Pages:
Author

Topic: [Megathread] The long-known PoW vs. PoS debate (Read 3812 times)

member
Activity: 162
Merit: 65
In the real world. The top 12 coins on coinmarketcap.
#1 on CMK: Bitcoin is the only PoW coin



Although i'm against all shitcoins, but LTC and monero are also PoW.
newbie
Activity: 29
Merit: 46
But, it can't know that I'm voting or just spending my money, unless they forbid me from using other forks, which doesn't make sense because chains are independent and don't interact. Centralized blockchains (which is a contradictory term anyway) could be coded likewise though, no doubt.

I think they'd have thought of this contingency.
As n0nce said, you need to re-request to be a validator, and there is some kind of timelock on your staked ETH as well.
I assume this is for the express purpose of allowing some time for a new fork to get started, and make it difficult for new validators - e.g. the malicious validators who mixed their previously staked coins to allow them to double-stake - to subvert the new fork.
So, the trick they are using to simulate the functions of PoW is basically a democratic consensus system. It's not a bad idea, but IMO still not as good as PoW, which is much simpler, and with no such attack vector. You cannot kill a fork in PoW, only not contribute to it.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
They could in theory realize that someone just exited from the validator pool, those coins were sold on an exchange and then someone applied as validator with the exact same amount of coins.
They can realize that some funds are gone, and about the same time some funds are staked. At that point and further, any conclusion is fundamentally flawed, and any action taken is irrational. Even if mixing is broken.

I do think it can know that you're voting, by just running two nodes and checking the other blockchain.
But, that would make their blockchain reliant on forks, which nullifies the whole fork concept; a fork is a split, not a merge. Being able to fork is being able to oppose. If you charge forking, then your project is not able to fork, because forking happens by nature unquestionably. At least if we're working in a really decentralized manner.

Instead of penalties, the founders of the first chain (if they're so obsessed on disincentivizing the new chain's usage) should work on arguments. Nobody's going to stay in a anti-freedom chain when the neighbor-chain is in favor of them, unless they're morons.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Quote
Exactly, and imagine the credibility of a 'fork team' who on one hand is trying to sell their fork as the 'new Bitcoin' that will 'replace it' (flippening), while at the same time being based (thus reliant) on the real BTC blockchain through merged mining. Nobody would take them seriously.
There is a binary decision which chain to mine, that doesn't exist in PoS.
It is partially true. There is a binary decision which chain to mine, because you have to choose your previous block hash of your block header that you are trying to mine. But if Merged Mining is active, then you can reuse the same header on both chains.
[...]
You're not wrong, but I said already that all these ideas are restricted solely to merged mining, which I see as unlikely. At least for any 'We are the new Bitcoin' type of altcoin. Those usually don't want any connection to BTC whatsoever (most definitely no merged mining).

I mean, imagine every miner who claims fork-coins magically being handed an ASIC (for each of the ASICs they own) for the fork chain. The thought is hilarious to me! Cheesy But that is what happens in a PoS fork.
That's a great analogy.

PoS really is a PoS haha.
Although see tromp's reply below. I didn't realise, but it seems like Casper might address this?
But then you could still mix your staked coins and start again? (as pointed out by n0nce)
Exactly; BlackHatCoiner reminded me of this. Just mix or otherwise 'exchange' the coins, like selling on one exchange and buying the same amount on another one.
Only thing holding you back is that usually in PoS there's a mechanism to 'apply' for validator status. That's right; you can't just spin up a miner, you need to ask for permission. It makes sense for validators to reject it since it reduces their proportional stake, but that's a different point.
They could in theory realize that someone just exited from the validator pool, those coins were sold on an exchange and then someone applied as validator with the exact same amount of coins. Blockchain analysis type of stuff. That's the only issue I see with BlackHatCoiner's idea; but any such countermeasure can easily be circumvented.
You could just split the amount and spin up 2 validators of 'half the size' (e.g. 16ETH, 16ETH while you previously had one 32ETH stake).

In theory, if you validate on the chain that Vitalik doesn't like, he will destroy your 32ETH on the good-boy Vitalik chain.
You know, compared to ASICs, that allow you to go with whatever is currently more profitable and switch (back) at any time if you want it (freedom), if you don't behave like a good boy, Vitalik will steal your funds in PoS.

Imagine you mined BCH for a while and when Satoshi found out, he came knocking to your door and took away your mining gear. Same shit.
AFAIK, staking on the not "good-boy Vitalik chain" is not a slashable offence by itself, but staking twice for the same block height is.
Or are you saying that Vitalik will just implore everyone to slash your coins by posting on Twitter asking for social consensus? *shudder*
Oh I don't think they can slash any of your ETH-old if you used your fork-ETH-new to stake, while not staking in ETH-old.
But if you do stake the 'original' and 'forked' coins both, you essentially vote on both chains and that's punished.
Though if I read it right, a few months ago at least, the code for slashing wasn't even implemented yet? [correct me if I'm wrong] Huh  Roll Eyes Cheesy (Or maybe there was no code for withdrawing your stake, that's also possible. Both bad if you ask me.)

Bitcoin holders also determine the voting power. Whenever there is a hard fork, if a majority of Bitcoin holders (which receive equivalent of coins on the new chain) decide this is a hostile takeover, they would dump the coins into the market, reducing the incentive of miners to mine on the new chain. So holders also have a big say in what goes on in Bitcoin, but the dynamics between holders and miners make it safer than PoS which is just not safe.
It can be an indirect effect in case of an intentional hard fork, but Bitcoin holders technically have no voting power whatsoever. They cannot vote for protocol changes for instance, like nodes, miners or stakers can. So calling market-selling a forkcoin 'voting power' is very misleading to say the least.

Someone could grab your signature from the other chain (which includes the block height), and post it as evidence that you submitted two votes for the same block height, resulting in your balance being slashed.
But, it can't know that I'm voting or just spending my money, unless they forbid me from using other forks, which doesn't make sense because chains are independent and don't interact. Centralized blockchains (which is a contradictory term anyway) could be coded likewise though, no doubt.
I do think it can know that you're voting, by just running two nodes and checking the other blockchain. A vote is definitely different from a simple spend, otherwise how can anyone (on any chain) know you voted in the first place? Grin
I believe ETH does it through smart contracts, and your stake is even locked for some amount of time.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Forkability is necessary.
You misinterpreted me. The ability to fork, not only it is necessary, but it is inevitable in a decentralized system. I'm only saying this: Splitting a chain, besides consensus-wise, it splits in security as well. If Bitcoin Cash didn't exist, some miners wouldn't mine it, and so they'd most likely mine its past fork.

Someone could grab your signature from the other chain (which includes the block height), and post it as evidence that you submitted two votes for the same block height, resulting in your balance being slashed.
But, it can't know that I'm voting or just spending my money, unless they forbid me from using other forks, which doesn't make sense because chains are independent and don't interact. Centralized blockchains (which is a contradictory term anyway) could be coded likewise though, no doubt.
sr. member
Activity: 317
Merit: 448
What would "cost" more, the cost of printing enough fiat currency to buy > 51% of "POS Bitcoin" coins, or the cost of printing enough currency to have > 51% hashing power in the Bitcoin network?
You don't need some hypothetical scenario that involves printing money, we have actual cases that happened in shitcoins that have PoS algorithm in the past like the case with Steem network where exchanges took over the chain simply because they held a large number of that shitcoin without spending a dime.
https://bitcointalksearch.org/topic/m.59383033

That's merely a "young, nacsent" altcoin. I was thinking about a more developed/mature coin, with high market value. As an example, Ethereum, which is going to make the switch to POS.
It makes no difference; it's a general, inherent problem of PoS. It's just as possible on the 'latest and greatest generation X' PoS blockchain, as it is on a 'young / nascent' or a 'developed / mature' PoS blockchain.
The very principle of PoS that the voting power is determined by the amount of coins you hold is the issue at hand.

If the world's central banks printed enough fiat currency to buy 51% of the coins, that would imply they are buying at least 10 million coins. Are there that much for sale on the open markets? Attempting to buy it in a short period of time would drive demand over existing supply. We'd see $10m BTC sooner.
What if they will only buy it during bear cycles, and they're willing to take their time?
It's one option; or they might buy it off-chain (buying keys / lending the coins / keys). You can't notice that on-chain and it won't cause price fluctuations.

Bitcoin holders also determine the voting power. Whenever there is a hard fork, if a majority of Bitcoin holders (which receive equivalent of coins on the new chain) decide this is a hostile takeover, they would dump the coins into the market, reducing the incentive of miners to mine on the new chain. So holders also have a big say in what goes on in Bitcoin, but the dynamics between holders and miners make it safer than PoS which is just not safe.
newbie
Activity: 29
Merit: 46
I mean, imagine every miner who claims fork-coins magically being handed an ASIC (for each of the ASICs they own) for the fork chain. The thought is hilarious to me! Cheesy But that is what happens in a PoS fork.

That's a great analogy.

PoS really is a PoS haha.
Although see tromp's reply below. I didn't realise, but it seems like Casper might address this?
But then you could still mix your staked coins and start again? (as pointed out by n0nce)

No they don't, since the two signatures they would make for different branches would get posted to the chain as evidence  [1] and their stake (a minimum of 32 ETH) would get forfeited.

[1] https://bitcoinmagazine.com/technical/bitcoiners-guide-to-proof-of-stake
Right so they in fact do have some mechanism to allow for this.
If it actually works then some of my faith in Ethereum is restored.

But what if you unstake your coins on one fork, mix them, and begin staking again with the mixed coins? (as pointed out by n0nce)


No other hand; it's the same hand. That's what I implied. That forking is not desirable, it reduces security.
Forkability is necessary. How do you know which fork is the better one? Answer: you don't.
The ability to fork, and allow users to choose where to move their funds (through exchange) is what makes the chain resilient.

I don't understand. Say you have 32 ETH, and the chain is split. You now have 32 ETH-old and 32 ETH-new. You can use both these coins with no consequences, unless it isn't an actual split, but a sidechain.
Someone could grab your signature from the other chain (which includes the block height), and post it as evidence that you submitted two votes for the same block height, resulting in your balance being slashed.
You can use - as in, make payment with - both the ETH-old and ETH-new, but you can't stake with ETH-old and ETH-new twice for the same block height without risk of slashing.


In theory, if you validate on the chain that Vitalik doesn't like, he will destroy your 32ETH on the good-boy Vitalik chain.
You know, compared to ASICs, that allow you to go with whatever is currently more profitable and switch (back) at any time if you want it (freedom), if you don't behave like a good boy, Vitalik will steal your funds in PoS.

Imagine you mined BCH for a while and when Satoshi found out, he came knocking to your door and took away your mining gear. Same shit.
AFAIK, staking on the not "good-boy Vitalik chain" is not a slashable offence by itself, but staking twice for the same block height is.
Or are you saying that Vitalik will just implore everyone to slash your coins by posting on Twitter asking for social consensus? *shudder*
copper member
Activity: 821
Merit: 1992
Pawns are the soul of chess
Quote
Exactly, and imagine the credibility of a 'fork team' who on one hand is trying to sell their fork as the 'new Bitcoin' that will 'replace it' (flippening), while at the same time being based (thus reliant) on the real BTC blockchain through merged mining. Nobody would take them seriously.
There is a binary decision which chain to mine, that doesn't exist in PoS.
It is partially true. There is a binary decision which chain to mine, because you have to choose your previous block hash of your block header that you are trying to mine. But if Merged Mining is active, then you can reuse the same header on both chains. Then yes, it is clearly visible, which chain you picked (because of that previous block hash), but the reusability of that header makes things different, when it comes to the profitability.

Imagine a scenario, where you picked BTC as the chain to mine, but mined a 100 times easier block header. Then, if Merged Mining is implemented in a NameCoin-like way, as a separate difficulty, you will get around 0.0625 BTC plus fees, and for example 50 ALT. But, if the altcoin is constructed to collect all headers, and adjust the coinbase, instead of adjusting the difficulty, then the whole profitability is different, because then you will only get around 0.0625 ALT, and the rest will be pushed to the future.

So, while creating separate difficulties is not serious, collecting all headers, valid or not, and adjusting amounts, is a different matter. Because then, even if there is a stronger chain, and if those miners could potentially switch their machines to attack the chain, the network is aware of the potential attack, and things are stated explicitly, because the total hashrate is always tracked and reflected in coin amounts.

So, to sum up, if someone is seriously thinking about any ALT that could "replace" BTC, then such chain should be at least work-per-amount-compatible, so the total effort to mine 1 BTC should be comparable with the total effort to mine 1 ALT.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
now the old the on trezor is on a virgin untouched wallet what does it become down the road.

as VB has change the rules enough that I lost track of whether I have a split coin or I am getting one or VB stole some more from me an Now owes me 2 old eth + whatever.
I don't understand what you mean with 'he owes you X coins'.
Anyhow, your stake on Coinbase is not on your possession, so you will probably neither get to claim fork-coins if a fork will happen and neither can you decide what chain to vote on with your stake.

The 1ETH on your hardware wallet, would be present on an ETH fork, and you could claim it without a problem, but that doesn't have anything to do with the recent discussions about staking. Those coins are not staked. They are just sitting in the wallet. They can't be staked since you need 32+ ETH and approval by Vitalik and his friends to be allowed 'in' as a new 'staker'.

TL;DR: Nothing to worry about.
legendary
Activity: 3472
Merit: 10611
Exactly. Miners follow demand. History has proven it. For example, if Bitcoin Cash had more demand than Bitcoin, it'd probably have more hash rate than it too. It's approximately 173 times less than it.
It's more accurate to say that miners follow "profit" not demand. For example bcash never had any demand, specially in early days but it could attract a good amount of hashrate simply because they manipulated the difficulty adjustment algorithm so that miners could mine 1000+ blocks per day (for comparison you can mine about 144 BTC blocks/day). So even with the low price and low demand that bcash had, the miners could make more profit in total so they made the switch in that period.
legendary
Activity: 4256
Merit: 8551
'The right to privacy matters'
In theory, if you validate on the chain that Vitalik doesn't like, he will destroy your 32ETH on the good-boy Vitalik chain.
How will he know I validate ETH-new's chain? I can spend on both chains, and I'm sure he would be fine by the assumption that I'm selling the ETH-new he disapproves of, to buy his ETH-old. But, you can't know with certainty that an ETH-old staker uses the same funds to stake ETH-new. Say, for example, that I mixed ETH-new, and then staked those.
True; mixing and putting the coins back in for the same amount of stake should work. I think the slashing mechanic only works if you just don't move the funds and keep them on both chains, verifying on both of them.
There's no identity or KYC (god forbid) attached to your stake, soo you could most definitely sell the new-ETH, buy them again (or mix them) and acquire the same amount of stake on both chains.

Well VB is on my debtor list as he owes me 2 eth. which I will never see.

So I own 1 old eth on a trezor

and I own .3 staked eth2 on coinbase.

I leave them sit

now the old the on trezor is on a virgin untouched wallet what does it become down the road.

as VB has change the rules enough that I lost track of whether I have a split coin or I am getting one or VB stole some more from me an Now owes me 2 old eth + whatever.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
In theory, if you validate on the chain that Vitalik doesn't like, he will destroy your 32ETH on the good-boy Vitalik chain.
How will he know I validate ETH-new's chain? I can spend on both chains, and I'm sure he would be fine by the assumption that I'm selling the ETH-new he disapproves of, to buy his ETH-old. But, you can't know with certainty that an ETH-old staker uses the same funds to stake ETH-new. Say, for example, that I mixed ETH-new, and then staked those.
True; mixing and putting the coins back in for the same amount of stake should work. I think the slashing mechanic only works if you just don't move the funds and keep them on both chains, verifying on both of them.
There's no identity or KYC (god forbid) attached to your stake, soo you could most definitely sell the new-ETH, buy them again (or mix them) and acquire the same amount of stake on both chains.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
In theory, if you validate on the chain that Vitalik doesn't like, he will destroy your 32ETH on the good-boy Vitalik chain.
How will he know I validate ETH-new's chain? I can spend on both chains, and I'm sure he would be fine by the assumption that I'm selling the ETH-new he disapproves of, to buy his ETH-old. But, you can't know with certainty that an ETH-old staker uses the same funds to stake ETH-new. Say, for example, that I mixed ETH-new, and then staked those.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
No they don't, since the two signatures they would make for different branches would get posted to the chain as evidence  [1] and their stake (a minimum of 32 ETH) would get forfeited.
I don't understand. Say you have 32 ETH, and the chain is split. You now have 32 ETH-old and 32 ETH-new. You can use both these coins with no consequences, unless it isn't an actual split, but a sidechain.
In theory, if you validate on the chain that Vitalik doesn't like, he will destroy your 32ETH on the good-boy Vitalik chain.
You know, compared to ASICs, that allow you to go with whatever is currently more profitable and switch (back) at any time if you want it (freedom), if you don't behave like a good boy, Vitalik will steal your funds in PoS.

Imagine you mined BCH for a while and when Satoshi found out, he came knocking to your door and took away your mining gear. Same shit.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
On the other hand, making it harder to fork also gives security / stability to Bitcoin
No other hand; it's the same hand. That's what I implied. That forking is not desirable, it reduces security.

and if someone were to try coming up with a real contender, the economics (miners switching or not) will show which chain / which coin is more popular and should be pursued. In other words; it would be easier to figure out the 'winner'.
Exactly. Miners follow demand. History has proven it. For example, if Bitcoin Cash had more demand than Bitcoin, it'd probably have more hash rate than it too. It's approximately 173 times less than it.

No they don't, since the two signatures they would make for different branches would get posted to the chain as evidence  [1] and their stake (a minimum of 32 ETH) would get forfeited.
I don't understand. Say you have 32 ETH, and the chain is split. You now have 32 ETH-old and 32 ETH-new. You can use both these coins with no consequences, unless it isn't an actual split, but a sidechain.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
the validators will just validate both sides of the split.

No they don't, since the two signatures they would make for different branches would get posted to the chain as evidence  [1] and their stake (a minimum of 32 ETH) would get forfeited.

[1] https://bitcoinmagazine.com/technical/bitcoiners-guide-to-proof-of-stake

That's only in theory though, since the whole process depends on slashers running on the network, and currently nobody is daring to report anything with them lest it quickly become a political censorship issue within their community.

It's ironic though, because Vitalik Buterin doesn't want Coinbase to run a slasher because he's scared they will start censoring transactions.

Something that's not practically possible in PoW ¯\_(ツ)_/¯

PS. It's possible for PoS 51% hijackers to run a slasher node that reports the real good blocks, so the system has no concept of altruism in the first place (There are strange similarities between this and the algorithmic balancing used in stablecoins such as Luna UST).
legendary
Activity: 990
Merit: 1108
the validators will just validate both sides of the split.

No they don't, since the two signatures they would make for different branches would get posted to the chain as evidence  [1] and their stake (a minimum of 32 ETH) would get forfeited.

[1] https://bitcoinmagazine.com/technical/bitcoiners-guide-to-proof-of-stake
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
But the chains become independent once they split.
I now see it clearly. You're right. You can't use the same work to extend another chain, unless the new chain is dependent on the old chain, regardless of the configuration of the new chain. The new chain founders can either choose to completely disconnect it with the old chain, or make it based on it.
Exactly, and imagine the credibility of a 'fork team' who on one hand is trying to sell their fork as the 'new Bitcoin' that will 'replace it' (flippening), while at the same time being based (thus reliant) on the real BTC blockchain through merged mining. Nobody would take them seriously.
There is a binary decision which chain to mine, that doesn't exist in PoS.

That's also why there is a (trivial) binary decision which chain is longer in an unintentional chain split; meanwhile in Ethereum someone will need to decide which chain is 'longer', as the validators will just validate both sides of the split. Will it be based on a Tweet by Vitalik? I don't know. Doesn't inspire much confidence.

Forking the chain in the former fashion (e.g., Bitcoin Cash) in Proof-of-Stake does grant the validators the same benefits oppositely to Proof-of-Work, indeed. That being said, you could say that Proof-of-Work makes splitting / forking less desirable.
On the other hand, making it harder to fork also gives security / stability to Bitcoin, and if someone were to try coming up with a real contender, the economics (miners switching or not) will show which chain / which coin is more popular and should be pursued. In other words; it would be easier to figure out the 'winner'.

I mean, imagine every miner who claims fork-coins magically being handed an ASIC (for each of the ASICs they own) for the fork chain. The thought is hilarious to me! Cheesy But that is what happens in a PoS fork.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
But the chains become independent once they split.
I now see it clearly. You're right. You can't use the same work to extend another chain, unless the new chain is dependent on the old chain, regardless of the configuration of the new chain. The new chain founders can either choose to completely disconnect it with the old chain, or make it based on it.

Forking the chain in the former fashion (e.g., Bitcoin Cash) in Proof-of-Stake does grant the validators the same benefits oppositely to Proof-of-Work, indeed. That being said, you could say that Proof-of-Work makes splitting / forking less desirable.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Sure, but can't the same apply on Proof-of-Work too? Say that the chain splits to old-Bitcoin and new-Bitcoin that supports merged-mining. Miners that mine the old chain can use redundant hashes to mine for the new chain, with the exact same hash rate. All that's needed for new-Bitcoin is to prove you've worked for it. It'll be essentially a sidechain, but with no dependence on the mainchain.

I don't see how Proof-of-Stake defeats the point of split. It's not the miners/stakers who define the value of the coins, but the users. If a split occurs, there might be new money created, but the product remains the same. Market value of 1 BTC is just split to 1-old-BTC and 1-new-BTC.
But the chains become independent once they split. The hashes would be different for different blocks, so you'd either have to choose to point your miners at the new or the old chain.
Except in his (in my opinion) very constructed example where the new chain doesn't require its own mining, but is merged-mineable with the main chain. Wink

The miners that believe they can make more out of the new chain would point their miners at the new chain, and miners who think they can make more out of the old chain would stay on the old chain.
The new chain would have different consensus parameters, which could not be subverted without significant cost to the miners who wish to subvert it.

Under PoS, this is not the case.
Since the staked amount persists on both tails, stakers could just stake the same way on both tails, and subvert the new chain, and its consensus parameters would end up being the same as the old chain.
That's exactly correct. That's one of the aspects that (asterisk asterisk except in niche constructions / exceptions) makes PoW so different and so much stronger than PoS. In PoS, the 'investment' (miner / stake) is within the system and that's a problem on a multitude of levels.
Pages:
Jump to: