Topic: Poll - Should Proof of Stake be implemented in Litecoin? - page 4. (Read 4714 times)

I've tried to explain specifically why this comment of yours isn't meaningful, both in the previous thread and in my first reply in this thread.
I think that there's some barrier in the way that people who are familiar with the Bitcoin protocol think about this proof-of-stake idea, which causes some confusion.

Again: an attacker with 51% hashpower who releases his forked branch and get it signed by the high coin holders didn't actually attack anything, because his forked branch is just as legitimate as the competing branch of all the other distributed hashpower. The attacker has to start his forked branch after the last signed checkpoint block, and everyone who wishes to protect himself from double-spending can simply wait until the next special checkpoint block in order to be sure that the relevant transactions until this next checkpoint block cannot be reversed. Therefore, the attacker cannot double-spend, the worst that the attacker can do is not including other transactions in his forked branch, but he gains nothing (if he participated normally along with the other miners then he'd both earn more and have less risk that his hashpower goes to waste).

i have made my point. i do not consider the trade off to be worth it, or to be one i am willing to make.

specially when the 51% is still possible (just harder) lets say there is another 51% "attack" threat, do we just keep centralizing the litecoin more and more until we end up with something that doesnt even look remotely like a cryptocurrency is supposed to be?

others have said this as well as me, but cryptocurrencies are succeptible to 51% "attacks", period. if you do not like being succeptible to 51% "attacks" do not deal with cryptocurrencies, or dump in as much hasing power as you can yourself to protect your investment. there is no easy way out.

(even though i would like a magical solution to the problem that doesnt actually change what cryptocurrencies are, there is no such magical solution thus far propossed and i doubt there will be one.)

the same thing has been propposed for bitcoins and it failed to get ANY serious support at all. this speaks for itself.

Your arguments are using too many what ifs. The point is that proof of stake makes a 51% attack cost more financially to the attacker. You argument is like an argument against proof of work: what if the attacker can convince everyone else to stop mining while he performs that attack? The point is that the incentives aren't there. Could the attacker convince one large stake holder to sign his block? Sure. But the chances that he can convince a majority of stake holders to sign his block is slim to none. And the chance that the majority of stake holders are heavily invested in Bitcoin and would be willing to see their Litecoin investment go to 0 just to see it die is slim to none. As Litecoins grow in value, this will cost even more. Also realize that exchanges have a lot of incentives to prevent a 51% attack and they will have a lot of litecoins. So they will likely sign all the signature blocks on the chain that their withdrawal/deposits are on.

How would someone DDoS the biggest stake holders? You wouldn't know which IPs they are at. Even if if you do, there would be hundreds or thousands of IPs that make up the largest stake holders. Are you going to DDoS all of them?

as far as i understand it this puts too much power into the hands of the people who own the most ltcs.

for example lets say there is a 51% attack, conflicting blocks and the biggest coin holders sign the blocks of the attacker anyway.

what then?


and before you ask stuff like "but if they hold the most amount of coins, why would they want to destroy their investment?"
idk, maybe they are even more heavily invested into bitcoins and another cryptocurrency being succesful is not in their interests?maybe the attacker convinced them it was for the best ?maybe they got their investment "refunded" by the attacker in bitcoins?there are countless other possibilities as well. humans are complex machines.


also again the biggest pool is being ddosed (so this show people with bots (which i might add atleast iirc are or were the biggest bitcoin holders) are clearly willing to go to any lengths to attack the network.) what happens if when the person releases his 51%ed chain into the network he ddoses the biggest stake holders?wouldnt this make the entire POS thing useless?

as for you checkpointing i am fine with that because you are the developer.

if i said anything too wrong you are free to correct me.

In order for an attacker to succeed, they need 51% of the network AND they need to sign their signature blocks with more coins than those that sign the regular signature blocks. This way, it's much harder to attack the network, and the attacker has a lot more to lose if they attack the network.

Are you basing this statement on this poll alone or have you talked to a lot of Litecoin users about this? I think a lot of people are against this because they actually don't understand the proof of stake proposal.  People think that with proof of stake, it means we give the control back to the wealthy and it's no different than what we currently have with fiat currencies. This is not true. (At least with Meni's implentation) Please read the wiki page: https://en.bitcoin.it/wiki/Proof_of_Stake

With the proof of stake proposal, blocks are found the same way as they are currently with hashrate. And every 100 block, there will be a signature block. People who have a lot at stake (a lot of coins) sign signature blocks. They want to do that so that they protect their investment. If there are more than one block for that signature block, then block with the most signatures weighted by coins wins. Think of it in terms of checkpointing. Right now, one person (me) decides which blocks are checkpointed. With proof of stake, people how have a lot at stake gets to checkpoint signature blocks. So they can't control which transactions are included when. Miners still control that. All that the stake holders can do is that if there are more than one fork (if there's an attacker trying to 51% the chain), they can sign the signature blocks to help make sure that the fork with no malicious attack is the "true" chain.

please dont do it. the majority of people clearly are against this, and i am sure they do not want to lose their investment either, but this is clearly not the solution the community is looking for.

Good to know, thanks for sharing.

Sorry, I've talked to iddo about this previously on IRC. Hard to keep track of what I've said where and when.
Anyways, I'm looking into Proof of Stake. And I'm willing to experiment with Litecoin if I think proof of stake is a good solution to our 51% problem.

coblee, while you're here, it's a shame I haven't seen you respond to the OP (perhaps you voted, but I think a proper response is better).

How did you come up with these claims? Are they based on any technical analysis?
Did you read what I described at https://bitcointalksearch.org/topic/m.1062538 ?
The idea is simply to cement the blockchain with special checkpoint blocks, and in order to avoid conflict between competing attempts to cement the blockchain we use signatures by those who hold the large amounts of coins when cementing, because these signatures cannot be faked. Anyone who wishes to protect himself from double-spending attack can simply wait past a special checkpoint block. The high coin holders who already signed that special block cannot reverse their decision, because the distributed network respects their initial signature but wouldn't respect their subsequent conflicting signature. Therefore, I don't see how high coin holders can use this distributed proof-of-stake protocol to attack anything. Do you see any concrete attack?

Also, the attacker will likely just want to revert his one transaction to the exchange. He (or she ) can include all the other transactions that don't conflict. So in his own chain, he just sends the coins to himself instead of the exchange. And the days destroyed metric would be the same as the main chain.

Sounds interesting. I can see how this makes it hard to do a sustained 51% attack. But it's still not hard to do a one time 51% attack. Let's say the attacker just needs to do 51% for about 10 blocks in order to do a double spend at the exchange. He just needs destroy enough coins to match the network for those 10 blocks.

What is "at the exact same time"? Bitcoin is, in fact, a timestamping service, so it's important to be specific about this.

If a 500 LTC block is released at time X, and 10-60 seconds afterwards a competing block with 700 LTC is released, that claims it was actually released at the same time. Does the 700 LTC block win? But miners have already started to work on the continuation to the 500 LTC block...

Also, there is no "becomes the next block" in Bitcoin - every miner decides on the history he prefers. Clients and standard, rational miners will go along with the longest history, so an incentivized Bitcoin miner should always pick the longest chain.

Perhaps more details, and some more examples, can help clarify this point.
Given its distributed nature, I don't think shorts forks can be avoided in a good Bitcoin-based protocol (hunch).

Then why not just read the quote and the paragraph in context? I had to come up with a way to make sure that a bitcoin-based block chain where difficulty would be intentionally lowered but still be safe against attacks. For that proposal. The idea still applies and would be useful for bitcoin or litecoin. It is a much less dramatic step than proof of stake, yet I believe it can still be extremely effective when fine-tuned.

I don't understand how the TL;DR of the linked thread relates to the pargraph you wrote here:

Instead of a potentially complex and fork-inducing proof of stake change, why not make a fork-free smart-chain?

https://bitcointalksearch.org/topic/new-musings-for-a-stable-currency-64637


Really comes down to using a "bitcoin days destroyed" metric.

Say two blocks were created at the exact same time, but one had 500LTC days destroyed, one had 200LTC days destroyed, so the 500LDD wins and becomes the next block. Not only does it reduce the likelihood of the miner that ignores transactions scenario, but it also effectively prevents a sustained 51% attack. Anyone attacking the network will need lots of old coins and must destroy those days each block they create. It will also probably be more difficult to pull off a finney double spend attack because a pre-mined block will likely have less days destroyed than a legitimate one.

As long as no one actually attacks the network, this change could be made over time and be completely compatible with old clients. If someone does attack the network, old clients would be fooled and a fork may be created. Additionally, if there is some large change that happens due to an attack or a network split or some other big event, instead of (stupidly) picking longest chain wins, the user will be notified that there are multiple chains, beware, find out what's going on, etc.

All you have to do is create some slightly complex algorithms to determine block acceptance rules and a smarter interface.

Thanks for your explanations.
So if PoS will be implemented,
Litecoin likely will have hard-fork chain split.
Not good.

I personally once thought Litecoin is interesting, but have lost interest in it a long time ago.
Right now, as it stands, it is simply not relevant.

This is one proposal to make it relevant.

The market cap and adoption of Bitcoin is much larger than Litecoin. As such, it will be slower to take riskier moves like changing its economical fundamentals.

Litecoin is still young enough that it can change with relative ease.
This experiment (implementing PoS) can give it real life. It might be bad, and might be good, but at least it will be interesting to test.

Of course, this can be done as a fork ... but in that case I think it should be a fork of Bitcoin, not Litecoin, and in any case it would be hard to attract a large following at this stage.

If coblee and other supports of Litecoin could be convinced to think about this idea and change the official Litecoin chain to include PoS,
it might have a real chance to gain adoption in this community. Of course the original PoS-less Litecoin would continue alongside, but I think a lot of people will flock to where the leaders of a chain point, and will consider upgrading to a PoS-based system.

Maybe the time is not right yet, and another PoS alt-chain should be built as a PoC before this is even considered.