Topic: Proof of work (Read 394 times)

AFAICT, the capital costs seems to assume the depreciation of it but doesn't necessarily consider the fact that they become practically useless after any forms of attack, completely. Attacking the hardest chain would only serve as a warning to the rest and your ASICs can all go to the scrapyard right after. Instead, take into the account the costs of the ASICs rather than the running costs due to depreciation. The chip suppliers are fairly inelastic at the moment and ASIC chips aren't the focus of chipmakers right now. In fact, the majority wafers are almost always allocated to the bigger manufacturers and there isn't a lot left for ASIC manufacturers. Whether you can scale up the production through the years, and race against the network is another issue.
For a fact, mining pools cannot sustain the attack. The miners in a mining pool has vested interest to ensure that they can continue to run pools, and their miners want to continue to mine and not have their equipment becoming useless. At the first sign of any possible attacks, the miners can easily just point their ASICs somewhere else, and not continue to mine with them. You can't do the same if your funds are trapped with an exchange.

At the end of the day, I'm not going to be name-calling, whether they favour PoS or not. It isn't the purpose of my posts. I'm only here to provide my 2 cents and it is totally up to you to do your own research and come up with your own conclusion. Be objective and consider both sides of the camp, but DYOR and don't get misled.

Truth is, I don't know the answers to these questions. In fact, I don't even have a definitive view as to whether PoS or PoW is the best solution. Most people seem to hold the view that PoW works, but quite a lot of people seem to think PoS won't work. I'm just not convinced about ruling out the possibility of PoS.

ranochigo and a few others on this thread have made some good points. And I agree with them. The more I think about it, the more problems (and merits) I see for both. I just haven't seen a convincing case why PoW is very much superior to PoS (to the point that PoS is unworkable).

Yes, this is a possibility. The fear of centralization and control of the system comes from the concentration of mining equipment in one country, as happened before in China, where the largest mining power in the world was gathering due to the presence of manufacturers of mining equipment and the cheapness of mining equipment, as well as the ease of obtaining cheap energy. There are fears that China will control the network through miners, but this danger no longer exists now that the Chinese government has banned mining.
There is also a risk that if most of the mining hardware in the world breaks down or stops working, the difficulty of mining Bitcoin will decrease significantly, and then the control of the network becomes much easier and the power of the network can be concentrated in the hands of a small group that controls the network, but this possibility is very unlikely at the present time.

One consideration: how much input is lost after the end of the attack if you decide to buy a large swathe of PoS coin A, as opposed to time, electricity, manufacturing and transportation costs of ASIC development?

How much of a network do you need to damage before it enters a death spiral?
If you were prepared to dump N% of the PoS network after your attack, what is the maximum N where you're still able to disrupt the network?
Does the same apply to miner attacks?

I checked out your article, by the way. One puzzling aspect is this: look at how much it costs to attack a network per $1 per day in block rewards.
Are we worried about attackers because our block rewards are too cheap, or are we worried about attackers because our security is too weak?

Should ETH raise its rate of return to 30%, since then the total cost of attack would increase? Actually, why stop there? Just make it masternode levels of 30000% rate of return.

Based on the calculations in the article, the cost required for a PoS attack is 4x the cost of PoW attack. While there may be some miscellaneous costs that the article ignores, it seems unlikely to change the conclusion given the magnitude of the difference in cost (4x).

Putting cost aside, you're right that we also have to consider whether a PoW attacker can acquire the necessary ASICs. Just like how you mentioned exchange centralization (as a potential threat to PoS security), so too is miner centralization a threat to PoW security. It only takes a few mining pools to have enough mining power to attack the network.

Reason why I didn't do so is because of the author of the article that you linked. I didn't run the numbers because I didn't have time so I cannot vouch for the accuracy of either. Given the author and the possible ulterior motives behind it, I prefer to refrain from giving my opinion on it but rather take a more neutral approach which doesn't agree nor disagree with it. Just for starters, the article seems to be ignoring the problem with nothing at stake. There are also several miscellaneous costs that the article seems to have ignored (Do CMMIW tho), but it assumes that some adversary has the capacity and the ability to produce that many ASICs, to supply that much power, given how the supply is already generally inelastic.

Anyhow, I think there were several threads on this previously. Perhaps reading them would provide you with more insights into this.
Hmm. Is it easier to get a large proportion of coins or is it easier to set up your mining rigs and hooking up a few power stations with it? The former is probably far easier given how users are already prone to storing their funds in exchanges and centralization is already not uncommon.

@ranochigo

The question then is why are attackers not incentivised to attack PoW? Some possible reasons:
1) Requires ongoing electricity to maintain.
2) Overall cost is too big
3) Even if attack is successful, the attacker stands to lose everything (including said cost in point 2) and underlying coins going to 0.
4) They can't be bothered setting up the mining rigs.

Well let's comment on each one:
1) and 2) Yes but overall cost is less than under PoS. I linked an article which proves this and you didn't seem to disagree with the said figures and instead said monetary aspect is not a huge factor.
3) This argument also applies to PoS and as above, the amount lost would be greater under a PoS attack than a PoW attack.
4) This is true but if someone was to attempt a task as big as trying to hack the biggest network of all time, surely setting up the mining rigs is not an impossible task.

Based on this, my conclusion was if you think PoW is infeasible to attack, then you should also think PoS is infeasible to attack. Unless you think the major deterrent is the setting up of mining rigs.

Thoughts?

It depends. Are there already people willing to give others control of their coins, the answer is yes. Major exchanges tend to hold disproportionally larger amount of coins as compared to the normal holders because people almost always store it to stake it with them.

I really don't think the monetary perspective is a huge factor, or rather we're looking at it from the wrong point of view. Instead of thinking which is more expensive, either in monetary terms or execution, perhaps we should see which gives sufficient security such that attackers are not incentivised to attack either. If it is infeasible for both kinds of implementation, then it's great. There isn't a need to compare which is more secure, because they are fundamentally different.

There are a lot of singular miners. I'll hopefully be a singular miner in a few months.
Wealth hoarding is common to extremes in anything of value.

I disagree with this because the 51% thing is already clear, there're no singular miners anymore, just mining pools and farms and Bitcoin network according to the addresses mining is already pretty much centralized compared to the different accounts by balance.

Proof of Stake would also be the same, and even it is harder to accumulate the 51% of the coins simply because the more the person buys, the more expensive it gets.

Bitcoin mining also carries risks for the miner himself so Bitcoin mining is not as simple as buying hardware and mining equipment. Miners in the world are always looking for ways to mine Bitcoin so the decentralization is greater. Bitcoin miners are forced to sell the Bitcoins they mined to others so POW will be fairer than POS. For POS passive and large rewards. They only need to bet and do not need to do anything else, but with miners, they have to solve the problem of energy and return capital. The increased mining difficulty and price volatility were among the problems they had to deal with.

Do you really need a double spending attack in POS? In a trustless system the attackers could gain control in stealth and not get noticed for years. Is it not enough to just look for circumstances to lag the network every few months and make money using shorts, futures and competitive chains?

I think there's two sides to it: 1) how difficult is it from a monetary perspective and 2) how difficult it is from a practical/implementation perspective.

Whilst I agree that it's difficult to acquire and manage the resources to attack the network (and therefore much more difficult form a practical/implementation perspective), I'm not so sure that the combined cost (monetary value) would exceed 51% of the supply of coins (which is what it would take under PoS).

Yeah I don't think the security comparison is clear cut which is the more secure.

In a system using PoW, the wealth gained from mining can be reinvested into future developments. However, this sunk cost is not directly exchangeable with the currency you gain as a reward. Your technological improvements are a byproduct of the upgrade process. Targeted in specific ways, you could try to isolate this to increase development exclusively in non-ASIC hardware but that's discussion for the other board.

The coin supply may increase in a PoS system, yet your rewards can be restaked directly: a system of compounding interest. So now, you have little reason to store the base currency as opposed to staked currency, though if you ever decided that you wanted to cash out of the network, you could do so by selling to another party. For rational actors, this doesn't change the global staking power: the buyer would stake their currency to generate profit. For a malicious actor to penetrate the network, they need the capital to buy enough staking power and enough willing sellers, or the power to convince enough people to sell.

The security comparison given this context would depend on whether one thought it was harder to generate hash power or to generate capital and influence. (against non-malicious actors)

No. The argument above assumes that it is simple to acquire and manage the resources needed to attack the network. As we know from sufficiently secure coins, this is impossible. Solely by the fact that the electrical consumption is so massive that it becomes practically impossible to support it, ignoring all other factors required, space, labour, etc. It is also not realistic to assume depreciation for ASICs, they would probably be rendered worthless. The difficulty of acquiring (and set up) that many ASICs isn't comparable to that amount of coins.

The shortcoming of PoS is that miners have no need to support any single fork. Since their coins exists across all of the fork, they can support every fork.

Yes, this is possible in one way or another, if the power of the network hashrate gathers in the hands of an institution or some government that can control the network, so there were accusations of China that it controlled Bitcoin through the presence of the largest number of miners in China and there was a fear that the network would turn into a centralization Because of that, but the recent events in which the Chinese government banned mining and miners migrated to other countries had a huge positive side by de-centralizing China and its control over mining and the Bitcoin network.
But this remains a weak possibility because the Bitcoin network hashrate escalates to numbers so large that it is difficult for a country or institution to control it alone. Also, the distribution of miners all over the world makes it difficult.

@ranochigo

An argument for PoS and against PoW is that the upfront cost required to attack the network is greater for PoS than PoW.

For PoW, the upfront cost is the ASICs and electricity.

For PoS, the upfront cost is the coins.

Article below shows a comparison and shows that the cost of the required coins > (ASICs + electricity). I'm unable to find anything to disprove these figures at the moment. Ignoring the author for now and if we just consider the argument, do you agree with the above conclusion?

https://vitalik.ca/general/2020/11/06/pos2020.html#:~:text=Total%20cost%20of%20attack%3A%20%240.90,with%20lower%20rates%20of%20return.
  

That’s just one of the arguments. There’s also the Nothing at Stake argument, which argues that stakers can sign/vote for forks, that bad actors can also “mine” in secret. This is impossible in Proof of Work, because miners spend actual resources in mining. Hashing without “work” to use as validation is a flawed concept.

Attack is sometimes a matter of perspective. For example in Ethereum the 72 million premined ETH owned by Vitalik and a couple of others is an attack against the centralized ethereum network but they don't see it that way because it is their centralized authority over the protocol and the network and switching to PoS will give them total authority. In other words this fork not only doesn't solve anything but also adds more issues.

I never heard about any "historical stake", that would be a very stupid system to implement. One of the definitions of "nothing at stake" problem is that once you have enough coins to attack the network, it doesn't cost you anything to sustain your attack, so if other users don't take any measures like creating a hard fork, you can just halt the network forever. With PoW you not only need to own equipment, you also need to continuously waste electrical power.

I'm not knowledgeable about altcoins, but I think Ethereum plans to implement some system that would somehow punish those who try to attack the network with their stake in their upcoming update, and I don't know if this system is sound or not.