Topic: Proof-of-stake is more decentralized, efficient and secure than PoW- white paper - page 5. (Read 9984 times)

Would that mean exchanges would not have to take fees from users then? Enabling fee free trading?

For Instance..

The Asset Exchange on NXT is 'almost' separate from the value of NXT itself. It certainly makes users want to choose it, like someone picking the NASDAQ or London Stock Exchange, given it's reputation and standing.

POS Teck has enabled a decentralised secure low-energy-usage exchange  to operate in a way unimagined BB (Before Bitcoin).

That's useful.

Sexxy POS !? I Like..

I AM saying that POS can be incredibly useful. But can it be valuable ?

I don't even know if the value matters, if we can understand just quite how useful it could be..

Why do you think "the value of a good tends to its production cost" applies universally? How do you account for things being perceived as 'sexy' or 'incredibly useful' or 'making things effortless or a fraction of the cost"?

You assume consumers are 100% rational and are not influenced by such things?

I'm starting to think that this is the REAL issue..

Whether 'it is' or 'is not' possible to get a secure POS blockchain working, Jhonnyj's argument is 'META' to all that.

He's saying that the price of the coin is fixed at,..'will tend to', what it costs a miner to make it. And in POS, this is always a small number, by design.

And before you jump in and say, 'You need a lot of POS coins to MINE that POS coin!'.., there's seems to be a self-referential issue to that statement that makes it negate-itself.. [Cough] If you see what I mean.. Like a snake eating it's tail..

What I mean is, the security of a POS network is dependant on the trustworthiness of the majority of Stakeholders.

I could run a POS network amongst people I know and trust, the members of my village maybe, and it would probably be MORE secure than any other POS coin out there, for me and my friends... Since it costs nothing 'in the REAL world' to run the network securely, just stake in my virtual coin.

The real 'Benefit' from one POS coin to another might be acceptance, not security. How many people accept a certain POS coin .. ?

There would need to be a way of exchanging all these coins for each other, or fiat,  or whatever, on some mega-exchange, but then, hey presto..

..

Maybe that's what will happen.. We'll just have thousands and thousands of different POS coins.. All exchanging for each other..

Come on CfB..  ..

Do POS coins break the basic Economic tenant that says - 'The value of a good tends to its production cost'.. ?

And

Does it even matter if the Price of a POS coin IS set to it's production cost.. Just need a lot of coins.. ?

You can sign the transaction offline, but you have to broadcast it to the network as well. (Sorry I did not mention it explicitly)
If you broadcast two leasing transactions successfully, the network will see both and cancel one.
If you only sign the transaction offline and don't broadcast, it will have no effect, as the network does not know about it.
If you sell your stake during leasing, the leased forging power will decrease by the spent amount.

Also see: http://wiki.nxtcrypto.org/wiki/Account_Leasing

Sorry, your post looked trollish because tricks that you mentioned are easily counteracted.

PS: https://wiki.nxtcrypto.org/wiki/Forging

...with coin-age.

You seem to found a fatal flaw in leased forging!

PS: Don't read about forging! It's like virus - today you read about forging, tomorrow you sell your bitcoins, the day after tomorrow you start recruiting new zealots into PoS religion.

It is enough to prove that an account "leased" you his minting/forging power.

Example:
Account A has a balance of 1M
Account B has a balance of 0

I make an offline transaction from my air gapped account A, saying that account B can generate blocks with the power of account A. Account A was never online and account B can now mint/forge with the power of 1M, without actually having access to the funds.

I do this all the time, it's pretty easy, just a few clicks required.

I'm not particular familiar with NXT or various implementations, i'm speaking in terms
of general principles.  Based on the whitepaper, there's a complex calculation involving
the UXTOs and the block headers of previous blocks. I still don't see how that prevents
"grinding" or using computational power to build a chain.

If it is difficult to compute, isn't that almost becoming proof of work and everything
that goes along with it?  (If its difficult to compute for an "average" computer,
wouldnt an ASIC do it easily?)

You seem to be saying that it is not difficult to build a chain of 1 block, but it
difficult to build a chain of many blocks under this implementation.  
What exactly makes that possible?  I haven't seen any explanation of that assertion,
if that's what is being claimed.

(Please note that even with proof of work, building a longer chain technically
isn't exponentially more difficult than building a shorter chain. It only
becomes exponentially more unlikely to execute a successful 51%
attack because of the diminishing probablity that you can keep up in a
LINEAR fashion in real time with the main chain)

Maybe I'm missing something, but it sounds like a self-defeating argument:

"We'll prevent this from turning into proof of work by making it really
hard to compute." 

Yes.

Here we go again.

Ok I think the reason why we had a hard time understanding each other is because you're talking about an entirely different implementation of PoS than that derived from Peercoin.
I guess it's closer to NXT's protocol although I'm not particularly familiar with it.

Explaining in details how NeuCoin's (and Peercoin's) implementation works would be too long to do here but you can take a look at the white paper (sections 3.1 to 3.2 starting page 13) if you want more details.

However, it's not possible to grind through stakes the way you described. Basically, the kernel (which is the equivalent of the stake modifier in Peercoin) is designed in way that prevents you from grinding in a efficient manner. This is explained in details in sections 3.3.3 of the white paper.



I thought Vitalik's suggestion of using security deposits were linked to the problem of users mining on multiple branches in case of a network fork, not of attackers trying to rewrite history. I should go take another look at his post

If you find some time to read the technical part of the white paper I'd love to get your feedback on the attacks and whether you think there are more efficient attack vectors.

Exactly.  The percentage of mining from other people would drop to zero in a false chain that the attacker generates on his own through grinding.  It would have to, by definition, since the attacker must create the entire chain.  However, since no one really knows who owns what coins, the network would not be able to tell the difference except that perhaps there is a longer time than usual between blocks.  

Then, you might propose restricting chains with too long gaps between blocks.

Let's explore this idea further:  say you have a rule that says every minute I'm doing to cut in half the hash value or requirement to forge a new block. So if you have a ten percent stake, you have a ten percent chance.  after two minutes it's twenty, after three minutes it's forty, and after four minutes it's eighty.  So based on that, let's say it's taking you 3.5 minutes between blocks.  (Keep in mind these spaces of 3.5 minutes would be time stamps only for the attacker, not real gaps of time.)

So if I broadcast a false chain, all the blocks are going to about 3.5 minutes apart in their time stamps.

You might consider, say, a weighted function that decreases the chain's "effective length" when using the longest chain rule.  For example, we divide each block by the number of minutes, so that a block taking 3 minutes instead of 1 only counts for a third of a block. So now you would need a chain 3.5 times as long.  

But then attackers could simply build longer chains.  

You could in turn, prevent this from occurring in long range attacks
by creating an additional rule that the time stamps can't be
too far in the future, but it doesn't prevent shorter term grinding
attacks from older coins.

One idea I've seen to prevent these kinds of PoS attacks is Vitalik Buterin's suggestion of using security deposits, but even that doesn't solve the problem
because you can just attack once you get your deposit back, so it may lessen the frequency of attacks, similar to the 200 minute rule proposed here, but I don't think it stops them.

You also have to be careful with these kinds of rules and not making them too restrictive so you don't risk losing distributed consensus (blockchain fork) or the network halting because no chain is valid when an edge case arises involving low miner participation, ddos, etc, as well as opening up new attack vectors.  I don't think there is any free lunch.

A common misconception is that you can "keep trying". What do you mean by keep trying?
You can try creating forks at every block of the main chain but the probability to create more blocks than the rest of the network combined over a significant period of time (significant doesn't have to be more than say 10 minutes) is negligible you don't own a very large portion of the mining coins.
If you mean "keep trying" as in trying many times to create a fork at a given height, you simply cannot do that because the outcome will always be the same (since the computation is deterministic and the input is seeded on the mainchain). To get a different outcome and thus be able to "keep trying" the attacker needs to move his coins to the fork and that's when the minimum stake age kicks in.
This is what necessarily creates a lag.



What do you mean it can continue ad infinitum? What you're describing is basically the percentage of coins mining dropping to zero! This is not realistic assumption!
The blocks that should mine and don't are already taken into account in the computation because the attacker compares his stake to the total mining coins and not the total coins.

Please answer the question: "what if something cannot be mined, how is the price determined?"
(Let's forget about PoS or PoW for the moment)

This is basic economy behavior, people always seek the lowest possible cost to get a coin, and the arbitraging will eventually make the cost close to coin's market price. The demand can go down, thus cause the cost to shrink, but the cost and price should always be close to each other


A technical barrier to prevent others from entering competition? The cryptocurrencies are open source, the technology itself is free. PoS coin will be cloned to many tastes if it shows slightest sign of usefulness. Just like email, it could be useful but will not be valuable since value only exists where scarcity exists

If you take over the government, you can make a law to make people only use your PoS coin, then it will have value without cost, just like fiat money. But in a market driven environment, you can't create money out of thin air, money's value will always be close to their production cost


In fact PoS coin are more like a company's stock, whose value is backed by company's earnings and dividend. And I haven't seen any PoS coin are generating positive cash flow since the stake holders are not doing any business operation

".. indicated .." -> this is economical nonsense

"If there is any demand..." -> what if something cannot be mined, how is the price determined?

"Imagine that a PoS coin..." -> one will generally select the option with the highest benefit. Whether miners cash out immediately or not would also depend on other factors, e.g. the expectation of future value. But again the question what if a coin (anything else) is not mineable, how do you determine the price?

You seem to be a team leader, they always sux in practical programming.