Hacker News new | past | comments | ask | show | jobs | submit login
Ethereum Plans to Cut Its Energy Consumption by 99 Percent (ieee.org)
626 points by sohkamyung 3 months ago | hide | past | web | favorite | 339 comments

> To make their intentions clear, Ethereum’s core developers reprogrammed their PoW code to create an exponential rise in mining difficulty. Known as the “Difficulty Bomb,” it began slowing the creation of new transaction blocks in late 2016 and was expected to bring ether mining to a grinding halt a few years thereafter.

> This time bomb has, however, functioned more like an alarm clock with a snooze button. In October 2017, when mining time had already nearly doubled to 30 seconds, the Ethereum team reset the clock, delaying PoW’s doomsday by about 12 months. And they will likely hit snooze again shortly. How can Ethereum be decentralized if they can so easily keep changing it?

> In June, they decided to make a clean break and to build an entirely new blockchain—one that operates solely via PoS.

How can Ethereum be decentralized if they can so easily keep changing it?

I'm a total dilettante in crypto but if something is decentralized you can't make large-scale changes to it at the drop of a hat.

Imagine how much coordination effort it takes to change TCP/IP or HTTP.

> How can Ethereum be decentralized if they can so easily keep changing it?

The development of crypto has really demonstrated an institutional inertia to moving away from the blessed official implementation. Tons of BTC forks were tried and failed, and almost all coins die when development stops than see their clients forked.

A lot of it, I imagine, has to do with... trust. That magical thing crypto users keep trying to keep decentralized. But when development of the currency is centralized... and at the end of the day, someone is the owner of the git repo... you can't decentralize the implementation of the currency.

So what we see instead is enthusiasts putting their faith and trust in the sense of the developers of their chosen coin pretty much to the bitter end. You can fork these currencies - like Bitcoin Cash succeeded in doing for the most part - but you won't steal their mindshare or userbase to any major degree. They will stick to the original client or see that particular chain abandoned entirely.

Doge and so many other coins died to negligent or exploitative developers and whomever that someone is thats proposing to take over is an unknown, at least less trusted quantity. So most would jump ship than take the chance, so coins either stay under one development process or die completely with no real middle ground.

https://www.jofreeman.com/joreen/tyranny.htm This paper is ever important when trying to come up with technical solutions to societal organization.

Oh this is the article about feminist organizations? Yes, that was a fantastic read, and I always use it when I want to argue against flat organizations, it's very compelling.

Strange how things have changed and yet stayed the same. From the universalities of power struggle, to problems like 'printing press belongs to husband' depriving the 'movement'.

I am shocked at how true that rings even though my circumstances are so different from hers. Thank you for linking!

Fascinating reading. Thank you for this article!


Isn't this an odd example to use since it was created to be a parody of cryptocurrency, or did I mix up my crypto-history?

And still has a $280 million cap which isn't bad considering. I'll consider the crypto bubble done when parody currencies are not in the tens of millions.

Market cap is not a valid measure of success.

If I issue 100 trillion “runeks”-tokens, and sell you one for one cent, this crypto will have a “market cap” of 1 trillion. But that doesn’t mean it’s either useful or successful.

Your example shows there’s something wrong with using market cap to measure the success of cryptocurrencies, not that Dogecoin is successful.

I've seen several people accept it as the preferred method.

You are spot on, until...

The Goldilocks Zone.

Or shall we call it The Goldiblocks Zone?

Most projects will be by successful leaders and enthusiasts, until one of these experiments will hit the perfect combination of factors, and gain world traction.

Think of the crypto industry as AI training, most is pure junk, until a regression is fit.

Grandparent had a good point:

TCP/IP were the right approach, and the internet grew rapidly in a big bang.

Personally, I think The Goldiblocks Zone won't be blockchain at all, it'll be decentralization.

We've seen sites like D.Tube grow 2,000,000% because there is NO pay-to-play scams, you just use it and it just works.

They, and other sites, including the Internet Archive (top 300 in world), use GUN for decentralization. Ethereum makes the mistake in assuming every site needs to operate like a bank, but people hardly use banking websites compared to YouTube or Reddit.

The best way to cut 99% of power out of Ethereum is to just make it a decentralized compute platform, not some pay-to-play blockchain. Then you can really scale up.

As a comparison, for instance, a P2P version of Reddit (notabug.io) can handle 1000X the throughput as Bitcoin on only $99 worth of networking hardware.

The efficiency gains here are economical, but also scalable. Neither PoS or PoW will ever be able to fine-tune for that.

Except without a proofing algorithm your decentralized social network or reddit or video platform doesn't need the proofing algorithms which was the whole innovation of cryptocurrencies and what blockchains are.

Otherwise you just use a torrent network or IPFS as your decentralization store.

I do think there is a lot of potential there, especially with how ipfs-js and webtorrent are getting to where you can have users transparently seeding and reinforcing the network in the browser. Its going to open up a lot of alternatives to big dumb data centers storing exabytes of cat videos.

> Ethereum makes the mistake in assuming every site needs to operate like a bank, but people hardly use banking websites compared to YouTube or Reddit.

Strawman. There is a time and place for strong security guarantees, nobody said social networks and media hosting should be done on the same network you use to transact money with.

Maybe you'd be interested in EOS, Stellar and other transparent blockchain platforms? They make the same observation you do, not everyone needs to have complete control over everything they do online if that means every action has a cost, sometimes only having auditability is fine.

> nobody said social networks and media hosting should be done on the same network you use to transact money with

It's a strong consequence of the 0,1,N rule. The correct number of networks is clearly not "zero", and Metcalfe's Law ensures N networks are worse than N-1 networks with the same nodes in, so you get one network at the limit.

Once upon a time I'd have called it "the Internet" but that's really redundant at this point, just call it "the Network" and have done with it. One network, for everything, for everyone, for ever.

This isn't even a new idea, the Bell company couldn't build a single telephone network across the continental US until a better electrical repeater technology existed (today we barely even think of this problem because the transistor is so ubiquitous its original purpose becomes invisible) but they insisted it was a single network anyway, because that's very obviously what you actually want even if you still haven't invented the technology to do it.

Metcalfe's law is only one of the forces applicable. People also care about sovereignty, which is why N > 1 is most likely.

This is also why federation is a thing. You can have a single "network" with arbitrarily many "services" and not have smaller services destroyed by Metcalfe's law because they're part of the same network.

The great thing about all this smart-contract stuff is that we're not limited to simplistic abstractions anymore. Rather than a linear approach, I think what's going to succeed is a "tree" of networks, with weaker ones committing hashes at regular checkpoints to stronger, more expensive chains (sort of a sparse Merkle tree[1]). This is already the approach taken by scaling solutions such as Thunderella[2] or sharding proposals[3]. This allows a more organic hierarchy between secure and fast networks.

e.g.: Imagine a fast but slightly centralized Twitter chain (only 21 validators let's say), committing hashes of every day of tweets to a decentralized public blockchain.

I'm not 100% sure whether that tweet posted by my friend 5 minutes ago is legitimate, but I don't need to be 100% certain to answer them and carry on the casual conservation. I can verify though, that the Trump tweet bordering on declaration of war posted 24h ago is indeed real, because the hash of the whole day of tweets was committed to a strong blockchain, and the author of the tweet didn't post any subsequent objection to it. I can proceed to hide in my bunker, confident in my choice.

[1]: https://en.bitcoin.it/wiki/Protocol_documentation#Merkle_Tre...

[2]: https://eprint.iacr.org/2017/913.pdf

[3]: https://github.com/ethereum/wiki/wiki/Sharding-FAQs#what-mig...

>Think of the crypto industry as AI training, most is pure junk, until a regression is fit.

This is perfect description. Best sentence I've read today.

Is there anything worth looking at on d.tube? They've done a good job of cloning the interface but what kind of content do you get? Do they have music on there and do they circumvent copyright takedowns by being decentralised?

> This time bomb has, however, functioned more like an alarm clock with a snooze button. In October 2017, when mining time had already nearly doubled to 30 seconds, the Ethereum team reset the clock, delaying PoW’s doomsday by about 12 months. And they will likely hit snooze again shortly. How can Ethereum be decentralized if they can so easily keep changing it?

From the minute they decided to back out The DAO's mistakes, they proved how centralized Ethereum was - anyone who believed it was a truly decentralized network left at that point.

1. No one was forced to run the new client that backed out the DAO 2. The existing network with the stolen funds and the DAO lived on as Ethereum Classic

There was no central entity mandating that everyone was required to run the "new" network. It was entirely up to miners and people running nodes to decide which network they supported. Further the decision to back out the DAO hack was done via vote so that's another important part of decentralization called consensus.

> There was no central entity mandating that everyone was required to run the "new" network

Is the choice to run a less valuable network really a choice?

Remember that the foundation people gave themselves most of the coins that will ever exist before the network was even started, even if a lot was sold long before there was a word for ICOs. Only ~ 20% or so of the supply will ever be mined. It is not economically rational to differ in consensus rules from the foundation.

What? Of course it’s a choice. And if the majority of people had made that choice, it would be the more valuable chain.

Yes. People literally voted with their wallets.

> Is the choice to run a less valuable network really a choice?

Well yes it is, although people take Ethereum quite seriously the code-base led Vitalik has quite a distance to go before it completes the roadmap delivered some years ago. So it is fair for the foundation to patch hacks as well as provide other upgrades.

It you want to continue to use the hackable version because you believe that code should never change and be immutable and never change then that is also a choice.

And many crypto-anarchists discovered that day that most people did not care about decentralization.

But if decentralization doesn't matter, then what's the point of these technologies? One can build these things much, much more efficiently if centralization is fine. Financial exchanges have been doing that for years. E.g., if you look at the LMAX approach, they can hit TPS rates something like 1,000,000 times faster than common blockchains: https://martinfowler.com/articles/lmax.html

Decentralization matters to a few enthusiasts. Those enthusiasts include the developers of the technology. So the point of these technologies is decentralization, but the "users" of the technologies don't actually care and are hoping to speculate their way to lambo riches. (I put "users" in quotes since there are actually very few true "users", and I'm really just describing people who trade cryptos on exchanges.)

My belief is that the recent corporate censorship by large internet companies has created a growing interest in decentralization by some non-technical people. I don't think it is a slam dunk but I do think that currently there is a much greater chance for decentralized applications to gain traction. That being said, I think this new crop of potential users could also buy into new companies that have a centralized architecture but simply market themselves as having an ethos of non-censorship.

There is none. It's dumb money and hype. Even if you slash ethereum's energy consumption hundred fold, how much more energy expensive is it than a paypal transaction? Still a factor of a hundred or a thousand?

It's meaningless as a store of value, it's too volatile because there's no government backing it or mature monetary policy, and pretty much everyone will take a lawyer and the legal office over a 'smart contract'.

As with most things the concept of "decentralization" is shades of gray. While there is no central controlling entity in the Ethereum network, there are people behind it and using it and people tend to congregate into groups with power structures.

If you want to force a transaction to be reverted you need to either create a cataclysmic event prior to the event you want changed, or you need to own billions of dollars in hardware and spend tens if not hundreds of millions on electricity currently to overpower the network via 51% attack.

> But if decentralization doesn't matter, then what's the point of these technologies?

I don't think "decentralization" is a good term to define cryptocurrencies like bitcoin or ethereum. There are lot of properties in these systems. For example limited supply, untamperability of history, irreversable transactions, permissionless use etc. You can compare to older systems offering similar features and how well these systems work compared to them.

Transaction capacity & speed is most often not the primary point of blockchain systems, somehow many seem to assume that. For example it is no possible to create truly irreversible transactions in centralized system, since centralized system is always prone to forceful intervention.

Most people, most use cases, don't want irreversibility.

Reversible transactions are a huge positive.

Well I guess when you are receiving you want irreversibility, when you are sending you prefer reversibility...

> Well I guess when you are receiving you want irreversibility

I think that's a little simplistic.

Without reversibility you're not going to receive as much. People are far less likely to trust smaller or newer merchants without these sorts of features.

You probably also want your customers to be able to rectify mistakes, such as sending money to the wrong place.

I guess we could say when you are receiving you want irreversibility if you're planning to rip off your customers or otherwise not fulfil your contract with them

People already have multiple choices of reversible currencies.

The point is that it is useful to both have reversible, and irreversible currencies existing in the world at the same time.

That way people who want to use reversible currencies can use that, and people who instead prefer irreversible ones can use those.

With old money, reversibility is handled by return policies, merchant account charge-backs, liens, and civil lawsuits.

If you hand a bearer instrument like a bank note to someone, that transaction is technically irreversible. They put it in their pocket, and you can't recover it without a physical assault. You have to trust them to provide the goods or services that you just paid for. Or you have to trust the justice system that it will allow you to (eventually) recover your payment if the other party reneged. These remedies are often not available with cryptocurrency. You may be unaware of the counterparty's physical location or true identity, and even if you did, they may be in a different legal jurisdiction altogether. You can't round up a posse to go get the money back.

If you pay with a finance system account, you can dispute the charge with the payments processor, and your payment may be reversed by them, even after the cash balances have already been altered, by withholding payment from a future transaction through that processor. Criteria for reversal may vary between processors. If consumers trust the reversal policy of the processor, the merchants get more money, because consumers don't have to trust them or the formal justice system. They can get refunded now, and let the processor and the merchant argue over the details. This remedy is available to cryptocurrencies. While individual transactions are irreversible, it is possible to redirect future transactions through a trusted intermediary or a smart contract.

Basically, everyone wants an escrow mechanism of some sort built in to the system, so that if a customer doesn't get the goods or services, the merchant doesn't get their money; and if a merchant doesn't get paid, the customer doesn't get goods or services. As long as the transactions are irreversible, someone can get ripped off, and they have to go out-of-band for a remedy. As long as transactions are trivially reversible, someone can get ripped off, and they have to go out-of-band for a remedy.

Conveyance of money and delivery of goods or services are each half-trades. We don't like those half-trades. They're too much like gifts, in that there is too little ability to enforce reciprocity without a preexisting social link. If you conduct business in half-trades, you still have to trust, and people can still get ripped off. So far, cryptocurrencies only technologically validate the money-conveyance half-trade. What it needs is a way to validate the other half-trade, for goods or services, and bundle them both into an atomic whole-trade that either reverses or becomes permanent as a single unit.

Trade chains would be nice, too, but atomic transactions are what people need to trust the system instead of trusting each other.

You can't have atomic transactions when one half of the transaction isn't electronic.

If I pay someone for a laptop and instead of a laptop I receive a box of rocks, I can claim they didn't send the laptop and they can claim they did. There is no way for a third party to know who is lying.

The recipient could be lying to get a refund when they received the laptop, the sender could be lying to get paid when they sent a box of rocks. Maybe neither of us is lying and the delivery driver swapped the package contents.

This is not a problem alternative payment methods solve, nor one they created. See Amazon. The solution is some kind of insurance, which can be layered on top of any payment method -- you buy through Amazon using whatever payment method you like, they take a cut in exchange for eating the returns when sellers send the wrong stuff. Then crappy traders are the intermediary's problem and whether they kick them out or eat the losses themselves is their own choice.

But you don't want that kind of system built into the payment method itself, because it has overhead, and not all transactions require it. Sometimes the thing you're paying for has already happened and you're just settling your account, in which case a proof of payment is all you need out of the transaction. Sometimes you are buying something in person or can otherwise verify the goods yourself before making payment. Sometimes the seller is known and trustworthy enough that you're willing to buy without insurance. In all of these cases mandatory insurance is costly dead weight overhead, and they represent a significant proportion of transactions.

Meanwhile if you're buying from someone you don't trust and can't verify, you have the option of using an intermediary or escrow service or buying insurance. But that doesn't mean it needs to be mandatory in all cases.

> You can't have atomic transactions when one half of the transaction isn't electronic.

You either need to replicate the trust system that greases cash transactions, or make the "get stuff" half of the trade as easily verified as the "move money" half. The latter is the easier part of the problem, because part of the reason that money is money is the fungibility factor.

Solving the former would eliminate counterfeiting, provide record of provenance, track supply chain, simplify customs clearance, and trivialize recalls in one stroke. But it is a truly massive undertaking. Solutions like insurance and charge-backs are several orders of magnitude cheaper to implement, and don't require an unbroken chain of cooperation from everyone in a supply chain from manufacturer to consumer.

It doesn't exist. It won't exist without a lot of work. But that's what everyone wants. Right now, protecting yourself from scams in a caveat emptor marketplace is an externality that can be diffused away, such that it can be paid a little bit at a time, by everyone. If you eliminate the possibility of scamming, that's removing a cost, such that no one has to pay it any more. A payments system that cannot be scammed by anyone but a giant conspiracy of renegades, or a state-level actor, would likely be preferred by everyone.

But a weak link like Amazon prevents this. They do not themselves know whether the goods in their warehouse are counterfeit, so if you buy something, receive genuine goods, and return a counterfeit to them for a refund, they don't even know that you were the one that scammed them instead of one of their "fulfilled by Amazon" sellers. If they eliminated the common binning, and were able to show that the goods shipped to you were verified as genuine, with a record of provenance going straight back to the factory, you wouldn't be able to do that. But Amazon would rather pay the scammers than pay someone to build a scam-resistant system. That's a reasonable business decision for one company to make. Society as a whole might prefer that the scammers get a smackdown instead of a payoff.

This is also the problem that eBay faced in the 90s. It mostly solves it with social mechanisms like reputation scores and in general it does a pretty good job. I think we'll see a lot more solutions like that in the future.

I'm not sure why this is getting downvoted. I often use a charge card because I want the protection of being able to reverse a transaction. And merchants like this too. By reducing shopper risk, people are more willing to spend money and try new things.

We want it at the systemic level, too. I used to work for financial traders. One day one of our traders made a quick profit by buying something at an absurdly low price. It turned out that a major market participant had fat-fingered a trade offer; they lost enough that the company could well go out of business.

Eventually the exchange stepped in, reversed all the transactions, and put things back the way they were. I thought our trader would be mad, but he just shrugged. And why not? The rules protected them all.

> But if decentralization doesn't matter, then what's the point of these technologies?

Well, yes, that's the question, isn't it?

I think to most decentralization doesn't matter as an end to itself except to what may be crudely put "fans" of decentralization. If they can get music better and easier through torrents they'll do it. If they can get it better from iTunes or YouTube they'll do that.

Competition and bypassing de facto monopolies by big banks.

Electronic tulip bulbs are much easier to manage.

> But if decentralization doesn't matter, then what's the point of these technologies?

HODL. Lambo. Moon!

That's about it.

I think what is often lost in this debate is that the are levels of decentralisation. Federated networks, committee structures, even the current miner / node structure all have different levels of power concentrated in different amounts. However, in all cases the power is _less_ centralised than in most current applications and for some people that is enough.

The other thing to note is that decentralisation isn't just about ideology. If we forget finance and focus on data, a blockchain solution may in the future provide the ability for open federated data that is provably correct and can operated on transactionally.

Think flight availability: right now the majority of flight ticketing is controlled by Amadeus. A highly centralised, controlled and opaque service. Assuming _many_ technical problems were solved, a blockchain flight ticketing service could allow anyone to run a local node with real time availability that was guaranteed to be correct.

Even if this was run be a federation of providers, it would be a better solution than the current one.

There could be another reason why most people decided to follow the DAO fork: perhaps it's simply because they agreed with the actions taken by the Ethereum developers to return the money to the shareholders instead of leaving it to the thief?

Or do you believe that users would have followed the developers even if they forked the chain to pocket all the money themselves?

I don't think there was a thief. Before the fork, the very point of Ethereum was that code is law and there is no need for human interpretation. The so-called thief merely noticed that the DAO code had a feature that allowed them to extract money from it, and they did.

thus, the code has changed and with it the law. i don't see any problem here.

It was changed to fix the chain retroactively. That's the problem. If the ledger isn't immutable, it has no value as a ledger.

The majority of the ETH world doesn't believe that, which is why people like Charles Hoskinson left it.

The whole point of the network is that it's owned and driven by the community. The community decided it was prudent to fork. It's not an issue with decentralization. The majority of the ETH world clearly does believe that, because ETH is where the vast majority of the community has stuck with.

The majority of the community believed in the fork, that's what I meant if I wasn't clear.

That belief is contra to the concept of an immutable decentralized ledger, which means ETH isn't canonically a cryptocurrency, an immutable ledger, or a decentralized ledger anymore. The upcoming (well, it's never going to happen) POS fork is going to centralize it further among the very small number of massive whales who control the ecosystem.

PoS is actually more decentralized when PoW. PoW is controlled by a few mining pools but PoS will have tens of thousands or more validators.

In PoW only a few people have the resources to build and run mining farms. Certainly not me. In PoS anyone can stake on a desktop or laptop. This greatly increases the amount of people who can participate in the network.

In some cryptocurrencies that is certainly the case. If you look at the ETH ecosystem, it is massively concentrated and thus will never be decentralized in any meaningful way. With POW, anyone could participate, with POS most people will never have any ability to realistically participate.

Just to clarify a bit in an edit here -- As a general comment about POS vx POW, you have to purchase a huge amount of the cryptocurrency to participate in POS in a meaningful way -- so there is a cost to that just as there is in mining. The recurring costs of electricity are not there in POS of course.

would you like to stake some ether on the claim that's it's never going to happen? I'm willing to bet 10 Ether we see POS before the end of 2021..

Ethereum does seem to be the platform of choice for odd gambling games.

I do not own and never will own any ETH.

I'm relatively confident the network will never go POS, but not confident enough to put money on it anyway -- you never know what these kids will pull.

Decentralisation is important if you want the currency to work in an unregulated manner and not get shut down by the government.

The largest predecessor to bitcoin was e-gold

>The e-gold system was launched online in 1996 and had grown to five million accounts by 2009, when transfers were suspended due to legal issues.

The founder, Dr. Jackson, in July 08 - "pleaded guilty to "operation of an unlicensed money transmitting business" and "conspiracy to engage in money laundering"

Bitcoin founded in Aug 08 was decentralised so the authorities couldn't easily shut it and the founder went anonymous to avoid the problems of Dr. Jackson.

That's what the decentralisation is all about. It doesn't really matter that Bitcoin is effectively controlled by some Chinese miners or that Ethereum forks. It's about governments not being able to control them.

> And many crypto-anarchists discovered that day that most people did not care about decentralization.

Your argument is like how left-liberals claim that poor Americans vote against their own self-interest by voting for Republican. No, they aren't voting against their own interest, they are voting for it, you just don't get what that is and in your mental model that's the case.

Specifically to your argument, can you pass an ideological Turing test of representing the opinion of people who supported the hard fork? In other words, sitting behind a computer, someone has to judge whether you are a true DAO hard fork supporter or not, and will they be able to correctly identify you.

The fact is, all software is mutable. All software (including Bitcoin) can go for changes (irrespective of the nature of those changes, which could even be, "hand over the write access of bitcoin network to federal govt").

So what is decentralization then if literally any piece of software can be changed if enough number of people go for it?

true. I think many more people cared about permission-less platforms with solid APIs than decentralization.

Quoting Vitalik:

> If someone puts a gun to my head & tells me to write a hardfork patch, I will definitely write it. If I publish a patch to delete a bunch of accounts, how many people here would download & install the update & switch to that chain? I see few raised hands. This is called decentralization.

Sure, the Ethereum Foundation has substantial influence in the sense that their proposed changes tend to be adopted, but that's because they tend to propose good changes. If they propose a bad change, chances are the community will reject it. If they propose a questionable/controversial change, chances are the community will fork, as with the DAO fork.

You could say the same about a government backed currency.

"Sure, the government can send men with guns. But that's because they have the backing of the people. The police and the military. If they lose that, they can't."

TekMol, I don't get how your analogy relates?

A gun would have to be put to every individual miner's head to force the majority to upgrade. Even then, if it caused a fork, individual users have the freedom to continue using the old version, new miners can choose the old version. Miners can even switch back to the old version after the gun is gone. Everything will still work.

I think he's saying that without the support of the demos (voting public) the police/army won't move to support the government's position so their power is curtailed; in the same way that a centralised coin administration has their power curtailed if the community don't support their "army" (system changes to force a particular new regime).

Except that's completely false, as has been demonstrated many times in multiple countries.

Can you give a blanket statement like that? Plenty of governments have fallen out faltered because they're military stood against them (eg a military coup).

Equally police/military have probably been used when there would not be democratic support.

Did you have some examples in mind?

> A gun would have to be put to every individual miner's head to force the majority to upgrade.

The analogy applies to this, too. Governments have long shown that you don't have to put a gun to each individual's head - murder a small amount of dissidents in a nasty manner and it quite effectively squashes dissent in a lot of cases.

A lot of miners are in China, which has lots of practice doing this.

The gun here I wager is metaphorical, the loss of value by 'force' is the point.

If your currency forks, and you are now in the minority, chances are your values will fall, and become harder to make liquid, as the market shrinks.

Not really.

With cryptocurrencies, anyone at any time can fork for any reason.

This can't be done with the government. The government will prevent you from doing so.

A cryptocurrency can't prevent another cryptocurrency from existing, though.

This is a joke, not decentralisation.

Is it really a joke? Because if this is seen as a valid argument in the Ethereuem community then they've really gone off the deep end.

Decentralization is not my area of expertise but I am growing very interested. I've recently been learning a lot more about building decentralized apps using blockchains and distributed file storage. Could you expand a little upon why this is a joke?

I understand that it is not describing a good situation but my understanding was that the miners are a part of the decentralizing infrastructure in the way that was described in the quote.

Also, if you wouldn't mind, could you suggest some other reading for me on creating decentralized applications not using blockchain. I've wondered myself if it makes much sense that everything would be built on blockchains in the future.

Everything is centralized on the internet. People quite often forget that most of the internet backbone is vulnerable to all sort of attacks (BGP hijacking) or even just mass surveillance because most of the traffic is going through few devices. Unless I can directly reach your computer on the network without a 3rd party provider which can deny me that access you can't be seriously thinking about decentralization.

Another issue that I see with these projects that claim to be decentralized, for example ipfs.io is that they do not consider worst case scenarios so they cannot have a service level agreements on their service. Most of the customer networks are asymmetric, you have much more bandwidth to download content than to upload so if you are providing services than you are going to saturate your uplink. Nodes can also be turned off, worst case scenario is that all of the nodes are off that has a piece of data that you can't recover from anywhere else.

As of everything going to be built on the blockchain in the future, most definitely not. I think 2019 going to wipe out most of the cryptocurrencies and we are going to see very few successful blockchain (or more like distributed ledger) projects succeeding in the corporate space. Maybe there will be some use cases for blockchain/DLT like food traceability (one project i have contributed to) and customer warranty for example but all this hype that everything will be running on blockchain will just fade.

It's valid. The distributed consensus ultimately decides which chain will be used.

So Your definition of decentrealization is distributed consensus decision making? Makes sense than.

> How can Ethereum be decentralized if they can so easily keep changing it?

Decentralization doesn't mean it needs to be immutable. It just means that power and responsibility is distriubted to many.

> I'm a total dilettante in crypto but if something is decentralized you can't make large-scale changes to it at the drop of a hat.

Exactly, you're correct. It's not easy for these changes to actually take effect. It takes a majority of miners to vote for and adopt any change/fork. The miners are the ones who are running the decentralized network. Even miners who vote for the change can choose to not upgrade their software to the new version.

> Imagine how much coordination effort it takes to change TCP/IP or HTTP

This is why I'm amazed at the skill of the Bitcoin & Ethereum team's ability to continue upgrading a platform that has no central control.

The miners have zero incentive to ever let it go to proof of stake, as the instant they do they lose their income stream.

So the "snooze button" as they call it, is pretty much guaranteed to keep getting pushed.

The power of the miners is overblown: the mining power follows the price/value of the coin, not the other way around, and the price is determined by the users transacting on it, not the miners (though the miners can of course try to interfere with the users ability to transact, but this generally pushes the price down).

> Decentralization doesn't mean it needs to be immutable.

It is also impossible to create immutable software.

Fair point, but ETH is not just Mr. Buterin and some close friends deciding to postpone mining winter at will. There are currently 8 groups building ETH implementations (https://www.coindesk.com/next-gen-buidlers-the-8-teams-worki...), so you have /some/ level of decentralization since they all have some weight in decisions.

Ultimately, the consensus in any classical blockchain HAS to be uniform, and that introduces an element of centralization (via the consensus algorithm used). That has always been true, and the contentious forks of BTC (and lately BCH) with their fights about the ticker symbol, name, and who has the "true vision" have made this pretty clear. Differing minority opinions have to go the hard fork way and hope to build something better.

It's the ironic twist at the heart of crypto: a centralized system built on implicit trust and community standards is actually required to build a functioning economy. Participating in any particular blockchain is only as valuable as the community around it. So while forking is always an option, a fork will only be worth following if comes with a functional community with agreed-upon standards.

So you can (try to) decentralize the process of verifying that everyone is playing fair (whatever that means in your system), but so long as you all want to trade with each other, you must have a centralized authority of some sort, to decide what "playing fair" means.

I think this was understood even in the earliest days of bitcoin. The centralized system of "playing fair" was the protocol, which as you point out, is a centralized community standard. Blockchain is independent actors following a common protocol. If the actors don't follow the centralized, common protocol then the economy disintegrates.

The miners can choose to fork fork away from those changes. The core team is merely starting the change and the miners are supporting and carrying out those changes by continuing to mine the chain with those updates.

Wrong. Economic majority decides which fork will live and which fork will die. Miners have no say. If they are unhappy, they may attempt to attack fork abiding to new rules. Whey have three venues of attack.

1. Producing blocks that abide to old rules will do nothing - client software will just reject them as incorrect. Fork choice rule (e.g. longest chain or most work done) applies when choosing between two valid blocks, not between valid block and invalid block.

2. Attempts to do a famous 51% attack is crazy expensive and have low impact. Why low impact? Because small events that are similar to rewriting history 51% attack does happen all the time. They are called block reorgs and all the software which uses blockchain as a data store have to handle it properly. Also, such attack will be perceived by users as attack on them, solidifying community around opposition to miners.

3. Targeting difficulty adjustment algorithm by mining on a fork and leaving it at the beginning of adjustment period. Lets imagine 80% of miners leaving. For Bitcoin it would create a situation when adjustment period would last 8 weeks instead of 2. Blocks would be produced every 40 minutes at average instead of 10. Ethereum is immune to this type of attack since difficulty adjustment is done every block, not every 2016 blocks.

There's additionally 4. Targeting transaction throughput via spam/dust attacks where malicious miners introduce empty blocks or transactions with very small sums to clog up the network/drive up tx fees. To my knowledge, this has been tried against BTC, ETH, NEO, and BCH, where at least the dust attacks against BTC were done to try to force a big-block agenda.

All of the things you listed are in the miners control. Of course this requires economic means, but just having economic right is not enough, you still need to contribute to mining.

> All of the things you listed are in the miners control.

May I ask you to elaborate? My point is - miners' power over the network is extremely limited. They are just a paid work force, working on a very small margin. They have almost no say where network will go in terms of evolution.

Why would the miners agree to adding the "difficulty bomb" which is against their incentives? It's more likely they didn't have a say in it.

Because otherwise they end up mining the chain that nobody's using. You can own a lot of ETC and it doesn't do you much good if you can't sell them because nobody's interested in using or trading them.

However in Bitcoin the opposite happened -- the classic chain is the most valuable one despite being the least "scalable" or whatever pet feature the forks has. Also despite all the bitcoin celebrities being for the fork. That's behaving more like a decentralized technology that no single entity controls.

What's happening is people are voting with their feet. Anyone can make any fork they like, and then everyone on the network can choose which one they prefer to use. That is what decentralization means. And both Ethereum and Bitcoin have that property.

A lot of BTC celebs didn't follow BCH at all. And essentially, L2 scaling as well as SegWit was shoved down our throats by the BTC Core devs. I don't see how that was very decentralized.

OTOH, I am not strongly against it, as decentralization doesn't mean every single aspect has to be free of centralized decision making (starting with the name, logo or the code). In the end, users decide if they want to use it or not.

If the miners ever have a serious disagreement with the core developers, they can always remove the difficulty bomb in a fork. The purpose of the difficulty bomb is to force some update, not to force the core developers' preferred update.

the idea that forks are easy enough for the power to be distributed seems ludacris. you need to fork a large ratio of the users in order for a fork to do anything at all, otherwise the new coin has no value. This a gives massive inertia advantage to the original project

Thanks, I feel like I’m the crazy one when people talk about “just fork it” in response to the fact that developers of any specific coin could crash it at any point. That’s not how it works in reality.

Bitcoin could be entirely ruined by a couple dozen people around the world in different ways at any time. Eth and other coins even more so.

The idea of who “gets trusted” in these coins is just nuts. I’m not anti-coin... but man, I’m feel like I’m far enough from it to see a reality that many want to ignore.

I think your misunderstanding is believing users are locked into a crypto system if its implementation is controlled by a small group. They are not - if the developers abuse their power, users are free to migrate elsewhere and take their funds with them (in fiat value or as a different coin).

That's different to e.g. PayPal where your funds can be locked and there's nothing you can do.

Decentralized control over name, logo, features or code of a crypto coin is extremely hard to impossible, if only because there aren't too many people alive that can discuss core crypto features with any meaningful knowledge (I know I can't). Some coins do have governance features, but none of those have profited very much from that.

I believe the point being made is that the _value_ of the crypto system is largely controlled by small groups. Forks rarely achieve the value and status of the prior coin (considering ETC the "fork" here as it was the chain that didn't have the core dev approval).

Furthermore, crypto value is beholden on whales not to just dumping their vast hoards of coins into marketplaces all at once. That is to say, the largest stakeholders in a chain have the opportunity to crush the value of that chain, which means that they have power over other users' choice of chain .

That’s exactly right. And as to whales and who controls the largest amounts of coin. I think people are absolutely crazy if they think and coin since bitcoin doesn’t have the largest share holders as the devs themselves. It’s obvious why there are a million coins right now.

Itslired by the great mystery of bitcoin, it’s like an appealing urban legend to say “we don’t know who owns all our coin by design! wink”. So this doubly makes the coin devs more powerful than “but it’s decentralized” people want to admit.

That's generally a good complaint about "just fork it", but there are some additional factors here.

One - every Ethereum update is a soft fork of the protocol

Two - they are required to be soft forks by the very existence of the difficulty bomb.

Three - running a blockchain is already a social activity that requires everyone participating to opt in to the same protocol.

I don't think it would be easy, by any means, to convince the community to move a different direction than that desired by the core devs. But my main point is that the difficulty bomb is a mechanism to force soft forks frequently. It is not a mechanism to force any particular long term path.

That's a problem for the original developers as well, and is precisely why the difficulty bomb exists. It causes the original project to gradually stop working, forcing the users to migrate to newer code.

Yes because humans are still the end users here and humans congregate into groups. Network effect is a human trait. In order for any network to be useful it needs a majority of people agreeing to use it, and to that end it ends up with inertia. There is no utopia, there's just "more decentralized" or "less decentralized"

The miners aren’t looked at the same way in Ethereum because you don’t have the large concentration of mining to a handful of companies like Bitcoin.

Also because from the very first whitepaper it’s been known Ethereum would move to PoS.

I'm sure mine is a minority opinion, but I don't think Ethereum has any credibility as something that I'd call decentralized in the sense crypto enthusiasts often mean.

I think this is true of a lot of cryptocurrency tools as well. Centralization is okay. There is a lot of power that comes with it.

In my view Ethereum has chosen to wield that power while wearing the backwards hat and skateboard of decentralization and claiming to be one of the cool kids.

It's not that much of a minority opinion, it's shared by all Bitcoin maximalists.

An important ability required to understand Ethereum is to be able to separate the raw technology's properties with the development governance story.

The Ethereum network derives trustlessness from PoW and its miners. The security guarantees these provide can be considered in isolation to politics. It's just numbers, and the git history of the various specs and implementations is public.

Any community can start a new chain, from any version of Ethereum. And they do, many altcoins are more or less 1:1 forks of Ethereum yet reach huge valuations. The Ethereum foundation has 0 power over these networks. That's what decentralization means in this case, even if the development is as centralized as any other FOSS project.

> It's not that much of a minority opinion, it's shared by all Bitcoin maximalists

That's perhaps the least useful pejorative ever invented.

It's been a trivial observation from the start that if your problem is adequately solved by payment service backed with a traditional database then that will always have lower operating costs. (This does not mean blockchains are useless, but that there is a natural limit to their usefulness.)

Lately that's enough to get you branded as a "Bitcoin maximalist", which is more than a little bit silly.

That was a neutral remark on the parent's first sentence about his being a minority opinion, not a pejorative against doubting blockchains' intrinsic value or whatever you seem to have understood.

There's a misunderstanding of what decentralisation means.

The difficulty bomb is in the code but the node operators (miners, etc) have to chose to upgrade their clients to work with the new fork rules. The decision of which code to run and which chain becomes canonical is in the hands of the community of users and not the developers, despite the Ethereum Foundation having full ownership of the protocol development process.

Enough people think the changes are a good idea that they switch versions.

Can you show when this has successfully happened? Can you show a popular coin that the devs went one direction with, a different group didn’t like, forked, and became more used than the original?


It is the predecessor to Monero, development there stalled in politics, and some people forked Monero.

Admittedly, it wasn't very big when the split happened. I'm not sure of the capitalization.

Hmm, CryptoNote doesn't seem to be a currency at all. It seems to be a code base behind other currencies as much as I can tell. CryptoNoteCoin seems to be a reference implementation that isn't "real".

The discussion is when did a coin - fork into a different coin and become more successful than it's predecessor?

Because if it's "well, never... yet!", then the argument that "development is centralized but that's ok because you can just fork it if you don't like the developer's plans" - is effectively a lie.

Also, while I probably know way less than you on this overall, I do know Monero has seen successful because it's effective to be run as a scam on victim computers (mining malware) and on websites that use JS on your computer to mine coin. Almost all the web and malware mines Monero. It gives me the impression as the least legitimate coin I can think of because of the number of times I've seen this.

More used? No, but why is that necessary? Wide use is all that's necessary. Bitcoin Cash and Ethereum Classic are traded on all crypto exchanges that matter.

Both of those have suffer major losses to low or near record lows. Is that really a good pitch for ”just fork it if you don’t like it!”

I just want people to admit and understand their “decentralized” commodities are anything but. Yea, the mathy database is, but you still need to put all your trust in a handful of developers with mostly no economics experience, no oversight, and no track record.

I think the centralisation issue with most cryptocurrencies is quite interesting. Almost all of them have a generally accepted organization that controls their development. This organization can make large-scale changes but controversial ones usually lead to breakaway forks. Theoretically these forks could be more valuable than the one controlled by the organization. In practice if a fork wants to be successful it's going to need its own organization.

One word. Consensus.

Ethereum is not ready yet. When it is ready it will be decentralised. Still, miners need to agree for the hard fork and if they don't just like Ethereum Classic they can split. Protocol changes in blockchain projects are about consensus.

Like TCP/IP or HTTP, Blockchains are a specification.

You can easily change How HTTP works on your own server, as can the core devs on a blockchain project.

None of that actually matters until clients begin using the new features/blockchain software en masse, that's where the decentralized piece fits in

Ethereum is - as the founders have repeated - very much an experiment and still in "beta". The currency aspect of Ethereum is even more of an experiment. So invest/trade/speculate at your own risk.

This is about making credible commitments, decentralization is a mean to that. What we see here is that the commitments can never be absolutely credible - but maybe that is not too bad, maybe we can live with some relativity.

As you'd probably expect, the answer is that it isn't meaningfully decentralised. Nor is bitcoin, by the way.

Ethereum is not decentralised. The hard fork after the DAO hack proved that. Combined with its limitless supply it's pretty much pointless in its current incarnation.

BTC should have done this as well.

Proof-of-Stake is indeed a good thing, and a worthy focus of the article.

From the article we read "the long-term hope is that apps built from them will eventually make Ethereum the ultimate cloud-computing platform." Ethereum does not claim to be a computing platform in the same way that AWS is; it's for low-complexity business logic only. I think it's misleading to use "ultimate cloud-computing platform" to describe Ethereum.

Proof-of-stake will ultimatumly fail. The majority stakeholders can change the protocol at will to their benefit, and there’s no defense (without mob theft). With proof-of-work, at least miners can defend or fork. Best of luck to them though.

Also once a majority of stakeholder hit 51% there is no way to take away the 51%

With PoW, an entity could theoretically out mine the 51% attacker by just throwing more hashing power at bitcoin

2/3rds is required for a full 51%-style attack in PoS.


There's a lot of misinformation regarding PoS. Vlad Zamfir has spoken a lot on cartel attacks and how they're mitigated, but the biggest, and I mean bigger than biggest, argument against all of these attacks is that it's always detectable by honest nodes shy of 2/3rds attack and it defaces the value of the coin itself to attack at that volume.

You can always buy them out. But honestly, a 51% attack seems like a much less likely way for ethereum to fail compared to it just not living up to the hype.

A buyer requires a seller. Who's to say they would?

Buisness plan: Get a 51% stake in Ether, and hold big users hostage?

That works until the big users hard fork and take away your ether on their fork. It's pretty much a failsafe that always works at the cost of possibly destroying all trust in the network.

Giving everyone a nuclear button is an interesting solution.

> Also once a majority of stakeholder hit 51% there is no way to take away the 51%

You could do a hard-fork and slash their stake. In PoW, you can't do this.

> With PoW, an entity could theoretically out mine the 51% attacker

Not in the case of "selfish mining attack", where you may never know that an attack is happening until it's too late, you'll have little chance in defending with hashpower since the attackers will have a significant head start...

> You could do a hard-fork and slash their stake. In PoW, you can't do this.

So ... theft?

Theft of what exactly? Each fork is as valid as any other fork, the challenge is in agreement.

You should really be careful with how you play with definitions, as that will lead down to a slippery slope. Remember that time when someone managed to generate 184 billion bitcoin? With your reasoning, we can now say that the succeeding hard-fork to 'fix' the issue by slashing the bitcoins was theft.

> Remember that time when someone managed to generate 184 billion bitcoin?

you're being intellectually dishonest or even outright manipulative here.

there were never 184 billion coins created on bitcoin chain, there was a bug in validation logic of bitcoin client that made it follow the chain that was invalid.

are you seriously trying to compare that to stealing coins from somebody on a valid chain?


> are you seriously trying to compare that to stealing coins from somebody on a valid chain?

They're not stealing coins from someone on a valid chain, they are forking away to another chain and slashing the user's stake. The user will still have all their coins on "their" chain and it's up to everyone else to decide which chain is "the right one". If the 51% user is truly malicious, the majority of network participants will move away to the new chain, rendering the 51% user's tokens (near) worthless.

> If the 51% user is truly malicious, the majority of network participants will move away to the new chain, rendering the 51% user's tokens (near) worthless.

so being successful is punished by destroying all wealth of the richest participant in the network? nice.

No, being malicious is.

having lots of money is malicious?

No, it's not, that's why I said

> If the 51% user is truly malicious

Having 51% doesn't automatically make you a malicious user. People also wouldn't move away to another chain simply because someone or some group owns 51%. They would move if said person or group abuses the power they get from owning a majority.

Now you've really tangled yourself in a big web.

And why is this a problem? Sure, they can change it arbitrarily to their benefit, but they only benefit if the value of their holdings is high. If they do something that people don't like, that value will fall. So they are strongly constrained by behaving in such a way that they do not make the users of Ethereum unhappy.

One only needs to look at modern democratic politics to have _serious serious_ doubts about that argument...

It won't surprise me at all if a PoS blockchain ends up looking just like a two party political system, where every now and then you get to choose which fork/party has the least objectionable outcome for you, but where both choices leave you worse off than you started...

Except that in this case, if you think you have better ideas, you can code up your own fork, and try to drum up support for it. The open source ecosystem works far better than the political system, I find.

Like now, you can drum up support for your own new party.

Yes, but in the case of the US government at least, there are structural reasons why the two party system is a stable equilibrium. Those structural reasons do not exist for cryptocurrencies. The most important of which is that there can be only one president of the US government, only so many senators, judges, etc... There can be infinitely many concurrently competing forks of Ethereum.

You and I can go fork Ethereum right now and now just tell people it's great, but show them it's great. It's like if we could fork the US government, refactor all the policies and let it run to demonstrate how good it is, and then people can come on board. You can't do that in politics, but you can absolutely do it in crypto.

Half the point of a cryptocurrency is the network effect - so I don't see how your argument holds, at all.

It is not clear at all that a small political experiment will scale to a super power. It is equally unclear that a small crypto currency experiment will scale.

This is without even touching on how easy, or difficult to it is rally support for a new system. Quite difficult, I'd say.

> Half the point of a cryptocurrency is the network effect - so I don't see how your argument holds, at all.

It holds because you can demonstrate its utility on a small network.

Network effects are too powerful. If they’re smart, they’ll make small changes over a long time, only ever upsetting a minority at once, and so the users stay. That’s Facebook to me, other things to other people.

That tends to happen in PoW actually. Example: Last year, Monero forked and changed the protocol by changing the PoW algorithm. Effectively shutting off a significant section of the miners. Miners had no defence - it was a major blow to them. Same thing happened in Sia. There's been discussion with changing the PoW of Bitcoin as well.

This was a change meant to block ASIC mining and encourage GPU mining.

Whilst this is great for decentralization, I've read interesting arguments in favor of ASIC mining. People who buy ASICs are committed to a coin. This leads to a stable base of mining. Meanwhile, GPU miners tend to mine whatever is the most profitable at any given time. This leads to large fluctuations in mining rates.

The Ether switch to POS has some people worried, as it might free up a lot of GPU power, which might overwhelm other GPU based POW systems.

Then again, any argument regarding mining algorithms is filled by people who have biases to the tune of 100 000$ of hardware investments.

You're making a different point. Yeah miners can get screwed in a PoW change, but the chain's fundamental properties are not at risk. Users have assets on both chains in a fork and if one chain does something terrible (or even just different) the market will reflect. With PoS, the majority remain the majority ... unless you support mob theft, a bad precedent I would say.

Nope, if an attacker does something bad (eg. a group forms a 51% cartel and starts censoring transactions), then they can be forked out and their stake slashed in the fork that doesn't censor the transactions. I really do not see a problem here? It's even better security than PoW, because once the attackers have their stake slashed, they can't attack anymore. With PoW, the miners can keep on doing a 51% attack even after the fork, indefinitely.

PoS is way more secure.

...if you trust a minority to decide who is an attacker and who isn't.

It's pretty clear when you validate the transactions

Sure but if they change it in a negative way they lose because they own the mayority. That's why to be able to change anything you have to have a huge stake, it's like having skin in the game.

Ethereum claims to be the "World Computer" that lets you build "Unstoppable Applications". If that doesn't sound like an AWS competitor then I don't know.

Sure, it's in some sense "an AWS competitor" but something like a billion times less efficient, measured by throughput, energy efficiency, or cost. So, in practice, no it's not.

AWS actually made an interesting product, a distributed ledger that's 'trustless' as long as you trust Amazon, but with none of the overhead of blockchain so at least it's efficient

I think Ethereum is going big places, but the AWS ledger solution is probably also going to be good for smaller industries where competitors don't trust each other, they want a database that's shared, and they all might trust Amazon enough to control it (eg if they're all using AWS anyway)


> […] a distributed ledger that's 'trustless' as long as you trust Amazon […]

This has been possible since the 80’s due to public key encryption.

It’s not having to trust a central actor that’s the innovation behind e.g. Bitcoin.

Well put!

To put it another way, the problems that Ethereum will solve are not ones that could be solved by AWS.

Totally agree.

Despite both being energy/transport companies, Embraer and Tesla are solving two very different consumer problems.

I see it less of a computing platform and more like the spinning table from the beginning of Indiana Jones and the Temple of Doom. The goal isn't to compute faster or better than others, it's for parties with competing interests to trust the computations that have taken place.

It's a git with stored procedures that can push commits.

Notably, there are rules that will block invalid commits, and tools that prevent git branches.

It's a hammer and nails. /s

Comparing Ethereum to AWS is an apples and oranges comparison at best. One is first order, and the other is second order.

You could make an argument it’s a competitor to AWS Lambda, but it would be akin to saying lxc is a serverless competitor.

I'm not comparing them, Ethereum marketing team pitched Ethereum as a world computer not me.

You are misunderstanding what they mean with “world” computer

Think of it as one, single "world computer" and it will be much closer to reality. Everyone can access that computer for free, and use it for a price.

> ... for free ... for a price

"access" vs "use".

Everybody can see the code/transactions that are run for free. Everybody can have their code run and execute transactions for a price.

I use quite a lot of AWS - and there's precisely zero chance I'll ever migrate, say, a mobile app backend platform to an Ethereum "unstoppable application"...

There are quite probably innovative new things that can be built using Etherium's "world computer", but my guess is that almost _none_ of what's currently running on (and paying for) AWS resources will move to it.

Can we get real for a second? Ethereum has no chance of taking on AWS or Microsoft.

Those are multi billion dollar business with billion dollar requirements in infrastructure investment on a yearly basis. Not going to happen.

I agree! But that's what Ethereum was pitched as.

Seems to me you're making invalid assumptions about what "world computer" means.

There's not a lot to go in in those two words, but claiming they mean Etherium is out to capture all (or any) of AWS's customers is a _very_ long stretch.

PoS was known way before PoW. It simply doesn't solve the problem at hand - decentralized consensus between mutually distrusting parties.

This guy knows his byzantine general's problem.

If POS worked, great.

I wouldnt trust it for a half decade of use.

IOHK has many conference accepted peer reviewed research papers that show that proof of stake has equivalent security properties as proof of work.

A peer reviewed paper saying WPA2 is secure also exists. That clearly didn’t make it so.

Only if we enumerate all possible attack vectors, and prove resiliency against these, is the proof as general as you claim. The difficult part — as the WPA2 paper shows — is the former.

How do you know when you’ve enumerated all possible attack vectors?

That's a good question. It's impossible to prove that anything besides math itself is absolutely true but we can say that for all known knowledge what is in this paper is true and secure. Unless some new discovery is made the papers show that proof of stake has similar mathematical security properties as proof of work.

> conference accepted


> peer reviewed

not so sure.


By the by, it’s not clear that proof of stake is good for crypto, although reducing the CO2 budget is unambiguously good for the rest of us.

Most PoS systems I’ve seen basically reward the oldest money holders with the right to stamp new transactions. This reduces the cost, but is extremely centralizing, bordering on neo-feudal.

The cynic in me also notes that developers of these chains are regularly the oldest money, making their motivations suspect at best.

In most PoS designs, registering a new validator account takes some fixed amount of time, just as a measure to prevent grinding attacks. If registration takes an hour, and I can't predict the random seed an hour in advance, then I can't predict how my account will be scored, so grinding would be futile.

Most PoS designs don't otherwise favor old accounts. I know Peercoin does, but that's a very small project, and I'm not aware of any others. Ethereum 2.0 definitely won't have any such mechanism. In the current spec [1], staking is binary; either you have an active validator account or you don't.

[1] https://github.com/ethereum/eth2.0-specs/blob/master/specs/c...

That sounds like the "coin age" system of Peercoin. Ethereum's PoS ignores coin age, which probably couldn't be used anyway because Ethereum uses account balances instead of UTXOs.

PoS is actually more decentralized when PoW. PoW is controlled by a few mining pools but PoS will have tens of thousands or more validators.

In PoW only a few people have the resources to build and run mining farms. Certainly not me. In PoS anyone can stake on a desktop or laptop. This greatly increases the amount of people who can participate in the network.

What is it good for?

I want to write a snarky or skeptical comment about how it's probably going to fail, but honestly I kind of love the way Proof of Stake works.

Instead of mining, those who want in put down a stake of ether that they can mine it and get a better chance of winning based on the size of the stake. If they get caught cheating, they lose their stake. There probably going to be some fun when the first serious exploits happen (oh shoot, what happens if someone does [whatever]?) but I think the premise is solid enough that it's worth trying.

I do still have serious concerns over things like the DAO hard fork and the expectation that non-expert developers can or should be writing smart contracts, etc. Ethereum isn't perfect. But if they can provide the same service without the need for mining, all the power to them.

> If they get caught cheating, they lose their stake

in that chain. In any distributed blockchain there's going to be several chain(tips) at any given time.

Issuing staking transactions on more than one chain is one of the defined slashing conditions. All the transactions are public so any other staker can see that you've done it, submit the evidence in a transaction of their own, and earn a reward while causing some or all of your stake to be destroyed.

("Some or all" because the devs recognize that you might get hacked, so the penalty depends on how much of the total stake misbehaves at once. If it's only a small portion, it's not damaging and presumed to be accidental.)

What if the misbehaving actor refuses to extend the chain that includes evidence of its own cheating?

Ie. the cheater just extends the chain at one block before the block that contains evidence of the cheating.

How will clients agree to use the chain that contains the cheating proof, and not the other — just as valid — chain?

You are talking about the nothing at stake problem. It's address here: https://github.com/ethereum/wiki/wiki/Proof-of-Stake-FAQs#wh...

All the power not to them, you mean ;)

Some good criticism of PoS in @TuurDemeester's thread from last week: https://threadreaderapp.com/thread/1078682801954799617.html

And HN discussion: https://news.ycombinator.com/item?id=18780489

Nothing in Tuur Demeester resume [1] makes me think he is able to discuss PoS which is being developed by top scientists (including one Turing Prize) in projects like Cardano, DFINITY, Algorand, and Ethereum.

[1] https://www.linkedin.com/in/tuurdemeester/

PoS is not only a computing and cryptography problem, it's also a social science and game theory problem. There are not that many "scientists" that are knowledgeable on those areas. Nick Szabo (the authority figure you may be looking for) doesn't seem to like PoS:

>Conjectured governance under proof-of-stake seems to involve programmers & other amateurs making legal & accounting decisions. Bitcoin governance does not. Even when lawyers & accountants properly take over PoS governance, PoW governance will likely be far more socially scalable.


Tuur is a pretty insightful guy, and even if he doesn't have the credentials, the critique stands on its own.

Not saying that Tuur doesn't have the right to criticize. Saying that at the end this discussion has a strong academic side where you can formalize the problems involved, the adversarial attacks, and balance the solutions. Non academic fights on strongly academic topics, in general, cannot distill the signal from the noise.

I'm glad we switched away from Ethereum in favor of Stellar; it will take most of this year and probably next for the dust to settle on this.

Until then, Ethereum continues to be unusable for serious dapps (which are rare to begin with) that have expectations that exceed having reasonable transaction throughput (<4/s, globally, for everyone) and latencies (minutes to hours).

Until then, this is a toy platform for wannabe ICOs, misc gambling applications, and not much else that I would qualify as substantial in transaction volume or user base. I

f your use case is "nobody does anything that requires a transaction to happen more often than maybe once a day and you can justify the high tranaction cost", ethereum is for you. Otherwise if say, you expect to have users that do stuff in your platform, use something else that works right now instead of waiting for the next two years for Vitalik et. al to actually deliver on their promises with something that is usable, scalable, stable, secure, and available.

We switched to Stellar, which also implements proof of stake and provides a reasonable compromise between security and availability. It has its own challenges but transactions clear in <4s and there are dozens to hundreds of them per minute globablly. It also skips the convoluted smart contracts (which IMHO are severely expensive, hard to fix, exploitable bugs waiting to happen) in favor of simple but adequate financial constructs builtin to stellar for custom assets, transactions with multiple signees, transactions with limited time validity and many other features that you can combine to emulate many of the more things people attempt to do on top of solidity. E.g. you can do escrow transactions, payment channels, and many other things. It also scales down reasonably well for micro transactions with values measured in a percentage of a cent (though payment channels are probably the way to go for that).

The Stellar protocol has not been yet peer reviewed. Not saying that is wrong but I would say that when you start relaxing consensus assumptions you can come up with even simpler protocols. For example, using trusted third parties to timestamp your transactions. In this way you solve the ordering issue in consensus (assuming no timestamp can give the same time). For example, imagine if Google, Amazon, Microsoft, and companies from other countries provides this (Microsoft has a timestamp server for creating code certificates).

I understand; this has also been a concern for us. However, there's actually very little out there that is actually mature and usable. Bitcoin is not usable for custom applications period. It's nice if you want to trade bitcoin; it doesn't do anything else. Ethereum has enough of a user base that you could argue it is probably OK in terms of security; however as argued it's not really usable in its current form. Everything else is a combination of too young, technically challenged, too small in user base, etc.

Bearing this in mind, we picked Stellar based on the fact that it has actually been around for a while and launched late 2017, is used by several more serious players in the ecosystem (e.g. IBM seems to like it) and a few fin tech companies are building stuff with it. It has a few tokens that seem less about speculative trading and more about solving a real problem (e.g. several stable coins that tend to be relatively stable in value, by design).

If you look at e.g. EOS, the picture is a bit different. It seems to be favored by asian gambling tokens which have pathetic numbers of transactions per day. Also, they launched after we decided to move to Stellar. Tron seems to have similar issues. Then there are a lot of smaller chains that are currently not launched yet e.g. IOTA, hashgraph, that you might see as potentially of interest in the future. After that comes a long tail of solutions that nobody can vouch for right now.

So, we're taking some risks here with Stellar but it seems to be relatively OK for us so far and I haven't really seen anything more suitable for our needs so far. In terms of transactions per second there's way more happening on Stellar than Ethereum is even capable of handling currently. Also, Stellar seem to have distanced themselves a bit from the whole ICO business, which I count as a good thing.

>For example, imagine if Google, Amazon, Microsoft, and companies from other countries provides this (Microsoft has a timestamp server for creating code certificates).

Sooo... paypal on blockchain?

No, saying that you can rely on third parties just for the timestamp but not for the whole blockchain

Please no. Keep paypal on ebay, and away from the rest of us.

Stellar, like Ripple, is centralized. They run an append-only database that only they can approve transactions on. Ethereum is attempting to be far more decentralized, which is why it’s so difficult. Stellar may solve problems but the types of problems it solves are nothing like what Ethereum is doing. And smart contracts are indeed important for many applications, despite their flaws.

Not as black and white as that. There are multiple companies running validators and you can choose to run your own. The transactions go to the same shared blockchain. Most of the significant tokens on Stellar have their own preferred validators for transactions. Each validator can configure consensus for their ecosystem as well. IMHO this is a reasonable compromise and not that different from Ethereum proof of stake in combination with a high stakes.

Ethereum is a nice science project so far that may one day result in something usable and when that happens, I will look at it again. However, that is not right now and we are trying to run an actual business right now. Most of the smart contracts I've seen are convoluted and tend to solve things that Stellar can do out of the box with zero programming.

The smart thing seems to be to reuse smart contracts from Github and avoid writing your own and thus avoid taking the risk of introducing exploitable bugs right in the heart of your financial operation.

Not to say that they are useless, but I have no need for them with Stellar. That saved us a lot of time so far.

As a smart contract developer I'm curious about

> It also skips the convoluted smart contracts (which IMHO are severely expensive, hard to fix, exploitable bugs waiting to happen) in favor of simple but adequate financial constructs builtin to stellar for custom assets.

To me that feels very very limiting and my optimism about Ethereum is the generality of the smart contracts and ability to programmatically enhance Ethereum.

Proof of stake isn't a tested and reliable mechanism to achieve distributed consensus. It'll be interesting to see what happens to a real cryptocurrency that tries switching to an entirely new form of consensus.

It is, and exactly these kind of experiments are what crypto cryptocurrencies should be about.

That's not true. Pure, non hybrid PoS has never been deployed on any crypto at scale. The fact that Ethereum is on their 3rd iteration and still can't figure out how to make it work years after promised delivery should be alarming at least.

They changed from the previous version because they figured out how to have ten times as many shards, lower the minimum stake from 1500 ETH to 32 ETH, and remove code duplication that the previous version would have required.

It's incorrect to say they "can't figure out how to make it work." They figured out one way, then a much better way. Right now they have a near-complete spec; the remaining changes are small optimizations. Eight independent teams are working on implementations in various languages.

That's incorrect. There are plenty of chains with pure PoS, and the reason it's taking Ethereum so long is because they have an established PoW chain that they are trying to seamlessly transition to PoS. At the same time they are also working on taking into consideration more aspects like how it works with their platform/smart contracts and sharding. I'm sure there's many other considerations I'm not aware of as well. All other pure PoS implementations are much simpler as they're just simple payment blockchains which greatly reduces the difficulties and moving parts.

I haven't seen a pure PoS chain and I'm pretty heavy in the space. I HAVE seen a LOT of dPoS chains, which isn't the same.

Have u seen Qtum?

Off the top of my head there's PIVX and Blocknet.

Neither of which are pure PoS.

I think the point is that all cryptocurrencies that we have currently are experimental in that sense, and so it's a good time to experiment with unproven concepts. Maybe that means ETH will crash and burn, but so what? It's a minuscule part of overall economy, so aside from people who decided to seriously invest into it (i.e. alpha testers), it's not a big deal. But, on the other hand, we do want to figure out what works before we start using these things at scale, when it's much harder to change.

This news is good for Bitcoin.

Is Tezos not pure PoS?

Tezos uses delegated PoS, so no, I don't think it qualifies. D-PoS is sort of antithetical to the idea of decentralized blockchain due to a small number of nodes and very questionable process of node (witness) selection.


1. The number of nodes is not fixed.

2. The process for node selection is random, based on the amount staked. This happens continuously.

3. The D in DPoS is entirely optional. Anyone holding Tezos can directly participate by running a node. The only cost is the cost of a VPS.

The only real restriction* is a 10000 XTZ minimum for running a node. At current / ICO prices that's around $5k. While that's not cheap it's a lot more attractive than the CAPEX/OPEX of mining hardware.

Also, that $5k will grow by 5.5%++ per year, i.e., no depreciation of hardware and only a trivial amount of overhead.

Those not wanting to run a node (or with less than 10k XTZ) can delegate to a baker. There are a wealth of them available already.

*This restriction may be lowered in the future -- by way of on-chain voting (as opposed to a hard fork).

Good points, though I'll just clarify that 10000 XTZ is only required if you want your node to produce blocks.

Some numbers regarding decentralisation: The last couple of (3-day) cycles the number of unique blockproducing nodes (bakers) has averaged just above 200 pr cycle, and is steadily increasing. The Tezos foundation nodes are now down to producing ~25% of the blocks.

I recommend this post for anyone interested in Tezos 'Liquid Proof of Stake'-model: https://medium.com/tezos/liquid-proof-of-stake-aec2f7ef1da7

Won't any pure PoS system naturally evolve stake pooling that looks like DPoS?

In Ethereum there's one disincentive to stake pooling: if a staker misbehaves, perhaps because it got hacked, the penalty depends on how much stake misbehaves at once. A large amount of misbehaving stake could be completely destroyed, while a small amount will lose only a small portion.

This is mainly because a small amount does no damage and is presumed to be accidental, but also helps decentralize since you're safest not using a large staking pool, the most popular client, the most popular hosting service, etc.

Running as a small staker is feasible because the minimum stake is only 32 ETH, you're profitable if you're online at least 2/3 of the time, and the load on an individual node is feasible for a laptop. The computational load increases fairly linearly with the amount of stake, so there's little economy of scale for a large staker.

There are two attractors, it could push people to do it themselves but I think it's more likely that it evolves in stake pooling. Stake pooling in pure PoS involving trusting the pool operator to a great deal and I'm concerned it degenerates to a very centralized system. Adding optional delegation is a safety valve that takes this into consideration.

What Tezos does is merely let you lose a different key to custody funds and to create blocks. By itself this creates the possibility of delegation.

Last but not least, with trusted hardware the difference blurs even more.

Just my personal opinion, but designing a system that doesn’t allow for secure pooling will only enable insecure pooling. So making the choice to force people to share private keys as the only way to delegate capital will make the overall system a lot less secure, and just seems really irresponsible.

Delegation does not require sharing private keys. Nor does it require transferring XTZ to anywhere other than your own wallet. Ever. Period.

The only risk associated with delegation is that the baker will run off with the baking rewards instead of distributing them. Of course, the incentive is low since this can only be done once. The community is active is discussing the trustworthiness of bakers (which, to date, has been pretty much all of them).

The staking risk (risk of losing a bond) is entirely on the baker. This incentivizes them to make sure they're not double baking or otherwise running misbehaving nodes.

My point exactly. Without delegation the only way to pool capital is to give up ownership.

You need to control 2/3rds of the stake and be able to coordinate decisions with each staking node before the block time is over to fuck up the network. Considering that PoS can enable more tunable block times as validators no longer will churn out random numbers on GPUs/ASICs to mine a new block, I think this will be a non-issue.

Unless they somehow integrate PoS in the wallets, yes.

Looked more into it, this seems to put Tezos somewhere in the middle. https://medium.com/tezos/liquid-proof-of-stake-aec2f7ef1da7

However after reading that I am pretty sure the current Ethereum Serenity spec allows for delegation as well, so it seems to be on the same level Proof of Stake

Did you just describe Bitcoin miners?

If you mean mining pools, then no. Yes, they have consolidated power, but their selection process still relies on external resource (i.e. energy).

XTZ, RDD, there are numerous other POS coins.

The ETH network doesn't want to make it work.

Blackcoin? That was years ago.

10 years ago Proof of Work wasn't a well tested and reliable mechanism to achieve distributed consensus.

Tzscan.io check'em

Proof of Stake is unable to deal with network partitions, the likes of which every so often happen to cut entire countries off the Internet

PoS is a disaster waiting to happen for Ethereum.

That's not an inherent limitation of PoS; PoS systems can be either AP or CP. Most PoS designs go with CP, but NXT and Ouroboros are examples of AP PoS systems. They use Nakamoto consensus, much like Bitcoin.

It's true that Ethereum 2.0 will require 2/3 availability in order to finalize transactions, but that's true of any BFT system; see [1] for a proof.

[1] https://zoo.cs.yale.edu/classes/cs426/2017/bib/bracha85async...

Don't worry. They'll just roll the chain back.

The stakers will lose their stake, and those shards affected will go offline, but the rest of the network will continue on until the interruption is over.

Ethereum is designing the system specifically to accommodate that sort of problem, last I remember you needed 95%+ uptime to generate return, so if your internet goes out 5% of the time you should not stake.

Why would the minority side of the partition go offline? How would it even know that it's on the minority side of a partition?

> How would it even know that it's on the minority side of a partition?

Because it would be obvious?

The world does not exist in a state where a "true" network partition can ever happen.

A "true" network partition I would define as preventing all information, of any type, from going into and out of a country.

This is a ridiculous scenario that isn't even worth considering.

I imagine that means it's OK if my network connection goes offline 4% of every hour. But what if I'm offline for 4% of 90 days, all at once?

Could also be 100% if their Proof-Of-Stake game theory does not work as well with real funds worth stealing as it does on testnet. Full disclosure I hold some ETH but I would not dare put all my eggs in that brazenly "do it live" basket.

One party can hold >50% of all funds and we would have no way of knowing.

I wish people would look at less energy consuming proofs of work that still allow us real world evidence of decentralization.

We need more experiments like Chia with proof of wasted disk space instead of proof of wasted electricity.

I'm confused as to the purpose of ETH. On one hand it sounds like an investment that you can "hold" as you say. On the other it is a computing platform. So what is it you "hold"? Compute resources? Why is it valuable to allow speculation on compute resources? Can a person ever really reason about the cost of a system running on ETH? How do you plan for those costs?

Is is a compute platform? A cryptocurrency? Something else? Both?

ETH is what you use to pay fees to the network to transact on it. i.e. if I want to transfer you some "tokens" on the Ethereum platform, I would have to pay a fee in ETH. This makes it a speculative investment, since if more people want to use the network, there is more demand for ETH as a currency. Since there is not an unlimited supply of it, there is a supply-demand dynamic on ETH as a currency.

It is a computation platform first and foremost. You can pay gas in ETH. Every opcode has a set gas price, so executing a compiled contract on the network costs you some ETH. Why would you want to run code on ETH?

Most notably, it requires no 3rd party trust to execute the code whereas traditional cloud architectures require you to trust that the execution environment is kosher e.g. amazon vm is not compromised, amazon hardware does not have side channel attack.

It is ideal to write a token or currency on ETH platform as state changes like balances are better left completed on trustless architectures

Ethereum is the platform and ETH its native currency. It's much like Bitcoin but with better scripting and the ability to store arbitrary state.

> One party can hold >50% of all funds and we would have no way of knowing.

One party can hold >50% of all mining power and I find that far more likely.

>I wish people would look at less energy consuming proofs of work that still allow us real world evidence of decentralization.

Are there any candidates for this? I can't imagine a PoW problem where you can't get ahead by throwing more computers at it.

> Are there any candidates for this?


It's called a zkSNARK. One proves they performed any computation with a constant size proof of the result.

But most of the energy consumption is in the work, not the proof.

Ethereum could use SNARKs to verify certain computations more efficiently, but the purpose of PoW miners isn't really to verify computations, it's to make a 51% attack expensive. CODA protocol uses SNARKs to verify the entire blockchain history, but they still need miners for consensus.

Constant size or constant time?

Both, but 'constant' here needs some qualification.

Generally, it is 'constant' w.r.t. the witness you are proving you know, and something like logarithmic w.r.t. the statement about that witness you are proving.

They are doing beacon chain (a distributed unbiasable verifiable random number generator, constructed using commit-reveal scheme + VDF to fix commit-reveal biasability) to choose sets of validators for each of the shards. It is not your typical PoS design. I'm not sure how exactly validators for single shard will form a block, but even PBFT (tendermint style) solution would work in situation when you don't have to worry about membership of validator set.

one party already holds >50%, don't forget that Ethereum is a pre-mine scam.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact