution of an individual block can change over time, from unfavourable to favourable in this example. The very same criteria that leads to rejection of some blocks, could turn around and value those highly at a later point. Having a score assignment criteria that looks farther into the past should also provide more opportunities for this effect to show.

Another question I think we should think about now is whether the block target for POS should be decreased. For example, changing it from 10min to 5min could make it more helpful in case POW is generating too few blocks, but the average block numbers per 10 minutes is only changing from 11 to 12.

1.
Private mining needs wider timespans between PoW blocks in order to keep difficulty low.

	t1	t2	t3	t4	t5
◔	▉	▉	▉	▉	▉

Average of PoW block intervals ( t[ i+1 ]-t[ i ] ) should be therefore longer with fake chains. And that can be used for chaintrust calculation.


2.
Window for one PoS block opens randomly

Prevents miners to exclude PoS blocks and replace it with more profitable PoW. I think it also makes it a bit harder to prepare for network takeover with private PoW mining on lower difficulty after PoS is found. With shortening intervals on each Nfactor change it also enables gradual PoS mechanism takeover.

Example formula: mod(last1440blocks.getTransactionCount(), x) ==  0
X could range from 500 ( approx. 1-3 times a day ) down to 10 (every ten minutes).


3.
No two consecutive PoS blocks allowed (prevents PoW block orphaning)

---

What would be an possible attack scenario or significant shortcoming if this is implemented?