Pages:
Author

Topic: PPCoin Criticism / Security / etc - page 2. (Read 5861 times)

legendary
Activity: 2940
Merit: 1090
November 27, 2012, 10:50:02 AM
#8
Looking at the code, it seems to basically be solidcoin without maybe only one master-node instead of several master-nodes.

I tried to hack out all proof of work nd all checking of checkpoints but then both sides seem to wait for the other to start saying something.

So possibly it won't even do anything until it gets a go-ahead from the solid node or something.

Since without proof of work blocks coins have to come from somewhere, I set the minimum reward for a proof of stake block to one coin.

The fact they won't even talk to each other is nasty though, it seems to imply that there is expected to alredy be something out there to get and that someone you connect to will push it at you.

I have been awake too long now to track down exactly why tht happens until after I sleep.

Cunicula it does seem likely you are correct that the whole proof of work thing is only there to provide an excuse for being controlled by the solid node(s) in the usual solid central control style system we have seen so many times before. I did try to put into the counting up of coin ages  max of 90 days per each coin it found.

Maybe my problem is there is no coin-age initilly so maybe it does not try to make a stake block thus does not get the free minimum one coin reward for making a stake block. i might have to make it always have one coin's worth of chance to try, or something, in the case where it has no coins initially.

An incentive to be online is for transactions to get processed, since with stake blocks being the only blocks no transactions will go through unless at least one node stays online long enough for a block to get created; and maybe also the less people who are online trying to make a stake block the longer it maybe might take for one to be made. 9that one lone person who made one maybe used all his coin-age so needs 90 days to recover... so initially it might need at least 90 wallets to have been created in order for one block a day to be able to be made...)

-MarkM-
legendary
Activity: 1050
Merit: 1003
November 27, 2012, 06:07:02 AM
#7
I suggest the fork do at least the following three things:
1) Stop all PoW generation.
How would you solve the fairness of initial distribution problem, without POW?
You can buy the currency if you want to invest in it. You can give it away if you want to promote its use. At the outset I would have supported the infamous premine coupled with bounties to get stuff done.  PoW generation is not doing much to promote adoption these days.

2) Remove centralized checkpoints.
How else to protect a nascent blockchain?
The reason the checkpoints are necessary should be because of PoW generation. I hope that's the reason.
If not, we need to know what these checkpoints are for. We can't find out as long as they are there and no one tells us.

3) Cap interest accumulation at 90 days. [Incentive to keep node running is much too weak right now.]
I thought that this is implemented:
Quote
CBigNum bnCoinDay = CBigNum(nValueIn) * min(txNew.nTime-pcoin.first->nTime, (unsigned int)STAKE_MAX_AGE) / COIN / (24 * 60 * 60);
STAKE_MAX_AGE is set to 90 days.
This is for coin generation. Not for the amount of interest you are paid. PoS security is directly proportional to the amount of coin-age currently on line.
If I don't earn more by being online often, then there is no incentive to come online. Instead I can just hold my PPCoin until I want to cash out.
Then quickly generate my stake block and sell. This does do much to secure the network at all. I should be generating many stake blocks to earn my interest, not just one.
The cap ensures that I have to come online at least once in a while.

Inclusion of PoW also defeats the point (it is like PoS but also incorporates the implicit fees and waste of PoW).
waste is an issue. However, what's more important is network security. So introducing PoS is a significant alteration in the resilience level.

I think waste is a big issue. To me, PoS schemes are attractive because a) they are secure b) they are efficient and cheap.
Efficient and cheap means no PoW inflation tax and minimal txn fees.
 
donator
Activity: 994
Merit: 1000
November 27, 2012, 05:34:59 AM
#6
I suggest the fork do at least the following three things:
1) Stop all PoW generation.
How would you solve the fairness of initial distribution problem, without POW?

2) Remove centralized checkpoints.
How else to protect a nascent blockchain?

3) Cap interest accumulation at 90 days. [Incentive to keep node running is much too weak right now.]
I thought that this is implemented:
Inclusion of PoW also defeats the point (it is like PoS but also incorporates the implicit fees and waste of PoW).
waste is an issue. However, what's more important is network security. So introducing PoS is a significant alteration in the resilience level.
legendary
Activity: 1420
Merit: 1010
November 27, 2012, 05:27:32 AM
#5
Anyone know where i can get the namecoin daemon or client for windowes is?
hero member
Activity: 826
Merit: 500
Crypto Somnium
November 27, 2012, 05:21:46 AM
#4
watching.
legendary
Activity: 2128
Merit: 1002
November 27, 2012, 02:43:30 AM
#3
watching.
legendary
Activity: 1050
Merit: 1003
November 27, 2012, 01:49:23 AM
#2

At present, I've concluded there are only a few 'legit' remaining alt-coins at the moment (ie. not dead yet) , with varying degrees of legitimacy.

Litecoin (LTC)
PPCoin (PPC)
Namecoin (NMC)
Devcoin (DVC)
Terracoin (TRC)
Liquidcoin (LQC)


All of the remaining alt-coins which are not dead are Bitcoin Forks -- with the two main exception being PPcoin (using 'proof of work' along with 'proof of stake') and Liquidcoin (which is based on Tenebrix and modified Bitcoin).

The main advantage of a pure Bitcoin fork (Litecoin, Namecoin, Devcoin, and Terracoin) is that the security model is well analyzed, and the strengths and weaknesses are well-known.   Yet we avoid the existing bureaucracy and codebase from Bitcoin, allowing the development to take a different direction from BTC.

However, this 'inheritance' of Bitcoin's security model certainly does not apply to PPcoin.

I have yet to see a comprehensive whitepaper or design document on PPcoin.   There is a complete lack of transparency with PPcoin, and it seems to be based upon novelty of 'proof of stake' without any comprehensive cryptographic rationale.

Criticisms of PPcoin:

(1) The author has not published a Design Document or a Protocol Specification ... only an extremely shallow non-academic whitepaper , which prevents analysis of how addition of proof-of-stake affects the security model.

(2) The author is not amenable to community suggestions (such as integrating the proof-of-stake and proof-of-work blocks together, rather than keeping them separate) to increase security.

(3) There have been numerous criticisms regarding the PPcoin protocol security on these forums, but the PPcoin author seems to take a 'trust me I'll fix it in the next release' approach to security.  Why rush to release PPcoin in an immature form (with an awful name), rather than taking the time to get the design right from the start?   Arrogance and secrecy is not a substitute for security.

(4) It appears the PPcoin algorithm uses SHA256 rather than Scrypt.  Why is this fact so buried (in that we need to wade through the source to learn about it?)  

(5) Lack of transparency.  There is not an open discussion of flaws, strengths, weaknesses and possible attacks.  These are shot down by the author as being 'unrealistic' even though these attacks (accumulating 'stake' to attack the protocol) are quite realistic.

(6) The phonetic name "Pee-pee coin"... Would Coca-Cola have succeeded if it was called "PP-cola"?

As such, I do not consider PPcoin to be a secure alternative cryptocurrency.   Certainly not until the PPcoin author takes the time to draft and publish a comprehensive and detailed design document and/or protocol specification (with rationale for design choices, strengths, weaknesses, etc) to the community (rather than suggesting the community wade through the source code , and reverse engineer the protocol from the source).



What you say is mostly true. However a cryptographic rationale and novelty seems like a very poor choice of words. You could have made the same accusations against bitcoin long ago. They miss the point. Proof of stake has a powerful economic rationale that is completely independent of cryptography (e.g. it is how most decision-making authority problems are handled in the real world). We have joint-stock companies because this form of organization is very effective. PoS is a very close analogy to a joint stock company.

I prefer a gamble (PPCoin) to something that I am pretty sure will collapse due to many layers of agency problems (everything but PPCoin).

There are a few possible explanations for PPCoin's lack of transparency:

1) PPCoin developers are really awful at English Communication.
2) PPCoin developers are really awful at PR.
3) PPCoin developers are jealous and afraid of being copied/outdone. (open source, but not open interpretation of source)
4) PPCoin developers know something bad and they are hiding it strategically.

I'm hoping it is (1)-(3) and not (4). Who knows?

I also hope that someone will fork PPCoin and adopt transparency, that would be great.

I suggest the fork do at least the following three things:
1) Stop all PoW generation.
2) Remove centralized checkpoints.
3) Cap interest accumulation at 90 days. [Incentive to keep node running is much too weak right now.]

If it works without PoW and checkpoints, then we will have more valuable real-world data. Right now the use of PoW is just an excuse for including checkpoints as far as I can see. [e.g. the PoW guys can make currency and accumulate a majority of stake and destroy us. It's convenient FUD.] Inclusion of PoW also defeats the point (it is like PoS but also incorporates the implicit fees and waste of PoW).
newbie
Activity: 8
Merit: 0
November 27, 2012, 01:38:34 AM
#1

At present, I've concluded there are only a few 'legit' remaining alt-coins at the moment (ie. not dead yet) , with varying degrees of legitimacy.

Litecoin (LTC)
PPCoin (PPC)
Namecoin (NMC)
Devcoin (DVC)
Terracoin (TRC)
Liquidcoin (LQC)


All of the remaining alt-coins which are not dead are Bitcoin Forks -- with the two main exception being PPcoin (using 'proof of work' along with 'proof of stake') and Liquidcoin (which is based on Tenebrix and modified Bitcoin).

The main advantage of a pure Bitcoin fork (Litecoin, Namecoin, Devcoin, and Terracoin) is that the security model is well analyzed, and the strengths and weaknesses are well-known.   Yet we avoid the existing bureaucracy and codebase from Bitcoin, allowing the development to take a different direction from BTC.

However, this 'inheritance' of Bitcoin's security model certainly does not apply to PPcoin.

I have yet to see a comprehensive whitepaper or design document on PPcoin.   There is a complete lack of transparency with PPcoin, and it seems to be based upon novelty of 'proof of stake' without any comprehensive cryptographic rationale.

Criticisms of PPcoin:

(1) The author has not published a Design Document or a Protocol Specification ... only an extremely shallow non-academic whitepaper , which prevents analysis of how addition of proof-of-stake affects the security model.

(2) The author is not amenable to community suggestions (such as integrating the proof-of-stake and proof-of-work blocks together, rather than keeping them separate) to increase security.

(3) There have been numerous criticisms regarding the PPcoin protocol security on these forums, but the PPcoin author seems to take a 'trust me I'll fix it in the next release' approach to security.  Why rush to release PPcoin in an immature form (with an awful name), rather than taking the time to get the design right from the start?   Arrogance and secrecy is not a substitute for security.

(4) It appears the PPcoin algorithm uses SHA256 rather than Scrypt.  Why is this fact so buried (in that we need to wade through the source to learn about it?)   

(5) Lack of transparency.  There is not an open discussion of flaws, strengths, weaknesses and possible attacks.  These are shot down by the author as being 'unrealistic' even though these attacks (accumulating 'stake' to attack the protocol) are quite realistic.

(6) The phonetic name "Pee-pee coin"... Would Coca-Cola have succeeded if it was called "PP-cola"?

As such, I do not consider PPcoin to be a secure alternative cryptocurrency.   Certainly not until the PPcoin author takes the time to draft and publish a comprehensive and detailed design document and/or protocol specification (with rationale for design choices, strengths, weaknesses, etc) to the community (rather than suggesting the community wade through the source code , and reverse engineer the protocol from the source).

Pages:
Jump to: