Pages:
Author

Topic: Which Proof of Stake System is the Most Viable - page 7. (Read 25785 times)

hero member
Activity: 516
Merit: 500
CAT.EX Exchange
once you decide to grow an alt-chain, because it gives you a chance to double spend, why not add yet another one? Doesn't it give you even more chance? Yes or no? It has to be yes.

Generally no, because you'd only be competing against yourself.  If you are an attacker, you want to put maximum resources on building one best chain.

For Peercoin the POS mining (called minting) only happens once a second, lasting perhaps less than 100 microseconds (I guess). 99.99% of the time the computer is not minting.  Maintain a 10-block altchain (in addition to the main chain) takes less than 100KB RAM (my guess). It doesn't cost that much. But the cost is not absolute zero, either.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
once you decide to grow an alt-chain, because it gives you a chance to double spend, why not add yet another one? Doesn't it give you even more chance? Yes or no? It has to be yes.

Generally no, because you'd only be competing against yourself.  If you are an attacker, you want to put maximum resources on building one best chain.

If you're talking about separate attacks (doing a double spend and then later, doing another one) that's another story.
hero member
Activity: 516
Merit: 500
CAT.EX Exchange
But I don't think peers operate this way.  All chains except the best/longest are discarded.

If I'm an attacker, I wait until I have a long enough chain and then I broadcast it.
If peers think that is the best one, they will use it.  And if they don't, they won't.
Either way, nothing increases exponentially for me.

The one  longest chain is the main chain, most of the times. Most people don't bother to concurrent mine an alt-chain if they have to program it.  If you have to program it you have to think if it's worth your effort. It is not absolutely nothing at stake. We are talking about "0 divided by 0" here (very small profit divided by very small cost). I don't know how profitable to grow only one chain. It should be studied in more details. But once you decide to grow an alt-chain, because it gives you a chance to double spend, why not add yet another one? Doesn't it give you even more chance? Yes or no? It has to be yes. Then how about another...? The logical end is the end of some kind of resource. You are saying the resource is your time and that limit the number of alt-chain to 1. That is fine. I hear your opinion.

Quote
The blockchain never becomes a block tree because that is moving in the opposite direction from consensus.
Everything quickly converges onto one chain when you have a proper mechanism in place like best chain wins.

Well then the attacker shouldn't even exist.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
I think you confuse linear with exponential.   y = 2^x is exponential.   y = 2x is linear.

If you have several peers who are all eager to extend every chain they see, your altchains will soon have their own altchains. The global blockchain becomes a blocktree. Every branch of the tree is the end of an alt-chain, being able to have its own branches.

It's y = some_constant^blocknumber. The constant is greater than 1.

But I don't think peers operate this way.  All chains except the best/longest are discarded.

If I'm an attacker, I wait until I have a long enough chain and then I broadcast it.
If peers think that is the best one, they will use it.  And if they don't, they won't.
Either way, nothing increases exponentially for me.

The blockchain never becomes a block tree because that is moving in the opposite direction from consensus.
Everything quickly converges onto one chain when you have a proper mechanism in place like best chain wins.
hero member
Activity: 516
Merit: 500
CAT.EX Exchange
I think you confuse linear with exponential.   y = 2^x is exponential.   y = 2x is linear.

If you have several peers who are all eager to extend every chain they see, your altchains will soon have their own altchains. The global blockchain becomes a blocktree. Every branch of the tree is the end of an alt-chain, being able to have its own branches.

It's y = some_constant^blocknumber. The constant is greater than 1.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
There would be no penalty.  Lets look at the case of a majority and minority attacker separately.  

An attacker with a minority of the stake will optimally support ALL chains including the main chain.  
...  There is nothing at risk precisely because he can support all chains in parallel simultaneously.

I think this is over simplifying. To support all chains one *will* run out of resource (RAM or CPU cycles or fan speed or electricity bill... the whole *POW* cost) soon because the number of forks increases exponentially if you start to tend all of them. Althought the cost per fork looks low, it might just be enough to overwhelm the tiny probability adjusted benefit (e.g. you have to double spend several million PPCs to make it profitable after trying it so long). I posted something here but like to hear feedbacks from others before going further. I think a simulation is needed to find out how exactly profitable this business is.

