Which Proof of Stake System is the Most Viable - page 7.

mhps

hero member

Activity: 516

Merit: 500

CAT.EX Exchange

Quote from: jonald_fyookball on June 02, 2014, 11:50:04 PM

Quote from: mhps on June 02, 2014, 11:43:40 PM

once you decide to grow an alt-chain, because it gives you a chance to double spend, why not add yet another one? Doesn't it give you even more chance? Yes or no? It has to be yes.

Generally no, because you'd only be competing against yourself. If you are an attacker, you want to put maximum resources on building one best chain.

For Peercoin the POS mining (called minting) only happens once a second, lasting perhaps less than 100 microseconds (I guess). 99.99% of the time the computer is not minting. Maintain a 10-block altchain (in addition to the main chain) takes less than 100KB RAM (my guess). It doesn't cost that much. But the cost is not absolute zero, either.

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: mhps on June 02, 2014, 11:43:40 PM

once you decide to grow an alt-chain, because it gives you a chance to double spend, why not add yet another one? Doesn't it give you even more chance? Yes or no? It has to be yes.

Generally no, because you'd only be competing against yourself. If you are an attacker, you want to put maximum resources on building one best chain.

If you're talking about separate attacks (doing a double spend and then later, doing another one) that's another story.

mhps

hero member

Activity: 516

Merit: 500

CAT.EX Exchange

Quote from: jonald_fyookball on June 02, 2014, 11:02:54 PM

But I don't think peers operate this way. All chains except the best/longest are discarded.

If I'm an attacker, I wait until I have a long enough chain and then I broadcast it.
If peers think that is the best one, they will use it. And if they don't, they won't.
Either way, nothing increases exponentially for me.

The one longest chain is the main chain, most of the times. Most people don't bother to concurrent mine an alt-chain if they have to program it. If you have to program it you have to think if it's worth your effort. It is not absolutely nothing at stake. We are talking about "0 divided by 0" here (very small profit divided by very small cost). I don't know how profitable to grow only one chain. It should be studied in more details. But once you decide to grow an alt-chain, because it gives you a chance to double spend, why not add yet another one? Doesn't it give you even more chance? Yes or no? It has to be yes. Then how about another...? The logical end is the end of some kind of resource. You are saying the resource is your time and that limit the number of alt-chain to 1. That is fine. I hear your opinion.

Quote

The blockchain never becomes a block tree because that is moving in the opposite direction from consensus.
Everything quickly converges onto one chain when you have a proper mechanism in place like best chain wins.

Well then the attacker shouldn't even exist.

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: mhps on June 02, 2014, 10:56:15 PM

Quote from: DeathAndTaxes on June 02, 2014, 08:24:11 PM

I think you confuse linear with exponential. y = 2^x is exponential. y = 2x is linear.

If you have several peers who are all eager to extend every chain they see, your altchains will soon have their own altchains. The global blockchain becomes a blocktree. Every branch of the tree is the end of an alt-chain, being able to have its own branches.

It's y = some_constant^blocknumber. The constant is greater than 1.

But I don't think peers operate this way. All chains except the best/longest are discarded.

If I'm an attacker, I wait until I have a long enough chain and then I broadcast it.
If peers think that is the best one, they will use it. And if they don't, they won't.
Either way, nothing increases exponentially for me.

The blockchain never becomes a block tree because that is moving in the opposite direction from consensus.
Everything quickly converges onto one chain when you have a proper mechanism in place like best chain wins.

mhps

hero member

Activity: 516

Merit: 500

CAT.EX Exchange

Quote from: DeathAndTaxes on June 02, 2014, 08:24:11 PM

I think you confuse linear with exponential. y = 2^x is exponential. y = 2x is linear.

If you have several peers who are all eager to extend every chain they see, your altchains will soon have their own altchains. The global blockchain becomes a blocktree. Every branch of the tree is the end of an alt-chain, being able to have its own branches.

It's y = some_constant^blocknumber. The constant is greater than 1.

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: mhps on June 02, 2014, 08:12:59 PM

Quote from: ChuckOne on June 02, 2014, 01:14:31 PM

Quote from: jonald_fyookball on June 02, 2014, 10:31:13 AM

Quote from: mhps on June 01, 2014, 11:18:20 PM

Quote from: DeathAndTaxes on May 29, 2014, 12:36:22 PM

There would be no penalty. Lets look at the case of a majority and minority attacker separately.

An attacker with a minority of the stake will optimally support ALL chains including the main chain.
... There is nothing at risk precisely because he can support all chains in parallel simultaneously.

I think this is over simplifying. To support all chains one *will* run out of resource (RAM or CPU cycles or fan speed or electricity bill... the whole *POW* cost) soon because the number of forks increases exponentially if you start to tend all of them. Althought the cost per fork looks low, it might just be enough to overwhelm the tiny probability adjusted benefit (e.g. you have to double spend several million PPCs to make it profitable after trying it so long). I posted something here but like to hear feedbacks from others before going further. I think a simulation is needed to find out how exactly profitable this business is.

An attacker only needs to support the main chain and his own attack chains. I believe that is the meaning here.

Sure. The point of mhps is that the number of "own attack chains" can get really big in order to create the best chain.

Right. It's still exponential because your own attack chains also have a non-zero probability to branch into alt-chains. It's just cancer.

You want other concurrent miners to cooperate to accept your alt-chains so you don't have to fight the main chain yourself. Or do you (grow their chains when you don't have an direct interest in them)? I suspect the net effect of more non-cooperative concurrent miners is just bringing more compettion against themselves.

I think people are overcomplicating it. An attacker only needs one longest chain to attack. Sure you could run a multithreaded application and try simultaneous attempts to build the best longest chain but that's about it.

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

I think you confuse linear with exponential. y = 2^x is exponential. y = 2x is linear.

mhps

hero member

Activity: 516

Merit: 500

CAT.EX Exchange

Quote from: ChuckOne on June 02, 2014, 01:14:31 PM

Quote from: jonald_fyookball on June 02, 2014, 10:31:13 AM

Quote from: mhps on June 01, 2014, 11:18:20 PM

Quote from: DeathAndTaxes on May 29, 2014, 12:36:22 PM

There would be no penalty. Lets look at the case of a majority and minority attacker separately.

An attacker with a minority of the stake will optimally support ALL chains including the main chain.
... There is nothing at risk precisely because he can support all chains in parallel simultaneously.

I think this is over simplifying. To support all chains one *will* run out of resource (RAM or CPU cycles or fan speed or electricity bill... the whole *POW* cost) soon because the number of forks increases exponentially if you start to tend all of them. Althought the cost per fork looks low, it might just be enough to overwhelm the tiny probability adjusted benefit (e.g. you have to double spend several million PPCs to make it profitable after trying it so long). I posted something here but like to hear feedbacks from others before going further. I think a simulation is needed to find out how exactly profitable this business is.

An attacker only needs to support the main chain and his own attack chains. I believe that is the meaning here.

Sure. The point of mhps is that the number of "own attack chains" can get really big in order to create the best chain.

Right. It's still exponential because your own attack chains also have a non-zero probability to branch into alt-chains. It's just cancer.

You want other concurrent miners to cooperate to accept your alt-chains so you don't have to fight the main chain yourself. Or do you (grow their chains when you don't have an direct interest in them)? I suspect the net effect of more non-cooperative concurrent miners is just bringing more compettion against themselves.

ChuckOne

sr. member

Activity: 364

Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82

Quote from: jonald_fyookball on June 02, 2014, 10:31:13 AM

Quote from: mhps on June 01, 2014, 11:18:20 PM

Quote from: DeathAndTaxes on May 29, 2014, 12:36:22 PM

There would be no penalty. Lets look at the case of a majority and minority attacker separately.

An attacker with a minority of the stake will optimally support ALL chains including the main chain.
... There is nothing at risk precisely because he can support all chains in parallel simultaneously.

I think this is over simplifying. To support all chains one *will* run out of resource (RAM or CPU cycles or fan speed or electricity bill... the whole *POW* cost) soon because the number of forks increases exponentially if you start to tend all of them. Althought the cost per fork looks low, it might just be enough to overwhelm the tiny probability adjusted benefit (e.g. you have to double spend several million PPCs to make it profitable after trying it so long). I posted something here but like to hear feedbacks from others before going further. I think a simulation is needed to find out how exactly profitable this business is.

An attacker only needs to support the main chain and his own attack chains. I believe that is the meaning here.

Sure. The point of mhps is that the number of "own attack chains" can get really big in order to create the best chain.

ChuckOne

sr. member

Activity: 364

Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82

Quote from: mhps on June 01, 2014, 11:18:20 PM

Quote from: DeathAndTaxes on May 29, 2014, 12:36:22 PM

There would be no penalty. Lets look at the case of a majority and minority attacker separately.

An attacker with a minority of the stake will optimally support ALL chains including the main chain.
... There is nothing at risk precisely because he can support all chains in parallel simultaneously.

I think this is over simplifying. To support all chains one *will* run out of resource (RAM or CPU cycles or fan speed or electricity bill... the whole *POW* cost) soon because the number of forks increases exponentially if you start to tend all of them. Althought the cost per fork looks low, it might just be enough to overwhelm the tiny probability adjusted benefit (e.g. you have to double spend several million PPCs to make it profitable after trying it so long). I posted something here but like to hear feedbacks from others before going further. I think a simulation is needed to find out how exactly profitable this business is.

Interesting.

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: sumantso on June 02, 2014, 10:59:13 AM

Quote from: ThePurplePlanet on June 02, 2014, 08:55:19 AM

Quote

Miner is the one who decides what transaction to include or exclude. In effect it is controlled by 10 or so miners. 55k or whatever running their machines is immaterial. I guess you can see the problem now.

Pooling won't happen with DPoS. Sure, somebody can set up multiple delegates and keep his identity hidden, but pooling as such directly is not possible.

Besides in DPoS, anybody transacting is playing is part in securing. So in effect the shareholders has a direct say. In PoW like Bitcoin, the users don't have any say.

You need just one miner to include the transaction in block.. You may wait more though...

Dont understand DPoS (I ll have a look) but the rest of PoS are flawed in the core idea and will be controlled by the rich of the coin always... Can the hard cap idea of DPoS fight the total control of the rich over the coin? What is the advantage?

You're missing the entire point. Effectively 10 people have the power to choose what types of transactions to include. For instance tomorrow Ghash and 2 others may decide to leave out all Counterparty transactions, which means they are screwed. Do you, as a Bitcoin user, have any say in it?

They aren't screwed. The tx will still be included in blocks by other miners. Also the excluding miners will lose the tx fees and that will make them less competitive relative to other pools and if the actual miners disagree with that loss they will leave and the pool (and pool operator's profits) will shrink. Today fees are relatively small but as a % of total miner compensation they will only grow.

sumantso

legendary

Activity: 1050

Merit: 1000

Quote from: ThePurplePlanet on June 02, 2014, 08:55:19 AM

Quote

Miner is the one who decides what transaction to include or exclude. In effect it is controlled by 10 or so miners. 55k or whatever running their machines is immaterial. I guess you can see the problem now.

Pooling won't happen with DPoS. Sure, somebody can set up multiple delegates and keep his identity hidden, but pooling as such directly is not possible.

Besides in DPoS, anybody transacting is playing is part in securing. So in effect the shareholders has a direct say. In PoW like Bitcoin, the users don't have any say.

You need just one miner to include the transaction in block.. You may wait more though...

Dont understand DPoS (I ll have a look) but the rest of PoS are flawed in the core idea and will be controlled by the rich of the coin always... Can the hard cap idea of DPoS fight the total control of the rich over the coin? What is the advantage?

You're missing the entire point. Effectively 10 people have the power to choose what types of transactions to include. For instance tomorrow Ghash and 2 others may decide to leave out all Counterparty transactions, which means they are screwed. Do you, as a Bitcoin user, have any say in it?

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: mhps on June 01, 2014, 11:18:20 PM

Quote from: DeathAndTaxes on May 29, 2014, 12:36:22 PM

There would be no penalty. Lets look at the case of a majority and minority attacker separately.

An attacker with a minority of the stake will optimally support ALL chains including the main chain.
... There is nothing at risk precisely because he can support all chains in parallel simultaneously.

I think this is over simplifying. To support all chains one *will* run out of resource (RAM or CPU cycles or fan speed or electricity bill... the whole *POW* cost) soon because the number of forks increases exponentially if you start to tend all of them. Althought the cost per fork looks low, it might just be enough to overwhelm the tiny probability adjusted benefit (e.g. you have to double spend several million PPCs to make it profitable after trying it so long). I posted something here but like to hear feedbacks from others before going further. I think a simulation is needed to find out how exactly profitable this business is.

An attacker only needs to support the main chain and his own attack chains. I believe that is the meaning here.

ThePurplePlanet

full member

Activity: 144

Merit: 100

Quote

Miner is the one who decides what transaction to include or exclude. In effect it is controlled by 10 or so miners. 55k or whatever running their machines is immaterial. I guess you can see the problem now.

Pooling won't happen with DPoS. Sure, somebody can set up multiple delegates and keep his identity hidden, but pooling as such directly is not possible.

Besides in DPoS, anybody transacting is playing is part in securing. So in effect the shareholders has a direct say. In PoW like Bitcoin, the users don't have any say.

You need just one miner to include the transaction in block.. You may wait more though...

Dont understand DPoS (I ll have a look) but the rest of PoS are flawed in the core idea and will be controlled by the rich of the coin always... Can the hard cap idea of DPoS fight the total control of the rich over the coin? What is the advantage?

sumantso

legendary

Activity: 1050

Merit: 1000

Quote from: ThePurplePlanet on June 01, 2014, 08:22:12 AM

Quote from: sumantso on June 01, 2014, 07:29:07 AM

Quote from: ThePurplePlanet on May 31, 2014, 11:46:14 PM

All PoS coins are backed up misinformation, hiding facts and trolls.

Unlike bitcoin which clearly states all the attack vectors and problems on the wiki. I would prefer fiat than current PoS coins.

If you must choose one choose the one with most trolls and hype.

Just stating attack vectors without any solution is hardly useful. How would you solve the problem of Bitcoin being controlled by 10 or so miners?

Why is hardly useful? It is very useful. I may not be smart enough to find solutions or may not exist without compromising on decentralization. Decentralization is tough and I m sure has limits.

Not sure where you get your info but recently I read somewhere there are 55000 miners. (I think it was in the recent bitcoin conference in one of the videos) Is this what you mean? https://blockchain.info/pools?timespan=24hrs If yes these are pools and pools are not miners and pooling will happen with both PoS and PoW. If not can you point me to your sources? I would be interested..

Miner is the one who decides what transaction to include or exclude. In effect it is controlled by 10 or so miners. 55k or whatever running their machines is immaterial. I guess you can see the problem now.

Pooling won't happen with DPoS. Sure, somebody can set up multiple delegates and keep his identity hidden, but pooling as such directly is not possible.

Besides in DPoS, anybody transacting is playing is part in securing. So in effect the shareholders has a direct say. In PoW like Bitcoin, the users don't have any say.

mhps

hero member

Activity: 516

Merit: 500

CAT.EX Exchange

Quote from: DeathAndTaxes on May 29, 2014, 12:36:22 PM

There would be no penalty. Lets look at the case of a majority and minority attacker separately.

An attacker with a minority of the stake will optimally support ALL chains including the main chain.
... There is nothing at risk precisely because he can support all chains in parallel simultaneously.

I think this is over simplifying. To support all chains one *will* run out of resource (RAM or CPU cycles or fan speed or electricity bill... the whole *POW* cost) soon because the number of forks increases exponentially if you start to tend all of them. Althought the cost per fork looks low, it might just be enough to overwhelm the tiny probability adjusted benefit (e.g. you have to double spend several million PPCs to make it profitable after trying it so long). I posted something here but like to hear feedbacks from others before going further. I think a simulation is needed to find out how exactly profitable this business is.

ChuckOne

sr. member

Activity: 364

Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82

Quote from: sumantso on June 01, 2014, 07:27:33 AM

IMO, the hard cap is very important which others doesn't seem to find a key feature. [...]

Point is, why?

Quote from: sumantso on June 01, 2014, 07:27:33 AM

Wonder if it is at all possible to modify the Transparent Forging scheme to implement a limit.

Sure, if you explain the why.

lalakies23

sr. member

Activity: 266

Merit: 250

Peercoin of course. What kind of phony poll is this?

Brangdon

sr. member

Activity: 365

Merit: 251

Quote from: Eadeqa on May 30, 2014, 01:16:04 AM

Quote from: Brangdon on May 29, 2014, 04:08:57 PM

Quote from: Peter R on May 27, 2014, 04:34:04 PM

What is interesting to me is that in the (IMO very unlikely) event that Nxt has technical promise, then as soon as the code is open-source it will be possible to create Nxt-clone using the spin-off mechanism and immediately bootstrap the clone with a more efficient distribution than Nxt-original.

As I understand it, the Nxt code is modular. The core, including the PoS stuff, will be open-source, but some of the services built on top will not be. The Nxt devs believe a lot of their value is in the services - things like the Asset Exchange. So the clone won't include all of Nxt.

Asset Exchange is in the core and is open source.

Third party services (like muiltisig gateway for othjer cryptos) may or maynot.

Thanks for the correction.

ThePurplePlanet

full member

Activity: 144

Merit: 100

Quote from: sumantso on June 01, 2014, 07:29:07 AM

Quote from: ThePurplePlanet on May 31, 2014, 11:46:14 PM

All PoS coins are backed up misinformation, hiding facts and trolls.

Unlike bitcoin which clearly states all the attack vectors and problems on the wiki. I would prefer fiat than current PoS coins.

If you must choose one choose the one with most trolls and hype.

Just stating attack vectors without any solution is hardly useful. How would you solve the problem of Bitcoin being controlled by 10 or so miners?

Why is hardly useful? It is very useful. I may not be smart enough to find solutions or may not exist without compromising on decentralization. Decentralization is tough and I m sure has limits.

Not sure where you get your info but recently I read somewhere there are 55000 miners. (I think it was in the recent bitcoin conference in one of the videos) Is this what you mean? https://blockchain.info/pools?timespan=24hrs If yes these are pools and pools are not miners and pooling will happen with both PoS and PoW. If not can you point me to your sources? I would be interested..

Topic: Which Proof of Stake System is the Most Viable - page 7. (Read 25775 times)