Re: Proof of Stake...
Sorry, meant to include the list before. Switching to inline reply since I want to reply to separate points separately. On Fri, Feb 7, 2014 at 12:40 PM, Lodewijk andré de la porte <l@odewijk.nl>wrote:
2014-02-07 Sean Lynch <seanl@literati.org>:
Substitute "CPU power" for "wealth," and your claim about trust equally
applies to the current proof-of-work function. I don't accept your premise that giving more power to wealthy people is somehow worse than giving more power to people with lots of CPU power (i.e. wealthy people).
Ah, yes. But now you're confusing some things.
I can calculate that a certain transaction is no longer worth falsifying. Let's say that there's 10,000 USD (10kusd) required to fake a single block.
Now my transaction is buried 5 blocks. Setting apart a block just for the sake of luck-prevention I can say that if my transaction is <40kUSD it is now entirely safe. It is not worth it to revert it.
Unless someone wants to mess with me (specifically me) it will not be done. If I suspect someone wants to mess with me I only have to estimate how much he can spend messing with me.
Block reward kind of throws a wrench into the story. It drastically reduces the actual cost of mining a block. Still I can say with math that it isn't worth it after a while.
With proof of stake I cannot do such math. I'm subjected not to the will of the rich to mess with me. Not the will of the rich to waste money on me. And the cost of faking a chain does not grow with it's length, unless it's a proof-of-work-and-stake. In which case I'm really wondering why you're taking two risks.
Either way, this is not equivalent to introducing trust into the system where it did not exist before. My claim about proof-of-stake not being trust any more than proof-of-work is stands. I was proposing using coin days destroyed as part of the "difficulty" computation, which would mean they actually DO have value, since you cannot use the same coin days more than once, and they would reduce the number of CPU cycles you need to burn in order to produce a block. The idea is to reduce the cost of mining in terms of pure CPU cycles by giving value to something that currently has no value: coin days. So you actually CAN do such math still. This is not a pure proof-of-stake system, though. I am as skeptical of pure proof of stake as you are.
I'm more strongly in favor of using citizen's ID's as provided by governments for the purpose of voting on blocks than in proof of stake.
Not knowing you, this doesn't tell me much, since the same could be said of the most statist friend I actually tolerate, the one who thinks Bitcoin should die in a fire. I'm guessing that this means "not in favor of it at all." There are a couple of problems people are trying to solve with proof-of-stake. The first is that the value of mining will eventually go down, meaning people will be willing to devote less computing power to it, reducing the cost of an attack. The second is that, even if it didn't go down, we don't necessarily want a huge fraction of the world's computing power devoted to mining. The goal is to take some limited resource that doesn't depend on a trusted third party and that is difficult to corner and use that to distribute voting authority. In addition, we'd like the people doing the voting to have an economic incentive to vote correctly. Bitcoin does that by paying them to vote and revoking the payment if their block doesn't end up in the main chain. Proof-of-stake does it by hoping that the voters care about the integrity of the system, similar to only allowing landowners to vote, only (hopefully) without the ability to prevent others from becoming stakeholders, which I think is your main worry about it. Incidentally, the coin days are from ALL of the transactions in the block, not just your own. I'm not sure if I was clear about that before. You could maybe override a transaction that had fewer coin days, but you'd have to burn a similar amount (though less) of CPU time in addition. Speaking of which, is there any reason peers couldn't watch for forks and incorporate any still-valid transactions into new blocks and permanently blacklist any outputs that get double-spent? You could create a special "blacklist" transaction that just incorporates the two separate spends into the main chain, so that everyone could validate that the account holder attempted to double spend.
Either way, this is not equivalent to introducing trust into the system where it did not exist before. My claim about proof-of-stake not being trust any more than proof-of-work is stands.
I was proposing using coin days destroyed as part of the "difficulty" computation, which would mean they actually DO have value, since you cannot use the same coin days more than once, and they would reduce the number of CPU cycles you need to burn in order to produce a block. The idea is to reduce the cost of mining in terms of pure CPU cycles by giving value to something that currently has no value: coin days. So you actually CAN do such math still.
No. Rewriting the blockchain gives back those coin days. I imagine it's pretty hard to use many people's coin days for the same block, whereas a nonce to a block is very easy to communicate.
This is not a pure proof-of-stake system, though. I am as skeptical of pure proof of stake as you are.
Why? If it works it works and if it doesn't it doesn't. A mix between the two is an extremely political and complicating choice.
I'm more strongly in favor of using citizen's ID's as provided by governments for the purpose of voting on blocks than in proof of stake.
Not knowing you, this doesn't tell me much, since the same could be said of the most statist friend I actually tolerate, the one who thinks Bitcoin should die in a fire. I'm guessing that this means "not in favor of it at all."
I'm stuck with a democracy problem. Is Plutocracy better? Is Democracy better? Is any Obliarchy better? I tend to think that the people are incapable of making the best choice. Things turn into a trust/populism issue as the people thinks emotionally. Additionally it just often lacks the domain specific knowledge for a good choice. Thus a form of obliarchy should be better. The selection criteria is the real problem. Elections typically reintroduce the previous problems. A higher level of education is a start as it correlates with domain specific knowledge. It correlates too weakly for my taste. And it lacks testing for critical thinking and similar skills, although they also correlate. This also puts a pressure on determining the level of education that isn't in the best interest of academics. Simple intelligence testing would be preferable. But it is as of yet impossible to accurately determine intelligence. Wealthy is a selector that would work if it were not for a distorted political situation and different levels of economic engagement present even amongst the most capable human beings. Ultimately the obliarchs can be trusted to make choices best for them, and not the rest, in the ideal situation. Thus I feel it is not adequate. In the end however the social/political/economical power wins anyway. Might as well hardcode it. Even with all choices made up front a system will only thrive with the support of people. People can be convinced and coerced with political or economic power, or the social pressure of their peers. The standing arguments against POS are: * "Stake" is reverted/restored when the blockchain is rewritten * It's a political choice, not so much a functional one * Bitcoin days become a commodity of it's own (it is now too, as it speeds up transactions, but it becomes something worth buying not something that's nice to have. Can you imagine trading 1 btc for 1.2 btc and it being worth it? Sidetracking by exchanging private keys -_-'.... ) * One's investment might change in a single trade. This might also be true of mining, but it doesn't have to be. * Large scale mining is traceable. This is an interesting notion, actually. It'd seem that POS mining is more government-resistant as it does not require large energy expenses. I think if someone can solve the "investedness" in a certain blockchain it gets very interesting.
There are a couple of problems people are trying to solve with proof-of-stake. The first is that the value of mining will eventually go down, meaning people will be willing to devote less computing power to it, reducing the cost of an attack.
The relative cost of an attack. It is also assumed that the overal usage goes up. Mining not going down is a change I would make.
The second is that, even if it didn't go down, we don't necessarily want a huge fraction of the world's computing power devoted to mining.
The everlasting counter argument is that money now is costlier still. There's a simple trade between fraction of computing power devoted to mining and security. There's also stuff like http://www.gridcoin.us/ that, if properly implemented, could drive down computing costs for scientific application.
The goal is to take some limited resource that doesn't depend on a trusted third party and that is difficult to corner and use that to distribute voting authority.
I think this sort of clarity is valuable. There's a lot of stuff that needs additional support. If it has to be trusted it is usually not called a third party. The wealth of individuals is definitely something governments have* a lot* of influence on. Difficult to corner for who? Why and how do you want to distributed voting authority, that's the ultimate question. Ideally there wouldn't be such a thing as votes, just transactions.
In addition, we'd like the people doing the voting to have an economic incentive to vote correctly.
Correctly is undefined. If you give people economic incentive the most profitable choice would be the one taken. Making the voters take a choice best for the system, thus the most profitable, might also not have desirable results. Depending, of course, on the ultimate question.
Bitcoin does that by paying them to vote and revoking the payment if their block doesn't end up in the main chain.
You don't name the cost of voting. They are allowed to extend the blockchain and get compensated for it. If they were wrong about their extension, as defined by the mayority of extenders, their payment gets revoked. This is enough to ensure each will apply the same rule to maximize profit.
Proof-of-stake does it by hoping that the voters care about the integrity of the system, similar to only allowing landowners to vote, only (hopefully) without the ability to prevent others from becoming stakeholders, which I think is your main worry about it.
You incentivise becoming a greater stakeholder. I also think that people with a lot of money will have ulterior motives. They don't just sit on their money. There's also interplay between many currencies and their exchange. It all complicates the system tremendously. The chief concern for the blockchain is ensuring a singular sequence of transactions. Nothing else is vital. As a side effect the miners can change the policies, but this is not a pleasant feature. Voluntary entrance to a system is ideal. No need to run with BitcoinXKE, I prefer BitcoinXKA. Blockchain forking does enable that. But transactions could cross between chains where they are legitimate and it could get very messy. I'm worried about wanting a digital gold and getting a digital euro. Reducing the flexibility of votes is a good means to that end. In Bitcoin a policy change is agreed on before hand, a switchover date is arranged, etc, in order to not lose money. That's pretty good.
Incidentally, the coin days are from ALL of the transactions in the block, not just your own. I'm not sure if I was clear about that before.
You weren't and I'm not sure how this would work. If I sent in a transaction to the network, someone else can claim reward for it? Do I get rewarded for it? This sounds like I'd have to re-announce my presence on the network pretty frequently, allowing for easier tracking of participants.
You could maybe override a transaction that had fewer coin days, but you'd have to burn a similar amount (though less) of CPU time in addition.
ASIC time? But why override? I just change the order and that's enough. How does POS factor into POW in this case? I suspect reminting older blocks with more transactions would be feasible. But you have to link to or explain how you want to do POS.
Speaking of which, is there any reason peers couldn't watch for forks and incorporate any still-valid transactions into new blocks and permanently blacklist any outputs that get double-spent? You could create a special "blacklist" transaction that just incorporates the two separate spends into the main chain, so that everyone could validate that the account holder attempted to double spend.
There may be legitimate incidents of accidental double spending. You're also only fucking the recipient of the transaction, the sender has it's trade long behind him. It even means I could do a legitimate transaction and later destroy the money I sent. Close but no ball. Without psuedonyms this is more feasible. You could kill the sender's address, but that won't have much effect.
We need a solution to the Byzantine generals problem for generating a hash that reflects a globally agreed truth as to who owns what coins, in which influence is proportional primarily to value owned, provided one also provides adequate connectivity and computing power. If influence proportional to cpu power, problem.
participants (3)
-
James A. Donald
-
Lodewijk andré de la porte
-
Sean Lynch