Pages:
Author

Topic: Noob Q: Can bitcoin be turned into POS? - page 3. (Read 3925 times)

legendary
Activity: 1092
Merit: 1000
March 28, 2017, 04:20:18 PM
#55
Pow is much fair distribution system over POS


If you make a PoW where everyone , can process the ~ same amount of PoW,
you would be correct, but history has proven due to economic factors the rich gleam an unfair advantage.

How many warehouses full of ASICS do you Own?   Cheesy


 Cool
legendary
Activity: 1092
Merit: 1000
March 28, 2017, 04:15:19 PM
#54
Hard Coded Check Points can not be orphaned, and they can be weeks or months or years old.
(I am in favor of, and see no downside or security problems with them.)

Hard-coded check points are a centralized consensus mechanism.  Let's the dev then sign all blocks, that's the same.

So you only need to bribe the dev to change the check points he only can provide and your "decentralized consensus immutability" is gone too.

Quote
I disagree with , because they do add too much centralization for my taste. Control the checkpoint server and you control the coin.

Identical to dev signed software with checkpoints he can change at will too.

I think you didn't fully appreciate the decentralized consensus problem.  If you propose a centralized dev solution, you're missing the point all together.  Let the dev's computer sign all blocks for that matter.  No more problems.




Hard coded Checkpoints , are placed in by the dev , however the users still have to update to the new version.
That is how they signal agreement , if no one updates , then the hard coded checkpoint is ignored.
If the Majority does not update, hard coded checkpoints won't work.


Checkpoints from checkpoint servers can not be refused.

See the difference.  Wink

 Cool
sr. member
Activity: 368
Merit: 266
March 28, 2017, 11:42:16 AM
#53
I think that there's a wealth of data out there within the alternative coin experimental projects which may be compiled and studied to answer this feasibility question. However, it would probably require a hybrid system and a revised acyclic data structure connecting various tiers of clients and that may be too intensive a project to undertake on the existing chain without causing conflict.
full member
Activity: 126
Merit: 100
March 28, 2017, 11:14:08 AM
#52
why then not replace this with these 20 guys signing digitally each block and promising not to sign more than a block per 10 minutes in a round-robin way ?  That's just as secure, isn't it ?
Yes, I think it's absolutely the same as stamping with gpu a paper contract between "20 elders of the internet" and "we, the people" for "block chain special service". Moreover,  mining hardware is a potential point of failure and power vacuum, since monopoly on network belong to few tech-savvy entrepreneurs.
In POS system money decide how money evolves, it's fair enough, and I'm actually okay with whales. Coins as shares in distributed payment system has more logic than gpu power as voting method.
There is no direct connection between hashrate and bitcoin success.
In order to harm block chain there should be an actual potential / possibility for big corp/ebil gobernment to conspire and interfere in the system, and I think bureaucratic power highly overestimated.
1000 dedicated people can ruin any corporation, 10000 well armed organized men can overthrown any government, so why we should have more  than 10000 non Sybil signing nodes to run a network? Only power any big government has is power to persuade through information monopoly (non exists more, thanks the internet) and power to print money (we work on that thing here). They can close one megaupload website, DDoS 100 "hate speech" forums, but they can't shut down 2000 tor nodes. There is no law enforcement agency to raid Asian or African datacentres, no hackers to sniff i2p for coin transactions, no way to attack all 10000 signing nodes, especially if ip addresses unknown. It's just a bunch of old guys who probably already invested in dogecoins by themselves.
Again, 10 years as bitcoin run without problems, governments are ok with it. Most problems bitcoin has now come from actual miners -- people who supposed to "secure the network" with hashrate,  and bitcoin developers.
So, we should kick out miners and decentralize developers, and only then think about other attack vectors.
hero member
Activity: 770
Merit: 629
March 28, 2017, 10:04:23 AM
#51
If a big economic actor, especially a state, wants to destroy a coin, just any coin, it can.

Yep, surely big actors could attack any cryptocurrency.

The point is that if an attacker manages to get control over a PoS coin, the coin is practically dead because the attacker would have control over the chain forever with his 51% stake - it can only be revived with a hard fork.

First of all, a coin that is for 50% or more in possession of any entity, is economically dead.   That whale can do anything with it on the market.  So if a coin is for 50% in possession of a whale, whether it technically fails or not, is not important, because it is economically dead already.

A PoS system should be such that after a short while, the "immutable history" is signed by more stake than a single, colluding economic entity is supposed to ever possess.  I would put that limit at a few %.  Any asset of which there is more than a few % in the hands of a single entity, is toxic or dead, because the market is too much in the hands of that entity.  Nobody has single-handedly the control over a few % of all $$ in circulation.

But even in the case an entity possesses 50% of the stake, you can have combined PoS signing systems (where a given block needs to be signed by a certain number of stakers) so that the probability that ALL signatures come from the same 50% of stakers, becomes arbitrarily low.  If you require, say, 100 signatures per block, chances that these 100 signatures are drawn from only the whale's staking nodes are 1/10^30 or something. (it is more complicated than this, but that's the gist).

Quote
An 51%-attack on a PoW currency can do only temporary harm because the attacking mining cartel would have to continuously "burn" resources (electricity, mining equipment).

Not really.  It will have imposed ITS branch and orphaned the other, and everybody will now mine happily on his branch, with modified past for ever.

Quote
But this reward is in place to incentive "staking", because "stakers" at least have some minimal electricity/bandwidth costs. If less accounts are staking, attackers have an easier game with "standard 51% PoS attacks", they could attack the currency even with only 1% of the supply (see cynicSOB's successful APEXcoin attack I mentioned in the answer to kiklo, it was performed with less than 0,1% of the stake). So "stakers" should be at least minimally rewarded (e.g. with Peercoin's 1%/year reward or NXT's transaction fees).  

The cost is the cost to maintain the security of the system in which you have a stake. I think the reward is inviting more problems than solving.  If you cannot be bothered to run an old PC, then you accept the increased risk of the system you're using.  Note that if everyone gets 1% on his stake, with a 1% inflation, you weren't really rewarded either.  Getting an interest equal to inflation is not a reward.
In fact, this becomes lucrative only if most stakeholders DO NOT stake.  Because then you get 1% interest, but overall inflation is smaller than 1%.  So this might give a "miner's consortium" making it difficult for people to stake, so that they get the full reward while most people don't.

Rewards corrupt.
legendary
Activity: 3038
Merit: 1169
March 28, 2017, 09:58:06 AM
#50
Well I think that is your decision to make, in converting bitcoin to Altcoins, I think there are many bitcoin users that are converting their bitcoin to any altcoins they like well I don't really thinking of doing this I like bitcoin more than any altcoins out there but if given a chance that there is an alt that would simply impress me then I think I would have a second thought over converting my bitcoins for it.
hero member
Activity: 770
Merit: 629
March 28, 2017, 09:46:36 AM
#49

How do you know that server is really under the ice, and not in the room of a power-hungry maniac ?  And what happens if that computer fails ?  Who has the root password to that server ?  Who can pull the plug ?  What network provider has control over all that happens on the network interface of that server (excluding people for instance) ?

We can't know for sure even if all these posters (including me, from your point of view) on this board really exist, or if it's just php spam bots from some guy who tricked us into buying his "coins".
Antarctica example is hypothetical, since we don't know if Antarctica really exist  Cool
We can try to send server on Mars, but who can be sure Mars is actually a real planet, and not a fairy tale from government controlled schools?

You need, as you point out, a total conspiration in order to fake a decentralized system: you can check IP numbers, you can check so many things, and most of all, you can be part of it (several times, style Sybil) and check that you can see yourself on the network. 

If there is "one server on Mars", that server is one single point of entry, one IP number that can be a proxy to something totally different without having to compromise all of your knowledge about the world, about internet and everything.

A server has a root owner.  The data that that server receives and sends back are entirely at the discretion of that root owner.  I don't see how that root owner could prove its absence of potential interference on the system.  You don't need to corrupt all of society and all of the world to change stuff on the server on which you are root password owner.  The computer on Mars can be just a proxy to just any computer on earth.  Maybe my desktop.  Why would you trust my desktop (behind a proxy server on Mars) ?

Quote
Anyway, we should look for a good enough solution for immutable and permissionless trustless payment network, not absolute one. Bitcoin is a coin what run for almost 10 years and governments don't fight it, despite 20 computers run all the block chain. So, it's good enough solution.

Those "20 computers" are the most involved computing infrastructure in the whole world !  That said, 20 root passwords determine indeed bitcoin.  For the moment, they are not colluding.  However, why then not replace this with these 20 guys signing digitally each block and promising not to sign more than a block per 10 minutes in a round-robin way ?  That's just as secure, isn't it ?
And wastes much less electricity ?  Or not ?
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
March 28, 2017, 09:25:20 AM
#48
If a big economic actor, especially a state, wants to destroy a coin, just any coin, it can.

Yep, surely big actors could attack any cryptocurrency.

The point is that if an attacker manages to get control over a PoS coin, the coin is practically dead because the attacker would have control over the chain forever with his 51% stake - it can only be revived with a hard fork. An 51%-attack on a PoW currency can do only temporary harm because the attacking mining cartel would have to continuously "burn" resources (electricity, mining equipment).

Proof of burn like in Slimcoin's design could be a interesting option to complement a PoS currency because here the attacker's power would decrease in time, like in PoW.

You seem to not understand that PoS coins also reorg to the Longest Chain with the Highest Difficulty.  Smiley

That's the whole point of the "long-range" or "history attack" (or Bribing attack, as Vitalik Buterin calls it) - a couple of emptied keys that aren't that old could give the attacker the difficulty he needs for his attack chain.

I agree with you that N@S attacks are highly "impractical" but that doesn't mean they are "impossible". And I'm not against the concept of PoS - in fact, I am somewhat active in the Peercoin, Nxt and Slimcoin communities.
full member
Activity: 126
Merit: 100
March 28, 2017, 08:53:38 AM
#47

How do you know that server is really under the ice, and not in the room of a power-hungry maniac ?  And what happens if that computer fails ?  Who has the root password to that server ?  Who can pull the plug ?  What network provider has control over all that happens on the network interface of that server (excluding people for instance) ?

We can't know for sure even if all these posters (including me, from your point of view) on this board really exist, or if it's just php spam bots from some guy who tricked us into buying his "coins".
Antarctica example is hypothetical, since we don't know if Antarctica really exist  Cool
We can try to send server on Mars, but who can be sure Mars is actually a real planet, and not a fairy tale from government controlled schools?
Anyway, we should look for a good enough solution for immutable and permissionless trustless payment network, not absolute one. Bitcoin is a coin what run for almost 10 years and governments don't fight it, despite 20 computers run all the block chain. So, it's good enough solution. Can we improve it? Of course. We can take out of the equation:
miners
whales
central devs
corporate infrastructure
Probably, some future bitcoin will run on some mobile infrastructure-less mesh network with decentralized crowdfunding for development and with "1 meatbag node - 1 vote" democracy. Or not. I don't care.
POS successfully fired miners already, so we have some progress. Next to be kicked out is devs with their central websites for updates and downloads. Crowdfunding and peer reviewing can be done in the network by actual holders. And we don't need absolute decentralization for all this, 10000-100000 master nodes can run a 300 million active users network no third party able to stop or interfere.
legendary
Activity: 1512
Merit: 1000
March 28, 2017, 08:28:54 AM
#46
Technologically possible, but that would mess up pretty much everything, and the miners surely would swear vendetta against the developers. However we could by BTC under $10 again Wink.

...but why do you want another PeerCoin Smiley?
hero member
Activity: 770
Merit: 629
March 28, 2017, 08:28:35 AM
#45
Pow is much fair distribution system over POS

You think that 5 entities obtaining half of the "distribution" is a fair system ?
legendary
Activity: 1302
Merit: 1002
March 28, 2017, 08:26:36 AM
#44
Hi guys.
Plz don't kill me for asking.

I see a lot of hype around alt-coins.
When asked, many will point out POS as a plus vs bitcoin.

I was wondering:

1. Can Bitcoin change to POS if wanted to by the community?
2. Is POS really an advantage (if it is - is it an advantage because it saves energy, or because it diffuses power)?

Thank you!

Pow is much fair distribution system over POS
hero member
Activity: 770
Merit: 629
March 28, 2017, 08:16:37 AM
#43
For the first thing we should understand why decentralization matters to us so much.

You want an immutable and permissionless trustless system, ideally anonymous.  If the system is not immutable, then the one that is able to change the rules or the history at will, once you got in, can totally alter the value you are holding, or the things you planned to do with it.  He can even change your balance, or wipe your existence on the system.  Without immutability (of rules and history), you are doing the equivalent of signing a blanc cheque, or a blanc contract, to whomever has the ability to change the rules or the history.

If the system is not permissionless, one can kick you out, or stop you from using the system according to the rules, for your political, economical, religious, racial or social cercle identity, or simply because you happened to annoy for a known or unknown reason, those that can grand permissions or not.  So the system must be open to any participant.

==>  essentially, those being able to give permissions, to modify history or to modify the rules are a power house ; in the end power always converts to monetary and hence value advantage.  This is why you don't want that.

Because the system's role is to be able to do what the powers that be don't want you to do, or don't want you to do that easily, or because your using of the system may be frowned upon by the powers that be who have all the means to make your life miserable, using the system should be possible without giving out one's identity.

But this also puts the problem that because everybody can access the system, without identity check, that the system most resist Sybil attacks, and of course, malicious people wanting to bring the system down, or take over the power over the system.

The system cannot have any leader, capable of changing the rules of the history (power house) nor anyone deciding upon permission to use the system or not.  As such, you are obliged to have the system running by every participant, as there cannot be a centrally run server, with a root owner, that could change the history on it, change the rules by which it functions, allow or disallow participants in the system, and be able to know all (network) identities of all participants and their actions.

==> necessity of a decentralized system, in order to obtain permissionlessness and immutability, and the lack of any form of centralized leadership.  But this leads to the necessity of trustlessness and resistance to corruption or Sybil attacks.

Quote
We are actually looking for the security of the network, not necessarily decentralized solution for the security of the network
Quick example: if we send centralized payment processor server to Antarctica and bury it under miles of ice no third party interference can happen to payment system, so centralized network would run secure enough.

How do you know that server is really under the ice, and not in the room of a power-hungry maniac ?  And what happens if that computer fails ?  Who has the root password to that server ?  Who can pull the plug ?  What network provider has control over all that happens on the network interface of that server (excluding people for instance) ?

Quote
We have bitcoin block solving process decentralized to 20 computers, with hardcoded checkpoints, and network run fine.

Who can control those 20 computers ?  Who is deciding on the "hardcoded" (who is coding them ?) check points ?  What if tomorrow, these 20 computers are running an entirely different block chain ?  Is there even a block chain on them, or is it just a database pretending to be a block chain ?

full member
Activity: 126
Merit: 100
March 28, 2017, 07:58:33 AM
#42
Hard Coded Check Points can not be orphaned, and they can be weeks or months or years old.
(I am in favor of, and see no downside or security problems with them.)

Hard-coded check points are a centralized consensus mechanism.  Let's the dev then sign all blocks, that's the same.

So you only need to bribe the dev to change the check points he only can provide and your "decentralized consensus immutability" is gone too.

Quote
I disagree with , because they do add too much centralization for my taste. Control the checkpoint server and you control the coin.

Identical to dev signed software with checkpoints he can change at will too.

I think you didn't fully appreciate the decentralized consensus problem.  If you propose a centralized dev solution, you're missing the point all together.  Let the dev's computer sign all blocks for that matter.  No more problems.


For the first thing we should understand why decentralization matters to us so much.
We are actually looking for the security of the network, not necessarily decentralized solution for the security of the network
Quick example: if we send centralized payment processor server to Antarctica and bury it under miles of ice no third party interference can happen to payment system, so centralized network would run secure enough.
Decentralization for the sake of decentralization can't resolve all issues, and decentralization is not a binary thing, coin can have more decentralization or less decentralization. The more decentralization actually coin has - the more problems with transactions and network will appear.
We have bitcoin block solving process decentralized to 20 computers, with hardcoded checkpoints, and network run fine. If we will try to decentralize it to 2000 computers, network latency can lead to constant reorganizations due to massive generation of orphaned blocks. So, decentralized solution do not exist for peoof of work chain.
In the other hand, delegated POS with 2000 delegates can run just fine.
So, we have "centralized" DPOS system more secure and decentralized than "decentralized" bitcoin.
hero member
Activity: 770
Merit: 629
March 28, 2017, 07:05:37 AM
#41
Hard Coded Check Points can not be orphaned, and they can be weeks or months or years old.
(I am in favor of, and see no downside or security problems with them.)

Hard-coded check points are a centralized consensus mechanism.  Let's the dev then sign all blocks, that's the same.

So you only need to bribe the dev to change the check points he only can provide and your "decentralized consensus immutability" is gone too.

Quote
I disagree with , because they do add too much centralization for my taste. Control the checkpoint server and you control the coin.

Identical to dev signed software with checkpoints he can change at will too.

I think you didn't fully appreciate the decentralized consensus problem.  If you propose a centralized dev solution, you're missing the point all together.  Let the dev's computer sign all blocks for that matter.  No more problems.
full member
Activity: 126
Merit: 100
March 28, 2017, 05:18:10 AM
#40
@dinofelis: It's unfortunately not that easy. N@S is a potential threat, above all because of the infamous "history attack". It's difficult to perform on a mature chain and very probably won't give the attacker any profits (even if he shorts the coins), but in the case a big malicious actor (banks, governments) conspire, they could do more harm with this kind of attack than with 51%ing a PoW currency.

If a big economic actor, especially a state, wants to destroy a coin, just any coin, it can.  Central banks can destroy immediately any coin that is available, not by technical means, but by economical means.  It doesn't cost them anything.

How does it work ?  A central bank can, if it is legally allowed to do so, buy up any "asset" and issue fresh fiat against it.  The central bank can hence print as much fiat as necessary to buy up 95% of the stash of any coin.  The FED can print, fully legally if bitcoin is recognized as an "asset", the 20 billions needed to buy up all bitcoin.  In doing so, they pump the price to the sky.  But no problem, the FED can print just as much dollars as needed to buy up the whole stash, because the stash itself serves as "asset backing the printing".  As the price of the asset is rising, the FED's balance becomes more and more positive.  People will fight for the few bitcoins still around, and spend huge amounts of their savings on it, while the liquidity of bitcoin decreases like hell.  Bitcoin to the moon.
And then, the FED will sell bitcoins, first slowly, to destroy the amount of dollars they printed on it, now that it is "to the moon".  Once they have gotten most of the printed dollars back out of circulation, they dump the whole stash to oblivion by putting the 95% of the stash in circulation the same week.  So many people will have lost their savings, that bitcoin is done for ever.

No finite resource asset can win an attack from a printing FED, because all other actors have to bring in true value, and the FED can print for nothing.  This is why "one big crypto currency" is a lunacy.  Any big fiat central bank can destroy it when it wants on the market.

As you say, the nothing at stake attack is very difficult to perform on a mature chain.  The "value function" should be chosen well, in such a way that a historical reorganization is essentially impossible to perform, because you would need, in redoing the chain, so many collusions of former stake holders (which were stake holders by PoW not by PoS) that you will not be able to find all the signatures necessary to do so.

The problem with most PoS systems right now is that they also reward the staker.  This reward has to be unique, and will be fought over.  If there is no reward, then there's no battle to be had.  There's no incentive for a random stake holder to absolutely want to stake on a secondary chain and hence increasing the risk that the system he has a stake in, crumbles down.



Pure madness, bro. All they do is a
1)Ban to legal payments
2)Seize domains
3)Close github repository
Tadam! Bitcoin is over forever.


Also N@S is much less possible than POW regular fork. If one city in China will have short electricity cut off due to hydro plant planned maintenance bitcoin is over, ethereum miners will fork it and 51% to oblivion, because, well, economic incentive.
legendary
Activity: 1092
Merit: 1000
March 28, 2017, 05:11:17 AM
#39
The problem with most PoS systems right now is that they also reward the staker.  This reward has to be unique, and will be fought over.  If there is no reward, then there's no battle to be had.  There's no incentive for a random stake holder to absolutely want to stake on a secondary chain and hence increasing the risk that the system he has a stake in, crumbles down.

I glad you get the no reward point.  Smiley


==> this is not a valid argument of course.  That is like saying "no hacking software is available right now, so hacking is not possible"

Hmm, it is impossible to make the attempt until the code is written.
Others talk like multistaking has been proven , and it has not.

If I said , Flying was possible by using my anti-gravity belt I was building in my garage ,
you telling me it is impossible to attempt flight before I even finished making the belt would be accurate. The above is no different.


This is not a solution, because the "checkpoint" itself is a consensus resolution.  You could just as well say that blocks that have been confirmed once, shouldn't be orphaned.  In fact, "checkpoints" are nothing else but "blocks of blocks" in the same way that blocks are "blocks of transactions", and the consensus resolution is: WHICH BLOCK ? on the block level, so the check point is the consensus resolution of "which block of blocks ?".

Nothing fundamentally irreversible is done with check points that wasn't already done with the blocks themselves ; unless you introduce trust, at which point, the whole consensus resolution becomes simple: the trusted party will determine consensus, and we don't need block chains any more, just a digital signature.

You can introduce checkpoint-like PoS signatures, but you have to realize that they do not grave in stone anything more than block resolution already did.  Orphaning checkpoints is not different in principle from orphaning blocks.


Hard Coded Check Points can not be orphaned, and they can be weeks or months or years old.
(I am in favor of, and see no downside or security problems with them.)

Checkpoint servers ,
I disagree with , because they do add too much centralization for my taste. Control the checkpoint server and you control the coin.

Rolling Checkpoints ,
I am still on the fence about, depending on the # of blocks before they hit , they may be a possible security issue that is better handled just by creating a stronger chain.
Where as a 10 block rolling checkpoint could cause more damage than good. A rolling Checkpoint , of a Day or Week or Month, less concerned with because the chain has been allowed to form normally and odds are would not be overwritten anyway.
I even proposed that Bitcoin adopt rolling checkpoints , to keep the ASICS Miners with 51% control from overwriting transaction data.
Blackcoin @(500 blocks) & Nxt@(720 Blocks) are the only ones using them at the current time , to the best of my knowledge.
Checkpoints are not a PoS only issue as PoW coins can use them also.
Time will tell on rolling checkpoints.

 Cool
hero member
Activity: 770
Merit: 629
March 28, 2017, 04:17:06 AM
#38
Hello,

As you've seen, I'm quite favourable for PoS, but I'm against any erroneous argument in favour of anything.  Arguments should hold water.  I think you are having PoS arguments which are not always correct.

It is an attack that HAS NEVER BEEN EXECUTED ON ANY COIN!

None of the CURRENT PoS WALLETS ARE MULTISTAKING, until MULTISTAKING POS WALLETS ARE CREATED , an attack from that BS LIE, can not even be attempted.

==> this is not a valid argument of course.  That is like saying "no hacking software is available right now, so hacking is not possible"

Quote
LONG RANGE ATTACKS ARE IMPOSSIBLE , past a Checkpoint!  Wink

This is not a solution, because the "checkpoint" itself is a consensus resolution.  You could just as well say that blocks that have been confirmed once, shouldn't be orphaned.  In fact, "checkpoints" are nothing else but "blocks of blocks" in the same way that blocks are "blocks of transactions", and the consensus resolution is: WHICH BLOCK ? on the block level, so the check point is the consensus resolution of "which block of blocks ?".

Nothing fundamentally irreversible is done with check points that wasn't already done with the blocks themselves ; unless you introduce trust, at which point, the whole consensus resolution becomes simple: the trusted party will determine consensus, and we don't need block chains any more, just a digital signature.

You can introduce checkpoint-like PoS signatures, but you have to realize that they do not grave in stone anything more than block resolution already did.  Orphaning checkpoints is not different in principle from orphaning blocks.
hero member
Activity: 770
Merit: 629
March 28, 2017, 03:43:27 AM
#37
@dinofelis: It's unfortunately not that easy. N@S is a potential threat, above all because of the infamous "history attack". It's difficult to perform on a mature chain and very probably won't give the attacker any profits (even if he shorts the coins), but in the case a big malicious actor (banks, governments) conspire, they could do more harm with this kind of attack than with 51%ing a PoW currency.

If a big economic actor, especially a state, wants to destroy a coin, just any coin, it can.  Central banks can destroy immediately any coin that is available, not by technical means, but by economical means.  It doesn't cost them anything.

How does it work ?  A central bank can, if it is legally allowed to do so, buy up any "asset" and issue fresh fiat against it.  The central bank can hence print as much fiat as necessary to buy up 95% of the stash of any coin.  The FED can print, fully legally if bitcoin is recognized as an "asset", the 20 billions needed to buy up all bitcoin.  In doing so, they pump the price to the sky.  But no problem, the FED can print just as much dollars as needed to buy up the whole stash, because the stash itself serves as "asset backing the printing".  As the price of the asset is rising, the FED's balance becomes more and more positive.  People will fight for the few bitcoins still around, and spend huge amounts of their savings on it, while the liquidity of bitcoin decreases like hell.  Bitcoin to the moon.
And then, the FED will sell bitcoins, first slowly, to destroy the amount of dollars they printed on it, now that it is "to the moon".  Once they have gotten most of the printed dollars back out of circulation, they dump the whole stash to oblivion by putting the 95% of the stash in circulation the same week.  So many people will have lost their savings, that bitcoin is done for ever.

No finite resource asset can win an attack from a printing FED, because all other actors have to bring in true value, and the FED can print for nothing.  This is why "one big crypto currency" is a lunacy.  Any big fiat central bank can destroy it when it wants on the market.

As you say, the nothing at stake attack is very difficult to perform on a mature chain.  The "value function" should be chosen well, in such a way that a historical reorganization is essentially impossible to perform, because you would need, in redoing the chain, so many collusions of former stake holders (which were stake holders by PoW not by PoS) that you will not be able to find all the signatures necessary to do so.

The problem with most PoS systems right now is that they also reward the staker.  This reward has to be unique, and will be fought over.  If there is no reward, then there's no battle to be had.  There's no incentive for a random stake holder to absolutely want to stake on a secondary chain and hence increasing the risk that the system he has a stake in, crumbles down.

legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
March 28, 2017, 03:06:54 AM
#36


I was wondering:
1. Can Bitcoin change to POS if wanted to by the community?
2. Is POS really an advantage (if it is - is it an advantage because it saves energy, or because it diffuses power)?

Thank you!

1.
A Proof Of Stake can be done the variations of how it can be done can be debated from simply owning the coin and running a node to receive some rewards every block aka completely movable stake rewards.
https://just-dice.com/#a27 (IN FAQ)

Requiring a certain amount of coins to have a staking position as an example a node with a 1000 coin minimum investment to be rewarded a portion of the miner rewards.  The rest would be non-rewarded nodes.
https://www.dash.org/masternodes2/

To dedicating your node exclusively to staking in order to receive rewards and as a result needing to park your coins for a certain time period before rewards begin to be distributed.
https://en.wikipedia.org/wiki/Proof-of-stake#Coin_age_based_selection

2. POS is an advantage in that it splits rewards between miners and node operators and compensates them for keeping secure copies of the blockchain it also allows another input in the decisions of the coin instead of only rewarding miners.

Applied to Bitcoin it would result in a fork due to the likely need to change the block reward to compensate users based on the format involved, it would ensure more reliability in the long run due to the incentive to receive rewards by operating a full node. Where current node operators receive no rewards unless they are a mining pool leading to quicker centralization and node concentration.

https://en.bitcoin.it/wiki/Proof_of_Stake

In this case while it is likely some nodes would move to the new chain that offers rewards the miners may not like splitting rewards and the mining difficulty will adjust proportionately at the time of the fork based on the value of the coin.
Pages:
Jump to: