Firstly, nobody believes that Proof of Work is here to stay - it's bleeding money from the currencies that use it at an astonishing rate, and as soon as Proof of Stake (or other algorithms) can replace it, they will. PoW is a direct financial drag on these economies, and it will not last long. Bitcoin will probably take longer to clean up its act than Ethereum, but that's largely for political reasons, not technical ones. Technically, it should be a lot easier to do than Ethereum, in fact. (It helps not being nearly Turing complete.)
Secondly, brute force is how things begin. The Unix philosophy has always suggested using brute force first: premature optimization is the root of all evil, as they say. We are at the very earliest stages of designing global public heterogeneous parallel supercomputers, and we should not be surprised that the early approaches are brute force.
It won't be that way for long.
I do. I prefer to call it "Proof of Burn" instead of "Proof of Work". With Proof of Burn you can assure that it's difficult to create fake blocks because the attacker must burn even more petrol barrels that the good people.
Also, with Proof of Burn you get protection against an explosion of too many hard forks. If you have a hard fork in a Proof of Burn coin, the miners must select one chain to mine (or split the resources), so usually only one chain survives. In a Proof of Stake coin, after a hard fork the miners can continue mining in both chains.
That's not what happened with the Bitcoin Cash fork though -- it resulted in "sloshing" between the two networks as miners would congregate in the currently-most-profitable network. That makes it so at any given time, one of the networks is easy to attack.
Look at the block creation and hash rates for BTC vs BCH:
Adding layers of complexity like Ethereum's Casper to solve the incentive incompatibilities caused by the nothing at stake and long range attacks do not address the fundamental issues, as consensus then require users to agree on a list of bonded validators (for which there is no switching cost). "Phone a friend" consensus is objectively weaker as a security model compared to POW which just requires users to validate the rules and calculate the chain with the most work.
POW is secure because it requires energy from outside the system to be provably burned. It's thermodynamically sound in that respect. /u/nullc recently described POS as a logical tautalogy which I think captures the issue well. If chains were a car, Bitcoin would be fueled by gas and a POS coin would be fueled by the leather on the seats. You're not going to get very far.
Due to the algorithms being inefficient
If that is resolved then the entire history will be suspect
And any thermodynamically similar future will have to compete on constants and exponents
Or you could regulate the hardware, 'this blockchain is only compatible with, and so calculated on, a gateway lt1700 with exactly 640k of ram' ;P
> Due to the algorithms being inefficient
This is by design, when the hardware gets better Bitcoin network starts requiring even more work, so being "efficient" is actually what is not desired here. See: https://en.bitcoin.it/wiki/Difficulty
>the miners must select one chain to mine
I am pointing out that the "sloshing" is in fact perfect evidence that they are only mining one chain at a time, or splitting their hashpower to varying proportions. This is completely normal and healthy miner behavior, they are simply greedy actors looking for the most profit. They cannot however mine both chains with their full hashpower for free (as you can with PoS), and this is an essential understanding when analyzing the security model of a consensus algorithm.
Also, the oscillations are most commonly exploitable only when the difficulty adjustments happen very quickly (see: BCH's EDA), so if 70% of the hashpower left, even if 16% of the remaining hashpower was malicious, the efficacy of a 51% will be handicapped by the disproportionately high difficulty.
I don’t care whether sloshing is “normal healthy behavior”. I care whether a fork has become easy to attack. You seem to focus on every topic but that one.
Original comment: "Also, with Proof of [Work] you get protection against an explosion of too many hard forks..."
My reply: "That's not what happened with the Bitcoin Cash fork though ... any given time, one of the networks is easy[er than 51%] to attack."
If you're not disputing that point, then you're not refuting my objection to that original comment.
It is not true that on PoS you can mine multiple forked chains without being penalized. On the chain that "wins" you can be penalized for mining multiple chains which is clearly bad behavior.
The main problems of PoS that Casper, the Ethereum implementation, is trying to solve are "Nothing at Stake" and "Long Range Attacks". Both problems are being tackled right now and close to be solved.
Make a technical or economic argument.
You're confusing multiple branches competing for being the most-cumulative-difficulty branch, with multiple distinct cryptocurrencies resulting from a hardforking code change.
Penalization only applies to the first case, but the parent was talking about the latter case. E.g. a miner could mine both ETH and ETC once both adopt PoS.
I don't see any problem in hard forks and being able to stake on multiple chains. Let people hard fork as much as they want and decide, later on, which chains hold value.
How? Who decides?
This is really where every PoS algorithm seems to break down. The whole idea of blockchain is to build a decentralized consensus, and PoS just handwaves it away.
Every user of the system.
Mostly by taking in consideration the differences of the software from both chains.
Could Bitcoin realistically replace its Proof of Work protocol with Proof of Stake later while maintaining the same blockchain?
You can implement any feature you want in Bitcoin, but for a feature like this (hard fork), you need to convince all users to upgrade. I think it's really unlikely you could sell a switch that drastic in Bitcoin land, especially considering the current unknowns.
Why not? PoW is a classic case of Worse Is Better:
The proof-of-stake algorithms can disincentivize cheating within the blockchain, but I haven't seen any that have the type of external cost that PoW blockchains have. The fact that so many people are investing so much power in bitcoin vs. other currencies is likely much of what gives it so much value.
With proof of stake, what's the disincentive to participate in all forks, or even a large number of alternate histories. If there are multiple Ethereum blockchains using PoS, how can I as a new user determine which one is 'the' Ethereum?
Fast forward a few years ahead. Do you see more or fewer miners participating in such ecosystem?
PoW as it’s currently implemented encourages centralization.
Who's "we"? Because I don't. People who mine do. They do it by their own free will. It's their resources they spend.
If you want to talk about setting things on fire for no reason, let's talk about smoking. Google tells me more than a billion people smoke. I'll argue that the maintenance of a decentralized, publicly accounted money system is more useful than people inhaling tobacco smoke.
It's the global commons: carbon and other pollution from electricity generation, fossil fuel extraction. Manufacturing and building wind farms and solar arrays also have an environmental impact.
Ironically for the ether pumpers on this thread, the primary crypto currency that is powered by burning coal and oil is ethereum.
Forbes says "The largest share of the miners are located in China, close to the border with Tibet where cheap hydropower is relatively abundant."
Currencies' value lies in their usefulness as a means of exchange. Cheaper operation of the network and faster verification of transactions make for a better currency.
And the more powerful Ethereum-like blockchains that remain on a Proof of Work system are too expensive to perform their most interesting possible duties. Cost and speed improvements are essential for making the next leap forward.
It makes absolutely zero sense to bend to holders' "I must have a guaranteed deflationary asset, or I will complain to all my libertarian friends" desires. There are so many more important things to do with blockchain tech, including more globally important ways to create wealth.
EDIT: "You" is not the parent thread. I'm just expanding on what the parent said.
I remember an article a while back that was arguing that Bitcoin is currently undecided whether it wants to be a currency or an asset. Currently, coins seem to be treated mostly as assets and I don't see indicators of that changing anytime soon.
Which is not even to mention my most cryptocurrency-controversial belief: Gold is the only deflationary asset that might not flash-crash into non-existence as a hoarder favorite.
What's it going to take to make it work?
For a PoW to be valuable it needs to be cheap to verify. Hard problems usually aren't.
Part of it is that if its going to be a currency, its not particularly appealing that some group gets arbitrary benefits from the act of mining, for free. The government has the power to force such a currency on us, but otherwise, unless the economically valuable activity is globally valuable, its a difficult proposition to justify.
The real reason Eth and others are going with proof of stake is that it locks up coins and thus dries up liquidity... this is a way to pump the coin price.
It doesn't provide the same level of security as Proof of Work, and the idea that Proof of work is somehow bad because it uses electricity is nonsense.
That's like saying we need to stop digging gold up out of the ground because its expensive, and we should just trade paper receipts for virtual gold.
The above post is not an actual technical argument (notice its logic is circular) and is just the type of typical FUD pumping of Ethereum you get from ethereum people.