Hacker News new | comments | show | ask | jobs | submit login

Usually the main weakness of "Proof of Stake" protocols is something called "weak subjectivity" which means that nodes that connect to the internet at a regular basis (i.e. once per month or something) have strong correctness guarantees, but nodes that go offline for long periods of time reach a situation where they can no longer distinguish the "real" from a fraudulent blockchain. Nodes that reach this state need to be manually reconnected to the correct chain.

I think this is arguably an acceptable tradeoff, given the other advantages of POS.

...and what is the "correct" chain may be a highly contentious subject. For instance, this is likely to be contentious if a big theft happens, yet the same theft also makes it possible for the thieves to not only control the chain going forward, but also rewrite existing history as a theft can give control of private keys relevant in the past.

> what is the "correct" chain may be a highly contentious subject

But this can be true in POW blockchains as well. If the user disconnects his node for some arbitrarily long period of time during which there are durable forks created, said user also has to "reconnect manually to the correct chain" and the user may have to decide for him/herself what constitutes a valid chain under contentious circumstances. The user's preferred chain may have become a minority fork, for example.

In the case of the bitcoin blockchain, I think there is an extremely simple protocol: just use the longest (most work) chain among the various contenders for "correct".

That's fine if you simply want to find the chain with the most proof-of-work behind it and join that herd, but what if that chain violates your conditions for validity - perhaps it has different inflation, less anonymity, or higher transaction costs than the minority fork that you were originally following as "valid."

In POW the onus is on everyone who runs a node or miner to understand the consensus rules they are choosing, and to be on their toes in the event of a fork (hard or soft). I see this as no different from the POS problem described above.

Only if you have trusted the right person to give you the correct genesis block.

In the case of bitcoin, I don't believe anyone could mine their own genesis block and build a chain even remotely approaching the length of the "standard" bitcoin chain. In fact, this applies more generally: after a blockchain has been in existence even a short time, it becomes infeasible for anyone to replace it entirely; at best they can hope to produce a fork from a fairly recent point as anything else would be a DRASTICALLY shorter chain.

POS in general is a highly contentious subject in the cryptocurrency community and many people disagree vehemently about the tradeoffs. Peter, for instance, is a strong critic of POS- There are smart people on both sides of the debate.

Rather than replying to my comment by talking about who I am, I'd suggest you reply to the content of my comment instead.

OK sure, though I'm no expert on this subject.

Well, first of all your example makes it hard to tell if you're describing a percentage-based attack (i.e. 51% attack or 34% attack etc) or a long range attack.

In your example, how much % the currency are you claiming a thief has stolen? Are you saying you're using private keys to rewrite history that is based on staking deposits that predate recent chain synchronizations by the node who's view of the history is being compromised? I can respond better if I understand what you're trying to say.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact