Topic: Funding network security in the future (Read 13334 times)

I'm a bit frustrated because I'm having difficulty describing how this works. I think a demonstration would be necessary, though I don't think I have the time for it.

Answering the "who is paying into the PoW Exchange"; Doesn't matter. PoW providers only care that they get paid at the market clearing price in the medium that they prefer. It could be the cryptocurrency protocol itself through some algorithm, or an arbitrary group of people managing the cryptocurrency. It could even be an agency entirely separate from the cryptocurrency.
If one were to convert the current Bitcoin protocol to using a PoW Exchange, it could be strikingly similar to how it currently works. Bitcoins could still be inflated into existence and paid to the miners in the same exact amount, even 1% indefinitely or whatever, the difference is that this fee would be presented as a bid to PoW Exchange that increases the longer the hash has not been included in the PoW Exchange blockchain.
As more services use the PoW Exchange, the price of including a hash on the blockchain will increase, thereby lengthening the time between Bitcoin confirmations.
Once the bid reaches the market clearing price, a miner will accept it into the next block that they mine.

In this way, miners are not guaranteed any kind of fee for any block they mine, like they currently do in Bitcoin, and neither is there any kind of incentive to include every transaction in a block; The PoW Exchange doesn't even care about the transactions that are occurring in the Bitcoin ledger.

In the end the PoW Exchange guarantees that the cost of providing PoW on a useful chain is always the market clearing price. If a cryptocurrency has a fee model that is too low, it would be reflected by very long confirmation times on the PoW Exchange, if it is too high, then confirmation times would be excessively short.

Obviously the PoW Exchange would have to have limited resources imposed on it, or any kind of pricing mechanism would be impossible. Time between blocks and block size would still be magic numbers.

There's still a problem of how the Cryptocurrency pays for it's other costs; Bandwidth and storage of transactions, but that's comparatively easy issue compared to paying for hashpower. Calculating the appropriate cost of transactions for a given redundancy is perfectly manageable, and held in check through competition; In the same way we don't fret too much about how banks are going to pay their bills. I would imagine Cryptocurrencies would be much more centralized, but I see that as a added benefit so long as the auditing process through PoW can be accomplished by any arbitrary third party at a reasonable cost. This would allow scaling up to thousands of transactions per second without needing a copy of every single transaction on every miner.

Scenario 3:

Consider miner fee as a rewarding currency. It's actually a reward given to the miner. If it has higher price value than the original currency value, we get more network nodes. The price must be put as much as higher and more than 10 times of the ccy value.

Separate address for miner fee, blockchain, and ofc exchange too.

I still don't see how the PoW exchange adds tools that help with the long term security problem.

Scenario 1: there's no PoW exchange. Things are as they are now. In the future, Bitcoin's mining rewards and transaction fees aren't enough to secure the network. Someone invents Bitcoin2 which uses a fork of the Bitcoin blockchain but has 1% inflation per year going forward. The market settles things by everyone moving over to Bitcoin2.

Scenario 2: there's a PoW exchange. Wouldn't the same thing happen? How is it better?


But the funding for the security still has to come from somewhere. What are you imagining there? If it were possible to create a funding source in a decentralized way that adjusts to the security needs of the network, why couldn't you just bake that into the ccy itself?


But if someone wanted to pay miners to put some PoW behind their colored coins, they could do it now right? Again I don't see where the money that pays for security is coming from in your scenario. You say the market will handle it. That implies someone will be paying for security. Who?


Why is this not equivalent to all existing ccys not having any mining rewards or tx fees and having the policy that mining must be paid for only by direct contributions (again, from who?)?


If a ccy wanted to decide mining rewards by "a democratic vote based on stake" they could do that now, directly, without the PoW exchange, right? The ccy holders would also know how much various types of work cost without the PoW exchange and could vote accordingly.

A PoW Exchange like I described provides most of the benefits that the current PoW system does; Orders transactions, prevents double spends; ensures the present state a cryptocurrency. A PoW Exchange is valuable proportional to how much work it can provide, and how much demand there is for that work.

What a cryptocurrency pays in exchange for what the PoW Exchange provides is between the miner and the cryptocurrency. Just like in Bitcoin, you could decide to mine for Bitcoins because you value them, but in an Exchange you could also choose any other form of payment. As far as I can tell, there's no reason to tie any form of payment into the PoW Exchange directly. All the Exchange cares about is which chain has the most work.


Fundamentally, I don't think it's possible to ever make any kind of algorithm that ensures the "right" amount of work. If that's true, then markets will handle it and the best that could be done is provide the right tools to allow cryptocurrencies to compete while still retaining the benefits of a strong Proof of Work backbone.

I think when I wrote that the fee's could be "automatic" I was being confusing. I only meant that the fees could be automatically paid out at a later date based on some predetermined rate decided between the cryptocurrency and potential miners. That "rate" is by no means automatic.

This addresses the funding problem not by trying to make some algorithm that imposes a fee or inflation, but by allowing markets to find equilibrium.

I'm sure I haven't thought through all of the implications that this would have but I can think of a few advantages over the current system;

1.) Because PoW can be provided to any kind of service; colored coins, side chains, and so on are supported by default.

2.) PoW nodes could require less resources to maintain.

3.) The price of Work would could find its market clearing price; As there would no longer be any price fixing in the form of fees or inflation.

4.) Cryptocurrencies can leverage a more centralized architecture to allow greater throughput at a lower price per transaction, while not running the risk of any kind of 51% attack.


I stress that this doesn't mean that I could create a cryptocurrency that just relies on a PoW Exchange to charge my currency the "right" fee to provide Proof of Work.

Lets pretend that we have a PoW Exchange that exists. It has 100+ different cryptocurrencies that all use the system. They all have different security requirements; Some will pay for inclusion in every block, some might just do it every 300 blocks. Some might provide their own miners and just rely on them to include what they need in a block.
How a cryptocurrency decides its fees or inflation to pay for the Work is entirely up to the developers of that cryptocurrency; Maybe a democratic vote based on stake, maybe entirely controlled by a committee, or maybe it's just a flat fee that accumulates until a miner accepts it and includes them in a block.
Crucially, an informed decision can be made because they know the market clearing price of a particular form of Proof of Work.

Because they are all using the same blockchain, despite having very different architectures themselves, they all help fund a robust mining environment.

I am not sure what problem this solves.

In the current world, miners are paid via some combination of inflation and tx fees. In your system, miners on the PoW exchange are paid by the entity who wants something hashed. But why does this entity want to pay you to hash exactly? And what is the source of value this entity is using to pay you?

Surely as a ccy creator I don't want to pay for security out of my own pocket. If I create my ccy in such a way that it somehow automatically sends its block rewards and tx fees to the PoW exchange, then it doesn't solve the fundamental problem that it's hard to ensure these block rewards and tx fees will result in an appropriate level of security. If in the future Bitcoin used this PoW exchange, the fact that block rewards were 0 could still lead to very little money being paid to the PoW exchange on behalf of Bitcoin, no?

It seems that the fundamental problem is that it's hard to create a decentralized source of value (like block rewards or tx fees) which matches security requirements in the far future, because decentralized rules tend to be less flexible. I don't see how a PoW exchange addresses that.

I don't know if this is too old to post in, but I was thinking about this issue and I think I have an idea.

It was bothering me that we were trying to find a solution to intentionally break normal market behavior in order to decentralize the system and make it more inefficient. Whenever central planners get together and try to do such a thing* my instinct is to push against it and so my idea is to simply let the majority of Bitcoin centralize and separate the mechanism that actually needs to be decentralized; Hashing.

A marketplace for Proof of Work should be created with API's that allow any particular program to acquire work from, and any particular device to provide work to.

All that would be required is that this PoW exchange build a blockchain of arbitrary hashes that don't particularly matter to the system itself.

I imagine that it would work in this way;

If I was a miner, I would download this software onto my computer and search for hashes just like I would do on Bitcoin today except that I do not hash transactions, but I'd hash any hashes (within some size constraint) that are provided to me. In remuneration I am paid however I like, decided on receipt of the hashes I am to inject into the blockchain. This could be Bitcoin, USD, gold deposits, stocks, whatever, and could be automatically paid out when the block is mined (Or more likely paid when the block has confirmed a number of times).

If I was cryptocurrency programmer, my currency could be highly centralized, but it's behavior would have to conform to the hashes that are provided to the PoW Exchange. I would provide block headers to the PoW Exchange to be included with the block and provide a fee that could be my cryptocurrency, if a miner will accept it, or any other form of payment.

There are numerous advantages and disadvantages to this kind of system, but it seems to solve the problem of "funding network security" as it creates a market for it. I expect that there would be multiple PoW Exchanges that compete with each-other, as there are a variety of "magic numbers" that I don't think could be distilled to an absolutely correct form.

Would this work?

*http://mises.org/library/do-antitrust-laws-preserve-competition

IMO, small scale miners will apparently pay more than apparent block value. For one thing, overheads and staffing costs are not a concern, for another, cooling may not be a significant cost, it being relatively easy to exhaust/disperse a kilowatt or two of heat compared to 15 kW per rack.

Then also, there is alternative cost of acquisition of small amounts of bitcoin. When small scale miner enthusiasts are taking a long term view, and want to accumulate coin, they may have the option of paying $20 in transfer fees to get fiat credit into exchange, possibly paying taxes on top of that, as had been case in UK and seems to be becoming case in Australia, or using LocalBitcoins and paying the markup above market there, plus possibly a couple of bucks in ATM fees depending on banking arrangements. Anyway, while insignificant as a percentage when transacting several hundreds to thousands of dollars, the guy who only has a couple of hundred bucks a month to invest may be willing to pay more than "spot" to mine coins to offset these fees. In the heating season, it is also possible to defray heating costs for a hobbyist miner, if no natural gas, fuel oil, propane etc options are available and electric heat is the only option, then electric heat is a total loss in comparison against running even 1st generation Avalon machines for heat (Which is probably about a 20% offset these days). In my market I have calculated the heat to be worth about 3 cents a kilowatt, being approx what it costs in natural gas to get a kilowatt of heat.

What's the point of that hypothetical? Miners will spend an amount up to the value of the block reward to get the block reward. If one million dollars per day is available in block rewards, it'd be foolish for miners to spend more than that to get them.

Perhaps there is a different way of explaining my position.

I see most of the posters in this thread interested mostly in relatively short-term, startup behavior of their chosen blockchain-validity algorithm.

I'm taking an opposite view. I assume already reaching an equilibrium or steady state. Every proof-of-something algorithm postulates existence of some society where a monetary system with that algorithm is dominant.

Lets give a two very simplified examples:

1) Pure proof-of-work society expends all otherwise unallocated electricity defending their monetary system against an attack. Every power station is always running full-tilt strengthening the defenses against the attackers.

2) Pure proof-of-stake society always keeps maximum amount of money in a semi-cold storage as a guard/moat against an attack. Every spent or circulated monetary unit is weakening their defense against the ever-present attackers, so it is always good thing to avoid spending money.

To me those examples look like dystopias, but at the same time I understand that they are intellectually very attractive to some people. (1) is an utopia for people with bunker mentality and paranoiacs. (2) is an utopia for compulsive tightwads.

I'm more interested in societies that are open and participatory and defend themselves only when really attacked, not under perpetual state of self-imposed war on drugs, terror, counter-revolution or other bogeymen. Doing sort of the reverse-engineering process I want to ponder which algorithms would be stable in the society I would like to be a member.

The above leads me to the observation that the actual owners and users of the capital will have to have a say in the design and operation of the proof-of-whatever algorithm. All the paper algorithms designed by outsiders and operated in a social vacuum will be either unstable or lead to a societies that is much worse that the current ones.

I don't think the cost is that different.

In PoW, mining in the long run has roughly zero profits. That means that if the 51% of miners are doing anything which lets them still keep the mining rewards (like perhaps censoring transactions they don't like), then their costs are canceled out from mining rewards. If a 51% cartel in PoW did something to shake people's faith in them and cause the coin value to tank, then their costs would not be recouped, but they'd have already cashed out most of their mining rewards until that point, so the main cost is the loss of future revenue.

In PoS, if the major coin holders start double spending or do something to cause the coin's value to tank, they are harming themselves immensely because they had to lock up their coins in order to sign blocks, so they won't be able to cash out before they destroy the coin's value.


I'm unfamiliar with the "1% attack" in PoS. Do you have a link describing how it'd work? (EDIT: if you're talking about "stake grinding", then I understand. I don't have a good argument against this, so it might doom PoS systems, but I'm still curious about the weak subjectivity issue separately).


It's supposed to be proof that the signers of a block have locked up a certain amount of coins, which will be lost if anyone catches them signing other blocks. If there is some attack where these people can create another fork without losing their deposits, it'd be pretty bad for PoS. My impression is that the only way to do that was via a "long range attack", which is what weak subjectivity disallows at the cost of requiring some trust.


The point was that perhaps 99% or more of Bitcoin users are relying on trust/socializing when they use Bitcoin already, and it works well for them because the system is set up in a way where anyone who wants to do the work of objective verification can do so. That 1% of people who read the code and verify everything themselves and refuse to trust anyone could also refuse to trust anyone by being online once a year in a weak subjective system. You can call it "rationalization", but I'm trying to evaluate the practical security implications of both systems and I don't see any argument why the practical differences would be significant.

Also, the chance of being wrong when a person tries to objectively verify the longest Bitcoin chain is not 0%. That is the relevant probability to compare to the chance of being wrong when asking trusted parties. If a person tried to objectively verify the longest Bitcoin chain now, they could make some technical error, be tricked into using corrupted software, be isolated from the rest of the network by some hacker, or be tricked by a hacker that has complete control over their machine. Maybe the probability of any of those things happening is less than 0.0001%, but what if the probability of being wrong using my method above is also less than 0.0001%? No one has attempted to address this. It's just "but trust is worse than not having to trust!" without any effort to measure and compare risks.


I was using "fake chain" above in the context of Bitcoin, using PoW as it does today. I meant, when I ask Greg Maxwell and the 19 other people I listed above which chain is the longest chain, what's the probability that they would all tell me some other chain is the longest, when this other chain isn't actually the longest?

For PoS, a fake/invalid chain would be a fork from longer than a year ago which is disallowed by the rules of the system but which I couldn't objectively determine if I hadn't been online in a year.


My motivation for bringing it up is that I'm worried about the long term security / required transaction fees of Bitcoin, when mining rewards run out. I'm trying to evaluate PoS + disallowing long range forks + weak subjectivity as a method of ensuring we have adequate security and low transaction fees in the future. The specific claim I'm trying to evaluate is that this type of PoS system I'm referring to might have better long run security economics than Bitcoin as it exists now, and in practice it might be equally decentralized as what we have now. In other words, the "but you have to trust someone!" point may just be academic, and in practice the difference between this and current-Bitcoin may be negligible.

As I mentioned before, I seem to be trying to evaluate PoS very late, such that almost all smart people involved in Bitcoin have already convinced themselves that PoS is worse than PoW are sick of the topic. I'm willing to believe they're right that PoS is unworkable because they have a lot more knowledge than me, but I'd like to understand the reasons why, and weak subjectivity seems plausible to me.

So far, the best critques of PoS I've seen are:
http://www.truthcoin.info/blog/pow-and-mining/
https://download.wpsoftware.net/bitcoin/pos.pdf

...sadly neither directly address the attempt to use weak subjectivity to get around the nothing at stake problem.

If anyone has other anti-PoS links that you think I'd find useful, please share them.

I'm having trouble picturing a universe in which Bitcoin mining doesn't downright centralize to one major mining entity, but even in that scenario PoW is preferable to PoS.

I was just saying that it's preferable to give power to entities that have to work for it rather than people that have or had enormous wealth due to natural market activities.


I don't think I'm saying anything outrageous there. The premise of this "Weak Subjectivity" is that some trust is required in order to rebuild the chain in the event that the node is offline for more than 4 months or whatever.


Not Bitcoins in particular, it's common for 40%+ of wealth to be in the hands of the top 1%. The mechanism of PoW makes the coin tremendously more secure even in the event of a 51% attack. PoW means that trying to do anything in the network is costly.

PoS, by contrast, can be attacked with little to no cost by around 1% of the stakeholders or any entity that can get control of that much stake at any point in the past. There's no way to algorithmically find and verify the correct blockchain, that's why "Weak Subjectivity" was proposed. It discards the idea of replacing trust with cryptography and instead explicitly states that we should go back to trusting certain figureheads when push comes to shove.

Proof of Work gives us proof about the current state of the blockchain, Proof of Stake is not really proof of anything.
I would go so far as to say the difference is that PoS is not a cryptocurrency, PoS doesn't replace the desirable features of PoW, and that's what makes me less comfortable with it in the event of an attack.


You can rationalize it all you like. The bottom line is that mathematical proofs can't be replaced by socializing. What are the odds? Greater than 0%. What are the odds that the Bitcoin code doesn't do what the Bitcoin code does? 0%.

I also don't really know what you mean when you say "fake chain". If someone builds a chain following all of the rules of the protocol, can you really call it "fake"? Doesn't it bother you that it's even possible for a blockchain to have multiple valid states?


When the largest stakeholders want to reverse transactions they can.

"Weak Subjectivity" tries to fix this by encouraging users to find trusted users that will prevent them from downloading the "wrong" chain. (Which is the "right" chain according to it's own rules.)

It's kind of like if the core Bitcoin devs came forward and said, "We've decided Proof of Work doesn't actually work, even when miners have the most work that doesn't necessarily mean the chain is correct, so in order to fix this problem, we're encouraging you to make a list of 20 or so people that you trust, and then only download the blockchain from those people. Kthxbai."

More than just the lack of rigorous security standards, I'm not sure what Proof of Stake accomplishes exactly. What does it offer that is better than both Bitcoin and average run-of-the-mill financial datacenter?

What you are talking of is the basic PoS version. As it evolves, those particular problems can be mitigated. In particular, the Co-operative Proof of Stake which is being looked into doesnt have any use of coin age.

Not sure if this is a claim you're making, but you refer to a "handful" of people controlling the PoS chain. I assume you mean this handful has over 51% of coins. One could also posit a handful of people who has control over 51% of hashpower of a PoW chain. Do you believe that it's much more likely for coin ownership to be concentrated and therefore for a PoS system to evolve into a cartel, as opposed to hash power being concentrated enough to lead to a 51% cartel?


I don't understand why you're saying PoS requires more trust than PoW. In PoS you only need to trust a group if they've formed some sort of 51% cartel right? Same as with PoW?


You're claiming 1% of the people owns over 50% of Bitcoins? I could believe that. But this 1% is still probably 1000 people. Don't you think the top 1000 individual mining entities control more than 51% of hashpower? Wouldn't the same thing that makes you comfortable with 1000 people owning > 51% of mining power also make you comfortable with 1000 people owning > 51% of coins? What's the difference?


"Everyday users" will always rely on trust. How many users fully validate the blockchain on their own? Among those that do, how many of those users are sophisticated enough to detect if the core devs maintaining the Satoshi client make some malicious code change? Almost no one would know that the software they were relying on to validate the blockchain was tampered with. These people are implicitly trusting both the core developers, and also trusting the small minority of experts who would actually notice something wrong with the Bitcoin project on github and talk about it in the media.

I run Bitcoin-QT, but I haven't read the code yet. I don't really know that Bitcoin-QT is validating things correctly and not tricking me. I'm just trusting that if it weren't, I would have heard about it. I claim that this is not meaningfully different than relying on weak subjectivity.

To be explicit:

This is why I trust the chain that Bitcoin-QT gives me: I know that anyone who wants to do the actual verification that the chain you get from Bitcoin-QT is the real chain can do so. I know that lots of people have read the code and verified everything, and I don't know of any credible people raising an alarm in the media.

This is why I'd trust the chain that I got from the 20 people I listed above, assuming Bitcoin had switched to a weak subjective system: I'd know that anyone who wanted to verify the chain objectively (by being online at least one a year) could do so if they wanted. I'd know that lots of other people had done that, and I'd know whether credible people were sounding any alarms in the media.

The level of trust required doesn't seem to change significantly for the average user. For the hardcore power user who doesn't want to trust anyone, they can simply be online at least once per year and they won't have to trust anyone.

Btw, I gave a list of 20 entities above who I would ask if I ever wanted to know whether a chain was valid. If I asked them tomorrow, what do you think the probability is that all those people would give me a fake chain?


I'm not sure what you mean here..

Sort of. Look, if I'm going to trust a handful of people that have, or once had, control of the block-chain by virtue of having a bunch of the currency units, then why not make that an explicit assumption and build the currency around it?
PoS tries to reach a middle ground between a trusted centralized currency and an un-trusted decentralized cryptocurrency and it ends up in a kind of no-man's land where you take all the disadvantages of both systems without any of the benefits.

I would much rather trust public entities in a centralized system rather than anonymous entities in a pseudo-distributed system.

With a PoS system you are literally putting into the hands of the 1% the ability to reverse any transaction that they like while remaining anonymous. "Weak Subjectivity" obfuscates this problem by layering on a stewardship of "trustworthy" individuals. Everyday users are expected to accurately audit the trustworthiness of these people distributing the blockchain, but even when they find those whom they are "supposed" to trust, we have no guarantees that those people are actually trustworthy and have no way of ascertaining it. By what algorithm can you verify the intentions of people?

What guarantees does a PoS currency offer when financial institutions are subject to a large theft? How about in a financial crises like the dot-com bust or innumerable other financial meltdowns? Who knows what kind of other shenanigans the clever (devious?) people in institutions like Goldman Sachs could come up with. What will the algorithm do when there is maybe a legitimate dispute that arises among the wealthy elite? By design, the safeguards breakdown when the largest stakeholders want them to.

"Subjective Systems" work pretty well. Visa handles many orders of magnitude more transactions than Bitcoin or any PoS coin and yet un-resolvable thefts and hacks are relatively uncommon. As it turns out, maybe there's actually plenty of information about "Subjective Systems" in order to make pretty good decisions about whether or not you want to use them. That is despite Vitalik's insistence that they don't work because of a lack of computational ability.

Proof-of-stake does nothing to prevent vertical integration where the large stakeholders (who can keep their stakes semi-cold for a long continuous time and have cross-subsidizing income from the other side of the transactions) can easily outcompete others who can only stake their short-term revolving capital. It is the same problem, only the first initial step to the capital concentration is different.

Not sure why you think mining would not be profitable. In case it wasn't clear, this weak subjectivity system is a variant of proof of stake (https://download.wpsoftware.net/bitcoin/pos.pdf). The classic critique of PoS is that the costs of "mining" are too low, not too high.

Anyway, I don't want to turn this thread into a rehash of various issues with proof of stake. I'm just interested in whether forbidding long range attacks using a "weak subjective" system offers some advantage over a fully subjective system, and how much advantage that would translate into in practice. Sadly I imagine that most Bitcoin wizards have PoS-fatigue because lots of uninformed people like to talk about it and make claims about how great it is. So hopefully I've narrowed the topic enough that this particular question is worth answering for them.

Well, who's going to be mining if not exchanges, when the general mining becomes continuously non-profitable?
I don't think that MtGox was postulating the existence of different blockchains.

The way I understood the blockchain discrepancy in May of 2013 was that Bitcoin Foundation and/or core developer team evaluated transactions on both of the competing chains, choose one branch and then reimbursed the affected exchange (OKcoin?) or the affected user (macbook_air?). Edit: Apparently I misremembered things. A double spend was successful, but not reimbursed by the Bitcoin Foundation nor the core development team. https://github.com/bitcoin/bips/blob/master/bip-0050.mediawiki End of edit.

I don't think that Bitcoin Foundation would have enough capital to do all future reimbursement in case of chain discrepancies.

The regular accounting behaviors when the "books don't close" is to halt or suspend trading until the mutually agreeable resolution could be achieved. In my opinion no large capital entities will risk Bitcoin trading when they have no say in the decisions made when the discrepancy occurs.

One could argue that the May 2013 event was resolved in favor of those running buggy software and to the detriment of those running the software free of the bug that causes fork. That bug could be easily fixed with simple 2 line DB_CONFIG file and restart of the Bitcoin client, which would take much less than 10 minutes.

On the other hand I understand the pressure that was put on the core development team to issue a "patch" and "new compiled executables", especially from the people unfamiliar with operational issues of the database systems.

Finally the core development team is always torn between the needs of two vastly different subgroups of the Bitcoin milieu: the anarchists and the statists (or etatists, meaning those who are OK with the existing state's governments, not anti-dynamists). In the future I could envision a chain split between a monetary exchange (Bitcoin<->FIAT, subject to KYC and other regulations) and e.g. ammunition exchange or survivalist gear exchange patronized by the anarchists. This is the situation where I think you wouldn't ask the Bitcoin elders about the chain correctness, but you'll simpy synchronize to the chain that will allow you to trade your Bitcoins for USD or bullets, depending on your particular needs.

The exchanges get their power from offering services to the people who want to trade. If an exchange wanted to adopt an illegitimate chain, people would clearly see they were using an illegitimate chain, using the method I described above, so demand for its services would plummet and it would be overtaken by competitors using the right chain. If you think people wouldn't be able to tell which chain was real on their own, without being told by the exchanges, you should give some argument why you think the method I describe above wouldn't work.


I agree that Vitalik's rephrasing of the issue isn't great. Are you claiming that weak subjectivity offers no more security than full subjectivity (aka, just coming to a consensus by trusting various people without any underlying rules as described in the weak subjective system)? If so I'll try to give a better argument than Vitalik in my next reply.

I'm still curious to hear how people specifically think my method of discovering the true chain would fail.

Vitalik summarizes the problem with "Weak Subjectivity" here;


He then fails to rephrase the problem and addresses that incorrect rephrasing of the problem. This is called a "Straw man".


He rephrases the problem as fundamentally a computational problem, that the only reason trusting X is not usually ok is because we don't have computation to help us understand X and appropriately trust X.
This is not the problem with "Weak Subjectivity", this is not the reason why trusting X is a problem, and it begs the question by presuming that doing this "Weak Subjectivity" is better than simply trusting in X via any kind of system X wants to implement.

Or in other words;

Seems to have worked out great for all those buying into MTGOX's view of the world.