Topic: PoS is far inferior to PoW - why are so many people advocating switching to PoS - page 4. (Read 12861 times)

Ok, so I misread it. The milestones just save time finding a shared block, but the client doesn't allow forks further than 720 blocks, so it's kind of a moot point anyway. "Whichever chain has the most people using it" is the ultimate arbitrator.

But how do you know which one is an appropriate blockchain when the the stakers can stake on any particular chain? It seems to me that you'd see your server has forked, and so you look at which fork most people are on and switch over, in the meantime any transactions that you had on your blockchain are reversed. Which is pretty much the same effect as if your chain reorganized.
Sure, the peer lists change, but the first peers you see point you to the chain that you're going to end up downloading. The "chain with the most stake" doesn't really work, because again, anyone could make a NxT chain with more stake on it, and a few people could do it even with the genesis block you're currently using.

Wrong. This happens in a while(true) loop. It will just request the next 10 milestone blocks, and keep going back until Genesis if no common block is found.
If it cannot download the blockchain from the current peer, it will switch to another peer. Peers exchange their known peers lists with each other all the time, there is no mechanism that will lock your node to only download from certain peers, let alone from hardcoded Nxt domains.

When you first download the client, NXT domains provide a "random" list of peers. We don't really know if they're random and they're only on their list to begin with because they've decided to trust them.

There's no particular reason why we couldn't see several large stake chains because forgers can forge on multiple chains without any problem.

There's nothing that I see that can automatically move nodes to a valid chain. If you happen to be on the "forked" chain, then eventually you just need to reinstall the server and load up the node from the "right" ones, which seems to be determined by whichever nodes the NXT domains point you to.

There are no "NXT domains", there are peers which all share a copy of the blockchain. If you think all the blockchain is downloaded from one centralized service, well, you need to check your facts again. Installing the client, downloading the blockchain, and looking at the peers tab would be one simple way of doing it.

But requesting milestones from peers only checks back 1440 blocks for 10 "jumps", so if the closest common milestone is further than that, then it would just be unable to find a common block. That would happen either because it had forked 14400 blocks ago, or because the peers had gotten 14400 blocks ahead.
At which point, as far as I can tell, the client needs to start over with a node that is passed to him from the NxT domains. That seems like a pretty clear "checkpoint" in all but name.

Although, the server "won't allow" forks after 720 blocks, so I guess it only looks for older milestones in case the server was just offline for less than 10 days. I don't really understand the point of that rule, since all it seems to accomplish is making forks permanent.

I need to see how this thing isn't getting drowned in orphans. Ostensibly it's because no large stakeholder has bothered to try to mess with it. That's the goal, I know, but good grief, if I wanted to trust rich people that much I'd stay with fiat.

Ok, this is a different attack vector. The math is tricky and it's probably not worth it: we agreed that if you have that stake you can attack without hashrate!

still, for the sake of argument (http://xkcd.com/1432/):

ok, but each block is independent, you are in disadvantage on every block, and you want more cummulative difficulty after k blocks. On every block that you select any account of yours that is not the one with lowest delay, you get farther away from your goal expecting to offset that with "good luck" in following blocks. With a large sample you can expect to get lucky, but on each block that you don't use the optimal (minimal delay) account you need even more luck to catch up.
I still think that beating the unshifted average is not that easy and it could happen that in all your branches you end up with less cummulative difficulty. In NXT the target gets larger as time since last block passes by, so doing a simulation would be much easier than calculating. Still, my point is: if you have that stake you can attack without hashrate!

Regarding the other attack that someone posted a link to: they mention bruteforcing the private key in order to get a public key that will forge in the future. You can forge 1440 blocks after setting the public key, and you can't reorg more than 720 so it doesn't work. If you remove that limitation, yes, it's an attack that requires big amounts of hashrate.

So, I concede there are attacks that utilize lots of hashrate. However, I'll say it again: if you have that stake you can attack without hashrate!

The purpose of this milestones code is "an optimization to speed up finding out what is the last common block you share with a peer." (c) JeanLucPicard

you don't receive interest in nxt

Somewhat familiar. Every stake-holder computes some delay that is more or less inversely proportional
to their stake. They can announce the next block after waiting that many seconds.

You're not appreciating how the statistics work out here.

75% being less than 100% just means that the delay distribution is shifted to the right.
But sampling from a huge number like 400^k means you'll get much further into the left-tail
of this shifted distribution, so you can easily beat the unshifted average.

I didn't know there were two repositories. But anyway, it's the same damn thing;
https://bitbucket.org/JeanLucPicard/nxt/src/88073b26bd65e89ddb074181c5f50f6701e7b177/src/java/nxt/peer/GetMilestoneBlockIds.java?at=master

Did I incorrectly describe the purpose of Milestones?

I think more correct assessment is that by holding PoS coins you are eligible to receive interest, while PoW coins don't give you any interest explicitly, but rather from scarcity/inflation mechanisms, which may vary from one coin to another.

EDIT:

Even though on the surface two schemes might seem somewhat similar, they are fundamentally different:
PoW - neutrality, freedom of innovation, hacker mentality, equality of opportunity, game of skills
PoS - entrenched interests, corruptible humans, oppression, inheritance of wealth, game of luck

Pick your flavor of the future.

This doesn't make sense to me. All 400^k possibilities are very very likely to have less cumulative difficulty than the main chain, because 75% < 100%
The attack will probably fail. This attack does not make sense to me.

However, imagine she had 51% some 200 blocks ago, and sat on it, without staking. Then, she can stake them on a parallel, attack chain. The attack chain will have stake 51% > 49%, so it is very very likely to succeed just doing it the normal way, minimizing the delay, which requires only minimal hashrate. Be it 6, 200, or 720 blocks. This attack makes sense and does not need hashrate.

Please explain.

I like you tromp   I'll add some detail that will mean you have to change this when I have double checked it. And we can go from there. I'll probably start a new thread, to get away from these baseless generalised assertions.

N.B. just so I know, are you familiar with the Nxt Forging algo at all? Doesn't matter if you aren't.

Well, first of all, if Alice has 75% of stake, then the simplest attack would be in the future:
just fork and keep both branches as equal in cumulative difficulty as possible, never letting
one get too far ahead of the other. Thus, there will never be consensus. In fact, for this attack,
one needs only 51%. Or even much less if other stakeholders work on both branches.

But for argument's sake, let's  consider the original challenge. The math is pretty tricky, but let me
sketch the rough idea of an attack.

The regular history developed by picking, at each block, the minimum delay among the stakeholders.
This delay has some probability distribution and some expectation which is the average block interval.

If you reduce the stakeholders to 75%, then the distribution will shift to longer delays.
BUT, Alice is not limited to single-step extensions. She can compute a huge tree of all possible
k-step extensions. With 400 accounts, this tree will have 400^k leaves, and require roughly that
many SHA256 computations. But for large enough k, one would expect one of these leaves to have
a path with an unusually small sum of k delays, less than k times the average delay for all stakeholders.

The question is, how big a k do you need. And this obviously depends on both the number of accounts,
and percentage of stake held by Alice. For the given numbers, I expect a small k like 4 would suffice,
but this needs to be worked out in detail.

In that case, to cover 300 blocks, you'd need to compute 75 trees of 400^4 leaves each, for a rough
total of 75*400^4 = 1.92*10^12 SHA256s, well within the realms of feasibility.

For k larger than 6 this attack would become quite infeasible, but it's not clear to what percentage of stake
that corresponds, unless one goes through the math...

Why do you read the code from a few months ago by the way?
Here is the latest release for analysis:
https://bitbucket.org/JeanLucPicard/nxt/src

Shooting alien monsters in a video game is pretty much useless too, but that's what sells graphics cards.
And manufacturers are fighting with each other, exploring various options to make them even faster.

Who knows maybe PoW mining will create enough incentive to finally get humanity beyond silicon electronics. Maybe we will see advancements with graphene or photonics sooner with PoW than without. What about an incentive to develop new sources of energy, solar or geothermal, PoW might be that incentive.

The bottom line is that with PoW a neutral algorithm judges the innovation, in PoS - corruptible humans and entrenched interests do the judgement, and so far they have been instrumental in suppressing anything that challenges them.

Even though on the surface two schemes might seem somewhat similar, they are fundamentally different:
PoW - neutrality, freedom of innovation, hacker mentality, equality of opportunity, game of skills
PoS - entrenched interests, corruptible humans, oppression, inheritance of wealth, game of luck

*Sigh*

Which POS?

It's not a "flaw", it's a checkpoint every 14400 blocks, which equates to 10 days. So if your server goes offline, or forks, for longer than that, then you need to download the chain from a trusted party, which usually comes from nxtcrypto.org or nxtbase.com (Or nodes that are trusted by them.). Did I read something wrong?