Topic: Proof-of-stake is more decentralized, efficient and secure than PoW- white paper - page 2. (Read 9984 times)

Has Gridcoin solved the issue with the exploit that allowed to generate reward without doing actual work?

This is why Gridcoin was made, a POS hybrid that determines the block reward based on Boinc science work. http://btcfeed.net/news/gridcoin-cryptocurrency-scientific-distributed-computing/

http://wiki.gridcoin.us/Proof-of-Research

Of course the attacker can try as many times as he wants I never said the contrary, what I'm saying is that he will never succeed


I guess we're having a hard time understanding each other!

Let's do it differently, if you want give me some hypothesis: total UTXOs the attacker owns, what kind of attack he want to conduct (i.e. how far behind the attacker starts his fork) etc. and I will prove you mathematically that he will never succeed if he doesn't own a very large portion of the mining coin.
The fact that he can try many times doesn't help him.
Otherwise, maybe you could describe how the attacker tries many times and what he does to get different outcomes cause that's the part that's unclear to me in your explanation.

Looking to NeuCoin's documentation I found this:



This is a serious concern in a POS coin. Two entities with 2/3 of all coins?

Also, there's a lot of bullshit, like the issue about Bitcoin's popularity (with a graphic comparing active users of Candy Crush with Bitcoin, which clearly show they don't understand Bitcoin, being experimental, still can't achieve that level of users), ICO instead of IPO, a lot of marketing about micropayments as if this is really a new thing, restrictions about your rights to decide what you can do with your own coins, hemisphere-oriented dates, false claims about the relation between Bitcoin halving rewards and transaction fees, claims you need to have 51% of all coins to do a 51% attack instead 51% of staking coins,  ...


http://www.neucoin.org/en/wiki/


Proof-of-capacity allows a cheap mining-way without these false claims about "ASIC-resistance".

In proof-of-work or in proof-of-capacity you are a direct investor in the coin too. If you start to abuse with your hash power, the price of the coin will go down, which affects your rewards.

I agree about POA, because it rewards you for running a node. Even if it doesn't give an economic return, contributing to the security of network is very simple and cheap, you can do this even with a Raspberry Pi. Even better, in opposite to POS, it can be used to distribution.

The only merit which I can see in proof-of-stake is for creating a more cheap way to securing the network. But in a very questionable way. In order to minting and profit, you need to have a lot of coins in an unlocked wallet at an online computer. Sounds very good at the security point, doesn't it? Also, it doesn't work as a distribution model and makes the spending of the coin an uninteresting thing.

People also forgets why Bitcoin needs to be proof-of-work. If Bitcoin was born as POS-only, it would be dead, because there would be no way to distribute the coins. How would be possible to buy bitcoins at the beggining, specially from unknown entities?


The proof is cryptographic. Or not.

As opposed to mining farms, which are developed and owned by the destitute?

And that, in a nutshell, is why deciding chain priority by "coin days destroyed" is a basically broken idea.

It gives the attacker the opportunity to generate more priority in the attack chain, simply by spending the double-spent coins at a later point in the attack chain.

There you have it you have basically answered your own question haven't you?

This is the cycle of life though the rich will always get richer whether crypto or in fiat the world has been designed for it to do exactly that.

An oligopoly of corporate miners has taken control of the Bitcoin network - decentralization is gone. << I agree to this and now see it as no different to the private bankers who have the power to print money, it is the same centralized power they both have.

I would like a mix of POW for a long period but that uses HDD like burst or you are able to mine from your computer longer then changes to POS when the chance has been given for a lot of different people to accumulate.

No, you are not clear.

Look, an attacker can build any number
of DIFFERENT "branches" or chains very quickly.

Whether this so-called "kernel" changes
as a result of the various permutations of
transactions and blocks he's put together,
or whether it remains the same because the staking UTXOs
are the same, really doesn't matter.

Why doesn't it matter?

It doesn't matter because if the chain isn't accepted, the attacker
still has his UTXOs and can try again.

So either way, you do not need to change your UTXO set to
try more than once. The only way to force that would be to start having stakeholders
penalizing other stakeholders if they spot a false chain being broadcast, but
that opens a whole new can of worms, issues, and attack vectors.

The bottom line is that if the attack chain isn't accepted, you still
have your stake age, and there's nothing stopping you from trying again.

EDIT: The fact that the "hashes are deterministic" is really saying
nothing at all.  That always is the case.  How could they be random?
(Who would be generating the random numbers and how would they
be verified?)  So yes, you would need to change the attacking
chain to get a different outcome against a different main chain,
but there's nothing stopping you from doing that.

I can't wrap my head around why this idea is so widespread. Maybe a detailed post should be written about it.
What do you mean by "it makes the richest richer"?
People earn coins according to the capital they've invested in the currency (be it in mining hardware or coins). How would you distribute a coin differently?
If anything, PoW is less democratic because people with access to capital enjoy high economies of scale, which by the way is the main reason why small Bitcoin miners are have been going out of business.

Because if he tries again with the same kernel, he will produce exactly the same branch.
I'm not sure if this is clear or not. The hash being deterministic, the only way to try again (i.e. to try to obtain a different outcome) is to change the kernel.

I'm not a big fan of Proof of stake because it just makes the richest even richer, not a ton of room for competition.

@koubiac,

You say that the only way for the attacker to try again
is to change the kernel, but if their attack fails
(chain is not accepted), then why can't they try
again with the same kernel?

@come-from-beyond, maybe you are not stupid; there is a
certain cognitive bias that causes us to lend more credibility
to white papers, but if you post the link to the paper
and point out what section it is in, I'll take a look.

I deeply doubt that given the very limited understanding of PoS that Bitcoin developers have.
The very fact that when asked about PoS in his reddit AMA, Gavin simply provided a link to Andrew Poelstra's paper (Distributed consensus from PoS is impossible) which provides no solid proof whatsoever makes it very hard to believe that they are totally unbiased.

Sure nowadays everyone want to be the stake holder and rule others, but the real world does not work that way, since users are also getting smarter each day. In a free market, you either take huge risk or putting huge amount of resources to get some value in return, no shortcut  

The issue with discussion about grinding is that as long as you don't go into specifics it's difficult to really make progress!!!
I didn't say it was "difficult" to compute but that grinding was made extremely inefficient.
An order of magnitude, is that an attacker with 1 ASIC miner (1TH/S) would need ~33% of the mining coins to perform a 51% attack while an attacker with the entire hash rate of the bitcoin network (~300PH/S) would need ~30%. That's what ennificient means.
The advantage you can get through grinding is highly non-linear.

More generally, it's difficult to answer objections about grinding if the argument specify through which parameter you are trying to grind.



What is difficult (actually probabilistically impossible without large portion of the coins) is to build a chain that is longer than the main chain at any point.
Let me explain, using a relatively simple example:
Unlike in PoW, building a chain in PoS doesn't take time. You could create a fork and know practically immediately what the trust of your fork will be X days from now.
Let's imagine you've got 10% of the coins. What is the probability that you'll be longer than the main chain after it has built 10 blocks? The answer is ~10^-6

From that, you'd be tempted to conclude that you can try again ("grind") many times and that at some point you'll win, because after all 10^6 attempts is nothing even for a laptop.
However, and that's where specifying what you grind through is important, the only way to "try" more than once is to change the kernel of your 10% of coins mining. The best way to do that is to change the parameters of the kernel inherited form the UTXO by sending all the coins to the fork. That's when the minimum stake age kicks in. It will prevent these stakes from mining for 1.6 days (in NeuCoin's case) so the attacker's fork will basically be "losing" 1.6 days worth of blocks he could've mined had his stakes been allowed to.

This period during which he cannot mine is devastating for his performance. It's similar to starting 1.6 days behind in PoW. With 10% the probability to succeed is null.

Maybe another thing I should point out is that nodes do not accept blocks created with a proof that has a timestamp too far in the future (otherwise forking would obviously be trivial).








Maybe I'm missing something, but it sounds like a self-defeating argument:

"We'll prevent this from turning into proof of work by making it really
hard to compute." 

I must be stupid because there is a whitepaper that proves the opposite to "more chains = weaker security" and I can't get how adding "more reorgs" in the middle changes things so drastically.

We must support btc i dont care miners
At fact, i prefer pow but we need a halving soon haha

To address your point:

...it is the only reasoning required.

I'm not sure how much elaboration is possible, as this is a fundamental concept.
Reorgs are the manifestation of the breakdown of distributed consensus
in a blockchain and should be ideally minimized both in frequency and in severity.

I'm sorry, but you are obviously not interested in any kind of discussion that takes us a step further:
Why else would you state such things as facts 

And thanks for the supply and demand lecture that's of course a true statement but also another head-shot for our discussion.

johnyj wish you all the best and hope the box you're living in grows over time.

Umm, it seems like pretty sound reasoning to me.  much, much better reasoning than the ten words of yours I just quoted. 

I accept as an axiom that the purpose of the block chain protocol is to come to a shared consensus about what actually happened and what therefore can happen next. 

A reorg means that consensus is not shared -- therefore meaning, for the time that it persists, the purpose of the block chain protocol is not being fulfilled. 

Because a lack of shared consensus is a condition that enables people to double spend, or allows people who have been paid to have those payments undone and be deprived of their money, I characterize this failure as a "security failure." 

This is crystal clear.  Are you trolling, or just stupid?