Topic: Proof that Proof of Stake is either extremely vulnerable or totally centralised - page 7. (Read 11771 times)

Glad to see you recognize why your proposal can't function if centralization doesn't exist.

I find your lack of Economics knowledge suspicious. Has real AnonyMint sold you one of his accounts? It's Economics 101 that money can't function outside of an economic cluster boundaries.

Thus you mean centralization. Otherwise you get non-convergence of consensus (e.g. three clusters of 33% each). You keep making the same design error, which you've repeated with Iota.

Section 4 of that white paper is written by an idiot who doesn't understand economics.

51% attacking a coin requires it to be economic. The attacker must be able to make gains which exceed his costs of attacking. The problem for the attacker in PoW is that the attack is only sustained for as long as the attacker continues to spend on electricity. Thus shorting the coin is probably not going to work, since everyone knows the attacker has to sustain a negative income situation indefinitely. Contrasted with PoS where you only need to have owned the coins once (even if you've already spent them!). 

The attacker can attempt to double-spend his coins, but the community is very like to blacklist his double-spent coins thus removing his income.

The viable 51% attack is the one that forces KYC on all transactions or changes the protocol in ways that the masses don't object to. The State is the one who has the incentive to do this attack.

Or in Bitcoin's example for the mining cartel to block protocol updates such as block size increases to increase their profits via rising transaction fees.

I have a solution for the latter two economic attacks which also will reduce the electricity consumption to an insignificant level.


Not in my design.


You are ignorant.

There is a 3rd way, Economic Clustering and in Nxt it's implemented in a way that doesn't require human intervention after initial setting.

You still fail to understand what I wrote the first time. Which is that offline nodes see two chains which disagree, and they don't know which one was first. And they can be lied to by the nodes which claim they were online.

The only solution is to use centralized community/developer checkpoints.

You are very slow minded.


That is centralization because you must trust some authority to make a decision as to which community decisions should be enacted. The Bitcoin block size debate is an example for you about community consensus not working without a dictator.

You don't have a fucking clue. And you are wasting my time.

There is no way to objectively distinguish a historic key that is respent from a historic transaction that had spent that historic key. This is a double-spend with two chains arguing about which was first.

The only way to distinguish which was first is either a decentralized objectivity which is the PoW longest-chain-rule, or for PoS a centralized objectivity such as community/developer checkpoints.

Please stop wasting my time with nonsense replies.

Why not just use the easy 51% attack on PoS?  There is no need to buy all these old wallets, etc... you can 51% attack PoS with 5% of the coin

All PoS coins forked from PPCoin are vulnerable... I can't say for sure if non-forks like nxt are vulnerable in the same way, but I'll explain the method


Separate the 5% you own into 5 wallets each containing 1% of the total supply of coins

Take 4 of the 5 wallets offline, and wait a day or 3

Spend the coins in the online wallet, and wait for 2 confirms (and credit on a 2-confirm website/exchange)

Bring the other 4 wallets online with a modified wallet code to reject the last 3 blocks, and start a competing chain to double-spend your 1% of the coin

Since your 4 staking wallets were offline for a few days, they have accumulated "staking weight"/"coin days", and will find a block almost instantly... you are nearly guaranteed to find 4 blocks in a row... 51% attack with only 5% of the coin!

Trustless decentralized crypto-currency is probably impossible.*  (http://www.links.org/files/decentralised-currencies.pdf)

No matter what the design, in the end you have to trust human beings at some level.  Satoshi's design provided strong incentives for human behavior via costs of physical resources consumption.  The miners have the most skin-in-the-game and can therefore be trusted to behave in the best interests of the system.  The flaw in the design is more apparent than ever right now with the blocksize debate.  Essentially we have non-miners who also have skin-in-the-game in the form of STAKE in the system (e.g. Coinbase, Blockstream, BitPay, users wanting "cheap" transactions, etc.) that are at odds with the incentives of miners.  All want Bitcoin to succeed in different ways, and there is no clear path for miners to decide which is better for them to profit because it is an economic uncertainty that falls outside of the bounds of technical knowledge.

Proof-of-stake consensus gives us a similar situation, but it does so with far less centralization than proof-of-work.  A participant in a proof-of-stake system like Nxt has direct representation and never has their voting rights diluted, and therefore the system can maintain a higher level of decentralization than proof-of-work, where it is inevitable.  Mining today is effectively a barrier-to-entry for anyone who wants to participate in consensus, which is good for some attack vectors (expensive) but bad for others - Bitcoin stakeholders/companies/users have no choice but to lobby centralized miner overlords, which results in social & economic attacks like BitcoinXT/Classic/etc.  If the threat of a fork by a majority of users exists, is there any justification in burning energy?

In my opinion the security trade-offs in proof-of-stake favor decentralization.  The active research in consensus protocols may give us new tools and techniques to sufficiently increase the security of PoS to practical levels of "trustlessness".  The energy efficiency of proof-of-stake consensus as well as the low barrier-to-entry for participants make it a worthwhile pursuit in my opinion, and in the long run Bitcoin itself will benefit from proof-of-stake experimentation.

Let's say you contact the owners of 2 large addresses -
their names are Balthius Oathsworn and Jello Bananus.

They each sign a message proving that they own each respective address.  The messages also include disgusting vulgarities which make you vomit and weep, because of the shocking imagery that haunts your mind when you close your eyes.  

But you just think it must be normal for the internet,
so you proceed with your spiteful and masturbatory plan to ruin the staking network of EuroCatzSharesDark.

You pay them, escrow it, however you want, and then they send you the private keys.

That's when you find out that you were talking to the same guy, and you bought the same private key twice.

WHAT DO YOU DO?

Balthius - under his main alt account named Caramelt Deluscious,
has already started bragging about ripping you off, over at EuroCatzSharesDarkTalk.
Everyone is laughing at you and preparing redundant waves of 5-node server clusters
that automatically take turns online, offline, backup, checkpoint, and mecha-deployment mode.

Are you still going to wage network warfare against the same people who just outsmarted you?

What makes you think they don't have even more tricks you've never thought of?

Caramelt isn't even their top guy!  
Remember, this coin attracts a lot more hackers than regular EuroCatzShares.
If they get into a good-natured contest over there to show off their skills,
you could find yourself with more pizzas being delivered to your house than you could eat.  EVER.

I don't argue on this. I argue that it's not easy to buy private keys even if users don't understand how blockchain works. Also, according to the market laws if someone starts buying keys publicly they will raise in price. And I'm more than sure that after you privately buy 100 keys the world will know that someone is buying them.

In any case, arguing that old private keys have value is to say that PoS doesn't work, since the transfer of value isn't reinforced sufficiently.

I'm not sure the analogy is correct.

This is plainly ridiculous. How much do you sell an empty cardboard box for which once contained £10?

To me it stops being obvious if someone wants my wallet and offers money for that.

Why should it? It's obvious to the seller that the wallet is worthless when it contains nothing.

I mean that the offer raises a red flag, it's that easy to conduct.

On the street? Depends how much you need the money, doesn't it?

So if someone walks to you and says "Hey, dude, gimme your empty wallet, I'll give you 20 bucks for it" you will do the deal right away without asking yourself why would anyone want to pay money for a useless thing? Hard to believe.

Perhaps, perhaps not. What is the use of an old password? Zero, I'd say.