Topic: Proof-of-stake is more decentralized, efficient and secure than PoW- white paper (Read 9984 times)

Hi Funkenstein,

Thanks for the feedback

The duplicate stake detection mechanism's purpose is to prevent miners from mining on multiple chain when a natural network fork occurs. Without this system miners could mine on both (or more) forks in order to avoid having their block orphaned and this would hurt the consensus.
It's not a security measure against people creating a fork in order to rewrite the transaction history.


I'm not sure I get what you mean by that? Your probability to win depends on the size of your stake.
Let's imagine you and I both own 100 neucoins.
If we mine separately, we both try once per second (therefore, together we try twice per second) to find a solution to:
hash(kernel)
If we put our coins together, we will once per second try to find a solution to:
hash(kernel)
So it's exactly the same as trying once per second to find a number between 1 and 1000 or trying twice per second to find a number between 1 and 2000. The odds of succeeding are the same.

Oh good, more pimping of PoS  again.  The solution in search of a problem which presents its own problems before finding a problem it could solve, we have seen many times before.  This should be fun.  Mostly the paper tries to address security concerns that PoS introduces.  Fair enough, that is an interesting topic and all we can really discuss because in the end I don't think there is really a use for this.  Bitcoin works fine thanks.   But lets forge ahead with the paper:  


Notice that the "bedrock of PoS" claimed here is that you have to keep your coin online and staking just to stay up with inflation.  As a maximum reward you get: the same percentage of the money supply you had before.  This by itself doesn't sound so bad, at least we are used to it in the fiat world.  Six percent annual inflation planned forever.  So lets continue:


I'm not sure I follow this.  If I were trying to do a reorg. attack (grinding, in the terminology of this paper) to rewrite some history, I am not going to broadcast anything until I have found a chain that works.  Then, when I broadcast it, it will not have any duplicate stakes.  It will follow all the rules.  


Well this is actually a good point, and does address a potential problem worthy of discussion.  This is a problem of economics, not of PoW.  For example, one could create a PoW currency that also gave a 6% annual inflation.  The money supply curve is important.    


OK, so now we see that the best way to mine NeuCoin is to form massive pools.  This is not incentivised due to smaller more regular payouts like it is in bitcoin, but a directly higher return due to the formation of a larger UTXO balance.  This looks completely broken to me.  Am I missing something?  



Exactly.  PoS is just a PoW algorithm, where the work is a bit different.  Now the work is aquiring coin, and (once again) doing some hashing.  What's the difference?  Nothing really.  If you aren't substantially rewarding your miners (stakers), your security sucks.  (cough, not mentioning names)  Miners and stakers have a variety of tricks they can play to and a lot of motivation to behave efficiently.  Bitcoin is incredibly efficient for this reason.  Claims of inefficiency are typically made by outsiders who don't understand the business.  Who do you think is best qualified to judge the efficiency of a mining operation?    

Anyway, thanks for posting.  This has been an interesting read, much better than I expected from the glossy page and Proof of Stake hype, and I commend all efforts to better understand coin economics.  

Cheers --  funkenstein the dwarf


 
 

The magic number is 4

https://blockchain.info/de/pools

It would only be more decentralized if the stakes are also more decentralized. Especially concerning PoS is mostly used in smaller Altcoins, this is a highly questionable claim...

Since this doesn't appear to be clear, we'll be updating the white paper with a more detailed explanation of why the attack you describe is impossible.
I think you're mistaking what the minimum stake age does. The fact that the attacker cannot mine when sending his coins to himself has nothing to do with the fact that the chain he's building will eventually be accepted or not.
I agree that this discussion isn't going anywhere so I hope you'll take time to give some feedback on the update version.

This will be my last post in this thread because you just don't get it or don't want to get it.  I've made my points very clear several times.  Not saying I'm infallible but we aren't moving forward with a productive discussion.

As I already explained, if he sends coins to himself using an attack chain, and the chain is not accepted by the rest of the network , then nothing has changed in his UTXOs, including the stake age, thus allowing him to try again and again until that chain or another chain is accepted.

Those are my criticisms...you had an ample opportunity to address them.  The white paper and yourself
seem to miss these known issues with PoS.

Nothing really new here and nothing to prove " Proof-of-stake is more decentralized, efficient and secure than PoW".  

The research of cynicSOB is appreciated, although APEX was a dead coin (only ~10% active stake) that used coin age (bad idea)

in PoW: http://www.reddit.com/r/Bitcoin/comments/o6qwx/lukejr_attacks_and_kills_coiledcoin_altcurrency/
PoW is doomed.

hint: Do you think Bitcoin is insecure because Luke-Jr. killed a PoW coin?

The high quality, in depth research you do before you post is showing through again  


The message you posted is from the admin of Bittrex, an exchange. The attacker was CynicSOB who Nxters invited over to attack Nxt, even set him up on the testnet and let him have as much testNxt as he wanted to try and recreate the attack. That was mid January. Cynic has so far failed to recreate this attack in Nxt, even in the benign environment of the testnet. Read the full thread here:

https://nxtforum.org/testnet/nxt-security-audit-attack-simulations-on-testnet/


Apex coin can only be taken as the poster child of POS if GlobalCoin or Vootcoin can be taken as the same for POW  

Exactly and that's the point I'm trying to make!
Every time an attacker sends coins to himself, his coins must wait minimum stake age to be able to mine. This will cause a lag that will make it impossible for an attacker to catch up no matter how many times he tries!
Therefore, to succeed an attacker needs the equivalent of ~50% of the mining coins.



From what I gathered from the thread, this attacker doesn't even try many times, he simply accumulates >50% of the block generation power.
He attacks a coin which has ~10% of coins mining and that uses coin age.
He was able to conduct a temporary 51% attack with 0.07% of the coins.
10%/0.07%~71
So what he did was just accumulate coin age for ~71 days. This is the reason NeuCoin doesn't use coin age.

In order to improve the whitepaper, I was wondering if you've read the technical part. I feel like maybe some points should be made clearer since I'm having a hard time making my point

Simple, he just constructs different blocks of different transactions
sending coins to himself.  Different addresses, different
amounts, different timestamps, whatever.
 
Not only can he try endless combinations for each block in
order to make sure he meets the requirements to forge
that block, he can build as many blocks in a row as he
wants.

Moreover, if he builds a good attack chain and it wasn't
accepted, he can (a block later, or at any time) start
over and try the whole process again.

FYI, there is some guy named Bittrix who is demonstrating
successful attacks on PoS coins, so its no longer just
theoretical.  https://bitcointalksearch.org/topic/m.10169983
 

Yes. Good if the issue is solved.

Ohhh are you referring to the CPU measurement thing, cause that was 1 year ago, Gridcoin has changed a lot since then.