The problem is that you have a bunch of your own coins, so you are mining the chains that have been announced, but you are also mining possible chains that involve you that you never announced.

So if I never announce that I destroy 10 coin days, but I have 10 coin days to destroy, there is an alternate reality that I'm also mining, If I don't like the current chain, I can add my own coin days to a different fork in the past to make that fork now the heaviest fork. Then I announce it. Especially if I'm working with a bunch of other people, they can add their own coins and we can work together to make it the longest chain. If it becomes the longest chain, they get back any coins they destroyed in an alternate history.

So basically, it's very cheap for a set of collaborating nodes to build a forest of alternate chains, and the longest can change anytime we collectively alter the history or add another fork somewhere to make it the new longest. It's relatively inexpensive to balance all these forks.

So it works as long as the powerful individuals aren't mining multiple chain simultaneously. But what's to stop them? So it's ultimately not very secure once powerful groups start attacking the currency.


On Fri, Feb 7, 2014 at 2:53 PM, Sean Lynch <seanl@literati.org> wrote:
AIUI there are multiple ways to implement proof-of-stake. A friend of mine proposed treating the chain with the most coin days destroyed (along with correct difficulties for the standard proof-of-work function) as the "longest" one rather than only the most difficult chain. Does that not work?


On Fri, Feb 7, 2014 at 2:40 AM, Lodewijk andré de la porte <l@odewijk.nl> wrote:

Any functional complaint + it being illogical economically. Power to those that rule. Fantastic plan.