Topic: Proof-of-stake is more decentralized, efficient and secure than PoW- white paper - page 3. (Read 9984 times)

A reorg is a reorg, meaning not everyone is on the same page (consensus) as far as the blockchain history,
and that's a bad thing, regardless of how the blocks of transactions are being chained together (Pow or Pos).

More reorgs = weaker security is correct... for PoW. For PoS you are supposed to provide reasoning that proves your claim.

Regarding multiple chains, the simplest way to put it is: more chains = more reorgs = weaker security.

I haven't, no  but research (with published models to review their findings) say they "mining on every chain" is a benefit to the network as the number of branches you see grows expontially with time and so tends towards proof of work when trying to "simply build a longer chain". As the nothing at stake criticisms haven't progressed beyond vague words and hand waving, Concensus Research defined 4 different definitions, based on the forum debates.

You seem an open minded person take a look here: https://bitcointalksearch.org/topic/nothing-at-stake-long-range-attack-on-proof-of-stake-consensus-research-897488

Keep an eye out for the paper on multibranch forging ("mining every chain you see")

Please answer the question: "what if something cannot be mined, how is the price determined?"
(Let's forget about PoS or PoW for the moment)

Have you invented a protocol in which it does? If so I'd be genuinely interested in how it works. Remember, the primary point of block chain protocol is to swiftly and impartially come to a shared consensus of what version of history we believe.  If someone says "all of them" then by any methodology we understand now, it doesn't help much. 

Why do you think this? What if "mining on all branches you see" in POS actually made the network more,  not less, secure?

Never read any of the other papers, and not going to debate this with you again.  Feel free to post the link to the white papers and let readers make up their own mind.

Finally, and most crucially, you have to have a limited finite resource (in TaPoS, the transactions committed to one side of the fork or the other) that cannot go to both branches of a fork, or else you have the nothing-at-stake problem.  

Dispite going over their findings several times, you choose to see what you want to see. Concensus Research themselves say the 1% attack described by Vitalik is garbage. You claim to understand but you only refer to their 3rd published paper which suits your opinion if you ignore everything else they said. And you have thr gall to accuse others of inverting!   

This being the 5-6th time we have discussed this same thing, it is obvious this is some kind of religious debate to you. So I'll leave it to others to repeat themselves and re-rake over old ground.

Ironically, someone recently published a PoS reseach paper with software
(I think they called themselves "consensus research" or something),
and they actually showed that the nothing-at-stake
attack was real and that even with a 1% stake,
an attacker can cause problems.  Several PoS
proponents then inverted their conclusions on this forum, claiming
that it proved how safe PoS is! lol.

Right.  An attacker can play all sorts of silly-buggers with a TaPoS system in the short run; that's why I can't recommend it on its own.  So, yes, I'm envisioning a system with PoW mining as well, and the people making transactions getting paid for block chain security in the same ratio against the block subsidy that their transactions are counted relative to PoW mining for purposes of resolving blocks.  That's why "almost" as good as PoW.  

A TaPoS system becomes secure only when the "law of large numbers" means that the number of tx per block gets huge and starts to be a fairly constant amount -- the way mining effort is in a PoW system.

Staking a certain block means that when Alice sends Bob 5 coins, she gets paid a "stake security payment" amounting to interest on those 5 coins if she specifies ("stakes") a  very recent block that the transaction then depends on. The transaction has that block ID recorded in it, and isn't valid in any block chain that doesn't include the block Alice staked.

In the case of a block chain fork, TaPoS counts in favor of the fork that has the most coins spent - specifically in txOuts created before the fork and used in transactions staked after the fork.  If more than half the coins that were in existence as of a certain block have been spent - even once - in transactions staked after that block, then no reorg can EVER dislodge that block.  

Good post.  I'm curious how this idea of transactions would work
and how it is "almost as good as Pow".   Can't an attacker create
many chains that look like they have transactions (sent to one's self)
or how would the mechanics of this play out?  What is meant by
staking a certain block, and couldnt that be done retroactively
by an attacker at no cost?

I had (and still have) pretty much the same opinion as Meni Rosenfield about BCNext.  So if he's a FUD spreader, then so am I.

Anyway, the security of a PoW block chain is largely a matter of the miners expending a resource to support exactly one version of the block chain, which they cannot also use to support a different version of the block chain.  That is, they're committing a finite resource and, at the same time, showing that it is not also being used elsewhere.

That's really hard to match with a PoS system.  Locking up coins for a given number of rounds doesn't really provide security for the chain.

The only finite "stake flavored" resource I can come up with is transactions - and that's true only if the transactions cannot be played into both forks by an attacker.  If the transactions have to "stake" a recent block and are not valid in any chain that does not include that block, then they become a finite resource that can't also be used in support of a different branch.  An attacker could still try spending the same coins in both branches of the fork, and waiting for confirmation would be a lot more important because the tx you get won't be valid unless the branch it's staked in becomes the accepted branch.

Anyway, given all that -- the TxOuts that were created before the fork and used in transactions staked in blocks after the fork, can be counted as a resource spent in support of that branch.

The major advantage is that if an attacker tries to build an attack chain in secret, with everybody else in the world staking their tx in the visible block chain, he literally has to have a greater stake than everybody who makes a transaction while he's working or it's not going to work.  That's a guarantee ALMOST as good as PoW.  

But the tx being valid only in one branch of the fork opens up all kinds of games that attackers can play.  And while mining effort is very stable because miners mine at about the same rate whenever they've got their stuff turned on, Transactions as Proof of Stake is very sensitive to the timing of large spends, and a big spend in a fork that's nine blocks behind can force a reorg.  

So, although I think it's secure against VERY long forks, it's pretty horrible for deciding forks in a very short time the way PoW mining does.  So you'd have to use it in combination with something else.  

One thing about this is that it's the people making transactions who secure the block chain, so they deserve their part of the payment for securing the block chain.  The people who actually form blocks?  They can continue to form blocks by PoW or something, also contributing to the security of the block chain. They'll be needed until transaction volume gets high enough that it starts to be at least a little bit "steady" for purposes of short-term resolving stuff.  Thing is, that makes PoW necessary for YEARS, not weeks, and it only makes sense if the coin actually gets used.  It might work for Bitcoin at this point; but no alt that isn't seeing widespread actual use could sustain it.