An attacker only needs to support the main chain and his own attack chains. I believe that is the meaning here.

Sure. The point of mhps is that the number of "own attack chains" can get really big in order to create the best chain.

Right. It's still exponential because your own attack chains also have a non-zero probability to branch into alt-chains. It's just cancer.

You want other concurrent miners to cooperate to accept your alt-chains so you don't have to fight the main chain yourself. Or do you (grow their chains when you don't have an  direct interest in them)?  I suspect the net effect of more non-cooperative concurrent miners is just bringing more compettion against themselves.

I think people are overcomplicating it.  An attacker only needs one longest chain to attack.  Sure you could run a multithreaded application and try simultaneous attempts to build the best longest chain but that's about it.
donator
Activity: 1218
Merit: 1079
Gerald Davis
I think you confuse linear with exponential.   y = 2^x is exponential.   y = 2x is linear.
hero member
Activity: 516
Merit: 500
CAT.EX Exchange
There would be no penalty.  Lets look at the case of a majority and minority attacker separately.  

An attacker with a minority of the stake will optimally support ALL chains including the main chain.  
...  There is nothing at risk precisely because he can support all chains in parallel simultaneously.

I think this is over simplifying. To support all chains one *will* run out of resource (RAM or CPU cycles or fan speed or electricity bill... the whole *POW* cost) soon because the number of forks increases exponentially if you start to tend all of them. Althought the cost per fork looks low, it might just be enough to overwhelm the tiny probability adjusted benefit (e.g. you have to double spend several million PPCs to make it profitable after trying it so long). I posted something here but like to hear feedbacks from others before going further. I think a simulation is needed to find out how exactly profitable this business is.

An attacker only needs to support the main chain and his own attack chains. I believe that is the meaning here.

Sure. The point of mhps is that the number of "own attack chains" can get really big in order to create the best chain.

Right. It's still exponential because your own attack chains also have a non-zero probability to branch into alt-chains. It's just cancer.

You want other concurrent miners to cooperate to accept your alt-chains so you don't have to fight the main chain yourself. Or do you (grow their chains when you don't have an  direct interest in them)?  I suspect the net effect of more non-cooperative concurrent miners is just bringing more compettion against themselves.
sr. member
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
There would be no penalty.  Lets look at the case of a majority and minority attacker separately.  

An attacker with a minority of the stake will optimally support ALL chains including the main chain.  
...  There is nothing at risk precisely because he can support all chains in parallel simultaneously.

I think this is over simplifying. To support all chains one *will* run out of resource (RAM or CPU cycles or fan speed or electricity bill... the whole *POW* cost) soon because the number of forks increases exponentially if you start to tend all of them. Althought the cost per fork looks low, it might just be enough to overwhelm the tiny probability adjusted benefit (e.g. you have to double spend several million PPCs to make it profitable after trying it so long). I posted something here but like to hear feedbacks from others before going further. I think a simulation is needed to find out how exactly profitable this business is.

An attacker only needs to support the main chain and his own attack chains. I believe that is the meaning here.

Sure. The point of mhps is that the number of "own attack chains" can get really big in order to create the best chain.
sr. member
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
There would be no penalty.  Lets look at the case of a majority and minority attacker separately.  

An attacker with a minority of the stake will optimally support ALL chains including the main chain.  
...  There is nothing at risk precisely because he can support all chains in parallel simultaneously.

I think this is over simplifying. To support all chains one *will* run out of resource (RAM or CPU cycles or fan speed or electricity bill... the whole *POW* cost) soon because the number of forks increases exponentially if you start to tend all of them. Althought the cost per fork looks low, it might just be enough to overwhelm the tiny probability adjusted benefit (e.g. you have to double spend several million PPCs to make it profitable after trying it so long). I posted something here but like to hear feedbacks from others before going further. I think a simulation is needed to find out how exactly profitable this business is.

Interesting.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Quote

Miner is the one who decides what transaction to include or exclude. In effect it is controlled by 10 or so miners. 55k or whatever running their machines is immaterial. I guess you can see the problem now.

Pooling won't happen with DPoS. Sure, somebody can set up multiple delegates and keep his identity hidden, but pooling as such directly is not possible.

Besides in DPoS, anybody transacting is playing is part in securing. So in effect the shareholders has a direct say. In PoW like Bitcoin, the users don't have any say.

You need just one miner to include the transaction in block.. You may wait more though...

Dont understand DPoS (I ll have a look) but the rest of PoS are flawed in the core idea and will be controlled by the rich of the coin always... Can the hard cap idea of DPoS fight the total control of the rich over the coin? What is the advantage?

You're missing the entire point. Effectively 10 people have the power to choose what types of transactions to include. For instance tomorrow Ghash and 2 others may decide to leave out all Counterparty transactions, which means they are screwed. Do you, as a Bitcoin user, have any say in it?

They aren't screwed.  The tx will still be included in blocks by other miners.   Also the excluding miners will lose the tx fees and that will make them less competitive relative to other pools and if the actual miners disagree with that loss they will leave and the pool (and pool operator's profits) will shrink.   Today fees are relatively small but as a % of total miner compensation they will only grow.
legendary
Activity: 1050
Merit: 1000
Quote

Miner is the one who decides what transaction to include or exclude. In effect it is controlled by 10 or so miners. 55k or whatever running their machines is immaterial. I guess you can see the problem now.

Pooling won't happen with DPoS. Sure, somebody can set up multiple delegates and keep his identity hidden, but pooling as such directly is not possible.

Besides in DPoS, anybody transacting is playing is part in securing. So in effect the shareholders has a direct say. In PoW like Bitcoin, the users don't have any say.

You need just one miner to include the transaction in block.. You may wait more though...

Dont understand DPoS (I ll have a look) but the rest of PoS are flawed in the core idea and will be controlled by the rich of the coin always... Can the hard cap idea of DPoS fight the total control of the rich over the coin? What is the advantage?

You're missing the entire point. Effectively 10 people have the power to choose what types of transactions to include. For instance tomorrow Ghash and 2 others may decide to leave out all Counterparty transactions, which means they are screwed. Do you, as a Bitcoin user, have any say in it?
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
There would be no penalty.  Lets look at the case of a majority and minority attacker separately.  

An attacker with a minority of the stake will optimally support ALL chains including the main chain.  
...  There is nothing at risk precisely because he can support all chains in parallel simultaneously.

I think this is over simplifying. To support all chains one *will* run out of resource (RAM or CPU cycles or fan speed or electricity bill... the whole *POW* cost) soon because the number of forks increases exponentially if you start to tend all of them. Althought the cost per fork looks low, it might just be enough to overwhelm the tiny probability adjusted benefit (e.g. you have to double spend several million PPCs to make it profitable after trying it so long). I posted something here but like to hear feedbacks from others before going further. I think a simulation is needed to find out how exactly profitable this business is.

An attacker only needs to support the main chain and his own attack chains. I believe that is the meaning here.
full member
Activity: 144
Merit: 100
Quote

Miner is the one who decides what transaction to include or exclude. In effect it is controlled by 10 or so miners. 55k or whatever running their machines is immaterial. I guess you can see the problem now.

Pooling won't happen with DPoS. Sure, somebody can set up multiple delegates and keep his identity hidden, but pooling as such directly is not possible.

Besides in DPoS, anybody transacting is playing is part in securing. So in effect the shareholders has a direct say. In PoW like Bitcoin, the users don't have any say.

You need just one miner to include the transaction in block.. You may wait more though...

Dont understand DPoS (I ll have a look) but the rest of PoS are flawed in the core idea and will be controlled by the rich of the coin always... Can the hard cap idea of DPoS fight the total control of the rich over the coin? What is the advantage?
legendary
Activity: 1050
Merit: 1000
All PoS coins are backed up misinformation, hiding facts and trolls.

Unlike bitcoin which clearly states all the attack vectors and problems on the wiki. I would prefer fiat than current PoS coins.

 If you must choose one choose the one with most trolls and hype.


Just stating attack vectors without any solution is hardly useful. How would you solve the problem of Bitcoin being controlled by 10 or so miners?

Why is hardly useful? It is very useful. I may not be smart enough to find solutions or may not exist without compromising on decentralization. Decentralization is tough and I m sure has limits.

Not sure where you get your info but recently I read somewhere there are 55000 miners. (I think it was in the recent bitcoin conference in one of the videos)  Is this what you mean? https://blockchain.info/pools?timespan=24hrs  If yes these are pools and pools are not miners and pooling will happen with both PoS and PoW. If not can you point me to your sources? I would be interested..

Miner is the one who decides what transaction to include or exclude. In effect it is controlled by 10 or so miners. 55k or whatever running their machines is immaterial. I guess you can see the problem now.

Pooling won't happen with DPoS. Sure, somebody can set up multiple delegates and keep his identity hidden, but pooling as such directly is not possible.

Besides in DPoS, anybody transacting is playing is part in securing. So in effect the shareholders has a direct say. In PoW like Bitcoin, the users don't have any say.
hero member
Activity: 516
Merit: 500
CAT.EX Exchange
There would be no penalty.  Lets look at the case of a majority and minority attacker separately.  

An attacker with a minority of the stake will optimally support ALL chains including the main chain.  
...  There is nothing at risk precisely because he can support all chains in parallel simultaneously.

I think this is over simplifying. To support all chains one *will* run out of resource (RAM or CPU cycles or fan speed or electricity bill... the whole *POW* cost) soon because the number of forks increases exponentially if you start to tend all of them. Althought the cost per fork looks low, it might just be enough to overwhelm the tiny probability adjusted benefit (e.g. you have to double spend several million PPCs to make it profitable after trying it so long). I posted something here but like to hear feedbacks from others before going further. I think a simulation is needed to find out how exactly profitable this business is.
sr. member
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
IMO, the hard cap is very important which others doesn't seem to find a key feature. [...]

Point is, why?

Wonder if it is at all possible to modify the Transparent Forging scheme to implement a limit.

Sure, if you explain the why.
sr. member
Activity: 266
Merit: 250
Peercoin of course. What kind of phony poll is this?
sr. member
Activity: 365
Merit: 251
What is interesting to me is that in the (IMO very unlikely) event that Nxt has technical promise, then as soon as the code is open-source it will be possible to create Nxt-clone using the spin-off mechanism and immediately bootstrap the clone with a more efficient distribution than Nxt-original.  
As I understand it, the Nxt code is modular. The core, including the PoS stuff, will be open-source, but some of the services built on top will not be. The Nxt devs believe a lot of their value is in the services - things like the Asset Exchange. So the clone won't include all of Nxt.

Asset Exchange is in the core and is open source.

Third party services (like muiltisig gateway for othjer cryptos)  may or maynot.
Thanks for the correction.
full member
Activity: 144
Merit: 100
All PoS coins are backed up misinformation, hiding facts and trolls.

Unlike bitcoin which clearly states all the attack vectors and problems on the wiki. I would prefer fiat than current PoS coins.

 If you must choose one choose the one with most trolls and hype.


Just stating attack vectors without any solution is hardly useful. How would you solve the problem of Bitcoin being controlled by 10 or so miners?

Why is hardly useful? It is very useful. I may not be smart enough to find solutions or may not exist without compromising on decentralization. Decentralization is tough and I m sure has limits.

Not sure where you get your info but recently I read somewhere there are 55000 miners. (I think it was in the recent bitcoin conference in one of the videos)  Is this what you mean? https://blockchain.info/pools?timespan=24hrs  If yes these are pools and pools are not miners and pooling will happen with both PoS and PoW. If not can you point me to your sources? I would be interested..
Pages:
Jump to: