Topic: Re: Proof of stake instead of proof of work - page 2. (Read 6968 times)

What's the downside of just hard coding a max limit of history blocks that can be reorged in AcceptBlocks?  And must make that max limit < confirmation needed?

Wouldn't this protect nodes with the an existing "real" chain, without fearing for it to be overwritten (at least past the limit)?


nvm.. i guess that would cause the "hard fork attack problem".. where offline/new nodes could still pick up an entirely different fork all the time.  no consensus..

great thread though.. i learned a lot:)  Someone needs to make a diagram'd youtube video though.. hehe

"Economic Clustering"

https://nxtforum.org/news-and-announcements/economic-clustering/

Well I have no actual evidence they were malitious but an 8x spike in minutes that lasted for about an hour was not an attempt on mining sha. I can only presume they had ill intentions. The scrypt thing was an accident.

Were these attackers actually being dishonest (not mining on top of the chain with greatest difficulty) ? Or were they just flooding the hashing power?

Fair point, we are working on a dynamic method of weighing although the fix worked thus far (8x hasing power increase within minutes on SHA algo did no damage at all to the chain and a few weeks earlier a scrypt pool with 51%+ forked resulting in just that their miners lost some mining time again with no consequences to the chain) we are aware that fixed factors are somewhat unreliable in long term.

The miners essentially decide (with bitcoin the rules are sort of obvious so everyone agrees to them) but with multi-pow coins miners have to rely on working out what will make them the most money/coins.  In general this means sticking with what everyone else is doing, the only practical way of knowing what everyone else is doing is assuming everyone is following the software. In theory thus, optimum strategy is to follow the software and hence the developer gets to choose.

In reality, some miners might refuse to download new updates. Now you have different miners enforcing different rules, working out the optimum in this situation is far from trivial and could lead to instability. The full economic analysis of this is very complex.

Thats a good point.

What if one technology hashing power increases over time faster that the rest due to hardware/algorithmic improvements? Does the re- weighting of each PoW needs to change? If yes who decides that? Does the algorithm have rules to change that automatically? Will miners approve that if they get penalized?

The main problem with multi-POW coins is that it is difficult to work out how to fairly and securely weight the security factor attributed to each algorithm.

Myriad uses a weighted model (code here). This means that a SHA256 block needs to have a difficulty 4096 times that of a Scrypt block for them to have equal security weighting. I haven't thought too much about the economic and security implications of this but I know that the weights shouldn't be fixed because the actual difficulty of mining a certain block depends on the type of hardware used.

Also miners rarely care about the security factor (it only comes into effect when there is a fork/orphaned block), so it is easy for the developer to change the weights without requiring the miner's explicit consensus (the change does not lead to long lasting forks).

On the other hand multi-POW coins have more decentralised coin generation (not necessarily security because of the weighting) which is theoretically good for the coin economy.

Not that I am expert but here is my opinion

1. I personally didnt study the mechanics of the coin but it maybe more secure if the ASIC hardware manufacturers dont decentralize and we stick to 1 or 2 like now
2. I dont know...but probably due to different hardware to mine..  Distribution is not only about mining hardware but also how many people know about it in the early cycle of the distribution unless you have a  slow distribution cycle..

Too many new technologies coming out with little time to study the problems with each until academics start writing papers about these technologies. Bitcoin has been out for 5 years and people still find and will find more attack vectors. Very tough to judge all these coins without proper white-papers. There are no proper write-ups of the technologies just some talk here and there is available on forums...

I know I'm butting in and I apologize. I can see there are alot of well informed people in this thread with solid arguments one way or the other and I would like you gentleman if you'd be so kind to relay onto me your opinion about multi-pow (separate algorithms mining independently on the same chain), pros ? cons ?
I'd really like to hear what you gentlemen have to say about it.

Is it more viable as a means to secure the chain further ?
Is it more viable for a fairer and wider distribution of the coins ?


Disclaimer: I'm part of the team for such a coin (Myriad) but am not the creator of the concept. I joined the team because I liked the concept and it seems pretty solid.

Again, this doesn't apply to Nxt because in Nxt minting with coins does not preclude them being available for other uses.

I don't understand why you think there is a connection between mining revenue per block and the number of blocks to wait before considering they are confirmed.

25% of active stake is not enough, you need majority.  

A miner just a tiny bit worse per W than best miner is literally worthless, on a perfect market. Which means there's no risk to factor into because there's no capital to risk. While lending nxt, lender would have to calculate possible risk of lending his coin, which would include the risk of currency collapse, especially as any serious lender would ask for your other liabilities.  

In practice, sooner or later there's going to be a ton of miners worse by few percents than top, sold for next to nothing, so achieving non-profitable hashing power will be very easy. However, borrowing more than half of nxt or other PoS currency would be next to impossible.  

Why is currency operated by all holders less decentralized than bitcoin's two-three pools (mainly few big farms), which control everything? Proof of stake is the epitome of decentralization.  
Mining monopoly is unavoidable. It can be as well already true, just hidden between few pools.  

You can become a currency owner even for $0.01, you can't mine for that amount, you can only rent, and you're not going to make any money even with expensive miner due to lack of scale.  

That's not argument against PoS, but NXT. PoS doesn't require big IPOs, in fact you can use sell just a few percent and allow people to mine the rest. Or other method of distribution. 

It depends. Hard to say which one is better at this moment. Both have their advantages and disadvantages.

What DaT basically says is this:

1. whoever has 51% of the resources (poW , PoS, or another Po"X")...can attack whatever network it is.
2. PoS has the disadvantage of the nothing-at-stake problem.

I think he is generally correct.  We were told there is a secret sauce to NXT,
but until it is revealed we don't know the validity of their claims or the security trade-offs.

So I guess we should just wait to see what will unfold.

The problem is you have assumed a double spender would simply do the obvious thing and try to buy a single very expensive thing. The reality is that a double spender will involve a number of people who are in on the scam and will make many moderate sized purchases. As a bitcoin merchant I have no idea if the 1BTC transaction I have received is part of a set of many transactions which will all be double spent.

No because the genesis block is hard wired into the NXT server and all the coins from the genesis block were sent to the original investors.


I'm not an NXT developer but I have looked at the code.

Let's say I have 25% of NXT coins. And I want to mount an attack. I need to do the following.

1. Wait until I am selected as a forger.
2. Create 2 blocks, one for the network and one I hold back.
3. Continually add more blocks to the block I hold back. This is my chain I will introduce later as my attack.

The problem is step 3. To add another block to my held back block I need to be selected as the forger for that block too. However forger selection is based on the hash of the previous block and my account address.

Neither of these I can change quickly enough to be sure I generate the next block. So my probability of being selected to build the next block is 25% for each block.

I read carefully what DaT contributed, but I can't apply his attack to the code as I see it.

Thanks for your reply.  I am interested in proof of stake but still missing something.  I don't understand some details of the NXT algo including the universal random number (just reading http://www.docdroid.net/cckd/forging0-4-3.pdf.html)

Yes:  total BTC miners revenue in a day is 3600 coin.  Before accepting 3600BTC and making a physical delivery from a source with zero trust I would wait about that long.  Lets look at NXT for comparison:

Total Forgers Revenue: 5500 NXT
 
So in a perfect liquid market of stake, I would want to wait about a day before accepting 350 mBTC worth of NXT. 

I understand that liquid markets in hash power and accretion of hashpower by individuals can be bad very bad.  But replacing hashpower by something that is even more liquid already seems like hardly a solution to that particular problem. 

Yes, I understand that the big stakeholders now holding the 100% premine might not want to accept my offer of a little extra doublespend revenue to borrow their stake because they are afraid the word could get out and this would affect the value of their personal holdings.  But isn't concentration of power in the hands of a few and requiring the network to trust them part of the problem we were trying to avoid?  If we want to trust a central entity, this whole blockchain system is a waste.   



Indeed.  Bitcoin hardly seems perfect.  But imagine if the 21million BTC  (that's 10 billion or so dollars) were all premined in the hands of a small team.  They could run a country on that, especially with their total control of the transaction record for all time.  Institutionalized double spending, here we come.

Is that because of transparent forging?  Could you explain how NXT might be more immune?