Topic: "Proof of Stake alone is considered to an unworkable consensus mechanism"? (Read 654 times)

I think a lot of coins have been forking Blackcoin for PoS for the last while. And I'm not sure but I'd assume that Blackcoin is a modified fork of older Peercoin/PPCoin.

I know NXT and BitShares have their own PoS implementations but most PoS coins currently out there are based on Peercoin aren't they? And Peercoin was the first implementation of PoS.

He only made one edit though. Most of the article was written by Cunicula who was one of the earliest pioneers of proof of stake.

He only made one edit though. Most of the article was written by Cunicula who was one of the earliest pioneers of proof of stake.

Seeing Luke-Jr as one of the contributors to an article is enough to trash it without reading.

To be fair, if you read the rest of the article then it's actually not at all negative about PoS. It even speaks quite positively about it in the "Motivation for Proof of Stake" section. That one sentence stands out and isn't really expanded upon, as it only appears to have been added in the most recent edit.

Hi JG! 

All serious research into POS has shown that "Nothing at Stake" is the bogey man that POW/Bitcoin Maximalists use in in fear tactics.

This may have been possible for the earliest POS coins, but newer, solid implementations have nothing to fear. That is what the research says (5-6 full research papers with statistical models are available for those who want to go neck deep into the specifics):...

...This research is specifically into Nxt's POS mechanism. If unsure about your POS coin, ask your dev what POS implementation it is based on.

Man, this page has a much higher credibility ==> http://9gag.com/wtf.

Link: https://en.bitcoin.it/wiki/Proof_of_Stake

To summarize the discussion, known claimed attacks on proof-of-stake distributed consensus algorithm(and concrete implementations) at the moment:

1. Short-range attack  - attacker can offer better chain started few blocks behind current canonical chain. The attack is possible at the moment, the only likely outcome though is just gathered fees increase for an attacker. In our simulations this kind of attack is possible mostly when a long delay occurs due to low target. By the way, the attack has positive aspect for network, as it shorten delays average between blocks. So attacker gets extra fees for a good job done  

2. Long-range attack - attacker can start fork hundreds or thousands blocks behind current chain. From our investigations the attack isn't possible.  

3. Nothing-at-stake attack - not possible at the moment! Will be possible when a lot of forgers will use multiple-branch forging  to increase profits. Then attacker can contribute to all the chains(some of them e.g. containing a transaction) then start to contribute to one chain only behind the best(containing no transaction) making it winner.  Previous statements on N@S attack made with assumption it costs nothing to contribute to an each fork possible and that makes N@S attack a disaster. In fact, it's not possible at all to contribute to each fork possible, as number of forks growing exponentially with time. So the only strategy for a multibranch forger is to contribute to N best forks. In such scenario attack is possible only within short-range e.g. with 25 confirmations needed 10% attacker can't make an attack. And attack is pretty random in nature, it's impossible to predict whether 2 forks will be within N best forks(from exponentially growing set) for k confirmations. So from our point of view the importance of the attack is pretty overblown.

4. History attack - attacker can buy whale's private key for $5 and build alternative story. Solved with some checkpoints now, located behind max rollback possible, so the solution is not so scary in terms of centralization etc.


If you know any other kind of attack, please add. Please note IPO properties of a concrete coins etc isn't related to proof-of-stake distributed consensus problems.

And Consensus Research is going to work on better proof-of-stake prototyping & implementation !

Proof of Stake is a proposed alternative to Proof of Work. Like proof of work, proof of stake attempts to provide consensus and doublespend prevention (see "main" bitcointalk thread, and a Bounty Thread). Because creating forks is costless when you aren't burning an external resource Proof of Stake alone is considered to an unworkable consensus mechanism.[1]

It was probably first proposed here by Quantum Mechanic. With Proof of Work, the probability of mining a block depends on the work done by the miner (e.g. CPU/GPU cycles spent checking hashes). With Proof of Stake, the resource that's compared is the amount of Bitcoin a miner holds - someone holding 1% of the Bitcoin can mine 1% of the "Proof of Stake blocks".