Topic: Proof-of-stake is more decentralized, efficient and secure than PoW- white paper - page 8. (Read 9955 times)

The reason this is incorrect is that there is no possibility for a "computer to calculate an alternate chain that started 200 minutes ago" and have it become longer than the main one.
What one has to keep in mind is that everything is deterministic.
For an attacker to build this fork he must own private keys that give him control over some stakes at the beginning of the attack.
Let's say the attacker has control over 10% of the mining coins. Two possibilities:

• These coins have been used to mine on the main chain. In this case, the stakes will create blocks exactly at the same timestamps then they did when mining on the main chain because since everything is deterministic, the proofs are the same.
  Starting our clock at the start of the fork, let's consider the average case (20 blocks mined by the coins the attacker control), the stakes have generated blocks at time 3,7,13,[...],189,198. Then the attacker's fork will consist of 20 blocks created with the exact same proofs.
  The important part is that since the fork will always be a subset of the main branch he will never be able to create a fork with more trust than the main chain. A second important remark is that the attacker cannot try his luck many time.
  
• The coins used to stake were not mining previously and in this case he would need in average 50% of all mining coins to be able to create a longer fork. This corresponds of course to a 51% attack.
  You might ask, if he gets his hand on 10% might he win? The probability that an attacker a fork with 10% of the coins will outperform the 90% remaining over a 200 minutes period is ~10^-100 (using formula on p.35 on the white paper). Therefore, this kind of event will never happen no matter how often attackers try.
  
• A third possibility would be to send coins you own the fork and mine with them. In theory, you could do that a great number of time and you might expect to succeed at some point. That's why the minimum stake age (i.e. the minimum time during which coins have to wait before they can mine) is important. For these coins to be allowed to mine they must wait a significant amount of time and this creates a lag. And this has a consequence on "real time" since the nodes receiving the forks will check if the proofs used to generate the blocks are valid.
  

The important part is that, you will not "not always be able to achieve this", you will actually never be able to achieve this without owning ~50% of the mining coins.


The reason behind this is that since you cannot "hope" to win be trying to fork a large number of time, the best thing you can hope for is to "grind" through stake modifiers, and to do that you must have control over the current stake modifier and this takes time.

Finally, what do you mean by "additional attack vectors"?

We don't see her tits, hence your "appeal to authority" is not accepted.

yes; in the sense that any other approach requires you to know more information about a node in one way or another if you want to prevent sibyl attacks, so that you know you can trust them (you could see proof-of-stake as just some anonymized form of trust). And the thing with trust is...

which one of my claims you think is bold?

You refuted one bold claim with another...

Except it isn't a "proof". Proof-of-activity, proof-of-resource, proof-of-storage or similar are all misnomers. There can't be "proof" of these things, all of these can be forged; only spent CPU power can algorithmically be proven because it boils down to pure physical entropy at the end of the day. Also MaidSafe use the term proof-of-resource but in reality their security mechanism is a node-ranking system which does introduce a degree of trust.

POS vs POW!!

Again!!!

hmm..

I did ask a few question in the Neucoin https://bitcointalksearch.org/topic/ann-neucoins-40-page-white-paper-rebuts-all-nothing-at-stake-objections-1003488 thread but no answers were forthcoming..

For me, there are issues with POS that many choose to ignore, or are ignorant about, simply because they think POW is wasteful..

I repeat :

1) Much is made of the 'wasted' and 'costly' electricity used to run the POW mining rigs.. People seem to think this number can increase 'INDEFINITELY' and somehow consume ALL the power in the world. LOL. This simply is not the case. The miners will spend what they can make from mining, they can't spend more.. or go out of business. The Market will determine what this will be. Personally, I don't see it as an issue, at all. The amount of energy Bitcoin mining uses is literally PEANUTS in the bigger scheme of things.  

Can someone explain a couple of POS queries.. ?

2) What if all the coins in a POS system are distributed evenly, the dream!, so that there are very few, if any, whales. Everyone thinks they have an insignificant amount, for mining purposes, but in truth they are ALL minnows. Who would mine ? Can't just lock up your funds if you are living hand to mouth..

3) If 10% of the stakeholders mine in POS, since I think 100% or even 50% seems unlikely, does that mean you need 5.1% to perform a 51% attack ?

4) In POS, can energy be expended searching more chain branches to find a valid chain on which you make more money ? If this is the case, won't future miners just spend money and expend energy until they spend slightly less than 1 block makes (same as POW) ?

5) Is this true : If a Cartel of POS stakeholders ever reach 51%.. That's it.. They can never be overtaken if they choose not to be. In POW this is not the case.

Thank you..

What about terrible initial distribution of coins in Proof-of-stake ? About the security, in order to stake new coins you must have unlocket wallet, so basicaly the least secure option to keep your coins.

i could agree that halving structure isn't ideal as it is right now, 4 years between halving is too much, satoshi didn't take that into account maybe, it should have been 2 years max or even one year, the sooner bitcoin enter in the "fees phase" the better

Interesting --
http://eprint.iacr.org/2014/452.pdf

I feel like by the end of 2015 the community will really have some exchanges that will not run with the money because they are either 1) insured so even if the money disappears, it is just repaid, or 2) the exchanges are designed in a way that it is unpractical to steal the money because the exchange was designed from the ground up to not be able to steal money, and even the few weaknesses where it could be exploited would be pointless because it is in the exchanges interest in the long run to not act maliciously.

In the end, there is always more room for improvement.

I like proof of activity the best.  

In POW we are saying whoever can waste the most electricity should get the honor of forming a block, but that doesn't really help the network.

In proof of capacity, we are saying that whoever can waste the most hard drive space should get the honor of forming a block, but again that doesn't really help the network.

In POS, we are saying that who every directly invested in the network gets the honor to produce the next block.  So in a way a person is in someways contributing to the network.  Way better than the above two options.

But in proof of activity a person that is the most active in the network gets the honor to produce the next block.  It basically is a return to proof of work, except the work now is not some random arbitrary and pointless work but instead work done in the ecosystem that is strengthening it.  

No, that's just how I post. 
It's an old habit to try to
make emails more readable.

I like the unusual formatting, since it makes your post look like poetry.
Were you on a phone (very small screen) typing it?

After the creation of proof-of-activity and proof-of-capacity schemes I think there is no reason to create new proof-of-stake coins.

There is some mechanism to decide who gets
to stake the next block.

In PoW, you must solve be the first to
solve a puzzle.  In PoS, you need only
meet certain conditions with your stake.
(And those conditions must be flexible
enough to ensure that blocks come out
in a timely manner -- should the chosen
participant not mint the block, an alternate
must be quickly selected).

Forcing a reorganization by broadcasting
a longer chain is the same mechanism
whether one is attempting a double spend
or simply trying to garner transaction
fees.

As the paper, says, grinding refers
to "cheaply searching the blockspace to find blocks
that direct history in their favor".

So a false chain is any other chain than
the main chain -- it is one that you forked
from a previous point on the main chain,
either for the purposes of double spending,
or gaining fees.

As far as spoofing the time intervals,
lets say you want to start a chain
"from 200 minutes ago".  You can have
a computer calculate an alternate
chain that supposedly started 200 minutes
ago in a few seconds, and broadcast
that in realtime right now.  Nodes receiving that
would not know that the blocks on
the false chain weren't really
built 200 minutes ago.

Nodes must accept the longest chain,
otherwise you will loose consensus and
risk a fork in the blockchain.

You won't always be able to achieve this,
but occassionally you will, and since
the cost is minimal, why not try it?

Of course, if everyone starts doing that,
you are back to the issue of using
competing computing resources, and thus
energy costs will rise to the level of
marginal profitability, which is the
very thing that PoS claims to avoid.

I'm not sure what the 200 minute buffer
zone applies to (new coins staking?),
but that really doesn't solve the issue,
as you can keep trying to attack with
old coins, or you can attack less frequenly
(every 200 minutes) with coins you just
bought and sold.  In addition, I believe
it opens additional attack vectors based
on older stake participants rejecting
newer participants.

Again, this kind of thing has always
been a problem with PoS coins.  
I just don't see how neucoin is anything new.

disclaimer: I'm not an expert and I could certainly
be wrong, but I would like someone to
explain why I am wrong.

http://www.links.org/files/decentralised-currencies.pdf claims that cryptocurrencies with unknown "miners" are flawed. Unlike PoW, PoS coins do know who the "miners" are.

I don't believe that proof-of-stake is necessarily appropriate for Bitcoin but I do completely agree with:


It seems like every new technological innovation being pioneered by other cryptocoins is categorically rejected for implementation in Bitcoin almost immediately. It also seems like most of the people behind Bitcoin are also on the board of dozens of projects designed to replace it. If Bitcoin does end up failing, I think that the failure will be entirely social, a refusal to adapt and innovate. This is something that anybody interested in the project should be worried about.