Topic: Proof of Proof - an alternative to proof of ___ systems - page 2. (Read 2566 times)

There's nothing special about energy. PoW requires money to work. Someone needs to pay for the amount of hashing required to protect the network, and it may mean Bitcoin is not as cheap to use as we would like.

And even that is only if we can find a technical way to collect this money - the way things are looking, due to tragedy of the commons on the part of both users and miners, this will be quite difficult once the coinbase is out of the picture.

I've seen this argument many times, but never were there any numbers to back it up.

Mining is just a signal to synchronize transactions. As long as the power to signal is in the hands of those with the most incentive not to abuse it it should work. I see no justification for a conservation law saying the signal must be the waste of resources.


That said you have made some valid points about practical issues that will need to be ironed out.

Somewhat resilient, in theory.  You make the assumption that compromising a majority of stakeholders would be difficult, but you cannot know if that is true.  I know exactly how difficult it is to defeat PoW, at any given point in time.  Knowledge of the issue is, in it's own way, a form of security.


Harder, perhaps.  Impossible, no.  Impossible for a third party cryptocurrency user to audit that difficulty, yes.  What if Bitcoin were to use PoS?  How would, say, the US federal government go about attacking or undermining the system?  I can think of several methods that a well helled and well organized group, such as a soverign government who doesn't like Bitcoin, or a group like Anonymous, might be able to employ to take over the blockchain that could not be employed against PoW, period.  PoW is a simple & elegant solution, your pet issue with it is that it requires energy to work.  The current financial system uses an order of magnitude more energy, but so what?  It's that very resource cost that makes a 51% attack not worth the effort.  If there is leverage employed int hte proof system, that same leverage can be used against the ssytem.  There is no way to avoid this possibility except to not employ leverage.


This isn't relevant.  Compromising a pool does not imply that said pool can do more than it already could, and is very likley to signal to the pool users to move to another pool.  While a PoS 'pool' retains the advantage simply by possession of the correct keypairs.  If I were to compromise your PoS miner, and take your keypairs, I might simply choose to wait to attack. i can wait for as long as you remain unaware that your keys have been compromised, and attack at will using your keys as well as those stolen from other major miners.  When the attack comes, it would be swift and without warning.  Another reason that the PoW system is not related to the account system.


Nonsense, because Trust in this context is persistant.  PoW has no persistant condition.  PoS most certainly does.  The leverage that such persistant trust modes present the trusted users with also presents an attack vector.

1. The system is somewhat resilient against malicious stakeholders. You'd need to compromise a majority of voting coins to even think about an attack, and even then your power is limited. The existence of many different stakeholders is an advantage.

2. The stakeholders have no shortage of ways to secure their voting rights, such as multi-signature transactions. That would make them much harder to compromise.

3. Hashing is done on computers too, which can also be hacked. You might argue that a hashrate attack requires sustained control of the machines, but I think the same can be said about probabilistic proof of stake.

Put differently, PoW definitely elevates particular nodes to trusted status - those that are in control of large hashrate.

I've read your's and Cunicula's work on Proof of Stake.  It's not a solution to anything.  It's a security hazard.  As I've mentioned in those threads many times, and which tends to be ignored, is that PoS creates nodes with special 'trusted' status based on a prior proof of stake.  This moves the greatest of security risks from that of a 51% brute force attack in the case of PoW, to whatever security models are being used by the most trusted nodes.  Thus, the security of the blockchain is dependent upon the security of several different groups, any one of which could have a security flaw in their own systems that permits an attacker to gain access to their node, and thus turn a trusted node (with much PoS to be had) into a malicious node in an instant.  Furthermore, such trusted nodes cannot be audited for their own security by others.  PoW does not have such a problem, as it never elevates particular nodes into any form of trusted status, regardless of their past history.

While PoS has a long history in meatspace, it has nearly zero useful application in cyberspace.  Bitcoin's security model does not depend upon the security models of others.

With all due respect, proof of stake is a real solution to a real problem. (Which I have discussed at length elsewhere.)

I have no idea what some implementation attempts have made, I'm talking about designs such as those suggested by cunicula and me.

Proof of stake has a practical history that extends back to the industrial revolution, or to ancient Greece, depending on interpretation. What's your point?

Can you distill it until it is 190-proof or at least 151-proof?

I've got a novel one, that I think I'll call 'Proof of Work'.  Of course, it's not really new, and happens to be the only one that has any kind of track record.  It's also the only one that has a theoretical history that extends back to the 1990's.  But I'm sure all these other 'Proof of Whatever' methods will work just as well!

I was wondering how long it would take before someone decided to mock all this 'Proof of X" bs.

Disregard this, I am writing up an even better proposal called Proof of Metaproof.

My proposal is formulated as a sane alternative to Proof of Spoof, and the less technically sound Proof of Goof.

So blocks can only be generated by providing novel proofs to Millennium Prize Problems? I'm all for it.

What do you think?