
Why Proof-of-work isn’t suitable for small cryptocurrencies - petethomas
https://thenextweb.com/hardfork/2018/05/24/proof-work-51-percent-attacks/
======
bmcusick
As opposed to what? Proof of Stake? Not even Ethereum can get that to work
securely.

I'm not familiar with all of those small coins, but the problem with Bitcoin
Gold is that it uses the same Proof of Work that several other coins use, so a
miner can buy ASICs and then switch between coins.

So they can mine honestly on Coin 1 for a while, then switch to Coin 2 and do
some double-spend attacks, then when Coin 2's price collapses, they switch
back to Coin 1 or move on to Coin 3. The miner has no long term incentive to
support the value proposition of any one coin, and they can attack coins that
use the same PoW algorithm as their "main" coin at will.

The same problem applies for coins that use ASIC-resistant PoW's, only more
so. You can just rent an AWS cluster for an hour to run your attack, then
ghost with the profits.

What coin developers need to do is design their proof of work and mining
activity to ensure that miners have the same (or close-enough) long term
incentives as coin holders.

~~~
admax88q
> So they can mine honestly on Coin 1 for a while, then switch to Coin 2 and
> do some double-spend attacks, then when Coin 2's price collapses, they
> switch back to Coin 1 or move on to Coin 3. The miner has no long term
> incentive to support the value proposition of any one coin, and they can
> attack coins that use the same PoW algorithm as their "main" coin at will.

On top of that, I think proof of stake will make this sort of attack 10k
worse. With proof of stake there is essentially no resource cost for you to
mine an additional fork. Proof of Stake is not computationally expensive, so
there's no pressure for you to choose the one coin/chain you want to invest
your resources in.

~~~
bigdaddyrabbit
> ...proof of stake will make this sort of attack 10k worse. With proof of
> stake there is essentially no resource cost.

This is not true. For a 51% style attack on a PoS chain, you need to acquire a
majority of staked coins. Each coin you buy increases the cost of the next
coin, (demand/supply and all that), and the price of the coin increases
exponentially as an attacker accumulates 51% of the coins.

With PoW, cost of acquiring hashpower is linear (acquiring the last 1% costs
the same as the first 1%), which is why PoW is easier to attack.

~~~
amluto
> For a 51% style attack on a PoS chain, you need to acquire a majority of
> staked coins.

Not really. All you need is a controlling vote for enough confirmations. At
51%, you’re very likely to have a controlling vote. Below 50%, it’s still
possible.

~~~
hndamien
And that is why these are not decentralised solutions. Just maintain a
controlling stake and you are good to go!

------
CPLX
Interesting article, but perhaps the more important question is what exactly
is the reason why we should have "small cryptocurrencies" in the world at all.

~~~
wyldfire
Newly introduced cryptocurrencies are likely to be "small" by necessity. That
doesn't mean that they can't add value beyond Bitcoin and friends.

~~~
gruez
>Newly introduced cryptocurrencies are likely to be "small" by necessity

not if you fork. see: bcash's price of ~0.1BTC upon forking.

~~~
earenndil
If it's so easy so fork a cryptocurrency at high value, why don't you make a
crypto fork that's worth 0.1BTC.

------
beagle3
SpaceMesh[0] and Chia[1] are currencies that use "Proof of Space" (or "Proof
of Space-Time") instead of Proof-of-Work or Proof-of-Stake. I wonder

[0] [https://spacemesh.io/](https://spacemesh.io/)

[1] [https://techcrunch.com/2018/03/28/chia-vs-
bitcoin/](https://techcrunch.com/2018/03/28/chia-vs-bitcoin/)

------
niftich
I prefer to think of this as a feature, not a bug, because it incentivizes
vested parties to keep PoW-mining power parity with each other. Successful
execution of a 51% attack shows that there's not sufficient volume and
diversity of vested parties, and the dominant party is adversarial and can't
be trusted to refrain from manipulating the chain.

------
WhiteOwlLion
Proof-of-work is fine for small crypto. Being ASIC and GPU resistant helps.
XVG and Electroneum have been plagued with problems. Other devs point to the
poor coding, but there doesn't seem to be a recognition by the coin devs that
the code changes will actually address the exploit(s).

~~~
mythrwy
Or they don't really care about addressing the exploits at all.

Electroneum raised 10's of millions in ICO for a handful of "devs" and a
former Herbalife salesman. I wonder what the real incentive to do the hard
work is now? Sure they could dump a few more coins if they could pump price
but maybe a lot of money they had to do almost no work for is worth more than
a little they do.

In this case those pesky hackers taking down their network oh well shit
happens may be ok from their perspective. I can't imagine they wouldn't take
the basic steps they didn't if it wasn't.

------
ddtaylor
Small coins can use merge mining if they really want to, most don't because
they have some far-fetched idea on how PoW should work (like "ASIC resistance"
and other tarpits)

