So there are vague notions that it is unsafe but nobody has a specific reason why?
The initial distribution is the biggest problem, I think. The thing about a proof of stake system is that until someone has coin, nobody can get coin. It operates more like interest than pay for work.
I do not really have a solution for that. But rich get richer really is how the world works.
Anyway I'm open to all the suggestions people come up with, but most of the obvious ideas fail in the presence of sybil attacks. All that it has to be is verifiable via software and not farmable. And there is nothing that requires that there be only one giveaway.
Topic: What challenges would a pure Proof-of-stake coin face? - page 2. (Read 5657 times)
There would be a series of giveaways to put coins out there in the universe to bootstrap the process; one thing I'm thinking of would be to pick a date in the bitcoin blockchain, then give people a fixed amount of time (maybe six months) to prove they owned a certain amount of bitcoin on that date and collect a proportional amount of the new coins. (no, there is no need to send any bitcoin anywhere, no need for an "exit address", no need to pollute the bitcoin blockchain with tiny transactions to prove ownership of the coins they come from, etc. Just demonstrate that you can decrypt a message encrypted with the key that represents that bitcoin, and that is enough.)
Now there's some creative thinking (!!)...
But with BTC you are getting largely Bitcoin Monolopists.
Instead, do exactly this with your choice of several Alt Coin blockchains...
And also make sure that these addresses have RECENTLY MINED AN ALT COIN...
That way you are bootstrapping with known, committed Alt Miners.
Yes the initial distribution of the coins is the problem. You'd end up doing a Ripple.
It won't work.
Oh and apparently CGB might go PoS only in time to come. They are still considering it though
Distribution would probably be your only problem
How would the coins be initially distributed? That's one thing I've never understood about a pure POS coin.
Edit (just read all the way to the bottom):
Um yeah, I see a problem with that. Wouldn't that just be a "and the rich get richer" situation? Anyone lucky enough to have a lot of bitcoins on a random/arbitrary date, will suddenly get a ton of new coins for free? That doesn't sound like a very fair distribution method.
Edit (just read all the way to the bottom):
There would be a series of giveaways to put coins out there in the universe to bootstrap the process; one thing I'm thinking of would be to pick a date in the bitcoin blockchain, then give people a fixed amount of time (maybe six months) to prove they owned a certain amount of bitcoin on that date and collect a proportional amount of the new coins. (no, there is no need to send any bitcoin anywhere, no need for an "exit address", no need to pollute the bitcoin blockchain with tiny transactions to prove ownership of the coins they come from, etc. Just demonstrate that you can decrypt a message encrypted with the key that represents that bitcoin, and that is enough.)
Does anyone see an obvious problem that will result in such an altcoin becoming unusable?
Does anyone see an obvious problem that will result in such an altcoin becoming unusable?
Um yeah, I see a problem with that. Wouldn't that just be a "and the rich get richer" situation? Anyone lucky enough to have a lot of bitcoins on a random/arbitrary date, will suddenly get a ton of new coins for free? That doesn't sound like a very fair distribution method.
I want to make an altcoin that runs on pure proof-of-stake. That is, with no significant "speed contest" for solving hashes or scrypt.
The desired result I have in mind is that each public key representing more than one coin that's been held more than a month is eligible to mine, where each attempt at mining has a chance of success proportional to the product of
The amount of coin that the key represents
The amount of time (in seconds) since the most recent block was found.
The mechanism for doing this would be that you multiply these things together, then multiply by the current 'difficulty', and that's your target. And this means you have to find a positive nonce less than the target which, when concatenated with the coin key and the signature on the most recent block, hashes to a value with some (fixed) small number of leading zeros. The 'difficulty' would be adjusted periodically to keep the rate of block generation consistent, but depending on the amount of coin that a key represents, you would have an opportunity to mine on that key (ie, a new nonce becomes acceptable for that key) once per hour or minute or second or whatever that the system goes without finding a block.
Anyway, if you mine successfully, you then need to collect some (four? six?) signatures from coin addresses that depend on the hash you found, so you don't get to pick people you're colluding with. Each 'signer' would be signing to the effect that yes, it is after the time when the nonce would become valid, and no, no other block with a lower nonce has been seen yet at the current block height. The signers would get a small share of the block reward. Any two blocks at the same height would be decided in favor of whichever hashed using the lower nonce.
There would be a series of giveaways to put coins out there in the universe to bootstrap the process; one thing I'm thinking of would be to pick a date in the bitcoin blockchain, then give people a fixed amount of time (maybe six months) to prove they owned a certain amount of bitcoin on that date and collect a proportional amount of the new coins. (no, there is no need to send any bitcoin anywhere, no need for an "exit address", no need to pollute the bitcoin blockchain with tiny transactions to prove ownership of the coins they come from, etc. Just demonstrate that you can decrypt a message encrypted with the key that represents that bitcoin, and that is enough.)
Does anyone see an obvious problem that will result in such an altcoin becoming unusable?
The desired result I have in mind is that each public key representing more than one coin that's been held more than a month is eligible to mine, where each attempt at mining has a chance of success proportional to the product of
The amount of coin that the key represents
The amount of time (in seconds) since the most recent block was found.
The mechanism for doing this would be that you multiply these things together, then multiply by the current 'difficulty', and that's your target. And this means you have to find a positive nonce less than the target which, when concatenated with the coin key and the signature on the most recent block, hashes to a value with some (fixed) small number of leading zeros. The 'difficulty' would be adjusted periodically to keep the rate of block generation consistent, but depending on the amount of coin that a key represents, you would have an opportunity to mine on that key (ie, a new nonce becomes acceptable for that key) once per hour or minute or second or whatever that the system goes without finding a block.
Anyway, if you mine successfully, you then need to collect some (four? six?) signatures from coin addresses that depend on the hash you found, so you don't get to pick people you're colluding with. Each 'signer' would be signing to the effect that yes, it is after the time when the nonce would become valid, and no, no other block with a lower nonce has been seen yet at the current block height. The signers would get a small share of the block reward. Any two blocks at the same height would be decided in favor of whichever hashed using the lower nonce.
There would be a series of giveaways to put coins out there in the universe to bootstrap the process; one thing I'm thinking of would be to pick a date in the bitcoin blockchain, then give people a fixed amount of time (maybe six months) to prove they owned a certain amount of bitcoin on that date and collect a proportional amount of the new coins. (no, there is no need to send any bitcoin anywhere, no need for an "exit address", no need to pollute the bitcoin blockchain with tiny transactions to prove ownership of the coins they come from, etc. Just demonstrate that you can decrypt a message encrypted with the key that represents that bitcoin, and that is enough.)
Does anyone see an obvious problem that will result in such an altcoin becoming unusable?
Jump to: