Author

Topic: Looking for people to review Proof of Time Ownership - a consensus protocol (Read 109 times)

jr. member
Activity: 33
Merit: 74
Oops, I already re-posted, so too late I guess?

A link to the repost (please continue discussion there): https://bitcointalksearch.org/topic/m.32858330
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
@monsterer2 Thanks, I'll give that a shot! I don't think I could til I posted here and waited for hours, since I'm a new account.

You can actually MOVE this thread (control at lower left) so you don't need to eat up another post penalty.  Smiley
jr. member
Activity: 33
Merit: 74
@monsterer2 Thanks, I'll give that a shot! I don't think I could til I posted here and waited for hours, since I'm a new account.
full member
Activity: 351
Merit: 134
Is this the right section to put this kind of thing?

Try posting in the Bitcoin technical section.
jr. member
Activity: 33
Merit: 74
Is this the right section to put this kind of thing?
jr. member
Activity: 33
Merit: 74
I've written a hybrid PoW/PoS cryptocurrency consensus protocol called Proof of Time Ownership (PoTO) that is intended to be more secure than pure Proof of Work for a given amount of hashpower, and just as secure as pure PoW with a substantially less amount of hashpower (1/2 to 1/10th). I've also detailed and analyzed a number of attacks on PoTO, other hybrid protocols, and pure PoW.

A link to the proposal: https://github.com/fresheneesz/proofOfTimeOwnership

The protocol hinges on a few key design aspects:

  • Proof of Work - The protocol still has miners that compete on hashpower to mine transactions into blocks as well as to provide the randomness needed for determining who is allowed to mint PoS blocks
  • Time-bound Proof of Stake - PoS minters compete with miners to create blocks. A PoS minter is allowed to mint transactions into a block if one of their addresses comes up in a time-release progression.
  • Limiting Miners by held stake - Miners must also hold coins in order to mine, and the proportion of blocks they mine can't exceed the proportion of miner-stake they own. Note that this is detailed as the "Hash-Stake Extension" at the moment - but will likely be incorporated into the protocol as a key (non-extension) component.

In spending a lot of time thinking about this, I believe I've come up with a couple novel attacks not only on hybrid systems, but also on pure PoW itself. I called them "Mining Monopoly Attacks" and I'm curious if anyone has come up with them or discussed them before. The Orphan-based Mining Monopoly Attack is applicable only to hybrid systems that aim to reduce the hashpower needed for a given level of security (like PoTO), but the Economic Mining Monopoly Attack is applicable to both hybrid systems and pure PoW systems, and substantially reduces the theoretical cost of an attack on PoW at equilibrium (ie the cost of acquiring half the hashpower) to half the current amount invested rather than the full current amount invested. For PoW this means the security is half of what you might think, but for hybrid systems, this has more substantial security implications.

I take particular care to compare PoTO to the Proof of Activity proposal by Charlie Lee et al (https://www.decred.org/research/bentov2014.pdf) for which I found a number of security problems not discussed in its paper (or anywhere I've been able to find in my research).

I'm looking for a mathematician to help me analyze the minimum cost of attack for PoTO, since the Hash-stake Extension requires ugly and/or complex math for N>0.

Even at N=0, the introduction of a coin-ownership requirement to mine could substantially increase Bitcoin's security or substantially decrease the required hashpower to maintain Bitcoin's level of security (ie cost of attack), depending on how much staked-coin miners choose to use. Since owning locked-in coins costs much less than depreciation of mining hardware and electricity usage, its likely miners will stake a lot more bitcoins than it would cost them to purchase and run mining equipment. As an example, if 2/3 more bitcoins were staked by miners than currently costs to obtain and run mining hardware, the mining hashpower (and thus on-chain fees) could be reduced to 1/3 of its current amount while still retaining the same security. A second example: if 40% more bitcoins were staked by miners than it would cost to purchase and run mining equipment, the mining hashpower could be reduced to 60% of its current amount while still retaining the same security.

For N>0, the hashpower can be reduced even more while retaining the same security, tho I'm still looking for someone to help me calculate numbers for those (as I mentioned above).

So I'm looking for people to poke holes in this protocol, discuss potential issues and effects, and analyze other effects that haven't yet been explored. But please read the whole proposal before coming to conclusions.
Jump to: