
The Architecture of a Cryptocurrency - kushti
https://github.com/ConsensusResearch/Scorex-Lagonaki/blob/master/docs/components.md
======
sktrdie
I don't think there has been any empirical evidence regarding the idea that
proof-of-stake method can reach consensus, so I'm not sure about the quality
of this document. It is sort of implied, but in reality one can easily fake
_n_ chains and there would be no way for a peer to independently figure out
which one is valid. In proof-of-work a peer can always rely on the idea that
the chain with the most work is the valid chain.

Proof-of-stake is an interesting idea, but until I see empirical evidence
showing that it actually works, I remain skeptical.

Here's a good read on the subject:
[https://download.wpsoftware.net/bitcoin/pos.pdf](https://download.wpsoftware.net/bitcoin/pos.pdf)

~~~
kushti
Author is here! Here's my feedback and discussion with Poelstra
[https://www.reddit.com/r/Bitcoin/comments/2zpmlj/expanded_re...](https://www.reddit.com/r/Bitcoin/comments/2zpmlj/expanded_rewrite_of_distributed_consensus_from/cplj4ug)
.

There's no any formal proof of consensus (im)-possibility around. But we have
some cryptocurrencies successfully working for years already(despite promises
to hack them easily), also there're some simulations around, e.g. ours
[https://github.com/ConsensusResearch/ForgingSimulation](https://github.com/ConsensusResearch/ForgingSimulation)
and
[https://github.com/ConsensusResearch/MultiBranch](https://github.com/ConsensusResearch/MultiBranch)
(corresponding articles [https://github.com/ConsensusResearch/articles-
papers](https://github.com/ConsensusResearch/articles-papers) ). I hope more
formal framework will be established someday, and would be happy to help with
that(I can contribute with Coq code etc).

~~~
sktrdie
There's a proof in Bitcoin's paper that shows the probability of someone
catching up with the main chain. That's actual real data that we can measure.
Of course nothing's 100% true in the real-world, but with PoW you get very
real numbers on the probability of someone catching up, which decreases
drastically after each confirmation.

On the other hand with PoS I still haven't seen any data whatsoever. I asked a
simple question: since there's no cost for someone to simulate a chain, what's
stopping peers from doing this? I know there are checkpoints and things like
Nxt don't allow deep reorgs, but for new users joining the network it means
you need to point them to trusted parties that can give them this information:
they can't trust the chain independently.

~~~
kushti
In the first place, by using modern ASIC it's possible to draw a chain from
the genesis having no difficulty changes(by setting proper timestamps), and it
will be longer than network's probably as latter has delays more than 10 mins
pretty often. So Bitcoin has checkpoint as well (
[https://github.com/bitcoin/bitcoin/blob/86cfd23f68367af07250...](https://github.com/bitcoin/bitcoin/blob/86cfd23f68367af072500b1758a4c446cdd36e74/src/chainparams.cpp)
).

In the second place a chance of drawing a long chain suffix with cumulative
difficulty better than network's is negligible. Short-range attacks are
possible, but they are not a huge problem. Please read the forum post with
some results got with simulations
[https://bitcointalk.org/index.php?topic=897488](https://bitcointalk.org/index.php?topic=897488)

~~~
sktrdie
What do you mean? If I look at the latest block hash and difficulty I can
actually measure how much hashing power went into finding such block (and it's
a lot). How would you simulate that with timestamps?

~~~
sktrdie
@kushti I think you might have misunderstood how the consensus protocol works
in Bitcoin. It's not the longest chain, but the one with the most work put
into it that is accepted.

~~~
sktrdie
@kushti sure:

[http://bitcoin.stackexchange.com/questions/936/how-does-a-
cl...](http://bitcoin.stackexchange.com/questions/936/how-does-a-client-
decide-which-is-the-longest-block-chain-if-there-is-a-fork)

[http://bitcoin.stackexchange.com/questions/29742/strongest-v...](http://bitcoin.stackexchange.com/questions/29742/strongest-
vs-longest-chain-and-orphaned-blocks)

Pieter Wuille is a core developer afaik: "The actual rule always favors the
chains which required the most "work"."

~~~
kushti
@sktrdie Thanks for the links! Ok it seems at the moment Bitcoin uses some
kind of a cumulative difficulty.

P.S. Joining a network is implemented in the same way usually for both PoW/PoS
currencies.

~~~
sktrdie
By the way, if you're aware of any peer-reviewed papers out there that explain
how PoS works, I'd be interested in reading them. Academia has been quite shy
on the subject.

~~~
kushti
Unfortunately, I dont' know any peer-reviewed proof of PoS (im)-possibility,
threat model etc. Time is needed here probably, we got good formal framework
of PoW only in 2014, 5 years after Nakamotos' WP(I mean Backbone's paper
[https://eprint.iacr.org/2014/765.pdf](https://eprint.iacr.org/2014/765.pdf)).

------
nickodell
The point about ethereum's internal state is good, but consider what could
happen if two nodes disagree about the state of a contract: You'd wind up in a
situation where different nodes could potentially authorize different
payments.

~~~
kushti
That's true. My fear is the problem is possible though in some form with
software updates / fixes seems to be unavoidable.

------
nickpsecurity
I think the focus has been too narrow because of Bitcoin's success and the
document reflects it. The first cryptocurrency, Chaum's eCash, wouldn't meet
these criteria. And reputable banks using fiat currency are still more
trustworthy for storing or transferring money than Bitcoin. Our mental
framework for cryptocurrency should include the possibility of such
centralized models as they're easier, more efficient, and can be quite
trustworthy with right jurisdictions + charters + TLA's/contracts. Them plus
something like Open Transactions.

Note: A side advantage is that the bank's investments and fees can fund the
system. Another is possible acceptance by regulators if it's (a) easy to
regulate and (b) tied to their currency to support rather than compete with
it.

------
l_m_g_
It's nice to see the Tezos paper becoming influential, but attribution would
have been extra nice.

~~~
infruset
Hi, I've been trying to find a way to contact you about the Tezos paper, which
I found very interesting. Are you working on an implementation? Is there any
way to participate in the process?

~~~
l_m_g_
There's a working beta which is being tested for scalability at the moment.
Best way to reach is twitter DM.

~~~
infruset
Great! I just saw your reply, I don't know your twitter handle (it doesn't
seem to be @l_m_g_ or @tezos).

