Topic: rpietila Altcoin Observer - page 79. (Read 387551 times)

Proof of cold can be used to at least mitigate if not eliminate the environmental cost and in fact to increase decentralization in a POW system. In a POW system if a use is found for the "waste" heat, and that use is only of value if decentralized, then the security of the network is still maintained. Proof of cold means putting the waste heat from proof of work to good use by displacing the energy otherwise used for space heating in cold climates. So for example a transaction in Melbourne, Australia where it is say 30C in January gets secured in Winnipeg, Canada where it is -30C in January.

With PoW an attacker might produce new miners and gain control of the network.
With PoS unless enough people sell to him their money, a "new" attacker just can't do anything.

(not implying there might not be other attack vectors)

This is not optimistic, this is very pessimistic.

PoW requires unbounded use of resources, which can and will scale up very much, even over the point of "no profit".
I'm not only talking about the energy used, but also about the old miners produced and thrown away.

We might end up realising PoW is the one and only "way to do that" (though I hope not), but that would be a very grim discovery.

PoS is environmentally safe.
Maybe it works, maybe it doesn't, maybe it will improve.
Maybe something else entirely will come (Proof of Burn anyone?).

In the end, if any safer method wins, it's better for everyone.

Interesting discussion.

The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it.

It's really explicit

'proof of' ... just the proof that work was done

'work' ... the expensive bit that protects the network. It has to be hard and expensive and require a lot effort and investment, that's our protection.

If the majority of work is controlled by honest nodes then the chain is safe. Not done by honest nodes, controlled by honest nodes.

So as long as the work is expensive (monetarily) and controlled by honest nodes, the network is safe.

If PoW is what we have, I'm fine with that too. I stongly dislike the way Bitcoin mining is headed though. I think everyone who isn't one of the few running one of these 9 figure operations must as well.

A billion people mining on their low powered mobile phones would be nice. As was discussed previously in this thread.

I betting within two years no one will be having this debate and PoW will have crushed everything else into oblivion.  

And I am also betting it won't be Bitcoin.

It will turn out that PoW is absolutely essential. Everyone will go "a ha" and that will be the end of the debate.

(I might be a bit too optimistic...we'll see...)

You're not wrong, but I fail to see how this doesn't apply to PoW as well. Someone could short/borrow a large amount of BTC and perform any sort of attack. It wouldn't even have to be a 51% attack to cause a massive crash. Someone providing as little as 25% of Bitcoin's hashrate going rogue and attempting double spends or doing any of the attacks outlined on hackingdistributed would cause a panic.

It would seem that PoS is inherently more resistant to the 'rich guy' attack. And as far as borrowing goes apparently NXT is implenting a change that would require someone to have 90% of the stake in order to fork(is that correct?). Keeping 10% of the total stake unborrowed seems like a reasonable challenge that can be met. That almost sounds too good to be true, so I'm pretty skeptical about a cryptocurrency that requires 90% consensus actually coming true.

If it's a question of what's more secure, I'm betting that within two years we'll have at least one working PoS system that's demonstrably more resistant to attacks than PoW. Maybe I'm just being optimistic, but it seems to be heading that way.

edit: Ah, you said at the end there that people are already starting to plan such things for Bitcoin. Which makes perfect sense and will likely be a major problem in the future. How would any cryptocurrency, no matter the type, survive when the financial benefit of attacking it is positive?

My apology. I had forgotten you were a programmer. I think you did mention the A.I. background to me but not the programming aspect. I messed around a bit with Lisp and A.I. in the 1980s.

Correct in that I am not a crypto-currency expert yet, but my whitepaper has been received well enough to credential me for a modest speaking role at the Hashers United Conference to be held in  Las Vegas this October. There is little new in the way of crypto that I bring to this community.

I am however a programmer with decades of Cobol and database experience in networked enterprise financial systems up to 1998. Subsequently I worked as a Lisp and Java programmer and project manager for Cycorp, a DARPA contractor performing artificial intelligence research. Now 8 years early retired from a salary job, I have drawn on both experiences, bringing a fresh approach to solving the problems Tim Swanson best describes in his recent book about Bitcoin.

Regarding the political and economic aspects of bitcoin, I am naively optimistic and defer to you on those issues.

Personally I think LTC will keep falling untill BTC is really "bubbling", look at the last two bubbles and compare them with the ltc/btc ratio.. Probably this is just a bulltrap for LTC or maybe they will move sideways for a little while

Here is the one-week resolution chart of LTC vs CNY from the liquid OKCoin exchange. The rightmost green candle could be a long-awaited trend reversal for litecoin prices, given the relatively high volume . . .

So what happens when the original bergstake holders die? I can see an attack here. Sell heavily discounted mining equipment to people with very low life expectancy, wait for them to die and then launch the attack.

It can't. Let them go ahead and waste their time (and probably other people's money). I have no desire to try to stop them from failing or doing another investment pump.

They will invent more and more verbose obfuscations of the fundamental issue of why PoS can't.

Btw, traditional financial systems are not fully decentralized.

Even if you did solve the insoluble issue of centralization as it applies to security of the block chain (in the most general sense where control to fork or influence the design of the system is considered an insecurity), you can never solve the problem that it doesn't redistribute coin from the accumulators in the power-law distribution of wealth back to the spenders, thus just like gold, it can never be a currency. The way society has solved that is socialism. PoW could in theory solve it by routing the debasement decentrally to the spenders, especially if the spenders are the ones mining (and no one seems to know how to make this happen but I think I do).

Nothing at Stake wasn't the problem. The argument that stakeholders won't destroy their investment is a red-herring strawman or off-topic! Our overlords who own our financial system now don't destroy their investment when they destroy us with their control of the financial system. Stakeholders can drive the system in directions that benefit the oligarchy, without destroying the double-spend security.

A Benevolent Dictator is preferable over an rent seeking oligarchy, because the latter can never do good due to a Tragedy of the Commons, at least former does sometimes (e.g. Julius Caesar).

PoS will always trend towards control by the accumulators in the power-law distribution of wealth. Even PoW does too unless you make mining uneconomic yet necessary. So that is why people have argued that it makes no difference and might as well use the one that consumes less energy and is more efficient.


Two very smart guys (cryptographers I believe), but my intuition is they lack holistic economics and political science understanding. They are math nerds.

SlipperySlope I believe is outside his field of expertise in crypto-currency. I don't think he is a cryptographer nor a programmer nor an economist nor a political scientist. He has an applied math background if I remember correctly, which is pretty general if considered in this context. If were in an applied math forum, I better shut up and listen more to him.

As I stated a month or so ago in this thread, I think people mis-estimate the ease of borrowing large amounts of money if you already have large amounts of money.

https://bitcointalksearch.org/topic/m.7689885

If you're a billionaire, you could borrow a billion dollars of a coin (or buy it outright, use it as rpietila said, and then re-sell), and if you worked through proxies, you could probably do it without people even realizing you'd done it.

Well hedged bets like this make people a lot of money.

Heck - you could even do the attack, make money off of it, and then short the currency hard as it looks like it's going to drop and then reveal that it was owned, causing it to collapse faster...

Adversarial finance is tricky.

And let me make this very concrete:  I've actually had a conversation along these lines with someone who works at a private investment firm.  It was speculative, and probably won't go anywhere, but don't think that people aren't already starting to plan for things like this in the event that bitcoin or foo-coin becomes successful.

The CPoS system is not yet deployed so we do not know its vulnerabilies, but it's design is very unlike existing PoS systems and so AnonyMint's criticisms of PoS would not apply. His other criticisms of how far incumbent special interests would go to stop the replacement of fiat would hold however.

When I first discussed proof-of-stake ideas with Bitcoin core developers, they said that solving the distributed consensus problem was the main issue. I thought about it and sidestepped that problem by starting with a conventional financial transaction network design and altering it to maximally preserve the Satoshi Social Contract and protocol compatibility with the existing Bitcoin network.  I designed geographic dispersion and non-affiliated node ownership to achieve resistance to government shutdown. I used a cognitive architecture to enable trust-free software agents to transparently operate the system. I achieve all the technical and performance advantages of a central mint, but avoid a single point of failure or trust by using a nomadic software agent to create new blocks.

There can be no 51% percent attack unless an attacker successfully impersonates a majority of the paid-for full nodes. CPoS makes this hard in the same way that VisaNet safeguards credit card transactions. CPoS full nodes are authenticated by X.509 certificates issued from the Texai certificate authority. All traffic between nodes is encrypted with TLS/SSL. Each CPoS full node does not use DNS to navigate the network, rather static IP addresses are securely transmitted offline. Private keys will be secured by hardware. A paid-for set of network operations centers will actively manage the network with regard to intrusion detection and mitigation.

In CPoS there is one canonical copy of the non-forking blockchain that paid-for full nodes will replicate. Volunteers may download CPoS software to replicate and verify the blockchain too. In CPoS there is no competition of miners to create the longest chain, rather the single nomadic mint agent creates new blocks for the whole network without competition, and at no effort. Bitcoind already has this no-effort PoW ability for regression testing.

There can be no Finney attacks because CPoS transactions are immutable once they enter the network. An issued transaction is routed directly to the nomadic mint agent's current full node along redundant paths. An acknowledgement of the accepted transaction is immediately broadcast into the network so that users know their transaction will be contained in the next block. This method also prevents lost or ignored transactions. Unlike the Satoshi Bitcoin network and its altcoin clones having best-effort volunteer full nodes, CPoS paid-for full nodes are high availability, high bandwidth, and rationally connected for maximum performance and redundancy.

There can be no double spends in the CPoS network because there is one canonical blockchain and issued transactions are routed to the nomadic mint along the fastest path. The CPoS is not peer-to-peer allowing full nodes to join and leave at will - rather it is a permanent network of peers with an optimal topology.

I am keeping proof-of-stake in the project title but my thinking is evolving away from using block rewards to pay dividends to existing coin holders. Users can migrate from PoW to CPoS forks because of features and transparent investment of the block rewards directly into making the Bitcoin Core and other infrastructure better.

-Stephen Reed

Yes, there is a mechanism to keep track which fork is correct. It's called Economic Clustering. But it will likely never be utilized, as getting private keys of 51% coins seems a much more insurmountable task than coercing 2-3 biggest PoW pool operators to follow a certain agenda. But EC will be there just in case, so yes, nodes can know which fork is correct and be in consensus. There is also a penalty in EC for forgers who forge on an incorrect fork.

No. You need the majority of stake in any point of time past, to forge all the history of the future from that point of time on. So any group who ever had 51% of the currency/votes/etc. can rewrite the history at will. Or any group that can coerce any group at any point of time. There is also no mechanism to keep track which of the forks is the correct one.

This is called NaS (nothing-at-stake) attack, because you risk nothing in the present (you may have sold your coins already) to destroy everybody.

With PoW, you permanently need a knowable amount of hashrate and still can accomplish very little really.

its not a currency, its locked onto the original address,  so only way to transfer is to share the private-key.  

The first question that comes to mind is how does one prevent the transfer of the bergstake?

Nothing-at-stake solved. 

http://satoshifantasy.com/bergstake-2/
http://satoshifantasy.com/breakoutcoin-with-bergstake/