Topic: Re: Proof of stake instead of proof of work - page 3. (Read 6968 times)

No it's not.

Also, Nxt has different algorithm than all described here. 

yep, lots of good things to think about in this thread!

I doubt that account will do it.. But why trust anonynous people? Is it a trustless system? Say after he sells off then he can come back and create competing parallel chain collaborating with other people to create a longer chain by having more stake.. In the future if he sells  he might not have any interest in the coin and try to gain back the stake by reversing the chain from the point before selling.. after all the number of coins forging is getting less and less and it will be easier to do so..

I am not the one to tell you to sell your NXT. I am just saying it cannot be decentralized. If you are ok with that you can keep your NXT.. Bitcoin was a revolution because of decentralization. Solutions like ripple bitshares and PoS cannot remain decentralized  and thats why I criticize them ALL.... I have no problem with people speculating with them to make some money. I have problem when people promote them as some revolutionary solution to the double spending problem.

LibertyCoin

POS 1%
16 Million Supply
Anon being implemented.

Buy now cheap while you can, this is going to be huge.

http://i.imgur.com/CqVs7i3.jpg

Yes, that account is huge and I get the fact that he can double spend.  It is in his power to do so.  I didn't think it was possible to do, but this thread has convinced me otherwise.  What I am wondering is, is it realistic for him to do so?  Can he really gain if he double spends?  If he were to do that, he would realistically need to dump all his coins first.  Wouldn't that large of an account occur huge losses dumping like that?  Then yes, he could go an double spend, he is technically capable of doing so, and do so with virtually no risk, but in doing so he crashes the whole system, NXT becomes worth nothing, and then there is no point in him double spending.  Am I missing something?  Yes, he has the technical ability to do so, but realistically doing so he would suffer huge losses.  Right?

Also, I am confused still about the origin account.  The public key is known.  I myself have logged into it just for the fun of it, but while I did so, it essentially became mine.  There are a lot of NXT haters.  NXT has been under DOS attack many times, but why hasn't somebody made an alternate chain from the origin account?  If what everyone is saying, that you just need access to an accounts keys to double spend, why hasn't it happened?  Or do I need to dump all my NXT right now?  I am really just a newbie, and I am pretty sure that 90% of the people discussing things on this page know more than me about crypto.  Surely, I haven't figured out a way to bring NXT down.  Or have I?  Please tell me if I have so I can dump! :-)

The fact that you gave some random percentages earlier does not qualify for an answer. current forging is around 20% and anything greater than that can be a source for attack. Giving random percentages does not change current facts.

Also the current 20%  will be less when more rational forgers (excluding the three enthusiasts controlling 50% of current stake forging) who will prefer to put the coins in better use... i.e. deposit them in a just-dice.com type of service to earn more. If such services/stock markets compete for capital you should expect the effective % stake for forging to be much much less

Unless the exchange has more than 50% of all coins, or is the only node, no.
Everything here is false and I already explained why, in the second half of my first post. I'm not replying to you anymore until you start reading what I already wrote on the topic.

What you are missing here is that you dont need 51% of stake and a person doesnt need to buy 10% of the tokens. Just needs access to token history of some %.... PoS can be even attacked by even less than coins given enough trials since the attacked incurs no costs by just trying. This account mints 1 out of 4 blocks (last 100 blocks) http://87.230.14.1/nxt/nxt.cgi?action=3000&acc=4747512364439223888     Do you think this person does not have the power to double spend again and again and again with 25% of the minting power? He can keep trying. No cost if he fails thousands of times...  That 25% minting power is just 5% of total stake.... Not sure if you understand the difference. Also using 5% to earn so small earnings for forging is probably uneconomical for the rational forger who will prefer to put the coins in better use... i.e. deposit them in a just-dice.com type of service to earn more. If such services/stock markets compete for capital you should expect the effective stake for forging to be much much less

DaT,

The NXT genesis account's pass phrase is well known.  (The first line of 1984.)  I wonder if a person could use that account that held 100% of coins and create an alternate chain?  

I am also a little curious about this 51% attack thing.  It has been explained that because not everyone is supporting the network, a person might only really need 10% of coins to take over a chain.  Please help me think this out.  To do this, I think there are only two options.  The first is a group of the original stakeholders, would have to meet and agree they would sell all their coins, and then try to attack the chain.  As of now, while most original stakeholders have sold a lot, they still have a ton, so much in fact that they can't really sell it all without completely crashing the market.  If it was crashed, then there is no point in trying to attack it with a double spend, right?  In fact, the whole action would be entirely against their self interest.  They would have to sell all their coins at rates far below what they would have gotten if they slowly unloaded.  The net profit in successfully pulling off the attack would actually be a huge net loss compared to acting more rationally, wouldn't it?  

Yes, it is possible for a a group or person to do a 51% attack, but is it realistic, even at 10%?  Right now for a person to buy up even 10% of NXT would be, $4,000,000 and that is IF they could buy it at market value, but to buy that much would surely cause a huge spike in price as the buyer would be buying out all the sell walls, and new walls would go up at even higher prices.  So in reality it would be much much higher than $4,000,000 to buy 10%, and then said buyer would have to offload their 10% which would cause a huge huge drop in price, probably crashing it to next to nothing.  All this so that they could try to double spend a few coins when now the market is basically bottomed out.  Does this make sense or am I missing something?

In either of these two cases, wouldn't huge red flags go up to the community, and that in itself, just knowing a person could double spend would make the price drop.  I remember with bitcoin one mining pool came close to 50% and the community went crazy.  

BTW, this thread is awesome.  hahaha

It offers orders of magnitude more security, because you need a big percent of market cap, not just mining power.

https://blockchain.info/stats
Total Miners Revenue $2,052,572.14
Market cap (coinmarketcap) $ 6,305,819,442

So in a perfect market, you can take control of bitcoin's network, for a day, at a bargain price of $2,052,572.14  + $0.01. That's 0.0326%. You can wait a bit for the next halvening and it's going to be even cheaper!  
Ok. Yet I'm pretty sure it's at least two orders of magnitude bigger... one exchange node would probably be enough to dwarf bitcoin's security.  

Maybe you should read the rest of my first post, and then later posts.

I'm pretty sure I have mentioned security.  

Then there's also lack of wasted energy, capital, and smaller market supply, because miners needs to sell the majority of coins to fund their operations. Mining is effectively a tax on all bitcoin users, almost a billion a year. You could run a small country on that.    

You may have rewards or not, but they are an implementation detail and can be different in each coin, using PoS or not.  

Thanks for your reply iruu! 
The very real problem you outline of centralization of miners is exactly the same or worse in a proof of stake system.  If miners can work together to become a nefarious majority, so can forgers.  In fact logistically it would be much easier for the forgers but that is a moot point: proof of stake offers nothing new here.   


Of course it is possible to rent hashpower or stake at cost.  We all know that cost and so bury our TXs under an appropriate number of blocks.  These are valuable resources so a market exists for them.  I fail to see the difference between hashpower and stake in that regard.   Remember also that the >50% attack is not >50% of all the hashing power (or stake) in the world, but only >50% of the current network rate.  For a PoS coin this is much lower than half of market cap.   

Perhaps you have some kind of proof of burn system in mind with this requiring losing stake?  If you wish to claim PoS is much much safer against 51% attack you need to outline an algorithm that closes the new holes introduced by PoS (deep chain re-orgs with old keys, resusing stake, good solution to choosing which stake gets which block) but also come up with some reason it is better (none is offered). 




Good point!  However, how do you intend to incentivise forgers if not with coinbase rewards and fees?  If you remove this "interest payment", do you think folks will still be interested?  I don't.   

It's quite unfortunate that generally the same topic is discussed in both places. Not sure what to do about it.  

PoS is just a consensus method for a currency. Distribution is an orthogonal topic.  

Where do you get these 99% stake stuff?
PoS coins use 10% of stake and dropping as economic activity goes up. Let alone that their profits are tiny to justify such big stake in minting (Just early adopters minting to support their system). If a real economy exists many will put their coins in more productive uses than minting and will not even care.
Many exchanges or early adopters of PoS coins currently have  stake history higher than current minting rate of PoS coins. Where is the security? This is a joke and not superior to PoW.  

Why do you assume all these nodes will be online at the time of the attack?

Why do you assume that lending will be something everybody will do? Why do you assume that it will not backfire giving one person extreme stake history who might not care about the coin at the present?

Why do you say lend your coins to a person you can trust if you want to build a trustless system?

What about the fact that coins get lost and later stakers will have less cummulative total stake available?

Why do you assume that the rest honest stakers (those not having their coins reversed) will not mint both chains?
As gmaxwell said a rational miner will mine both chains to maximize profit.

All PoS coins are very centralized in their stake distribution and dont forget that when you say they are decentralized. Let alone all the other reasons PoS coins are not decentralized.

It's not anti 99% attack, that simply shows you can't sell 99% of coins and then rewind if there's someone else. You still can force forks if you have >50%, but you can't force a fork if you sold them, because the buyer can also forge.

The whole point is that the cost of such attack is orders of magnitude higher than in PoW, as percent of market cap, especially in later stage, where there are only transaction fees.

You're really not enough providing enough explanation
For how your anti-99% attack system would operate.

Look, either the best chain is the one with the
most cumulative stake, or it's the one with the
Most stake owned at a particular point.

It can't simultaneously be both.

If you're talking about cumulative stake, then
a 51% attack could simply pass coins
Back and forth to himself.

And if it's about total stake as a point in time,
Then he wins with 51% anyway.

I would love to be wrong, but I don't think
There is any magic bullet here.

30% stake loses with 70% stake. That's the whole point.  

True chain confirmations example:
Alice's 30% -> same stake, buyer's 30% -> then someone (many someones) else with 35%, in effect
30%+35%, 30%+35%, 35%

later, even more stake.

False chain:
60%... nope, 60% < 65%, rejected.  

Now there may be a problem in practice, in that if there's not enough stake active it may take some time to destroy the illicit fork with big amounts.    
However, owners of the currency know it, so they should either run a full node for this very reason, or lend their forging to someone they trust. It's their money after all.
Zipf distribution seems to describe the wealth concentration best, so in fact it's practical.  

Even if you're pessimistic and say that's 20% of the coin is enough to fork a coin for several hours, that's still much larger security than in PoW! (as % of market cap).

The amount of full nodes in bitcoin doesn't mean anything here, as there's no comparable reason for bitcoin holders to run full nodes.

Proof of work is significantly inferior than proof of stake, for several reasons.
1. Centralization. Just look at the distribution of hash power. The problem is that mining has almost infinite economies of scale, logically leading to complete centralization eventually, ie. one mining actor. Had a powerful state wanted to destroy bitcoin, raiding a few mining farms is already trivial and cheap. The security of bitcoin depends on lack of political will.  

There are no economies of scale in PoS. There can be in some PoS implementations, but it's not characteristic of all PoS.  

2. Low and very expensive security. The miner doesn't have any economic interest in the currency per se, only in daily miners' revenue (new coins + fees). If at some point expected return on capital from acting against currency is higher than expected future miners' revenue, rational miner will become hostile.  
This is a much more serious problem if it's possible to rent vast amount of hash power, because then the costs for the attacker are drastically smaller.

Thus, on a perfect market with renting, the price for control of pow coin for time t is just a tiny bit more expensive than half of miners' revenue in time t. Hard to say what's the time required to significantly profit from damage, probably by using derivatives on coin's price. A day?

In comparison, attacking Proof of Stake currency requires losing the value of >50% of coin's market cap, which is a much bigger number than half of daily mining reveneus. PoS currency is much, much safer.  


That only works for the attackers which collectively owned 100% of coins at one point in time (one block), because otherwise, if at any point foreign coins are present, the stake of their blockchain is lower and their attack fails.

It's very important that PoS doesn't allow one to replay transactions from different blockchain into another one, otherwise it's indeed theoretically possible to buy different coins, sell them, then buy another different coins, and then replay all those transactions in a false block.
Note that attackers, by the act of selling their coins, confirm the true blockchain. Situation:

A sells all 99% of all coins on block x in chain A, effectively affirming this blockchain's validity as of block x-1.
Now A wants to rewrite the history, he creates block x without his transaction.
If he's the only forger and there are no transactions, the blockchains, up to and including x, are equal in validity, with 99% of stake behind them. After x, he can create new blocks in fake blockchain, the buyer can create blocks in true blockchain.  
However, if in true blockchain in block x or at any point later there's another stake involved, even a minuscule amount, his fake blockchain loses. A block x with 99% of stake followed with block x+y with 0.5% of stake means that block x is confirmed by 99.5% of stake.
A can't do anything.    

This invalidates the "nothing at stake" argument. Attacks are not free. You need to own the majority of stake, because creating a transaction confirms the blockchain.  

I'm sort of afraid that one of badly designed PoS currencies will be attacked by the way you described sooner or later, which will cause everyone to think that it's the fault of PoS in general.  

The amount of stake isn't reputation.

Proof of stake is a system for achieving consensus as to the state of balances. A proof of stake currency can have PoW method of distribution which plays no other role. Or any other method.  

Doesnt matter what you call it ... coin days destroyed, stake lending or transparent forging. The fact is that stake holders who owned and sold their stake they can repeat the same method and produce an alternate chain of the PoS coin and claim their stake back by showing more stake power. Old stake owners will always have an incentive to do that because of profit.

Add to the fact that increased economic activity will reduce the stake used for minting (which is already very low for PoS coins) and thus lower % of stake used to secure current chain it is a recipe for long-term disaster or eventual centralization. From central bankers to central programmers.