For people who don't know what this is (like me), they have a good FAQ explaining "Proof of Stake" vs "Proof of Work":
> In proof of work (PoW) based public blockchains (e.g. Bitcoin and the current implementation of Ethereum), the algorithm rewards participants who solve cryptographic puzzles in order to validate transactions and create new blocks (i.e. mining). In PoS-based public blockchains (e.g. Ethereum's upcoming Casper implementation), a set of validators take turns proposing and voting on the next block, and the weight of each validator's vote depends on the size of its deposit (i.e. stake). Significant advantages of PoS include security, reduced risk of centralization, and energy efficiency.
Yes, but the simplistic version of the argument is that any entity with such a large stake would be inherently incentivized to preserve the value of the currency and act in good faith.
My intuition is that this is a risky proposition. If an entity can benefit themselves $x by making a bad-faith transaction, but it only costs them $y such that $y < $x, it’s rational to do it even if the costs to others are orders of magnitude greater. As a concrete example, if Coinbase double-spent a transaction for $10m and had enough stake to make the network accept this, would it necessarily devalue the currency through loss of trust by enough to make this unprofitable? Is this true for all possible actions by a 51% stakeholder?
>Yes, but the simplistic version of the argument is that any entity with such a large stake would be inherently incentivized to preserve the value of the currency and act in good faith.
This logic is, as you say, simplistic. Anyone with such a large stake can cash out, and then use their former large stake to fabricate an alternative chain in which they did not cash out, forking the blockchain at the block just before they cashed out. Commonly proposed defenses against this (checkpointing) are limited because when new nodes enter the network, they are in a naive state where they do not know who to trust.
In a proof of work system, the entire blockchain can be validated by a naive node. Fraudulent blockchains could be constructed and fed to naive nodes, but they would be obvious forgeries because they would have to be constructed at lower network difficulties in order to generate blocks faster than the real network and become the longest chain.
In a proof of stake system, people who formerly had stake in the system can simulate fraudulent alternative histories forked at the point before they cashed out, and feed those histories to naive nodes. If enough naive nodes accept the alternative history, it becomes the accepted chain. The possibility exists that these former stakeholders might use some of their cashed out money to start up many nodes in the cloud and feed their alternative chains to those nodes.
The only real way to defend against this is to have trusted nodes coded into the protocol provide bootstrapping data to naive nodes. Once you do that, your network is no longer trustless.
> Anyone with such a large stake can cash out, and then use their former large stake to fabricate an alternative chain in which they did not cash out, forking the blockchain at the block just before they cashed out.
A trade this large is likely to crater the currency before it can be filled in the absence of trade volume so large its practically impossible for one stakeholder to act in the manner you describe.
> A trade this large is likely to crater the currency before it can be filled in the absence of trade volume so large its practically impossible for one stakeholder to act in the manner you describe.
They don't have to actually sell the currency; they can simply transfer it to another wallet they control, use their huge stake to manipulate the blockchain saying they now have original wallet + new wallet, effectively doubling their currency. Then, they can cash out slowly, over time, without cratering the currency.
Basically, this is like a secret money printing (double-spending) machine, although I would like to think that smart people would be able to detect the manipulation in some way or another.
My understanding of cryptocurrencies is rather limited, so maybe I'm wrong, but I dont see how this is possible. If you create a "fork" it will either include the transaction or not, how is it possible for them to somehow double the amount of ether they have?
1. Cashout - for example send coins to an exchange, sell them for other crypto, withdraw everything
2. Flood the network with transaction where your coin was transferred to your other wallet instead of exchange
3. There are two conflicting transactions, you want the network to select the one where coins stay in your hands. For PoW that requires 50%+ of CPU power, for PoS it requires to have significant % of all coins.
It is like brute forcing card chargeback - merchant had your money and they are gone and he can't do much about it. It makes exchanges more likely a target of double spending attack than the source. I guess higher deposit/withdraw delays&fees would make PoS attacks unprofitable.
Of course. Theory also allows us to exactly model the probability of such an attack succeeding.
The difference between a system that is provably secure and a system that is theoretically insecure but with no known practical attack is a pretty big difference. In the former case, your proof has to be wrong before you lose, in the latter, someone just has to think of something you didn't.
>In a proof of stake system, people who formerly had stake in the system can simulate fraudulent alternative histories forked at the point before they cashed out
No because atleast for Ethereum there will be a "point of no return", a number of blocks after which the blockchain history can no longer be altered except by the user manually switching chains.
Additionally, the system will encourage users to swap and share which chain they are on so that fraudulent chains can be detected easily.
> No because atleast for Ethereum there will be a "point of no return", a number of blocks after which the blockchain history can no longer be altered except by the user manually switching chains.
The problem is this: the large entity (e.g. exchange), who just cashed out, will spend the proceeds on thousands of VMs, all sending its fraudulent chain to new peers connecting to the network. In this case it will be the “good” nodes’ word against a majority of fraudulent “exchange”-nodes.
> Additionally, the system will encourage users to swap and share which chain they are on so that fraudulent chains can be detected easily.
How is this supposed to work when the fraudulent entity has more funds than the honest nodes, with which it can purchase nodes who vote for its fraudulent history?
>How is this supposed to work when the fraudulent entity has more funds than the honest nodes, with which it can purchase nodes who vote for its fraudulent history?
The answer is also for the previous part, ie, the "spend the proceeds on thousands of VMs.
The plan, AFAIK, is that users must pick a chain. The process is entirely in meatspace and subjective. So even if someone purchases a million dishonest nodes which have a wrong history, that doesn't mean shit if not enough people, real meatspace people, agree that it's the correct chain.
In case of a hostile takeover, this means starting a new chain is also super easy and can be done in a single day without any additional loss.
I linked you to an explanatory blogpost from the guy that came up with it since that might clear up things better than me trying to repeat what is said in the blogpost. That prevents me from needlessly repeating content.
I can't find where it describes anything like what you are talking about. I think you are using the link as a deflection of the fact that you don't understand how these attacks are mitigated, and in fact it doesn't appear that anyone in this thread has the answer either.
The blogpost does explain this if you bother to read it.
>And how do you determine how many meatspace people are voting for something? This problem was confronted by Satoshi and his answer was proof of work.
This is quite simple, people can agree on a representative in a democracy, hence it must be possible people will be able to agree on a blockchain to use.
As state previously in the thread, long range forks are not a concern as any state S with atleast N ancestor states will not allow any state S' to become valid if it is not a descendant of S. Therefore it can be concluded that after N blocks, a fork becomes impossible.
The remaining problem is therefore short-range forks caused by someone burning a lot of stake. Forking will inherently burn all your stake in the other chain while you burn everyone elses stake in yours. Any such fork attack then must last for more than N blocks to become permanent.
The blogpost dives a bit deeper into the fork prevention mechanisms but the TL;DR is that nodes will prefer keeping a chain over switching to a new chain significantly, going up exponentially as the new fork becomes older. In essence, a fork must take over the network almost immediately or the new fork will wither and eventually die out in favor of the original chain. (The speed of a fork is roughly a function of the time delay between the first and last node receiving a block in percent with respect to X, the amount of permanent control an attacker has)
The later part of the blogpost also explains that the weak subjectivity only poses a problem for nodes that have been offline for more than N blocks and in case an attacker can control large portions of the network for extend amount of time. It does not matter if a node sees 100000 other nodes with another chain until N blocks have passed or in the other prevention mechanism, the gravity of the new chain becomes greater than that of the current chain, which can take a while.
As suggested in the end of the blogpost, if a node stays offline for extended amounts of time, there is no safe way of knowing the state of the network, thusly the best option is to obtain a recent blockhash from a friend, a block explorer or their software provider. Human social interactions would be the prefered option, the trust on the network being in the right stake would thusly be equivalent to the trust you place in said friend. Or your software provider or blockchain explorer.
It can be argued that any entity which is sufficiently powerful to cause disruption over the chain consensus for longer than a year (the proposed value of N) then they will also be able to overpower any other proof of work algorithm or pursue alternative methods to disrupt the network.
Depends on their intent. It would be silly for an actor who wishes to maintain the value of their holdings, but if their goal was to destabilise the currency, it provides an attack vector.
They can't stake that ETH because their users may want to pull it out. Staking it means that you make it unavailable for use, and if you try to break the rules while staking you lose it.
They could probably stake some of it though, as long as there's no bank run situation.
> They could probably stake some of it though, as long as there's no bank run situation.
If there was even a hint that Coinbase was pulling any "fractional reserve" stunts, they'd lose the massive amount of credibility they have over less reputable exchanges. Reputation is the primary advantage Coinbase has.
Coinbase had yet to process wire withdrawls from over 13 business days ago.
What trust can you have in an exchange in which you cannot withdraw your money. Also I dare you to try and get a hold of support at Coinbase. Hint hint you can't.
I can attest to this. I filed a ticket over a week ago because I'm locked out of my account. It took them 8 days to reply with a canned response, then 5 more days to say they don't have an answer for me yet because they're so busy.
This isn't acceptable for what is essentially a bank that just raised $100M at a $1.6B valuation.
It seems several of the exchanges suffer from this. Are you already fully verified? Have you already withdrawn or is that the first time? Also are you in the US?
Fingers crossed, in my case I first verified everything, and both deposited and withdrew cash in the last couple of months. It wasn't quick, but it wasn't as long as 13 business days. More like 6-8.
Nope. I did a wire. I have called my bank and coinbase's bank and neither have seen the wire.
There's plenty of people online complaining that wires in and out of Coinbase from December 12-18th have yet to process. There's even a class action lawsuit being formed about it.
Surely they would have to be thoroughly pwned for that to be true? They claim that 98% of customer funds are in cold storage, and they ought to be raking it in on transaction fees and with BTC being up 1372% this year. They also raised a $100M Series D round in August. It's not impossible, but highly unlikely.
I assume I'm missing something obvious, but presumably there would have to be a big button labeled "Start ACH transfer" on the coinbase website, and if they don't support ACH transfers, they just wouldn't put that button there?
Only problem is: if Coinbase does this, they can offer a return on deposits — unlike exchanges who refrain from staking their users’ funds.
Additionally, Coinbase would be able to sell its future profits (from staking) in the futures market, and use the proceeds to honor an unexpectedly high demand for withdrawal.
But why would users want to withdraw? They’re making more money by having their funds deposited with Coinbase than if they stored it themselves.
We're using different definitions of "reputation" here. Coinbase has a good reputation in that, unlike Mt Gox, it appears to be run by adults and is highly unlikely to get massively pwned or do a runner with your money overnight. But it also has a bad reputation in that their support is abysmal and/or overloaded, and if you run into any sort of trouble with transactions, ID verification etc, it tends to take a very long time to sort out.
The standard answer for where to refer people to so they can buy or sell some coins without even a hint of shadiness or fly-by-night is Coinbase.
That doesn't mean that they're perfect, or that nothing ever goes wrong; it means that they're the highest-reputation exchange available, and that their primary selling point is that reputation.
Also, people happy with something post about being happy far less often than people angry with something post about being angry, because the latter have a problem/grievance to solve.
Not only do you need to "stake" your eth for ~a year or so (as is currently proposed), but if you do not act in good faith you burn your entire stake. This incentivizes you to act in good faith. With PoW, you act in good faith since the cost to 51% the network is very high when measured in compute power and electricity, but can be done multiple times and the cost may be worth the end result. The cost here would definitely not be worth it and would not be repeatable.
The idea is that, if a staker refuses to include a proof (digital signature) that it has staked on multiple chains, or double spent coins, the network will fork the chain to a new one which includes this proof.
How the network will reach consensus on then following this new chain is not clear to me.
Coinbase was operating at a loss last time I check, it's not like they can stake their user's ether funds. Also, the Ethereum addresses they create are intended not to be used for smart contracts
Way more energy efficient, but the "centralization" problem just shifts from the mining hardware, to the amount of currency you have. It assumes the majority of stakeholders act in good faith.
No. It's more efficient and simpler, but it requires a somewhat trusted network of good-faith actors.
Think of a git repository where the "core team" decides which commit is the new master by signing them, if a quorum (could be 51%, could be 66, whatever) agrees on a commit, it's the new master's HEAD. That's what a PoS is.
By the consensus of the stakeholders. Think git and signatures (blockchains are basically a degeneration of that), people agree what master is by signing the "master" commit, then everybody goes from that.
The proof of work of e.g. bitcoin is trust-less, but if you have trust (because you're working with a small group and you have legal regs or whatever) you don't need it, you just need a predefined quorum of stakeholders to agree.
I'm going to piggyback on your comment to present my unified theory of blockchain proof systems.
Start with proof of work. Now imagine that the vast majority of the cost is in the computers and the electricity is basically free. You've just derived proof of stake.
Start with proof of work. Now imagine that the vast majority of the cost is in the electricity and computers are basically free. You've just derived proof of burn.
Start with proof of burn. Now imagine that each burnt coin gets evenly redistributed to everyone as a dividend. You're back at proof of stake.
Start with proof of stake. Now imagine there's an amount of time that you must lock coins away to engage in stakeholding. Now set that time to infinity. You're back at proof of burn.
I think that's why he called it a 'piggyback'. If it resulted in a lot of conversation, I think it would commonly be referred to as a 'hijack' comment. He just responded to the top comment to try to get people's attention on some unrelated matter.
I've been trying to understand why PoS is an improvement over PoW. To me PoS seems like a weaker requirement on network control than PoW. Since PoW requires possession of actual physical hardware and electricity it should be more difficult to obtain than a virtual currency. To me moving from PoW to PoS is analogous to moving off of the gold standard and placing trust in the value of the currency with whomever possesses it.
It isn't a core tenant of PoW that the resources needed to participate are hard to get, it just so happens that if it is profitable to 'mine', the hardware needed will become scarce. That actually creates a problem, much like in the Bitcoin PoW algorithm, that its easy for the hardware production and ownership to become centralized.
PoW also requires large energy consumption as participants will inevitably enter a race to compute the fastest.
PoS has the benefit that you still lock away capital, much like in PoW, but rather than backing that capital by money put into hardware and electricity, you cut out the middle man and base the capital off of the value of the network token.
Pos also has added security benefits. Vitalik Buterin explains this very well: If someone attacks a PoW blockchain by getting 51+% of the hashing power, the network's only response to recover from the attack is to change the hashing algorithm. This will likely force the network to abandon ASICs since hardware wouldn't exist, and move (at least temporarily) to general-purpose CPUs/GPUs. As soon as the hashing can be done with general purpose computers, the game is over, and the attacker can attack forever without any extra loss of capital, other than electricity.
PoS has the benefit that the network can simply cause the attacker to lose their funds and no longer have a stake. If the attacker wants to continue the attack, they have to buy more of the network token to be equal to 51% of the staked value. This will cause a price increase. Each time the attacker attacks, the network will force them to lose their stake, and their money. The attacker won't be able to keep this going forever.
Who gets to choose who is an attacker? Are there limits in place that ensure only once someone owns 51% the can steal their funds? Who gets to decide what a single entity is? Sounds like a pretty huge centralized point of failure in my mind, but I'm admittedly pretty ignorant on the subject.
You're hitting on a critical point about cryptocurrencies that isn't widely understood yet.
Ultimately, the community of users and businesses at large decides. Cryptocurrencies are social contracts that are encoded in software. If everyone agrees that a rule should change, and updates their software in concert, then the rule de-facto changes.
In the absence of total agreement, the decision is made by whoever wins the political fight for user/business mindshare. It's also possible for the question to be answered two different ways (a longstanding fork occurs).
> Ultimately, the community of users and businesses at large decides. Cryptocurrencies are social contracts that are encoded in software. If everyone agrees that a rule should change, and updates their software in concert, then the rule de-facto changes.
That's called a chain split, isn't it? Usually there are people who follow the new protocol and people who follow the old protocol, so the currency splits into two.
But yeah if there's longstanding disagreement, there are two ways for it to go:
* Peaceable fork with replay protection, like Bitcoin Cash
* Fork that seriously fights for the same brand/userbase --- we haven't seen one of these in Bitcoin. Segwit2x would've worked that way, but was canceled
Actually that’s an example of a soft fork. When you change the rules to make them more restrictive (add limits, decrease block size, block addresses, etc) those running the old version will find the new blocks valid so will try to build on them and find their blocks to be rejected, but can keep running no problem and are incentivized to upgrade.
When you change the rules to be less restrictive (add operations, increase block size, etc) then any old version will reject the new blocks, so will keep running their own chain until they are upgraded, potentially forever if there’s demand.
In brief, an attacker is an agent or group of agents that execute a double-spend attack. In Ethereum's proposed PoS system, all stakeholders that collude in the double-spend attack would have their stake destroyed. These properties are automatically detectable, and once detected enforcement is automatic.
1. What if there simply isn't a quorum of the selected signers for a given block, due to people being on vacation, DoS, network failure, etc? Does the whole chain grind to a halt?
2. PoS relies on punishing anyone who signs a block that's not on the main chain. But who defines what the main chain is? If I'm a selected blockmaker or, worse, I control a quorum once, can't I forfeit my deposit to fake someone else out so they sign a block on my bad chain? Then I report both them and myself, bankrupting them and recovering some of my own losses?
3. This whole scheme penalizes cold wallet users. If you don't use your cold wallet funds as mining collateral, you lose the reward. If you do, then anyone who compromises your deposit signing key (which needs to be hot) can wipe you out and steal 1/3 of your deposit.
For your first question, if people are on vacation and there are no validators then Ethereum would be dead. It wouldnt make sense that the global pool of validators would disappear, but even so, it would wait I assume. IF half the validators left, it would choose from the other half.
2. THe main chain is currently defined as the longest defined chain fully validated. To fake someone out, you would need to tell them your vote for a block, and they would need to blindly vote the same without doing any due diligence on the block (which would defeat the purpose) and they would be rightfully burned. That is the same as a miner who just copies the work of other miners, they do nothing.
3. I dont understand this at all. You do not need to stake. You are rewarded but lose liquidity. It is your choice, just as lending compute was your choice with PoW.
Hopefully this is good, the link goes into a lot of detail that should clear things up!
I think one thing to consider is that there is economic disincentive against acquiring >50% of the network, and even more disincentive against attacking it once you have 51%+. You have to pay full value to get >50%, but Ethereum could lose absolutely all value if anyone gets to >50%, so whatever the investment to get that stake would go to zero. The issue is whether can malevolant entities or coalitions can reliably be detected.
> PoS has the benefit that the network can simply cause the attacker to lose their funds and no longer have a stake.
How will the network reach consensus on this? Why is it assumed that a well-coordinated network of decentralized nodes will exist independently of the attacker, and that this honest network partition will be able to reach consensus on which chain to follow?
> Each time the attacker attacks, the network will force them to lose their stake, and their money.
Again, how will this honest network partition coordinate their efforts to reach consensus on which chain to follow?
It seems like in all these scenarios, coordination by honest nodes is assumed, without giving any explanation as to how the nodes are able to reach consensus on which chain to follow of the many valid chains in existence.
>As soon as the hashing can be done with general purpose computers, the game is over, and the attacker can attack forever without any extra loss of capital, other than electricity.
acquiring that hardware (whether through direct buying or buying hacked machines) still costs money. it's just that it's easier to liquidate (compared to ASICs) when you're done the attack.
Or the cloud. Here is some math i did on it the other day:
digiconomist [0] estimates that current etherum mining cost is 1.3 billion a year, or 3.6 million a day, or 151,000 an hour, or 2,500 a minute.
Multiply by 5 for cloud on demand premiums and you could dominate the etherum network for an entire day for 18 million. You could also do it for free if you can manage to do it with stolen credit cards. I'm amazed it hasn't happened already.
Couldn't another response to someone attacking with 51% mining be to physically destroy their hardware? The Kuwait oil fires were a result of someone wanting to limit control of wealth production.
> Couldn't another response to someone attacking with 51% mining be to physically destroy their hardware?
Sure, if you can identify the location of the hardware and you happen to be a sovereign nation that can field the matériel required, who also doesn't have a problem instigating an international incident.
Now, if you're a single entity or a cartel of entities with the financial and technical resources to launch a majority of hash rate attack, you'll have considered what vectors a counter-attacker would attempt to come at you with.
For example, I expect the (simplistic) response to the hypothetical risk vector of "a physical assault on our mining hardware" to be migrated by distributing hardware across a number of data centers and pooling mining computations. Solved blocks are then propagated to the network through a single, obfuscated network node.
The idea of a dystopian government/force performing search and destroy operations on cryptocurrency miners sounds like a refreshingly novel idea for cyberpunk/sci-fi fiction writers.
PoW comes with huge energy and computation requirements that can make scaling infeasibly difficult. It's possible, but challenging, to design a PoS system that is secure and does not consolidate power in the hands of those that own the most currency. This document[0] has a good description of the arguments for PoS and an overview of the theory behind it.
I'll admit, that I don't have a complete understanding of the theory behind PoS systems, and there are certainly tradeoffs between PoW and PoS, but Vitalik makes the arguments that the benefits of lower energy consumption and quicker transaction fees outweigh the weakened guarantees. Whether you agree with him depends on your values with respect to Cryptocurrency.
No, the cost is NOT a necessary requirement for creating a secure network. Capital/stake is.
What you say is true for Proof-of-work: The more capital-intensive mining is, the harder the network is to attack.
One can say that PoW currencies are secured by a display of capital investment into mining. The stake is the electricity and hardware deprecation that goes into mining a block. Cost is used as a proxy for capital.
Proof-of-work takes the middle men out of this: You proof your capital investment (your stake) directly within the protocol.
> What you say is true for Proof-of-work: The more capital-intensive mining is, the harder the network is to attack.
Well I did say "It takes a certain amount of money $X to control 51% of a POW network." Not sure why there is an argument around PoS.
Did you mean PoS in your last sentence?
It isn't clear to me that PoS is much different, in the sense that you can imagine attacking the network by gaining a larger stake, enough to be "calling the shots on the truth" (ie silencing other stakeholders). There are other comments along these lines so I won't repeat the arguments here.
> It isn't clear to me that PoS is much different, in the sense that you can imagine attacking the network by gaining a larger stake, enough to be "calling the shots on the truth" (ie silencing other stakeholders).
I think we agree on this one: Proof of Stake and Proof of Work are both vulnerable to their respective 51% attacks.
But they are also (more or less) equally safe: If you don't have 51% of capital at stake/mining power, you cannot attack the network.
So, all things being equal, my argument is that PoS is advantagous because it requires fewer resources.
(This is expressed for example in the fact that the block reward with PoW needs to be much higher than with PoS to re-finance the same amount of capital investment. Because if proof of stake, you also get back your original capital.)
> protocol designers to fine-tune incentives and punishments
This is an interesting phrasing of one of the questions I have about the "decentralized" aspect of cryptocurrencies. I get that the context of the term is that it attempts to bypass the centralization of a fiat currency. But isn't it still centralized to those who develop the protocol itself?
Or is the agreement of the community a requirement of the protocol?
My heuristic seems to be that the precise protocol implementation decisions are analogous to the precise laws enacted by the centralized governments who provide the value behind mainstream fiat currencies.
- is the agreement of the community a requirement of the protocol?
Yes. Always with a choice of creating your own rules and convincing other to switch to them.
Decentralization in this context would mean different rules for every participant, which is not something that we want - an extreme example of individualism where everyone has different beliefs, so a group cannot accomplish anything.
You and the other commenter both quoted the same aspect about agreement of the community, so see my other response.
> Decentralization in this context would mean different rules for every participant, which is not something that we want - an extreme example of individualism where everyone has different beliefs, so a group cannot accomplish anything.
That is quite interesting, thinking of extreme individualism. But in thinking about that, isn't that what the entire ecosystem of cryptocurrencies is currently doing, and any one particular cryptocurrency itself is a point of centralization?
Again, I'm just tugging at a thread here, trying to understand how it's supposed to be even conceptually possible to be "decentralized". It just seems to me that we are talking about a different form of centralization - which may be a good thing! Possibly centralization of choice, as opposed to centralization with regards to physical location (i.e. which country you live in).
Yes, I instinctively agree with you. But what about sink investments? Also, what about borderline protocol implementation improvements? Death of a thousand papercuts...that kind of thing?
Does keeping the algorithm source in the open, which allows for forks when opportunity presents itself...is that pretty much the optimal strategy against any transaction protocol being abused?
>>The issue with PoS is that it just makes the rich richer, the more coin you already have, the more reward you'll get.
You're neglecting the fact that everyone can stake their ETH, whether they hold a bit or a lot.
The rate of return on all staked ETH is equal, so the rich don't see their total ETH grow faster than the poor. While it does grow in absolute terms, their holding stays the same size relative to the total ETH supply, which will grow at the same rate as their own holding.
Hmm, PoI seems almost identical to PoS, but with a 'weighting' calculation to determine 'importance' instead of using the raw value. PoD also seems also identical to PoS, but with a kind of 'gamification' element, whereby the amount staked can give you extra network privileges.
TBH, at least after a quick look, both PoI and PoD seem like they are PoS systems, just with some extra bells and whistles that could be added to any PoS system.
It does mitigate the risk of geographic centralization. It's not good for BTC security that a majority of the mining power is under the jurisdiction of a single nation state.
Yeah, why would smaller holders of ether would be excluded from PoS? Security probably. But it sucks that the small holders cant profit from their property.
Maybe there is a need to create a "cooperative" of sorts hodling the eth of many users and running PoS thus rewarding the owners. (like a pool but safety would be way more of an issue compared to PoW)
It feels a bit more risky than mining in a pool don't you think?
If a validator pool is hacked you loose your stake.
The equivalent in PoW world would be someone breaking in and leaving with all the GPUs of all the users of a pool, what I would consider not dooable for a large enough pool.
That's not how it works. When you stake your Ethereum, it gets locked up and can't be withdrawn.
When your staking time is up, then you can withdraw it. Smart contracts could be used so that multisignature wallets could be used which would prevent a hacker from taking funds provided to the mining pool.
I think a few friends and I are going to start a validator pool when time comes to switch over.
The validator pool sounds very interesting. Any experience of validator nodes for existing live PoS systems, in particular the costs of running (bandwidth costs, likely datacentre hosting costs, etc) vs rewards?
The only PoS system in live and large scale active use from I have read so far (still got a lot of reading to do though so could be missing lots) is NEO, and from what I can gather the validator nodes need a stake of 1000 GAS which is currently a little over USD30K, so there isn't such a compelling case for a validator pool compared with the proposed 1500ETH with current market value of over USD1M for the Ethereum proposal.
It is a much weaker requirement than PoW. Part of the reason PoS (a fitting acronym) is successful is because people are hysterical about Bitcoin's energy usage over time.
Rightly so. Bitcoin uses a lot of energy, and it's fair to worry.
But throughout history, people have always capitalized on fears to get something. Careful that you read these proposals with a skeptical eye.
There was an excellent comment on HN that unfortunately I can't dig up anymore, but it went into detail about why PoS has all kinds of subtle issues. Basic issues, like who gets what, can end up with weak guarantees.
It's important to remember that Bitcoin, for all its flaws, is almost unkillable. The sole way a government can kill it -- any government -- is to invest >$2B into getting >51% hash power, then launching coordinated malicious doublespends for the purpose of shattering faith in bitcoin.
That's it. There's no other way.
PoS weakens those guarantees, and before this gets pushed through, it's good to understand in detail what the tradeoffs are, and game out whether that could give centralization any advantages.
(And if they say there are no tradeoffs and PoS confers no advantage to centralization compared to PoW, maybe research it and decide for yourself.)
This whole auto-drop-my-comments-to-the-bottom censorship is really tiring and just a way to discourage certain people from contributing to HN. I've been a member here since day 2 of the launch of Startup News, and this feels quite unfair. My pleas for reversing this decision have gone unanswered, so I have no idea what to do about it other than rant periodically until I get banned. Nothing good will come of that, but it's just a completely bogus situation. (Yeah, moderation is hard, and I respect that, but jeez. My comments all start out at the bottom and stay there.) </rant>
All you did was wave your hands here. What trade off? What subtle disadvantages? What in PoS is weaker than PoW?
You assert these things exist without going into any of them. PoS is very new and complex and there are many differences between implementations, much more than in PoW.
Any dismissal you might have read would most likely been based on a previous version because the latest versions of PoS are quite new.
There doesn't always have to be a meaningful trade-off between different technologies that do the same thing. Is there a meaningful trade-off between a zipped wav file and one compressed with flac?
Please edit such incivility out of your comments here, regardless of how wrong someone else is. The last thing we need is flamewars about who's fudding.
> The sole way a government can kill it -- any government -- is to invest >$2B into getting >51% hash power, then launching coordinated malicious doublespends for the purpose of shattering faith in bitcoin.
How much hashing power resides in China? I was under the impression that it's >50%.
It would cost the Chinese government a lot less than $2B to raid all those farms and take their equipment.
I'm sorry man, I noticed that I've been downvoting your comments recently, and it's just because they don't seem very insightful to me. I don't think this comment, that is basically "PoS is weaker than PoW" without any argument is a good contribution to this thread.
It's nice that you took out some time to write up a bunch of lines detailing your opinion, but even in your own comment you acknowledge that you can't recall why exactly it is that PoS is significantly weaker than PoW.
Now I've read the Casper papers (the ones that are on the Github repository and are not yet complete I think), and I know that there's significant challenge in making a PoS that is actually solid, but I don't think it's impossible to figure out how to do it, and there are very knowledgeable and skilled people researching this topic so it's likely a suitable PoS will arise at some point.
If you'd actually been knowledgeable on this topic, you could have pointed out one of the weaknesses of Casper or any of the other PoS protocols, and I would've upvoted your comment, and then typed up a counter to it.
Now, I just get the feeling you're defending Bitcoin, which is an outdated technology which's only use is to be a store of large amounts of value, much like gold, against the new innovative technologies that are challenging it. Without even bothering to make a coherent argument, apart from describing some property of Bitcoin that we all already know.
To clarify, I don't mind the downvotes. What's going on here is that they tweaked the algorithm to specifically whisk my comments to the bottom, immediately, no matter what. Even if I had 12 upvotes, it would still appear at the bottom.
The complaint is that this is undocumented, unfair, and I have no recourse.
I've shown willingness to alter my behavior and conform to whatever they want out of me, and supposedly this is enough to reverse most decisions. They repeatedly say "We'll unban accounts if we think there's reason to believe they'll behave." I've gone through the email system and spent roughly three weeks complaining at them and asking whether this could be reversed, to no avail. They told me to stop spamming them, so I asked once more, shortly and politely. No response for a week.
So this isn't a ban – it's a ban on my ideas. No one is aware that my comments appear at the bottom because the system is set up that way, rather than because it's been fairly decided by the community that it should be there.
This, I feel, is a problem. It should at least be explicit, especially for longstanding members who are trying to participate in good faith. The reasons for doing this were less than clear, and it's hard to shake the feeling that they're simply picking on people.
I believe them when they say all they care about is the quality of HN, so I don't want to feel that they're just being bullies. But the outcome is much the same. I'm being stuffed in a locker because people other than me have decided it's the best place for me.
And yeah, that's pretty hilarious, so I don't really expect the situation to change. Especially not with hamfisted attempts at reversing it. But at least I can make some noise while I'm locked in there, partly for others' entertainment.
By the way, if you feel as I do that downvotes are broken on HN (in the sense that they don't really have much signaling power), you can run my Tampermonkey extension to hide them and hide your karma: https://news.ycombinator.com/item?id=14456200
Now, I completely agree that my comment was low quality. But that's exactly what you'd expect to happen if you remove someone's incentive to write well. Why would I possibly invest time in detailing any of those things you mention when it would just be pinned to the bottom anyway? May as well say something that's true but unsupported and not waste the time.
Hopefully I can figure out a way to get this reversed, but shrug.
Part of the irony is that after I was slowbanned back in early December (deservedly so, that time), I actually emailed them asking "Hey, while you're at it, will you tweak my comments so they show up at the bottom too?" I think I was just curious what it would be like, or if quality could stand on its own merits. They refused at the time, saying that it would be a bad idea because a good comment should be up at the top regardless of anything else. And Scott was right about that. This sucks, and when you remove the upvote incentives the whole system breaks. I have no reason to write anything here anymore.
The unsettling thing is that this seems like their objective. It seems true to say that they pick out people that they don't want to be on HN, and then crank various knobs until HN is just unfriendly enough to get them to leave. Them, specifically. Yummyfajitas seems like an example of this. But I'd rather assume that this is just a silly corner case (ha).
Regarding Bitcoin, I think Satoshi spent a lot of time figuring out a simple system that was impervious to shutdown. The tradeoff is energy. It's the first time in history that the byzantine generals problem (with sybil resistance) has been solved. And we should be careful not to stray too far from that fantastic success – not without carefully understanding and proving there are no unexpected tradeoffs.
The key aspect of Bitcoin is that you don't have to be too smart to understand it. A reasonably intelligent person can sit down with bitcoin.pdf and come away understanding exactly why it works. It takes maybe an evening of thinking to fully grok why it can't break, and the implications.
That doesn't seem true with PoS. And that seems at least worth being skeptical of.
If we find out that a state has spend billions in SHA256 equipment, and is censoring transactions, there will be a unanimous switch to another PoW algo, like SHA3. So there is really nothing a government could do to stop Bitcoin. It's a cat and mouse game and the cat has to have unlimited money just to stay in the run !
Kick the door in and physically shut down the equipment? Or more easily, cut off the power supply somewhere upstream?
Not wise to presuppose a State actor will play by the limited set of rules requiring them to spend billions on hashing equipment to shut down a crypto operation.
> The sole way a government can kill it -- any government -- is to invest >$2B into getting >51% hash power, then launching coordinated malicious doublespends for the purpose of shattering faith in bitcoin.
I am not a bitcoin expert at all, I'm actually only starting to look at these things, so I am a bit surprised you sound so confident when saying $2B, because my reaction was: that's all, 2 billion US dollars is all it take to take down Bitcoin? That's pocket money for the US government, and easily achievable for most private banks, very rich individuals and even organized crime.
> That's it. There's no other way.
Also, it seems to me that Bitcoin is based on softwares. Softwares have vulnerabilities. I guess of course if something big happens, like SHA256 being broken, we would have bigger problems than Bitcoin.
> 2 billion US dollars is all it take to take down Bitcoin?
Right -- this is one of the reasons why some people think PoS is better than PoW. Much more expensive to permanently attack in this manner.
Realistically, if Bitcoin were attacked in this manner, the community would probably respond by switching its proof of work function. If attacks continued, it'd probably end up doing PoS. So an actual attack might be much more expensive/likely to fail.
Weird, this seems like a valuable comment. I wonder what's going on. I hope you keep commenting.
Government regulation could drive Bitcoin underground inside a given country. Wouldn't be hard to imagine globalized regulation, a la the US treasury sanctions list.
It'd be tough to enforce a ban on cryptocurrency, but doesn't strike me as impossible. It's not hard to take out exchanges like Coinbase. Then could do sting operations to try to catch people willing to transact with Bitcoin in person, etc.
One exception: it might be very difficult to enforce a ban on using cryptocurrency to purchase services that are purely digital and don't require identity. No way to run a sting.
Can you clarify what you find valuable about it? I find it utterly hand-wavy, it calls people "hysterical", and then goes off-topic to complain about moderation.
Weird, this seems like a valuable comment. I wonder what's going on. I hope you keep commenting.
It was intentional. I would love to write more comments like https://news.ycombinator.com/item?id=7602457, but as of now there's no incentive. Exponentially less people see comments at the bottom, because everyone uses the [-] collapse button now to navigate between topics. Why would I spend 30 minutes (or sometimes an hour, it's a fun hobby) to write a good comment when it's simply pinned where <5% of people will see it after an hour or so?
My penalty stemmed from writing https://news.ycombinator.com/item?id=15884820. Some sort of penalty may have been warranted. HN probably isn't the proper place for that kind of discussion.
But they reacted – I think – by visiting https://news.ycombinator.com/item?id=15884400 and adjusting my "gravity" until that comment was near the bottom, or halfway down. And since that comment had ~20 upvotes, that means anything I write with less than 20 upvotes has absolutely no hope of getting anywhere near the top. Meaning it won't even gather any steam anymore.
Not only that, but I was originally slowbanned as well. There's a certain penalty that the mods use to discourage certain types of authors, where you can't post more than 5 comments every 3 hours. This is totally undocumented and took much experimentation to even figure out that's what the specific limit is. Imagine going to a bar and being able to only say 5 things every 3 hours.
Meanwhile I counted ~23 tptacek comments within a span of <2 hours. ~13 jacqusm comments within 3 hours. Etc. So I suddenly felt like I couldn't even respond to people anymore.
I sent a bunch of emails (often angry ones) to hn@ycombinator.com, and I don't blame them for basically writing me off and ignoring them. What incentive do they have to bother with one specific person? So I see their side of it too.
But I'm worried this is a trend. I used to periodically see hellbanned commenters complain about HN censorship and that they were excluded specifically for their politics. And I thought that was fine, and they should be. Their hellbanned comments certainly made it seem like HN would be better off without them. Good mods!
But I see now why people write like that after being penalized. You just sort of... Give up. What's the point in writing quality when no one will see it? There's no competition anymore, no fun. And it sucks that someone in the world with power decided that you, specifically, suck, and suck enough to merit exclusion.
I miss yummyfajitas. The mods made him feel unwelcome at https://news.ycombinator.com/item?id=14116601 and talked down at him https://news.ycombinator.com/item?id=14124379. And I don't really blame him for leaving. When it feels like the whole community wants something other than what you want, you migrate communities. I wonder where he's at now... Wherever it is, it's probably interesting.
FWIW I've been careful to frame all of this as fairly as possible. And in the spirit of fairness, here are the responses I received:
I took the rate limit back off. I put it on a few days ago because the subthread starting at https://news.ycombinator.com/item?id=15884820 was problematic. You're not solely responsible for that but commenters who create the initial conditions for these things carry more responsibility than the others, since the seeds of the problem are nearly always present in the initial conditions.
It's not a great idea to barrage us with emails because there's a lot Scott and I need to take care of and often we're just under load. As a good programmer you know what sending many messages into a system under load does. In addition to that, it makes us less rather than more interested in replying to you, because it feels like it would be unfair to the other emails who respect normal channels. I'm not saying this because it's in any way personal, just reporting how the dynamics work, since you said you find more information helpful.
Daniel
--
When I asked why this is fair or whether they simply don't like me,
You’re close. A lingering issue with your comments is that they can be more personal than the medium affords. When you’re writing to a large group of people on the internet, they’re not going to hear you in the way that people need to be heard. That needs to come from somewhere else. They’ll only be able to approach what you say from the group’s shared reality, and gaps get filled in with whatever’s going on in the reader. This is what dissolves discourse, and what we need to prevent on Hacker News. It’s why we say ‘substantive’.
Warmly,
Scott
--
Now, I'm pretty sure I'm just an idiot, but I have no idea what this means. All of this could have been avoided by simply saying "Hey, your comments on this topic are kind of annoying and not really a good fit for HN. Could you knock it off?"
I'd be like oh yeah, you're right, that makes sense. Sorry.
But no, apparently people are "not hearing me in the way people need to be heard."
So... shrug. Whatever. There are better things to worry about anyway. And really, I don't matter much, and neither did yummyfajitas. HN will go along fine without us. But it sucks to be sidelined.
The thing is, it was fun to write for HN, and to compete here. It was fun to have my ideas challenged and to find out I was mistaken. That's the whole point! There's no better place to figure out the truth.
But apparently mistakes are not allowed, and the response to making a mistake is to be gaslighted by putting your comments at the bottom without telling you and slowbanning you without warning until you just give up and stop coming back. I sent two more emails and got no reply.
I can only imagine how hard their job is. HN has exploded in popularity, and Dan and Scott are probably the only two people who are allowed to have access to hn@ycombinator.com. The emails sent to that address can be extremely sensitive at times. But that means it's a big scaling problem: judgements have to be swift, correct, fair, and balanced. And even at five minutes per email, they are probably spammed with a hundred emails every week. That adds up.
So yeah, I get why this happened. Really. I'm not really trying to make a fuss or complain much. This is just pent-up energy from missing HN. I've been on this site since I was 18, and it felt like a second home. Being "marked" as inferior by someone you respect is disheartening.
1. There is never going to be an opportunity for this to be on-topic. Someone expressed that they hoped I would continue writing, so it's not quite "entirely off-topic."
2. There is no recourse for those who have been banned or penalized.
3. I have tried to go through the normal channels and ask for an explanation.
4. I've been a member here for a decade, and typically that means something. Not a lot, but a little bit.
Part of HN's strength is its fastidiousness to these rules. But it's also a weakness. Isn't it convenient that the perfectly crafted ruleset just so happens to exclude any possibility of critiquing HN or asking "Hey, I'm in a situation that sucks, what should I do about this?"
So yes, feel free to simply not empathize. That's your right. And it's my right to continue causing trouble and escalating the situation until I get myself banned as a protest to overreaching moderation policies. I would rather go out fighting than be kicked repeatedly until I just get tired and quit.
(And whatever you say, you try writing HN comments when all of them immediately get whisked to the bottom and tell me it doesn't feel like a small kick each time it happens. Especially if you put effort into your writing, or care at all about quality.)
I can understand that you feel frustrated. That said, even just reading your comments here, some things are clear:
You do have recourse (email the mods), which you've used, and abused, both in quality and quantity by your own admission.
You've acknowledged that you've behaved in ways that are against the guidelines, and have ignored the feedback you've gotten and continued to post in ways that are against the guidelines.
You seem to be aware of these things yet apparently haven't taken them to heart or believe that they really don't apply to you. You've event acknowledged that if you continue behaving the way you are that you'll eventually get banned. Is that what you want to happen?
Posting on HN is not a right: it's a privilege.
Yet you can still potentially redeem yourself.
- Don't just post everything that comes to mind. You mention a few times in this thread that you spend time on your comments: spend more time, reviewing especially keeping in mind the feedback you've received with respect to behavior that's gotten you penalized. Do a dedicated review pass only for this, if necessary.
- Give yourself a month or two where you err on the side of not posting.
- In particular, besides keeping to the guidelines, in particular don't comment on downvotes or your penalties.
- Refrain from emailing the mods about your penalties during that period.
- Perhaps use the "delay" so you can give yourself more time to review and perhaps retract a comment before it's made public.
This might all across a bit harsh, but I do think you need to take what you yourself have written to heart and change your behavior if you want to continue posting on HN. And I hope you do! You appear to care deeply about this and are passionate about things you believe in. Those are good things when properly directed. It'd be a shame for you to be banned when it's important to you.
Every one of your points is true, and it's not that I disagree with you. It's that fighting fire with fire isn't ok.
If I was doing something they saw as an act of aggression, the answer isn't to then have a policy of acting aggressively towards me. Shoving my comments to the bottom automatically has certain implications, and it basically removes you from the community and turns the mods into bullies.
And I get that what I did may have warranted some sort of punishment, but at this point it's unclear what precisely triggered this or whether any of what you say is true.
If I deserved to get banned, then they should just ban me so I can move on.
My tiny protest is to simply upvote comments like yours. I often go looking through the post history to use my judgment whether it's trolling or someone who has sinned by expressing a controversial opinion. The official forum guidelines say "Be civil", so I use that as my rubric.
Oh, I just don't put in any effort or care about quality.
A serious suggestion: for a couple weeks, try evaluating every paragraph you are thinking about posting and deciding whether it is "meta" or not and then just omit the ones that are. See if this makes your HN experience worse.
Why would you totally dismiss his thoughts and secrets about HN as if they are farcical? I didn't know about the slowban or the other types. And now that I think about it.. similar things have been going on with my account. I think its gross to silently downmodulate people as if they are hormones in a bid to shut out their ideas. Maybe you take everything too relaxed and see HN as more of entertainment. In that case you should ignore his post. He said very meaningful things and shared little known knowledge. That means something..
Do you believe that a completely in-the-open forum would be manageable? By this, I mean things like:
- Everyone gets to see...
- who does the up/down votes.
- what any moderators' decisions/actions are
- what the algorithms for viewing real estate
- etc.
Some other aspects:
- The "forum" (and all inter-user communication) lives on a block chain-like merkle-DAG.
- The real estate algorithms would be customizable, i.e. you have varying views on the same data.
- The "forum" would also act as chat rooms, todo lists, picture galleries, and more...
This is a fascinating topic worthy of several blog posts. I've spent many years thinking about why HN and Reddit managed to succeed when all other communities failed. Much of it has to do with inertia, but part of it is design.
One of the central aspects of HN is that humans control it, and they have good taste. I don't think you can take either of those qualities away without sacrificing what makes HN good.
And part of that implies that any HN competitor needs to have those qualities in abundance – which means allowing them to wield real power, and not being constantly second-guessed by the community.
It's a tradeoff, and it's the "good king" problem. You want someone in power who wants to do the right thing, and who is capable of doing it well. But that's extremely rare.
Dan is close, and we're all lucky to have him. Scott is a close second. But their weakness is that they don't really participate on HN anymore. Neither of them post here, and we don't get to feel connected with them like we felt with pg in the early days.
I think I'm not alone in missing that connection. So my theory is that if another site springs up with similar characteristics to HN, but with actual humans running it – people you can actually strike up a conversation with – then those who are interested in good conversation will flock to it.
That requires being capable of executing that plan, which is the tricky part.
Thanks for the extensive response. There are a couple points I'll break it down (I'm also loquacious on occasion):
> One of the central aspects of HN is that humans control it, and they have good taste. I don't think you can take either of those qualities away without sacrificing what makes HN good.
What if the user could "control it", i.e. could pick and choose algorithms of how to present views of the same data? Since everything is in the light, you could also share these algorithms - just like you share a collection of browser extensions or editor color schemes, etc. So you could have the "HN algorithm" which has the characteristics you mentioned with the slow-ban, and upvote/downvotes.
Heavily weight certain user's tags (think of voting up/down in terms of raw tags, and the repercussions of voting as an interpretation of those tags). These users would be who "HN" is - in this case the two that you're mentioning. You could also incorporate AI/ML opinions: Sentiment Analyzer A/B/../N, Some Other ML Analyzer, Bob's Analyzer. The main thing is that you have a way of associating identities with opinions, and then creating a projection algorithm that projects stories based on those identities and opinions.
So interestingly, it would be humans running the platform, but enabling each individual user to create his/her own projection algorithms.
> I think I'm not alone in missing that connection. So my theory is that if another site springs up with similar characteristics to HN, but with actual humans running it – people you can actually strike up a conversation with – then those who are interested in good conversation will flock to it.
At some point, won't the volume of interaction with any individual human exceed the ability of that person to respond? Won't the mentions, responses, etc. eventually be too much to handle? Also, isn't the up/down voting what determines in this site what the definition of what the "good" in "good conversation" is?
> That requires being capable of executing that plan, which is the tricky part.
Darn skippy. The characteristics I mentioned above I've already got well grounded with ibGib and it's taken quite awhile. It's a merkle DAG-based open-data design that I've created. Only I didn't create it to be a blockchain, as I didn't know how blockchains worked and was only vaguely aware of Bitcoin's existence. I created it to be a distributed microservice architecture (again, I didn't know the term microservice...I came up with "autonomous service" 15 years ago - still have the whiteboard). I wanted a SuperMemo-like learning algorithm, but the ability to have all of the aspects of the algorithm measurable (not an easy thing), to maximize the learning process. I've been shaving the yak ever since and it turns out to be like some understand blockchain graph data stores to act.
It's not that your idea doesn't have merit. It does. I went down this path myself, in the beginning.
But if you game out the implications of this, the conclusion is that everyone will see a different front page. And that has a bunch of subtle implications.
Reddit tried it. It could work. But it makes for a divided community, or set of communities. You see this with the various subreddit wars.
Do you have an email I can chat with you more about this? Hit me up if you're interested.
I've started to respond a little bit to your conclusion of seeing different front pages. Note that the site seems to be a little slow at the moment (I'm not much of an optimized coder, as the underlying tech is hard enough - premature optimization and all that).
The usual explanation for how proof-of-stake works — compared to proof-of-work — is that it uses the scarce resource that is the chain’s own token, as opposed to the scarce resource that is electricity. The fundamental problem with this approach is that, in the absence of consensus, a token is not scarce at all — but rather its supply is unlimited — since infinitely many tokens exist on an infinite number of valid chains.
So, in order for a token to be limited in supply, consensus on which chain is the canonical one must already exist. Thus, proof-of-stake reaching consensus depends on consensus existing beforehand.
Scarcity of a digital decentralized token requires consensus on which chain to view as the truth. Therefore scarcity cannot be used as a requirement for reaching consensus.
Besides the lack of transaction scaling, the other slightly tough thing for me about cryptocurrencies is downloading many GB of data. If my Casper node is not a validator, does it still have to download the whole blockchain? Or can it operate on a smaller dataset?
Also does anyone know what the timeframe is supposed to be for sharding to be implemented or end up in an Alpha release? It seems that will probably also reduce the minimum storage requirements for most nodes in addition to increasing network transaction rates. Thanks.
I'm reading the paper looking for an answer. (as I'm hopping to be able to run a PoS node in the future)
As I understand PoS, for security to be achieved, you need to be able to lose a non trivial amount of ether. I guess the 1K5 ETH is designed to stay roughly above 1 million USD of stake.
This is the question and is there a way to lease/pool your coins to a validator if you have less than that because if not that basically sets up supernode-like behavior like Dash where the rich get richer. 1500 coins is currently 1.1 million USD
If it's not good enough for that little bit of a stake, you must provide incentives for others* to run it, and this is going create imbalances somewhere.
* - in a real sense, this is users, not-using, and offloading the work to those who would probably not actually use without incentive; the only difference between a PoW and a "put your money" type of stake, is that now you've added an entry fee that is hardly different than licensing (as in professional licenses, for various trades).
Will there be a 'fork' when PoS is released such that there will be 2 types of Ethereum after the split (one PoW and the other PoS), much like Ethereum and Ethereeum Classic?
NEM chain has a modified POS algorithm that not only takes in account the stake, but also the network effect of a node.
For instance a node with a high stake would need to move a lot of its stake around to overtake the network. I believe it uses an algorithm called EigenTrust++ and it has been working great for the last 2-3 years, since it was first coded into the chain.
If you want to checkout a PoS system that's been around for longer, https://decred.org has a hybrid PoW / PoS system which seems to get around a bunch of the issues listed here.
A very interesting project that aims to get high value from proof of stake is Omise Go
"We're looking to build the thing that will finally change the way money is handled the whole world over for the better, and leave a legacy that can sustain itself through all kinds of social and cultural changes. We're looking at accomplishing the spirit of the original Nakamoto vision of Bitcoin, the original Ripple vision (pre-blockchain Ripplepay), the original Paypal vision."
Have they completed scientific and adversarial review of the proposed guarantees and their respective proofs already? If I'd knew a flaw in Casper, I'd wait until the final release and deployment.
They have a series of formal proofs written by a mathematician to verify the staking algorithm, though that is only a small part of what is needed to secure a modern consensus system.
I'm interested in knowing which assumptions these formal proofs rely on.
My general point is that, without stating which assumptions lay ground to a formal proof, the statement that something has been "formally proven" conveys no useful information at all, since the assumptions in question can either make or break the proof (as in the case of WPA2).
Ok, in that case apologies for snapping back at you :) sounds like you are genuinely interested in the details
I'm no expert on ethereum POS, but afaik the proofs guarantee that when two conflicting blocks reach the "finalised" state then two thirds of stake are owned by parties that failed to follow a rule in the staking protocol and therefore their deposit can be forfeited. There are also proofs relating to validator cycling and long range attacks (which can never be completely prevented with POS, clients need to sync periodically to make sure they aren't receiving bad data)
I am also interested in the details. The critics in my comment was basically targeted towards them not releasing the technical details on their progress on Casper.
We already know there were problems with proof of stake consensus algorithms before. I would like to see them telling, that they solved them.
This article is full of problems, but the biggest one is failing to look at the global perspective:
While it is true that an individual miner/validator will be indifferent to spending money on electricity and mining equipment vs. purchasing coin to stake with, the difference between the two is a meaningful to non-miners/non-validators.
In the mining case, the miner is purchasing equipment and electricity that divert real resources away from the production of other goods and services.
In the validating case, the validator purchases coin, which causes prices of that coin to adjust upward. The economy keeps producing the exact same goods and services as if the validation activity did not exist (after a short dislocation, which would be very short in this case because few contracts are denominated in cryptocurrency).
So "nothing is cheaper than proof of work" is a true statement if you are a miner/validator. However, it is a false statement if you are cryptocurrency designer.
Obviously, it is easy to design a coin which is MORE wasteful globally than BTC. Instead of running on electricity and hashing, make it run on proof of extinction (verified in major newspapers) of critically endangered animals. The miners will spend time and energy doing terrible things to the planet, but they will spend no more money time or energy on it than they would have spent on electricity and ASICs. Why should it be impossible to design a currency that is LESS wasteful than proof of work?
I recommend against reading the truthcoin.info blog in general. This kind of wooly headedness is widespread, and the writing style is obtuse enough to make it hard to figure out exactly why the author is correct or incorrect.
>>In the mining case, the miner is purchasing equipment and electricity that divert real resources away from the production of other goods and services.
>>In the validating case, the validator is purchasing coin which simply causes prices to adjust and the economy keeps producing the exact same goods and services as if the validation activity did not exist (after a short dislocation, which would be very short in this case because few contracts are denominated in cryptocurrency).
The value diverted to coin purchases ultimately has a cost in goods and services. It diverts economic activity to non-economically productive activity in cycling capital into and out of deposits, which results in less liquidity.
I think Proof of Stake could potentially be better than Proof of Work, but the point about cost being equal across validation methods is correct in general in my opinion. There are specific circumstances where it is not true, like if producing the mining resource creates negative externalities.
Where I think the article is wrong is in neglecting other aspects of consensus algorithm efficacy, like the potential security benefits from Proof of Stake totally aligning the incentives of owners of mining capital (which in the case of PoS is the network coins) with the success of the network.
>>The value diverted to coin purchases ultimately has a cost in goods and services
This is incorrect, or rather it is incorrect that it is different from the Proof of Work example, so it should be discarded from the analysis.
Scenario 1) I work a paper route to purchase ASICs and electricity to bootstrap my mining business. The world got paper delivery out of me, and consumed some strained silicon and electricity for mining, which raised the costs of electricity and mining for other uses.
Scenario 2) I work a paper route to earn ETH to validate. The world is the same as in Scenario 1, but the strained silicon, fab time, expertise, electricity, etc. all went to work on other projects instead of mining equipment, leaving the world slightly richer. (Perhaps a startup was able to purchase microcontrollers for their new widget at slightly lower cost, improving the return on investment for their founders.)
Again, from a miner/validator perspective, PoW and PoS are the same, but from a global perspective, they are not.
>>Scenario 2) I work a paper route to earn ETH to validate. The world is the same as in Scenario 1, but the strained silicon, fab time, expertise, electricity, etc. all went to work on other projects instead of mining equipment, leaving the world slightly richer.
I provided a counterargument to this:
>>It diverts economic activity to non-economically productive activity in cycling capital into and out of deposits, which results in less liquidity.
> In proof of work (PoW) based public blockchains (e.g. Bitcoin and the current implementation of Ethereum), the algorithm rewards participants who solve cryptographic puzzles in order to validate transactions and create new blocks (i.e. mining). In PoS-based public blockchains (e.g. Ethereum's upcoming Casper implementation), a set of validators take turns proposing and voting on the next block, and the weight of each validator's vote depends on the size of its deposit (i.e. stake). Significant advantages of PoS include security, reduced risk of centralization, and energy efficiency.
https://github.com/ethereum/wiki/wiki/Proof-of-Stake-FAQ