Seems like a good thing: "using up" the (currently very small) available transaction space per block, will put pressure on the Ethereum network to move more quickly to Proof-of-Stake (which will have the same blocks, but a much faster mining rate, so it won't matter nearly as much); which will in turn put pressure on Ethereum clients to develop more space/bandwidth-efficient strategies for retrieving and storing those blocks (i.e. more things in line with Parity's "warp" sync.)
I'd be happy respond to this comment if it was a bit more fleshed out and didn't sound like an attempt at trolling, for instance why you don't consider existing POS currencies like NXT to be "evidence".
Example: You come back online after your node had been off.
You receive updates to the blockchain in a PoS world. This is literally no cost to someone trying to commit fraud against you by staking their coins and creating fraudulent blocks.
You receive updates to the blockchain in a PoW world. You start receiving blocks with roughly the same amount of PoW included in previous blocks. You know that an attacker would have had to completely duplicate the entire PoW hashrate to create this clone of the blockchain. Since this would be extraordinarily costly, you can assume that after 6 blocks (or whatever is the expedience to transaction value trade of you're willing to make) it would be economically infeasible to commit.
Creating the implementation of PoS doesn't take an inordinate amount of time. The reason it hasn't been released is because it's a vaporware of a consensus system. The Ethereum foundation won't publicize this because they can continue to convince new ethereum buyers that Ethereum will solve that pesky Byzantine General's problem. https://en.wikipedia.org/wiki/Byzantine_fault_tolerance
>You receive updates to the blockchain in a PoS world. This is literally no cost to someone trying to commit fraud against you by staking their coins and creating fraudulent blocks.
Ethereum proposes to prevent this by including "slashing conditions" that inflict large penalties on the type of fraudster you're talking about [0].
Okay, that is true. I am just not satisfied with proof-of-work as a solution there. It makes Sybil attacks unreasonably expensive, by making the entire operation of the chain even more unreasonably expensive.
I do like the math behind Bitcoin but I wish it had just remained as a proof of concept.
Because those all require a trusted third party to make regular checkpoints of the blockchain. The argument is not that it is impossible but that no one has been able to design it trustless.
It is a reasonable argument and while you may not agree with the desire to avoid trusted third parties but there's no reason to dismiss it as trolling.
Well, the precise criticism you're making is a bit unclear to me but I'll try to respond:
Modern proof of stake systems have a concept of "finality" which I think is what you're referring to when you say "checkpoint" (older POS systems also had a more traditional checkpoint concept, but I assuming you're arguing against modern implementations)
In order to determine whether a block has "finality" in a POS system you need to either (A) have a computer running regularly on the network to determine finality on your own or (B) trust a third party to give you a valid finality designator.
So it is true that you have to trust a third party with these systems if (1) you haven't connected to the network for a year or so or (2) you are launching a brand new node.
Of course, with bitcoin #2 is also an issue since there's no way you can install bitcoin software on a new node without getting it from a trusted party.
I have never heard of "finality" being used outside Ethereum, but maybe you can point me at which existing PoS systems use the term? Or is it Ethereum specifically which is the modern PoS system?
The Ethereum PoS system, which is still a prototype and may change before the final version, uses checkpoints to guard against chain re-orgs. It is not trustless in the same sense as the Ethash system is. It's not exactly a secret but a calculated tradeoff.
The question here however was about how "currencies like NXT" work, which can hardly be described as modern seeing it was one of the first together with PPC. I believe they never fixed the fact that the optimum mining strategy is not the altruistic one the reference client uses. As long as all participants use the reference client they're safe, but it's not something you would want to base a trillion dollar economy on.
In general the challenges with proof-of-stake systems are how to avoid collusion, how to avoid exploratory mining on every possible chain, and variants thereof. (There's also the related problem how to bootstrap a node from scratch in face of equally probable views of history.) Different blockchains have tried different ways to mitigate this, including hard coded re-org limits and coin weights, but the only ones that have proven at scale are the ones that regularly checkpoint the chain. But please correct me if you know of any exceptions.
Tendermint and Ethereum are the ones I'm most familiar with- Both use the term "finality" frequently.
In Ethereum POS, an arbitrary PC can use a deterministic algorithm to exactly calculate the checkpointed/finalized block- There is no magical signature used by the ethereum foundation that "blesses" blocks as being checkpoints.
> how to avoid exploratory mining on every possible chainges with proof-of-stake systems are how to avoid collusion
In both Ethereum POS and tendermint this is a solved problem, anyone can earn a reward by providing proof that a user is mining multiple histories.
> There's also the related problem how to bootstrap a node from scratch in face of equally probable views of history
Yes, this is still an existing theoretical limitation of POS that is not shared by POW and is a valid criticism of POS- But even on a POW chain you still have to trust software from a third party to some degree in order bootstrap your node.
"Solved problem" is perhaps a bit strong. There's no reason to assume every possible chain is visible to every client. An attacker would not release a chain until they are certain to profit from it. There are likely bribes to be taken for reversing transactions, and these add up at scale. There is the suggestion that penalizing non-cooperating miners would be sufficient to prevent this, but this has never been shown to hold theoretically and cover all externalities such as the mentioned bribes.
If a such a blockchain is under the control of a mining cartel, it would be rational to join that cartel instead of fighting it. When every participant knows this it should be possible to bootstrap such cartels from scratch.
And Ethereum absolutely plans to implement some sort of checkpoints. As you say, it's required to bootstrap new nodes anyway. The straightforward way to do this would be to sign them, but I'm not sure what they're planning to do.
> An attacker would not release a chain until they are certain to profit from it.
There are two scenarios: If they release a new chain after they have released a previous signature, their entire deposit gets slashed in both chains. If instead they withhold all chains then this would only work if they are able to mine multiple blocks in quick succession on different chains (since they would lose the opportunity to validate a block within the timeout window) and this is exactly equivalent to a POW selfish mining attack.
Right, and there are many variants of this scenario that other people can think of. It all stems from the same basic problems above. Punishing cheaters is necessary, but not necessarily sufficient.
The difference from a PoW model is that when mining is essentially free the incentives are different. If it doesn't cost you anything to try it makes game theoretical sense to do it speculatively.
>But even on a POW chain you still have to trust software from a third party to some degree in order bootstrap your node.
You really don't have to trust the software with POW. The POW is encoded in the blockchain itself and can be independently verified by performing a series of hash operations.
With only the blockchain data, and a description of the blockchain layout, one can independently confirm the total amount of "work" done.
This is true decentalization & a huge benefit of POW over POS.
There is an alternative if you (a staking validator, or even a full node) does need want to trust any third party: just stay online all the time. This has its own set if downsides but it's inaccurate to say that a third party is required for Pos.
There was also no evidence you could do sub one minute blocks for Proof-of-Work. Then Vitalik read the ghost paper and figured it out. Put enough very smart people working on hard problems and eventually they will figure some of them out.
Of course you can do sub one minute blocks. Bitcoin chose 10 minute blocks to maximize decentralization. Bitcoin could also do 12 second blocks, but then the network would be as centralized as Ethereum.
Ethereum didn't just shorten block times, it uses a variant of the GHOST algorithm, which as originally proposed for Bitcoin as a way to speed up blocks and increase throughput while maintaining good decentralization and security.
Sure, uncle blocks help increase the weight of the chain but are also wasted blobs of data forever taking up space on the blockchain. They serve no value other than to make the PoW weighting heavier.
Because mining is dependent on the rate at which information can propagate across the network. If a mining pool is able to hear about the next block 1s sooner than another pool, it has a significant advantage when blocks only take 12s to mine. If blocks take 10min to mine, that 1s is less of an advantage.
If miners get paid for valid blocks that don't end up included in the chain, that also makes the 1s less of an advantage. Hence GHOST. Here's the original paper [1] and a later one [2].
Sure, maybe including uncle blocks can help secure the chain. It's not without cost, however: now you're forever persisting valueless blobs of data as part of your blockchain.
It's just an extra block header every few blocks, which is a minuscule amount of data compared to the transaction records. And it's not actually valueless since the uncles are part of the block selection algorithm and therefore contribute to security.
It’s hard, but it’s not that hard. Understanding Ethereum is much easier than inventing it was. The hard part has been done you just have to understand code that’s already been written and proposals that have already been made.
Again, not easy, but it’s the bread and butter of your first year in grad school: reading and understanding existing work. Ambitious undergrads are often doing this work quite professionally.
I'm still on the fence about the viability of PoS from the perspective that PoW at least means you have a chance of reward from using mining hardware that you probably already own, whereas PoS increases that barrier of adoption.
I could be wrong but the Lightning Network is hardly a proof of stake system, just used to open up state channels between two members for lots of off chain transactions before finalizing on the main chain.
How are you so certain LN will ever be implemented? I'm more confident Vitalik could get PoS working before LN ever gets here. LN is vaporware and was supposed to be here long ago, yet here we are.
Lightning Network unfortunately depended on transaction malleability being fixed. This was, I believe, fixed by segwit. So it's only been a possibility since August - and the Lightning Network Daemon has been under heavy development. It can now run on the Bitcoin network itself, but is not yet in a state where it works "automagically", nor would many people depend on the code being relatively bug-free yet.
I'm actually very surprised at how slow the LN dev is going. There is actually a working version of Raiden (full, not just µRaiden) on an ethereum testnet, I'm really not sure why LN on bitcoin is going so slowly.
"In this video Laolu (co-founder of Lightning Labs) demonstrates a multi-hop payment on Bitcoin's mainnet which travels across the 3 major Lightning implementations. In the demo Laolu (a.k.a roasbeef) sends a payment from our Lightning desktop app (https://github.com/lightninglabs/ligh...) to Starblocks, a coffee payment demo."
"This payment marks the first multi-hop, cross-implementation payment on Bitcoin's mainnet. All transaction performed in the video were performed completely off-chain, instantly, and with virtually zero fees. Lightning allows instant, low-fee payments on Bitcoin, enabling the system to scale further for the next wave of adoption. Additionally, Lightning unlocks a new class of use cases for Bitcoin enabled by the ability to instantly send low-fee payments on the system."
By analogy to driverless cars, it'd make sense to avoid letting your car out on public roads; but it wouldn't make sense to avoid building a prototype and running it around a test track. A real thing lends itself to iteration much better than an on-paper idea does.
In that case Ethereum shouldn't exist at all. Solidity and the EVM itself are a good example of that philosophy. If they weren't gonna move fast they should have waited until they had a better story for static analysis and model checking of smart contracts.
Not necessarily. Keep in mind when Ethereum started, it had no value. But with bitcoin, there is huge value and so potentiality for people to loose a lot of money if there was one minor bug.
Because LN is flawed as an idea. Who wants to lock in their Bitcoin to a LN channel to pay only one entity on the other end repeatedly? It doesn't make any sense. If, and that's a huge if, you got a lot of people to lock their money up in various interconnected LN channels how do you route money through these channels in a way that is fast and inexpensive? No one has answered that question definitively.
LN proponents have put LN forward as this magical scaling solution were you can effortlessly transact Bitcoin off-chain both cheaply and inexpensively. The nontechnical believers have lapped it up not knowing that LN is an incomplete idea that starts with locking your coin up in one or more channels and end with some magical and as of yet undiscovered distributed routing network that finds a path through existing channels from channels you've already committed to, to channels your payee has committed to. That such a path exists, is cost effective and is reliable, in that your coins don't get stuck somewhere along the way, is an open question. In short, LN is half baked at best.
LN testnets are up and running, transactions work, and there's a cross-platform desktop app in beta. It's almost here, will likely go into production sometime in 2018.
The Ethereum team is already under a lot of pressure to do this, putting more pressure on them is orthogonal, and maybe counterproductive, to outcome. This is the kind of thing that needs to be done well, moreso than soon.
How is this any different than the current situation, where your ability to get block rewards is directly proportional to your ability to spend money on mining hardware?
If they have the money to buy hashing hardware that's competitive, staking that money has a lower barrier to entry... You don't need space, hardware, or technical experience to assemble the rig. Just $.
Rich people in a proof-of-stake system will stake their money because doing so gets them more free money for no cost. Rich people in a proof-of-work system have to choose between spending their money on hashing hardware and spending it on other things.
The thing about rich people is that they don't spend most of their money. Instead, they keep it locked up in relatively illiquid investments that yield big returns over long terms. The poor are stuck with riskier short term investments, if they can afford to invest at all.
I thought the inefficiencies in Ethereum were intentional to limit the influence of mining farms and to permit home users to actually be able to contribute and mine.
With BTC you can't participate unless you invest in expensive ASICs specifically for mining.
Ethereum hashing algorithm is optimized to be ASIC resistant, in other words you can mine it with GPU and CPU, a more accessible kind of hardware (in fact home hardware).
That's not an inefficiency, it's if anything more efficient with GPU.
The transaction problem applies to both, regardless of the mining algorithm.
