I suppose everybody has their own idea about what constitutes adequate review. It's nice when something reduces to a closed form academic mathematical formula but even that has a complex system wrapped around it that begs questions like "how many independent people does Bitcoin need to sign 51% of the blocks?" What difference does all that mathematical proof make if it only takes 2 or 3 Big Mining companies colluding to reach 51%?
The risk is in the implementation, not the theory the implementation implements.
We come from an Aerospace System Engineering background. So our mindset is to engineer systems out of simpler subsystems in such a way that they become directly analyzable and testable. Using a few simple interlocking mechanisms rather than a one-size fits all statistical formula gives us far greater confidence. Sure an occasional airliner or space shuttle crashes, but no amount of closed form mathematical analysis would have changed that outcome.
DPOS is
engineered to ensure that the share owners themselves can decide what the maximum percent of blocks that any one (known, reputable, and fireable) account can sign. For the past year, it takes 51 elected signers, not 2 or 3 self-appointed signers, to get to 51%. That's an example of applied system engineering to combine simple, analyzable processes to achieve an explicitly shaped risk profile. Going forward with version 2.0, shareholders can decide whether they want to pay for more or less than 51.
DPOS now has a year of live testing with real money on the line and non-stop scrutiny and analysis from the highly competent BitShares forum of experts. Much better than a theoretical review by some small group of busy university professors (and remember I was one of those too). Two papers on the subject are referenced in another snippet from the same Origin of BitShares, Part 5 article, which addresses this question below:
The Origin of BitShares
Part 5
POW to POS to TaPOS to DPOS!
...we turned our attention to eliminating mining from the security component of BitShares. Our goal was to get BitShares launched by "The Ides of March", but Bytemaster was not yet satisfied with the technology.
During his analysis of all the POSsibilities, just four weeks after the launch of ProtoShares, he made this famous statement:
Nxt looks very interesting.
He read everything he could about Proof of Stake, but was unable to convince himself that he could cover all the attack vectors that still remained in the literature. He wasn't saying there was anything provably wrong with POS. But he couldn't convince himself it had all bases covered. That's when he began pondering if it was possible to do an end-run around these issues.
So he started looking at ways to make the system more deterministic.
More analyzable.
What if he traded mathematical generality for engineering structure?
This led to his invention of
Transactions as Proof of Stake which he presented for review here on bitcointalk.
A similar, longer thread ran in parallel on bitsharestalk:
Transactions as Proof-of-Stake & The End of MiningThese links show the discussions for historical purposes. I won't go into them here. I just link to them to show this community that a serious attempt was made to:
- Build on top of Proof of Stake
- Involve this forum in the discussions
So with all this effort, why did Bytemaster abandon his TaPOS invention? Suffice it to say, when I asked him today, he simply said "It wasn't fast enough. It took too long to confirm transactions. To support a decentralized trading exchange it needed to do that much, much faster." For Bitcoin it can take an hour. We needed it to take seconds. TaPOS was faster, but not fast enough.
Of course, we are now about to upgrade to DPOS 2.0 which is even faster, simpler, elegant and analyzable. It's been passing its suite of automatic Monte Carlo test procedures for months now.