Bitcoin Forum>Alternate cryptocurrencies>Altcoin Discussion
Pages:
Author

Topic: Which Proof of Stake System is the Most Viable - page 6. (Read 25752 times)

toast
sr. member
Activity: 1582
Merit: 253
Re: Which Proof of Stake System is the Most Viable
June 04, 2014, 11:57:48 PM
#228
Quote from: jonald_fyookball on June 04, 2014, 11:18:37 PM
Quote from: toast on June 04, 2014, 04:32:29 PM
Quote from: clout on June 04, 2014, 03:00:03 PM
This attack does not apply to DPOS...

Quote from: toast on May 27, 2014, 09:43:56 PM
Oh ok I understand this attack better now. Two questions then:

It seems like this affects NXT but not DPOS, because with DPOS once you miss a chance to produce a block it is gone forever - you cannot use old stake-votes to produce a longer chain if at least 51% of delegates have produced a block since then. Is this right?
Also, NXT claims that having clients reject chains built on anything but the most recent block they have seen solves not only this but 51%... this is true in theory but relies on unreasonable network connectivity assumptions. Is this right?

I was asking, not telling. It seems to me like it doesn't apply, but I'd like D&T or other anti-POS pros to explain if I'm wrong.

Not a pro (and not anti pos necessarily) but I will say this:  the extent you rely on delegation/supernodes as a security mechanism is also the extent you dilute the trustless nature of the system and erode true distributed consensus.  

Sure, but isn't it an improvement over bitcoin which effectively has delegated-proof-of-work with about 5 delegates selecting blocks on behalf of >80% of hash power?

Quote
So depending on the implementation there will be trade offs.  You could obviously eliminate the n.a.s. Problem with a central authority but that puts us back at square one.  If  the dpos uses an automated mechanism to resolve conflicts, then it probably can be attacked by false chains in a similar fashion to the other poS systems.

The fork resolution is automatic and is just determined by which chain has more stake-vote counted by delegate signatures.

Your next point is exactly what I'm asking - how would an attacker make a false chain using old keys with stake in them, if they cannot ever generate a sequence of delegates where they have more than N delegates in a row? Each round of delegate signatures is done without shuffling in between - if you only have 40% of the stake at any given time you cannot generate a round (~1 hour) where you have more than 40% of the delegates. Once an hour has passed, how would you make a false chain?
sunny2013
newbie
Activity: 6
Merit: 0
Re: Which Proof of Stake System is the Most Viable
June 04, 2014, 11:40:01 PM
#227
Peercoin  Smiley
jonald_fyookball
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Re: Which Proof of Stake System is the Most Viable
June 04, 2014, 11:18:37 PM
#226
Quote from: toast on June 04, 2014, 04:32:29 PM
Quote from: clout on June 04, 2014, 03:00:03 PM
This attack does not apply to DPOS...

Quote from: toast on May 27, 2014, 09:43:56 PM
Oh ok I understand this attack better now. Two questions then:

It seems like this affects NXT but not DPOS, because with DPOS once you miss a chance to produce a block it is gone forever - you cannot use old stake-votes to produce a longer chain if at least 51% of delegates have produced a block since then. Is this right?
Also, NXT claims that having clients reject chains built on anything but the most recent block they have seen solves not only this but 51%... this is true in theory but relies on unreasonable network connectivity assumptions. Is this right?

I was asking, not telling. It seems to me like it doesn't apply, but I'd like D&T or other anti-POS pros to explain if I'm wrong.

Not a pro (and not anti pos necessarily) but I will say this:  the extent you rely on delegation/supernodes as a security mechanism is also the extent you dilute the trustless nature of the system and erode true distributed consensus.  So depending on the implementation there will be trade offs.  You could obviously eliminate the n.a.s. Problem with a central authority but that puts us back at square one.  If  the dpos uses an automated mechanism to resolve conflicts, then it probably can be attacked by false chains in a similar fashion to the other poS systems.


toast
sr. member
Activity: 1582
Merit: 253
Re: Which Proof of Stake System is the Most Viable
June 04, 2014, 08:40:54 PM
#225
Quote from: ChuckOne on June 04, 2014, 05:21:43 PM
I still do not get the difference between TF and DPoS. They seem equivalent to me. Just newspeak so to say.

Very similar. DPoS lets you vote against delegates, has a cap per delegate, and and delegate order is determined once per round rather than after every block (you can't try to pick a "good" block to get you more than N blocks in a row if you don't own more than N delegates)
ChuckOne
sr. member
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
Re: Which Proof of Stake System is the Most Viable
June 04, 2014, 05:21:43 PM
#224
I still do not get the difference between TF and DPoS. They seem equivalent to me. Just newspeak so to say.
toast
sr. member
Activity: 1582
Merit: 253
Re: Which Proof of Stake System is the Most Viable
June 04, 2014, 04:32:29 PM
#223
Quote from: clout on June 04, 2014, 03:00:03 PM
This attack does not apply to DPOS...

Quote from: toast on May 27, 2014, 09:43:56 PM
Oh ok I understand this attack better now. Two questions then:

It seems like this affects NXT but not DPOS, because with DPOS once you miss a chance to produce a block it is gone forever - you cannot use old stake-votes to produce a longer chain if at least 51% of delegates have produced a block since then. Is this right?
Also, NXT claims that having clients reject chains built on anything but the most recent block they have seen solves not only this but 51%... this is true in theory but relies on unreasonable network connectivity assumptions. Is this right?

I was asking, not telling. It seems to me like it doesn't apply, but I'd like D&T or other anti-POS pros to explain if I'm wrong.
clout
full member
Activity: 207
Merit: 100
Re: Which Proof of Stake System is the Most Viable
June 04, 2014, 03:00:03 PM
#222
Quote from: jonald_fyookball on June 03, 2014, 04:03:39 PM
Quote from: clout on June 03, 2014, 03:56:49 PM


how could that be a problem. proof of work can be considered a proof of stake system in that you are proving your stake in the collective hashing power of the network. The value comes from the stake not from the cost of proving that you have stake. Thus,  the reduced cost of pos mining is not a problem but a solution.

If you don't understand the "nothing at stake problem" aka "very little at stake problem" go back and read this:

https://bitcointalksearch.org/topic/m.6982574


This attack does not apply to DPOS...

Quote from: toast on May 27, 2014, 09:43:56 PM
Oh ok I understand this attack better now. Two questions then:

It seems like this affects NXT but not DPOS, because with DPOS once you miss a chance to produce a block it is gone forever - you cannot use old stake-votes to produce a longer chain if at least 51% of delegates have produced a block since then. Is this right?
Also, NXT claims that having clients reject chains built on anything but the most recent block they have seen solves not only this but 51%... this is true in theory but relies on unreasonable network connectivity assumptions. Is this right?

ChuckOne
sr. member
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
Re: Which Proof of Stake System is the Most Viable
June 04, 2014, 01:33:09 PM
#221
Quote from: ChuckOne on June 03, 2014, 05:34:28 PM
Quote from: sumantso on June 03, 2014, 06:15:24 AM
Its like this, you can always get a single individual/group to set up up multiple pools in PoW/PoS, or multiple delegates in DPoS and grab more share than what it seems. But the hard cap means that it is more complex to get the same control.

Say, Ghash sets up another couple of pools anonymously (or maybe even does), or makes buddies with a couple of other big pools, then it already has control. In DPoS on the other hand, he/she/they have to go through a lot more trouble (some 50 delegates in case of BTSX) to get the same control.

Besides, say, a pool offers incentives, then everybody will naturally flock to it. Sure, at some they might start getting worried and not go, but as we have seen in the Ghash case, appealing to the better sense of the mining equipment owners doesn't work to well. They might not even be too worried about the long term health as they might be just looking at it as a business. In DPoS, the hard cap means such a scenario is not possible, and you have to also keep in mind that the users of the coin are the ones who are voting.

I think I see which direction you are coming from. But I do not clearly see how a hard-cap is going to solve the problem of a second pool under control of the very same real-world entity.

"A lot more trouble" Why? Are existing pools preferred before new ones?
mhps
hero member
Activity: 516
Merit: 500
CAT.EX Exchange
Re: Which Proof of Stake System is the Most Viable
June 04, 2014, 12:16:35 AM
#220
Quote from: jonald_fyookball on June 03, 2014, 11:38:11 PM
Quote from: mhps on June 03, 2014, 09:22:43 PM
Quote from: jonald_fyookball on June 03, 2014, 12:44:55 PM
Quote from: mhps on June 03, 2014, 03:37:57 AM
Quote from: jonald_fyookball on June 03, 2014, 12:50:04 AM
Quote from: mhps on June 03, 2014, 12:43:40 AM
once you decide to grow an alt-chain, because it gives you a chance to double spend, why not add yet another one? Doesn't it give you even more chance? Yes or no? It has to be yes.

Generally no, because you'd only be competing against yourself.  If you are an attacker, you want to put maximum resources on building one best chain.

For Peercoin the POS mining (called minting) only happens once a second, lasting perhaps less than 100 microseconds (I guess). 99.99% of the time the computer is not minting.  Maintain a 10-block altchain (in addition to the main chain) takes less than 100KB RAM (my guess). It doesn't cost that much. But the cost is not absolute zero, either.

Yes.  Maybe we should call it the "very little at stake problem"  Cheesy

Probably a "very little at stake profitless non-problem" Roll Eyes

Not a problem for Bitcoin, certainly.

We will see about that https://bitcointalksearch.org/topic/m.7120755
jonald_fyookball
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Re: Which Proof of Stake System is the Most Viable
June 03, 2014, 11:38:11 PM
#219
Quote from: mhps on June 03, 2014, 09:22:43 PM
Quote from: jonald_fyookball on June 03, 2014, 12:44:55 PM
Quote from: mhps on June 03, 2014, 03:37:57 AM
Quote from: jonald_fyookball on June 03, 2014, 12:50:04 AM
Quote from: mhps on June 03, 2014, 12:43:40 AM
once you decide to grow an alt-chain, because it gives you a chance to double spend, why not add yet another one? Doesn't it give you even more chance? Yes or no? It has to be yes.

Generally no, because you'd only be competing against yourself.  If you are an attacker, you want to put maximum resources on building one best chain.

For Peercoin the POS mining (called minting) only happens once a second, lasting perhaps less than 100 microseconds (I guess). 99.99% of the time the computer is not minting.  Maintain a 10-block altchain (in addition to the main chain) takes less than 100KB RAM (my guess). It doesn't cost that much. But the cost is not absolute zero, either.

Yes.  Maybe we should call it the "very little at stake problem"  Cheesy

Probably a "very little at stake profitless non-problem" Roll Eyes

Not a problem for Bitcoin, certainly.
mhps
hero member
Activity: 516
Merit: 500
CAT.EX Exchange
Re: Which Proof of Stake System is the Most Viable
June 03, 2014, 09:22:43 PM
#218
Quote from: jonald_fyookball on June 03, 2014, 12:44:55 PM
Quote from: mhps on June 03, 2014, 03:37:57 AM
Quote from: jonald_fyookball on June 03, 2014, 12:50:04 AM
Quote from: mhps on June 03, 2014, 12:43:40 AM
once you decide to grow an alt-chain, because it gives you a chance to double spend, why not add yet another one? Doesn't it give you even more chance? Yes or no? It has to be yes.

Generally no, because you'd only be competing against yourself.  If you are an attacker, you want to put maximum resources on building one best chain.

For Peercoin the POS mining (called minting) only happens once a second, lasting perhaps less than 100 microseconds (I guess). 99.99% of the time the computer is not minting.  Maintain a 10-block altchain (in addition to the main chain) takes less than 100KB RAM (my guess). It doesn't cost that much. But the cost is not absolute zero, either.

Yes.  Maybe we should call it the "very little at stake problem"  Cheesy

Probably a "very little at stake profitless non-problem" Roll Eyes
jonald_fyookball
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Re: Which Proof of Stake System is the Most Viable
June 03, 2014, 08:50:25 PM
#217
Quote from: ChuckOne on June 03, 2014, 05:36:42 PM
Quote from: jonald_fyookball on June 03, 2014, 12:02:54 AM
If I'm an attacker, I wait until I have a long enough chain and then I broadcast it.

There is no such thing as waiting for the best chain to show up and say hello.

You actually need to find it.

Lol.  Yep, I agree.
ChuckOne
sr. member
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
Re: Which Proof of Stake System is the Most Viable
June 03, 2014, 05:36:42 PM
#216
Quote from: jonald_fyookball on June 03, 2014, 12:02:54 AM
If I'm an attacker, I wait until I have a long enough chain and then I broadcast it.

There is no such thing as waiting for the best chain to show up and say hello.

You actually need to find it.
ChuckOne
sr. member
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
Re: Which Proof of Stake System is the Most Viable
June 03, 2014, 05:34:28 PM
#215
Quote from: sumantso on June 03, 2014, 06:15:24 AM
Its like this, you can always get a single individual/group to set up up multiple pools in PoW/PoS, or multiple delegates in DPoS and grab more share than what it seems. But the hard cap means that it is more complex to get the same control.

Say, Ghash sets up another couple of pools anonymously (or maybe even does), or makes buddies with a couple of other big pools, then it already has control. In DPoS on the other hand, he/she/they have to go through a lot more trouble (some 50 delegates in case of BTSX) to get the same control.

Besides, say, a pool offers incentives, then everybody will naturally flock to it. Sure, at some they might start getting worried and not go, but as we have seen in the Ghash case, appealing to the better sense of the mining equipment owners doesn't work to well. They might not even be too worried about the long term health as they might be just looking at it as a business. In DPoS, the hard cap means such a scenario is not possible, and you have to also keep in mind that the users of the coin are the ones who are voting.

I think I see which direction you are coming from. But I do not clearly see how a hard-cap is going to solve the problem of a second pool under control of the very same real-world entity.

"A lot more trouble" Why? Are existing pools preferred before new ones?
jonald_fyookball
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Re: Which Proof of Stake System is the Most Viable
June 03, 2014, 04:03:39 PM
#214
Quote from: clout on June 03, 2014, 03:56:49 PM
Quote from: jonald_fyookball on June 03, 2014, 12:44:55 PM
Quote from: mhps on June 03, 2014, 03:37:57 AM
Quote from: jonald_fyookball on June 03, 2014, 12:50:04 AM
Quote from: mhps on June 03, 2014, 12:43:40 AM
once you decide to grow an alt-chain, because it gives you a chance to double spend, why not add yet another one? Doesn't it give you even more chance? Yes or no? It has to be yes.

Generally no, because you'd only be competing against yourself.  If you are an attacker, you want to put maximum resources on building one best chain.

For Peercoin the POS mining (called minting) only happens once a second, lasting perhaps less than 100 microseconds (I guess). 99.99% of the time the computer is not minting.  Maintain a 10-block altchain (in addition to the main chain) takes less than 100KB RAM (my guess). It doesn't cost that much. But the cost is not absolute zero, either.

Yes.  Maybe we should call it the "very little at stake problem"  Cheesy

how could that be a problem. proof of work can be considered a proof of stake system in that you are proving your stake in the collective hashing power of the network. The value comes from the stake not from the cost of proving that you have stake. Thus,  the reduced cost of pos mining is not a problem but a solution.

If you don't understand the "nothing at stake problem" aka "very little at stake problem" go back and read this:

https://bitcointalksearch.org/topic/m.6982574

clout
full member
Activity: 207
Merit: 100
Re: Which Proof of Stake System is the Most Viable
June 03, 2014, 03:56:49 PM
#213
Quote from: jonald_fyookball on June 03, 2014, 12:44:55 PM
Quote from: mhps on June 03, 2014, 03:37:57 AM
Quote from: jonald_fyookball on June 03, 2014, 12:50:04 AM
Quote from: mhps on June 03, 2014, 12:43:40 AM
once you decide to grow an alt-chain, because it gives you a chance to double spend, why not add yet another one? Doesn't it give you even more chance? Yes or no? It has to be yes.

Generally no, because you'd only be competing against yourself.  If you are an attacker, you want to put maximum resources on building one best chain.

For Peercoin the POS mining (called minting) only happens once a second, lasting perhaps less than 100 microseconds (I guess). 99.99% of the time the computer is not minting.  Maintain a 10-block altchain (in addition to the main chain) takes less than 100KB RAM (my guess). It doesn't cost that much. But the cost is not absolute zero, either.

Yes.  Maybe we should call it the "very little at stake problem"  Cheesy

how could that be a problem. proof of work can be considered a proof of stake system in that you are proving your stake in the collective hashing power of the network. The value comes from the stake not from the cost of proving that you have stake. Thus,  the reduced cost of pos mining is not a problem but a solution.
jonald_fyookball
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Re: Which Proof of Stake System is the Most Viable
June 03, 2014, 12:44:55 PM
#212
Quote from: mhps on June 03, 2014, 03:37:57 AM
Quote from: jonald_fyookball on June 03, 2014, 12:50:04 AM
Quote from: mhps on June 03, 2014, 12:43:40 AM
once you decide to grow an alt-chain, because it gives you a chance to double spend, why not add yet another one? Doesn't it give you even more chance? Yes or no? It has to be yes.

Generally no, because you'd only be competing against yourself.  If you are an attacker, you want to put maximum resources on building one best chain.

For Peercoin the POS mining (called minting) only happens once a second, lasting perhaps less than 100 microseconds (I guess). 99.99% of the time the computer is not minting.  Maintain a 10-block altchain (in addition to the main chain) takes less than 100KB RAM (my guess). It doesn't cost that much. But the cost is not absolute zero, either.

Yes.  Maybe we should call it the "very little at stake problem"  Cheesy
jonald_fyookball
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Re: Which Proof of Stake System is the Most Viable
June 03, 2014, 08:21:53 AM
#211
Quote from: sumantso on June 03, 2014, 06:21:06 AM
Quote from: DeathAndTaxes on June 02, 2014, 12:35:14 PM
Quote from: sumantso on June 02, 2014, 11:59:13 AM
Quote from: ThePurplePlanet on June 02, 2014, 09:55:19 AM
Quote

Miner is the one who decides what transaction to include or exclude. In effect it is controlled by 10 or so miners. 55k or whatever running their machines is immaterial. I guess you can see the problem now.

Pooling won't happen with DPoS. Sure, somebody can set up multiple delegates and keep his identity hidden, but pooling as such directly is not possible.

Besides in DPoS, anybody transacting is playing is part in securing. So in effect the shareholders has a direct say. In PoW like Bitcoin, the users don't have any say.

You need just one miner to include the transaction in block.. You may wait more though...

Dont understand DPoS (I ll have a look) but the rest of PoS are flawed in the core idea and will be controlled by the rich of the coin always... Can the hard cap idea of DPoS fight the total control of the rich over the coin? What is the advantage?

You're missing the entire point. Effectively 10 people have the power to choose what types of transactions to include. For instance tomorrow Ghash and 2 others may decide to leave out all Counterparty transactions, which means they are screwed. Do you, as a Bitcoin user, have any say in it?

They aren't screwed.  The tx will still be included in blocks by other miners.   Also the excluding miners will lose the tx fees and that will make them less competitive relative to other pools and if the actual miners disagree with that loss they will leave and the pool (and pool operator's profits) will shrink.   Today fees are relatively small but as a % of total miner compensation they will only grow.

A system like XCP which is relying on the 10 minute blocktimes (even which is slow for a decentralised exchange), will be in a lot of trouble if the biggest miners decide to exclude their transactions. Point is the Bitcoin users, or even the ones running the mining equipment doesn't have any say in it. It just requires a couple of the miners to decide to leave them out and then XCP is in big trouble.

Just look in the XCP thread here where there was a big argument about this. I am not saying XCP is right or the couple of pool owners who engaged in the discussions were right. The point simply is there is no accountability, and the actual users and miners are dependent on the whims of a few.

I agree that excluding transactions could be bad in a 51% attack against bitcoin.
I would like to see more proposals like using sidechains or something to increase
The work an attacker would have to do to maintain a malicious mining monopoly.

sumantso
legendary
Activity: 1050
Merit: 1000
Re: Which Proof of Stake System is the Most Viable
June 03, 2014, 06:21:06 AM
#210
Quote from: DeathAndTaxes on June 02, 2014, 12:35:14 PM
Quote from: sumantso on June 02, 2014, 11:59:13 AM
Quote from: ThePurplePlanet on June 02, 2014, 09:55:19 AM
Quote

Miner is the one who decides what transaction to include or exclude. In effect it is controlled by 10 or so miners. 55k or whatever running their machines is immaterial. I guess you can see the problem now.

Pooling won't happen with DPoS. Sure, somebody can set up multiple delegates and keep his identity hidden, but pooling as such directly is not possible.

Besides in DPoS, anybody transacting is playing is part in securing. So in effect the shareholders has a direct say. In PoW like Bitcoin, the users don't have any say.

You need just one miner to include the transaction in block.. You may wait more though...

Dont understand DPoS (I ll have a look) but the rest of PoS are flawed in the core idea and will be controlled by the rich of the coin always... Can the hard cap idea of DPoS fight the total control of the rich over the coin? What is the advantage?

You're missing the entire point. Effectively 10 people have the power to choose what types of transactions to include. For instance tomorrow Ghash and 2 others may decide to leave out all Counterparty transactions, which means they are screwed. Do you, as a Bitcoin user, have any say in it?

They aren't screwed.  The tx will still be included in blocks by other miners.   Also the excluding miners will lose the tx fees and that will make them less competitive relative to other pools and if the actual miners disagree with that loss they will leave and the pool (and pool operator's profits) will shrink.   Today fees are relatively small but as a % of total miner compensation they will only grow.

A system like XCP which is relying on the 10 minute blocktimes (even which is slow for a decentralised exchange), will be in a lot of trouble if the biggest miners decide to exclude their transactions. Point is the Bitcoin users, or even the ones running the mining equipment doesn't have any say in it. It just requires a couple of the miners to decide to leave them out and then XCP is in big trouble.

Just look in the XCP thread here where there was a big argument about this. I am not saying XCP is right or the couple of pool owners who engaged in the discussions were right. The point simply is there is no accountability, and the actual users and miners are dependent on the whims of a few.
sumantso
legendary
Activity: 1050
Merit: 1000
Re: Which Proof of Stake System is the Most Viable
June 03, 2014, 06:15:24 AM
#209
Quote from: ChuckOne on June 01, 2014, 01:44:08 PM
Quote from: sumantso on June 01, 2014, 08:27:33 AM
IMO, the hard cap is very important which others doesn't seem to find a key feature. [...]

Point is, why?


Its like this, you can always get a single individual/group to set up up multiple pools in PoW/PoS, or multiple delegates in DPoS and grab more share than what it seems. But the hard cap means that it is more complex to get the same control.

Say, Ghash sets up another couple of pools anonymously (or maybe even does), or makes buddies with a couple of other big pools, then it already has control. In DPoS on the other hand, he/she/they have to go through a lot more trouble (some 50 delegates in case of BTSX) to get the same control.

Besides, say, a pool offers incentives, then everybody will naturally flock to it. Sure, at some they might start getting worried and not go, but as we have seen in the Ghash case, appealing to the better sense of the mining equipment owners doesn't work to well. They might not even be too worried about the long term health as they might be just looking at it as a business. In DPoS, the hard cap means such a scenario is not possible, and you have to also keep in mind that the users of the coin are the ones who are voting.
Pages:
Bitcoin Forum>Alternate cryptocurrencies>Altcoin Discussion
Jump to: