What's fascinating about the proof-of-stake vs. proof-of-work debate is that there's sometimes (not always) a tinge of anti-government sort of sentiment.
The ultimate irony, though, is that even with proof-of-stake, the entire crypto-economy becomes owned by a bunch of pseudo-anonymous elites. The end result is the exact same as our current system. At least with our current system we can pretend to have a democracy and kick out people who are being too visibly corrupt.
i assert there is no scenario in which cryptocurrencies, or any economy, doesn't devolve into what we currently have. as long as people are involved it is impossible to not have a government, in one form or another.
the question is - do you want to be governed by a bunch of anonymous people or do you want to have some modicum of ability to hold them accountable?
Also, in our current system the people with actual power are not at all anonymous. I can name all the elected officials. There are some people with influence whom I don't know, but the power is ultimately in the hands of voters and elected representatives. One way you can tell: Many people will spend billions trying to influence those two groups.
> as long as people are involved it is impossible to not have a government, in one form or another.
That's essential: The power is conserved; the question is, who controls it. Every time someone talks about smaller government, they really are talking about shifting the power elsewhere - to whom? It's not necessarily bad, but shifting power from democratic government, however flawed, to a powerful elite, who are more flawed and have no accountability to everyone else, is not a good deal IMHO.
> The ultimate irony, though, is that even with proof-of-stake, the entire crypto-economy becomes owned by a bunch of pseudo-anonymous elites. The end result is the exact same as our current system.
This section seems to contradict the rest of the comment ?
> Also, in our current system the people with actual power are not at all anonymous. I can name all the elected officials. There are some people with influence whom I don't know, but the power is ultimately in the hands of voters and elected representatives. One way you can tell: Many people will spend billions trying to influence those two groups.
I think it is more accurate to say that we know some of the people who have power, but influence, money, and violence are also major vehicles for real power, and we mostly don't know who has and uses them throughout the world.
The evidence you gave, that some entities out there expend billions to influence the visible power-holders, only actually shows that spending money has a good ROI for the actors doing it. It does not show that all power is in the hands of democratically elected government officials, nor does it show that power cannot be expressed or utilized in other ways which may be far less visible and more difficult for common persons to direct.
I want to be clear that I'm a fan of government, and I think it has a lot of power and should! Also not a big fan of crypto for solving nearly any problems -- just a drive-by reader on this topic right now. But it does not help any normal people to be naive or optimistic about what power is, who has it, who uses it, or why.
> This section seems to contradict the rest of the comment ?
this is intentional. this is why I said pretend to be democracy. like you've pointed out, there's a contradiction, but it's resolved in accepting that we do have an accountable group of people, however they are also being manipulated, but we don't know who the manipulators are. hence, we're being (indirectly) controlled by pseudo-anonymous elites.
in theory there should be a stable equilibrium between the (corrupt) representatives and the population as they are identified.
at least with democracy we can punish the puppets.
It might have overtones, but this is the decentralized versus centralized control (peer-peer vs client/server) merry-go-round that we are all stuck on.
There are practical reasons why you don't want a central authority: because other central authorities can destroy it. But with no central authority what do you do when someone tries to make themselves... for lack of a better term, a central pain in the ass?
Peer systems fail when someone can make everything about themselves with far less effort than it takes for a simple majority to stop them. It's asymmetric warfare if I can be naughty for 5 hours and 100 people have to spend an equal amount of time to undo whatever I've done.
The central authority can often do this much cheaper, especially if there is a collaborative health system (eg, report user). But they also paint a target on themselves in the process.
I'd argue that pretty much every civilization has tried the peer-to-peer thing in the beginning. I won't get too much into the history of bartering, but to your point regarding a central pain in the ass, I think that's why the entire world has sort of settled on "proof of violence." ultimately, like you've said, the only way to defend your position when you're a large central authority is with violence.
indeed - bartering really isn't a sustainable thing, and like you mentioned debt ended up being heavily used to facilitate exchanges. said debt in many cases ended up being centrally facilitated. the rest of history.
> What's fascinating about the proof-of-stake vs. proof-of-work debate is that there's sometimes (not always) a tinge of anti-government sort of sentiment.
For me, the PoS vs PoW debate is a question of system resiliency. In PoS compared to PoW, you not only lack an in-band means of identifying the chain used by the most people (pick the wrong one and you're screwed), but also if sufficiently many staked tokens are knocked offline at once, the system loses quorum and freezes forever. PoW has neither of these weaknesses -- it provides an in-band way to rank forks by usage, and it provides an in-band way to recover from loss of hashpower.
Governments (i.e. the people) will naturally set limits on what blockchains can legally be used for, since they exist in the Real World and create Real Negative Externalities if abused. This may be an unpopular opinion in most cryptocurrency circles, but I actually welcome sensible cryptocurrency regulation.
> as long as people are involved it is impossible to not have a government
What always intrigued me about anarchism is that it doesn't seem that it had devoted much thought about preventing the re-formation of the state/government. Humanity used to live in small, tightly-knit communities, and if you studied (very) ancient history, you know how it ended: those communities banded together into bands, then into tribes, then those turned into proto-states, and... yeah.
You could argue that we're already in an anarchy. Its non-controversial to say that the international stage is an anarchy. All governments are just simply local entities working inside that global anarchy.
Hans Hermann Hoppe has written a book (popular in the ancap community) on the anarcho-capitalist ideals. The dilemma you present has been addressed by the scholars in the field. If you are genuinely intrigued by these questions you might find it interesting.
Anarchism is traditionally another word for communism. Anti-hierarchy. So but reading about seems the term is loaded and can mean many things: https://en.m.wikipedia.org/wiki/Anarchism
How this got downvoted is beyond me, if you see the link you will find how intertwined their histories are.
> Major schools of thought of anarchism sprouted up as anarchism grew as a social movement, particularly anarcho-collectivism, anarcho-communism, anarcho-syndicalism, and individualist anarchism. As the workers' movement grew, the divide between anarchists and Marxists grew as well. The two currents formally split at the fifth congress of the First International in 1872,
Well I think traditionally to indicate a period before the Cold War. While Stalin was leader of the USSR he was hardly a communist as Trotsky himself would hove told you, I believe his term for it was "degenerate worker's state"
> The end result is the exact same as our current system.
To say that is to ignore all the progress we've made!
In the current system, the elites can literally print free money. But in PoS, all they can do is try to double-spend or censor transactions.
This is far less power for the elites to possess.
Furthermore, there's now a clear path to getting into position as an "elite" — you just need money. You don't need political connections. You don't need to be born into the right family. It doesn't matter what color your skin is. It doesn't matter what nation you are a citizen of. It's now just about money. And what you can do with that money is very boring, and gives you a very small reward.
What!? With cryptocurrencies there’s literally no way to redistribute wealth. How’s that better than the current fiat system where at least we can burn the riches money by printing more and devaluating their portion?
Justin Sun planned to take over steem, what did the community do? Fork it, and remove his power.
What gives things legitimacy socially is our perception that things are legimiate. On blockchains, one could argue the majority can more easily take away abusive power.
I'm not sure how Proof of Stake is actually going to roll out in Ethereum or on other cyptocurrencies where it's already rolled out...
In theory, for the system to be controlled by the elite - I guess we first have to define the elite. Let's say that's the top 0.001% - or the richest ~70k people on the planet.
1) That's still A LOT of people.
2) There's no way they're all going to collude together.
3) They don't (yet) have >50% of the world's wealth.
The top 0.001% don't need to meet in a smokey room to collude. If they have similar enough motivations (remain wealthy) and operating framework (buying power) they can "collude" by simply acting the same way. Most drivers on the road all behave similarly even though they didn't all meet and coordinate ahead of time. They have similar goals and a framework to operate in.
It isn't them though - it is a far narrower group. All blockchains have a rich get richer problem - the earlier you are, the cheaper it is to amass an unassailable position.
Even in something more difficult to collude/setup like BTC, 4 pools could execute a 51% attack. As of Q2 2020, 65.08% of hash power was in China.
It doesn't take many people, especially because you need both money and a desire to be in Ethereum. As another example, 2241 individual wallets hold 42% of all BTC, while 35,604,096 wallets hold 1.24% of BTC - I would expect concentration to happen even more quickly in PoS.
So if all it takes is 4 miners to pull together - and that's never happened - but it would take 70k individuals with Proof of Stake - wouldn't that make it much less likely to happen???
That's only in a fully deployed system. 70k people won't participate in the first buy of PoS ETH - you'll have a far smaller number, likely less that BTC at scale.
Also, ETH has already forked over a doctrinal issue - I don't doubt it could happen again, but the PoS leaders will just directly double down.
This isn't a PoS/PoW argument - more that most public blockchains are inherently winner take all systems.
It's not quite the same: in cryptocurrency even stakers/miners cannot break or manipulate the consensus rules themselves. They only really have power in a small number of decisions (most significant is the power to censor transactions in a 51% attack). This is not the same as existing financial institutions where the powers that be have in principle much more power. In practice the main power associated with the community is in those voices which are most heard: this correlates with wealth but not necessarily strongly. These are the ones who have most power over what consensus rules are used (much like in democracy).
Crypto is take it or leave it. You are free to choose if you wish to use any given cryptocurrency. Government, not so much. Those who refuse to participate in compulsory government programs are typically compelled by violence.
If scarcity is eliminated (with technology like the replicator), we won’t need cryptocurrency or any currency at all.
I always wondered how much is The Federation actually involved in people’s lives. With no businesses to regulate, it really seems like their government is almost entirely consumed with Starfleet affairs (i.e., diplomacy with other non-federation peoples).
We will never achieve utopia by elimination of scarcity.
The most valuable commodity in the world is power: the ability to get others to do what you want. Even if all you want them to do is leave you alone, it still requires you to have power to prevent them from coercing you.
Power is always relative. Being a millionaire does not give you unbridled liberty if everyone around you is a billionaire.
Thus there is a natural incentive to never have enough. It's always useful to have more if for no other reason than to prevent bad people who would harm you from having it instead. This means there is a natural incentive to create scarcity for others.
Good culture and institutions can mitigate this but there is no natural stable equilibrium where we can all automatically live in peace without effort.
Maybe the only way everyone can have all the power they want (or at least the perception of having it) is to build the Matrix, put the power-hungry people in it, and make it so they only ever interact with AIs.
Star Trek spent a lot of time dealing with scarcity problems for a show about people who don't get paid a salary.
Waste is a problem that has its own friction built into it. As long as waste costs you something, you have some greater incentive to end it. Until we have some better way to prevent waste, the opposite of scarcity is excess, not satiation.
There are not an infinite number of things, and there are not an infinite number of places to externalize the consequences without feeling them.
On a ship in the literal middle of nowhere, scarcity is still breathing down your neck at every turn, and there is a strong group incentive to controlling waste, otherwise everybody dies. I'm not sure the STNG utopia plays out the same way on inhabited worlds.
Is it possible to completely eliminate scarcity though? Sure it is for everyday things but there will always be scarcity.
Even if we can replicate entire planets, someone will want to own the original earth. Also no matter how good our simulations get, there will likely still be demand for the world's oldest profession (along with attempts to regulate it).
The Federation as depicted only looks like a utopia if you are easily pacified and lack ambition. Those with goals are lured into academia or Starfleet. However, they still won't give you big replicators. And genetic engineering, well ... if you stop and think about it, they have a secret group of genetic engineers designed to make cross-species hybrids happen, without getting too close to the prohibitions left behind by the Eugenics Wars.
Want land of your own? Umm ... What about starting off on your own planet? Ask the Maquis how well that worked out.
And of course you don't get to wirehead it. They'll pry you out of the holodeck whether you like it or not, even if you do your best work there.
Goodness knows what kind of social engineering goes into keeping everyone so tractable.
I think I see the anti-government sentiment not merely as a tinge, but as the foundation and cornerstone on which the entirety of cryptocurrency rests. Every watt of inefficiency comes entirely from an obsessive desire to avoid having any trusted authority. Efficiency can never be present in such an environment.
Governments rely on physical violence to exert their power. Crypto "elites" don't.
I see no problem with someone hoarding a lot of money/crypto through non-violent means. I see problem with someone using physical violence or coercion to oppress people.
It’s probably more useful to use “coercion” rather than limiting it to violence.
The threat of losing something one finds important is incredibly serious whether it’s through slow motion coercion or fast paced physical violence. You’re being threatened either way.
Concentrated power absolutely exerts coercion in more ways than just through governments.
The cryptocurrency world is also implicitly accepting the Austrian economics definition of money as a commodity that's useful as a means of exchange and becomes currency naturally without coercion or government intervention. It's useful to point out that this is not a mainstream economics view of money, at all. The Austrian view is easy to grasp intuitively but it leads to some bizarre conclusions and adverse events in the long run. There's a reason we don't use the gold standard.
Bitcoin looks like a great proposition if you automatically accept the Austrian / libertarian view of money, but its value seems contingent on holding that view, and it seems that Bitcoin proponents are not adequately interrogating their own assumptions about money and economics that underpin their bullish views. Fish that don't see water, so to speak.
> There's a reason we don't use the gold standard.
Some things take a long time to fail, but will undoubtedly fail. There are numerous examples of failed fiat currencies in modern times and ancient times. Just because dollars, euros and yen survive now, doesn't mean it will survive forever.
The core reason for this is simple: humans are bad at decision making in groups. Economic policy becomes sensitive to election cycles, populism, partisan agendas, etc. Every economic recession becomes a dire problem to be solved with state intervention. Every economic expansion becomes evidence of good policy decisions that emboldens some economic theory, convincing people that good times can continue indefinitely with the right policies.
The rules for that govern economic systems SHOULD be concrete, they should not be subject to human opinion so frequently. But we find ourselves pushing the edges of what amount of debt is acceptable, or how inflation is even measured.
The rules for money should be transparent, mathematical, algorithmic.
Economic systems failing in the past is not evidence that the current paradigm will fail and it’s certainly not evidence that it will fail because it’s fiat. Economic systems in the past have failed for countless reasons that had absolutely nothing to do with the dominant paradigm of the economic setup.
> The rules for that govern economic systems SHOULD be concrete… The rules for money should be transparent, mathematical, algorithmic.
Why?
I’m not being pedantic when I ask this, Why?
If there’s one thing we all should have figured out by now, it’s that humans, society, stuff, and the almost unlimited amount of chaotic ways these interact with each other, we should have learned by now that we have to be fluid, we have to be agile, we have to be ready to adjust. Why should the rules be rigid and unable to adjust for the almost infinite ways wrenches can be thrown in to the gears?
Are there still a large number of people who don’t yet understand the complexity of human nature and everything we touch?
Look, I live, work, and play in a technological wonderland. Along with the people in this community, I’m about the furthest away from a luddite that one can find, but we’d be foolish if we failed to recognize how early in the iterations we are from letting math be the sole decider of infinitely complex societal interactions. If we don’t recognize this yet, we’ve somehow let hype get in the way of an accurate analysis.
> Economic systems failing in the past is not evidence that the current paradigm will fail and it’s certainly not evidence that it will fail because it’s fiat.
If the reason for failure is hyperinflation, then it is a pretty concrete pattern relating to a debt crisis.
> Why?
Because state monopoly over money is not a free nor fair, and leads to an eventual weakening of money.
Yes, governments and elites often make terrible mistakes about monetary and fiscal policy. But it's also important to recognize that the rules of a monetary system controlled by an algorithm are not derived from incontrovertible laws of space-time, they are created by an organization of people. Those rules will have implicit assumptions about society and power that may not hold true in 10, 50, or 100 years. It may also be unable to respond to changing real-world conditions. For example, if we find that aliens are about to blow up the earth, some flexibility in the money supply may be beneficial to redirect capital to planetary defense. "The elites may make bad decisions in the future" is not a convincing argument to me, because they also may make good decisions in the future. I think it's important for society (and money) to be agile in the face of tough decisions.
- Open source money is flexible, you just have to convince enough people to be willing participants rather than coerce them. Competition ends up making everything better for everyone.
- If the state needs to borrow or raise money, it can still do so. It will make an offer to the capital market. These were previously called "war bonds".
> Some things take a long time to fail, but will undoubtedly fail. There are numerous examples of failed fiat currencies in modern times and ancient times. Just because dollars, euros and yen survive now, doesn't mean it will survive forever.
I take it that goes for gold too, then?
> The rules for money should be transparent, mathematical, algorithmic.
1) Sez who?
2) But OK, if we stipulate that: How are ordinary fiat currencies any less so than blockchain just-as-fiat ones?
i think you 're forgetting the part where people can just use a different currency, i.e. vote with their feet. Usage is not enforced with guns in the crypto world (hopefully; PoS creates that possibility though). It doesn't solve the problem of fracturing by elites, but it's actually more "individualist" in choice than democracy is.
Well the reality is the blockchain is programmed by people, right? So any network established to act as the new government is still at the will of the people who write it.
What I could imagine is an open source "constitution" of sorts enforced by the blockchain in some capacity, at least on the economic level. A socialist society therefore could implement something like a strong UBI or equalization of people's net worths just via the blockchain itself and you rid yourself of the "elites" - but this still requires that everyone in the physical side agrees to such a system.
There won't be a way to rid yourself of the physical government.
This is HN so I won't go /s but I'm pretty sure half the crypto world thinks that what you described will be solved by adding another layer or tokenized protocol. xkcd127 in spirit
There seems to be a cult of proof of stake haters with basically no deep knowledge of the consensus mechanism who bash it with increasingly inane arguments. This is one of the worst I've seen. Basically:
1. Create bad metaphor
2. Relate it to your target
3. Claim the target of your criticism has no additional nuances than your bad metaphor.
Perpetual motion machines, for example, have absolutely nothing to do with cryptocurrencies or proof of stake. Perpetual motion machines are impossible because of conservation of energy. There is no equivalent physical law that prevents proof of stake from being secure.
What the author of this poorly conceived rant doesn't seem to understand is the concept of bootstrapping and incremental validation. Computers for example bootstrap every time they.. well.. boot, which is why they call it that. The program basically asks "what program should the computer run" and the program then tells it. No one would take a perpetual motion machine argument seriously if used to argue that computers can't work because they're self referential.
But maybe the article is satire and I just missed the joke?
> There seems to be a cult of proof of stake haters with basically no deep knowledge of the consensus mechanism who bash it with increasingly inane arguments.
It’s not hard to see why: it’s an existential treat to Bitcoin that’s becoming more plausible every day. If PoS is proven to work at scale (e.g. with Eth2), it’s over, the energy usage of PoW will be unjustifiable. Disclaimer: I own a bit of BTC and ETH (50/50).
This seems inevitable, at this point. Barring a major transition failure, the fact that the Bitcoin devs and community seem to have no intention to even consider PoS (or anything else besides PoW) will likely ramp up narratives about Bitcoin's electricity usage and how Ethereum is a green, sustainable alternative, potentially causing the prices to get closer and generating a lot of very angry flamewars between both communities. These all already exist, but I think the dial's going to turn to 11.
Computers bootstrap every time they boot, but few do it securely every time. The more complexity, in that incremental validation, the more likelihood there's a flaw.
Take iphone for example, it's bootstrapped by keys within the tamper-proof hardware tpm, then all software is incrementally validated from there. Yet jailbreaks still frequently appear.
There's a difference between saying "its impossible to do it securely" and "few currently do it securely". Also, I'm not trying to make the same mistake as the OP and claim that bootstrapping computers is at all relevant to analyzing whether PoS is secure. I'm just pointing out the absurdity of the OP's argument by showing that his metaphor trivially breaks down: reductio ad absurdum.
The perpetual motion machines are indeed a bad metaphor.
But the question which fork will prevail a valid one. If you had stake in ETH and ETC, why would abandon one over the other? How many forks till trust evaporates?
Hmm, I'm not sure there is a limit. I mean, if each fork gathers a significant fraction of support for a long period of time, it would reduce the effectiveness of every related chain. But that's unlikely I think. There tends to be one (or maybe two) chains that get the vast majority of support. So I'm not sure forks like that are that much of a concern. What's more of a concern would be if the majority follow a chain that has unfixable design issues.
This is not even an argument, there's no substance at all, just "I don't know how this works, I won't bother to learn and I don't trust it". Even a 1 minute skim of Ethereum's docs on proof of stake[1] would prove him wrong. Proof of stake means the you have to hold ETH to validate transactions, meaning defrauding the network and causing a fork would destroy the value of your own stake.
I think that the argument is that people who hold enough ETH could fraudulently give themselves more ETH and then take over all the ETH.
Which, yeah, I can believe that a 51% attack could destroy a proof-of-stake system even more spectacularly than it could a proof-of-work system. But I'm not sure why I should care? Spectacularly destroyed, astoundingly destroyed, stupendously destroyed. . . regardless of the adverb, it's still been destroyed.
You hold ETH because the blockchain says you do. A hard fork of the chain could say that you do not. There is no external way to distinguish between these two chains; they are equally valid to the people who follow them.
You think this is impossible? Ethereum has already had one contentious hard fork in its incredibly brief life. What stops it from happening again?
I don't believe the author is talking about something like double-spending. They're describing a situation where major holders want to change something about the protocol, especially a change that is to their advantage.
The attackers percentage of stake would obviously not change but all tokens on that entire chain would be worth nothing once the public realized it had been hacked. They would hold 51%, or even 100% of a $0 token.
All the verifiers who took part in the fraud and all the accounts linked to them would be traced and not given any stake in the new fork.
The author makes a hand-wavey argument criticizing a claimed hand-wavey ("complexity") justification for PoS. I don't think there is any way of deriving valuable info from this beyond just a personal opinion and some interesting illustrations.
yeah, there's a lot more to it than just "the blockchain says you have influence over it", sure it's a self-referential system, but so is just standard PoW so it's not really a good argument in my opinion.
The author is right about one thing, though: Conflicts of consensus will absolutely test blockchains of any type or flavor, and doubly so when Dear Leader is gone. Ethereum does have the most prominent leader of any chain I can really think of, and that changes how the community and the chain at large reacts to external stimuli.
PoW is not self-referential. If someone shows you three blockchains, say pow1, pow2, pow3 you can roughly calculate the amount of real-world resources that were required to create each chain based on the hash difficulty. That work/effort cannot be faked. If the difficulty is high enough, you can be certain that this chain was not just generated in someone's basement last night.
With PoS, if someone shows you pos1, pos2, pos3, you have no idea which to trust without external information/trust. They all could have been generated the night before in someone's basement.
If it was discovered tomorrow that there was a massive secret bitcoin mine in a cave in Siberia that produced a chain 2x as long as the main chain and we didn’t know about it, and this miner also gave themselves all the coins, the community would choose to ignore that and use the shorter one we have built consensus around.
Note that this weakness was discovered early on. Bitcoin actually uses a sum of difficulty, not longest chain. You can't just mine more 1 difficulty blocks. But your point stands, if the US Government is mining bitcoin it is plausible that they could invalidate the entire chain.
Whats a community? How can it ignore the longest technically valid chain if people come and go, centalized "reference" websites change hands? The Bitcoin is the longest chain, most work burned, it's the definition and trivially verifiable by anyone now or 1000 years from now (if it retains the majority of humanity hashrate)
This doesn't mean that bitcoin is self-referential. It means the consensus model encompasses more information than purely the length of the chain. But that should be obviously true; there have been countless hard forks like BCH and yet we still follow the chain we all call BTC.
The problem with hard forks in the PoS world is that you cannot judge the health of each chain by some external factor.
Imagine that for a chain to be acceptable, it must chain back to a known genesis block, and that that genesis block distributed stakes to 100+ people of whom you trust at least half.
That's more equivalent to the PoS system Ethereum is using, and has much stronger guarantees.
Getting agreement on a genesis block is a theoretically difficult problem... But practically it's as hard as agreeing if it was George Washington who was the first president of the USA or Bill Gates.
Well it's not and been solved for the first time by Satoshi Nakamoto. You pick the first block of the most worked chain. Any other thing is no better than WebMoney.
The author addresses this and
I think is right about it. It doesn’t at all really matter about what happens in step 2 and what weird complex rules you put in place because fundamentally votes on the network are now coin instead of compute power. It’s the same with PoW chains. How you turn “I have some compute” into votes doesn’t change that the fact that compute
is the thing that produces votes.
That's a good point but it seems like fiat currency has similar snake-eats-tail flaws (he who has the gold makes the rules), but somehow the global economy hasn't completely collapsed, yet.
Proof of gun happens to be the ultimate answer in real life, though.
I’m bullish on blockchain and cryptocurrency in general, but eventually it’s going to have to be backed up with guns. In that respect every currency is a fiat currency.
The rationale is obvious. Ultimately, the ability to exercise physical force decides every dispute. Before you can even have such a thing as currency to exchange for goods and services, you need to have enough rule of law to prevent people with guns from just taking whatever goods and services they want without your consent. So how do you maintain rule of law? Government—which is defined as a monopoly on the legitimate use of force.
Right now, legal tender laws rely on proof of gun. If you owe me a debt and I try to collect on that debt by showing up at your house with a gun to take your gold or bitcoins or whatever, that’s not going to work. More men with more guns will show up and throw me in a cage. So instead of using my gun, I ask the government to use their guns. I sue you, and if I win, the court decides you should pay me, and through a complicated process they end up helping me to your money that you owe me. But the government has a condition: all debts can be paid in USD. I can’t take your gold or bitcoins, unless I have more guns than the government, which kind of makes me the government in the long run.
My only point is that if enough men with guns want to shut down cryptocurrency, they can. If enough men with guns want to do anything, they can. The only thing that can stop them is even more men with even more guns.
Individual fiat currencies have collapsed in eg Venezuela, Zimbabwe, and Weimar Germany. However, their currencies were not the reserve currencies of global trade. Historically, the international reserve currency was gold, but now it’s just other fiat currencies. So we have to trust that the ECB and FED won’t repeat the mistakes of other fiat currencies.
The FED seems like a trustworthy bunch who know what they’re doing. But then again, so did the CDC two years ago. So, hmm.
I picked up the habit of capitalizing FED from my Econ 102 professor.
Fuck you for assuming I’m an “alt-right nutjob” because I’m disappointed in the CDC’s handling of the pandemic. The CDC had a reputation as a world-class institution before they made several well-publicized mistakes (e.g. https://www.npr.org/2021/05/21/999194177/early-cdc-coronavir... I personally had a much higher opinion of them two years ago than I do now. How am I an “alt-right nutjob” for remembering high profile mistakes like that?
So there’s a few attestations for the all-caps FED listed here, including some from such sources as the IMF: https://en.m.wiktionary.org/wiki/FED
I guess you’re going to say the IMF are also idiots, and it’s the IMF’s fault that I “look like an alt-right nutjob”? In any case, it’s a hard question to research, especially since queries like “Fed capitalization” are ambiguous.
In any case, I’m not really inclined to take seriously the opinions of internet trolls whose only contribution is to call me an “alt-right nutjob” for criticizing the CDC and capitalizing FED. Your bizarre paranoia is not my responsibility and I’m frankly still not convinced that it’s actually wrong to capitalize FED. In my experience, people who issue bizarre and unsubstantiated insults to complete strangers over the internet are usually neither intelligent nor well-informed, and so you’ll understand if I don’t take your advice, or you, seriously.
I disagree: If you summarize the difficulty of all Bitcoin blocks from the chain's tip and you're trying to "rebase" the chain at point x, you'd have to calculate at least the amount of hashes between x and the current tip to display a convincing fork with a similar cummulative difficulty.
In proof of stake, since there's no "work" that's connecting the blocks, but just a sortition of who gets to submit a block, this ever growing hash tree doesn't gain more difficulty over time to rebase.
That's what Bitcoin Maximalists always cry about and are never able to express in words.
Except only one of them requires ongoing capital investment which means you can't hold on to the return on your capital because you got it with practically no effort.
In both cases, user A has to invest some amount of money.
In PoS, user A stakes money to make more money but gets penalized for breaking trust. Overall, user A makes say 10 coins over a 1000 staked coins ending up with 1010 coins.
In PoW, user A loses some money to make more money. User spends 3 coins to make 13 coins, so user ends up with 1010 coins
I think the more interesting part is investment into a bad behavior. And that's what most PoS are trying to solve, ex. with slashing, etc.
With PoW regardless outcome you have to spend money on "work", to buy IRL electricity. And even if you fail with your attack, say 51%-attack, it still costs you some significant amount. With a _naive_ PoS you revert your attack costs on chain, i.e. you can do as many attacks as you want, you can do them even in parallel and it's going to cost you few bucks maybe of computer time.
Obviously the people who have the most to lose are most motivated to maintain the currencies stability/trustworthiness no? Isn't that the idea? If the people with the most start screwing around, everybody will stop using the currency and they will be left with nothing.
"If the people with the most money start screwing around with other people's money, then everybody will just abandon using money altogether, societal structure will collapse, and they will be left with nothing".
This isn't right, any amount of complexity in step 2 is immaterial to the author's argument since the circularity comes from steps 1 and 3.
The author makes a good point that trust must be rooted in something other than the list of people who have coin. Most PoS chains gloss over this part, but do use some kind of real-world root like twitter accounts or burned coins to sign the first block.
I fail to see why step 2 is circular in PoS but not PoW. I don't mean to say that my lack of understanding is anyone else's problem, but at the very least I can point out that the author is guilty of circular reasoning by failing to go into detail as to why
"Boiled down to its bare essence, a cryptocurrency is a list of transactions, and a protocol for deciding which transactions are allowed to be added to that list."
is ontologically distinct from their representation of PoS
The amount of complexity in step 2 is immaterial to the author's argument for both PoS and PoW.
The difference is in step 3. In PoS, the people with coin decide which transactions are valid. In PoW, the people with the most hash power (those that have demonstrated their commitment by burning real-world/physical resources) decide which transactions are valid.
Thank you for the clarification. Revisiting this quote:
"Boiled down to its bare essence, a cryptocurrency is a list of transactions, and a protocol for deciding which transactions are allowed to be added to that list."
How is the PoS model not "a list of transactions, and a protocol for deciding which transactions are allowed to be added to that list?"
I understand that the protocol itself is the source of controversy, but I don't understand why the author views PoS as circular but not PoW.
> How is the PoS model not "a list of transactions, and a protocol for deciding which transactions are allowed to be added to that list?"
It is. You seem to be the only one who thought the author said it isn't. He never did. He just said it's not a good one, because it's based on circular logic.
> I understand that the protocol itself is the source of controversy, but I don't understand why the author views PoS as circular but not PoW.
Because of the last step, "Who gets to decide which transactions are / which chain is valid?". In PoS that is "he who has the most coin". This will obviously lead to situations where Coiner A claims that Chain A -- where Coiner A has the most coin -- is the valid and correct one, while Coiner B claims that Chain B -- where Coiner B has the most coin -- is the valid and correct one, and Coiner C in turn claims that Chain C -- guess who has the most coin on that one? -- is... And so on and on.
Within the logic of each claim, that claim is of course the only possible and obviously correct one... But to you and me, if we are neither Coiner A, B, or C -- how do we choose which claim to accept? They all boil down to, in effect, "I'm right and I can prove it -- look, here's my proof, which is that I say I'm right." ("I have a chain which shows me having the most coin", which is the same thing.) That's the circular reasoning.
With PoW, in contrast, that proof is based on "I did more 'work' than anyone else", which is mathematically provable and (at least not as directly) self-referential in terms of "I have the most money because I say I have the most money, which proves that I have the most money."
(PoW is of course just about equally idiotic, only in another way: Proof that you have wasted precious resources and contributed to destroying the environment shows, not that you've created any value, but that you've destroyed it.)
He never said they're distinct; PoS is a subtype of cryptocurrency, so it's included in that definition also. The definition goes for both PoW and PoS; the only difference between them is the details of how they determine the last step, who gets to decide which transactions are valid.
Nobody has been able to explain this to me WRT cryptocurrencies and their "digital scarcity" quality: If people are free to create new chains out of thin air and build networks around it, how is anything digital "scarce"? Like, bitcoin set out to be deflationary, a "limited" amount of bitcoins till the end of eternity. ...except for the fact that I can create a new blockchain independent of bitcoin and it is the SAME thing, breaking the inflation proof quality of it. The new chain has a new "name", a new "brand" but that is just a conceptual difference, not a practical one.
All the cryptocurrencies created after bitcoin creates "inflation" for bitcoin. If bitcoin was the only possible cryptocurrency but the hype around cryptocurrencies was the same, a bitcoin would cost substantially more today. If people are not happy with the "xcoin" billionaires at some time in the future, they can create just another currency to inflate the cryptocoin space (I'm saying "in the future" but that is what is happening since the beginning of this story). In that sense, they all are practically infinitely issuable. Different chains are just technically different, not practically. All are different forks of the same "cryptocurrency-token" of humankind, with no protection against additional and additional forks (new cryptocurrencies).
So while this enormous efforts about the fork protections on a single chain is a fantastic academic and intellectual exercise... in the end one can create a new "cryptocurrency", a new network to create more "money" - that is the ultimate fork that can't be prevented by any on-chain methods.
Have you ever seen or heard of anyone pay $1M or $100K for a .com address? Why do they do that when there's like 256 TLDs?
Why does anyone pay $20M to live in a box in Manhattan when they could buy a huge ranch in Montana and live like a king?
Some blockchains are more valuable than others. And their blockspace is limited, just like Manhattan real estate.
The reasons for this are numerous, but a big part of it comes down to security and liquidity. If you are going to create a digital agreement, you want a blockchain with a high degree of security and predictability. You also want composability with other applications so you can have access to an ecosystem and other financial services.
the space of .com addresses are physically limited. the space in manhattan is physically limited.
creation of a new cryptocurrency does not have such limits. like everything else digital. it is the same difference between physical goods, and software. software costs zero to copy. physical goods are physically limited.
so, with the topic of this post's link - even if someone somewhere perfects the security scheme of a blockchain, in the end it all is futile - because it can be copied. If there is enormous pressure by some powerful entities to an on-chain fork, but it is not feasible because of all the built-in security of the blockchain system and protocol, they can still have enough influence to create a new coin, undermining the "limited" property of the first coin. It is a new brand of coin, operated, mined, minted by mostly different people. The coin has the same features, same security - but liquidity is directly stolen from other coins because we have finite amount of people. Through exchanges, you can exchange them. In the end, when you remove the "get rich quick" scheme, they are all the same, and can be issued infinitely, albeit on different "names". Don't get too hung up on names.
You can't tell me "the network is too valuable, it is impossible create additional coins" either because that is what has been happening from the beginning. All those coins, with slightly different features - in the end perhaps one will have it all, but what is the ultimate purpose? Given enough pressure, it can be copied, new "money" can still come into circulation to be used by people that accept it. It is not impossible, it is happening, has always happened since bitcoin. Each dogecoin minted today, affects the value of bitcoin tomorrow.
I responded to this above but again just for you: land is ALREADY physically limited. the whole /point/ of cryptocurrencies was to provide the same type of scarcity artificially for the digital realm. my point is, the fact that you can create additional coins and split the liquidity between the two means that the task has failed. my further claim is that the even the attempt is futile. academically interesting, practically (for this given purpose) futile.
...because the existing and established ones have something unique to offer and to copy that would be an enormous (and slow) undertaking (but it is being done, civilization has always been spreading to free areas, it is just slow) - but once you crack open an hassle free secure consensus system (software, not bound by limited physical reality) the old one does not have anything unique to offer for the group of people who are unhappy about who holds the power.
If there was an exact replica of Manhattan (or if it was trivial to create it) - and I mean really exact with all the affordances it provides - think of an empty copy of the world, Manhattan is in the same place, but mostly empty (just established), that you can switch to with a keypress (and could switch back and forth) - what would happen?
>...because the existing and established ones have something unique to offer and to copy that would be an enormous (and slow) undertaking
Exactly. That's also the case for cryptocurrencies. You can instantly fork a cryptocurrency or a blockchain, but you're essentially copying a blueprint. You can copy Manhattan's city layout as a blueprint or other written/drawn representation, but you still need actual builders and resources to copy the physical structures, just like you need miners, mining rigs, and users to build an alternative to Bitcoin that has any value.
Assuming the same PoW algorithm, you'd need your alternative to exist for as many years as Bitcoin does to achieve the same blockchain length, for example, with a lot of distributed miners to achieve similar security guarantees.
You can create a Hacker News clone pretty quickly. (For the sake of argument, let's say you could do it in a day by forking an open source repo.) It doesn't mean your clone instantly devalues Hacker News.
Maybe if you grow your clone's community over years and it generates a lot of interesting discussions, people will use both, and maybe if eventually the discussions become more frequent and have higher signal:noise than HN's, HN activity may gradually decline as people decide to use your site more than HN. But this is about community and network effects, which you can't copy overnight. You have to build them over time.
You forget that the value of crypto is not the technology, but the social network behind it. You can of course fork anything, but that doesn't mean because you have the same tech, you have the same value.
Proponents of cryptocurrency will claim that the network effects of a given currency add to the perceived value. There are also differences in implementations between the cryptocurrencies where each has differing properties.
Critics claim that cryptocurrencies are valued under the greater fool paradigm. A speculator buys a cryptocurrency with the intention of selling it on to the 'greater fool'.
There are regulatory barriers erected around traditional payment processing to consider. As not all cryptocurrency transactions are subject to these regulations, they offer a discount. Cryptocurrencies offer a medium for those unable to transact by other means.
Not a big crypto person, but my understanding is that a part of the "digital scarcity" problem is addressed by the consensus mechanism. You can go create a fork, but (without sufficient processing power) that fork won't be able to be the longest chain, and the consensus mechanism is that the longest chain is the _real_ chain.
Two point: the consensus is that the 'most difficult' (not longest) chain which follows the agreed consensus rules is the 'real chain'. This is not necessarily the one with the most computing power associated with it, especially in the case of a fork, where two different sets of consensus rules diverge. The main issue with being the smaller side of the fork is that if you are still using the same proof of work mechanism then you are vulnerable to 51% attacks from the larger fork, which tends to lower prices and so discourage mining which makes the situation worse (and this has happened to multiple bitcoin forks, including 51% attacks). This may in principle be less of a concern with PoS, because the 'mining resource' also splits with the fork and stakers can continue to stake both sides, reducing the strength of the positive feedback loop (though not completely, since the less popular and lower priced coin is more vulnerable to someone trying to buy enough of it to execute a 51% stake attack).
Yes, my point is, that applies for a single coin. The conceptual shift I'm talking about here is that (my definition of fork here is) /another/ coin. Another coin (like ethereum, doge, whatever) is just another "fork" of "cryptocoin-coin". People in need of cryptocoins, if only one existed, would acquire, buy, mine that one. But now that they have multiple options, it is split between all, to varying degrees. As long as they are interchangeable, they are the same thing pretty much. In a fully cryptocoin future world, when a dogecoin is minted, it affects the value of bitcoin. So any x-coin does not live in a vacuum, and can only be scarce in its own network.
I'm not sure I follow. If a dogecoin is minted, so what? I don't know why bitcoin or other crypto in particular would care so much more than anything else in the world. They work differently, record different information, and are about as interchangeable as any two different physical things.
I'm not sure why it would matter that a coin is only scarce in it's own network. That's the only context it can ever exist in. You can't yank a dogecoin out of the doge network and stuff it into the bitcoin network.
"I want to buy <<whatever>> and pay with ZCoin, not XCoin." Either the seller accepts ZCoin, or they lose a sale. So sellers need to accept multiple coins; buyers can acquire and pay with different coins.
Different coins compete with each other.
(Or rather, they would -- if they were actual currencies and not just elaborate technological Ponzi schemes.)
If the problem of secure, non-wasteful, convenient, easy to use, programmable and distributed ledger problem is solved once ... how will coin X be different from coin Y? Especially if you can exchange X for Y and Y for X... They will all increase the usable "coin" supply without any singular chain having the means to do anything about it. From there, the scarcity argument goes out the window and becomes an academic exercise (...if we had an isolated single blockchain, this would apply type arguments).
The language metaphor is interesting, but IMO it proves the point.
Learning a new language takes time, a lot of time.
We speak mostly Spanish, Chinese and Hindi because the majority was born with them and spent years learning them to communicate with other people who already speak them.
English spoken by non English native speakers is what many people learned to communicate with people speaking other languages than their native tongue.
But most of them never reached (or will reach) native speakers' fluency.
So in a way it can be seen as an inferior product with many flaws (like my English for example).
If switching languages was as easy as copying software, we would probably speak infinite languages.
But in reality the amount of languages one can learn during a life time is very much finite (and the incentive and opportunity are very limited in general)
So, yes, bitcoin is the most powerful brand right now but there is nothing inherently peculiar about it, if another digital coin offers the same features people will use it, regardless of the brand.
Learning German if you are Japanese, live in Japan and communicate with Japanese people, on the other hand, it's a big investment with no real obvious gain beyond intellectual fulfilment.
anyway, there are ~7,000 living languages used around the World right now, there's no reason to believe that at least the same number of digital coins won't be in use once digital coins will become an everyday tool.
If I were part of the clique that were unhappy with how bitcoin operated and who holds wealth and power in the world without the means of attacking bitcoin itself because of its built-in security features, yes, I'd start supporting it along with my comrades. This is not a theoretical thing either, happened thousands of times and it keeps happening as we are in the Cambrian period of this concept so lots of new things are being tried under different "brands". In the end, if the problem is solvable, a simple to use, not wasteful, programmable etc. secure distributed ledger will emerge. Then what? A group can't take over the existing one but if the needs emerge, they can create a brand new one and influence people (off silicon) to use it. Again, that is what has been happening since the beginning. Take the ponzi / get rich quick / I have no other hope mentality away and it will all be the same in the end - if they are used functionally that is.
You can't inflate a coin by creating another coin. The markets for each coin aren't going to be identical, as each coin attracts a different set of buyers.
In other words, there might be people who would buy ETH, but never BTC and the other way around.
...and there are others that would buy BTC if it was the only option but would be happy with ETH given that it exists. With those people buying / minting X instead of Y (but would use Y if X didn't exist), the amount of digital coins increased out of thin air just like that! Without any control mechanism from the bitcoin protocol (an unsolved / unsolvable(?) problem).
So the fact that the people like you say exists does not prevent the existence of the people that I am talking about.
And if the secure, easy to use, non-wasteful, programmable and distributed ledger problem is solved once then ALL coins after that become the same. In that environment "people who would buy ETH, but never BTC" will not make any sense.
You're effectively saying that once someone decides to grow potatoes, apples are no longer scarce, because people might instead grow potatoes and trade them for apples. The secure, easy to use, non-wasteful, distributed calorie problem can only be solved _once_, so ALL potatoes are apples.
This just seems like handwringing at the circularity of using stake (i.e. past transactions) to decide what blocks get validated (i.e. future transactions.) But it's wrong:
First, attackers would need to collude to control 51% of the staked coin on the network to double-spend. There's no disincentive to stake (you won't lose coin if you're acting honestly), so stakes should approach the market cap of ETH itself.
Second, even with a 51% attack you can't keep giving yourself money to solidify your stranglehold on the network. All you can do is double-spend, which doesn't help you raise your stake. And when your attack eventually fails, you're punished by losing your entire stake - wiping out 51% of ethereum.
Finally, the "healing" the author alluded to of ETH would still happen. If an attack were carried out, and somehow managed to persist, honest miners would fork ethereum and blacklist all the coins that went into the malicious stake, rendering it impossible to mount again.
Just because security is circular in a sense doesn't mean it's insecure.
Bitfury company did a research on PoW vs PoS [1] and their conclusion was "Pure proof of stake approaches pose substantial security threats that cannot be recreated in proof of work systems (including Bitcoin). These problems are inherent to proof of stake algorithms, as proof of stake consensus is not anchored in the physical world (cf. with hashing equipment in proof of work). That is why virtually all of currencies relying on proof of stake use additional mechanisms to address security issues."
On top of that even Vitalik said "proof-of-stake systems are ultimately permanent nobilities where the members of the genesis block allocation always have the ultimate say. No matter what happens ten million blocks down the road, the genesis block members can always come together and launch an alternate fork with an alternate transaction history and have that fork take over." [2]
Ethereum PoS has finality. It doesn't matter if someone later comes out with a different version: full nodes accept the first valid block it sees as final and immutable, after a short period of time.
Is this perfect? No, but maybe its worth all the energy savings?
If you run a node, by definition you can never end up on the "wrong" chain, because your node,s chain is immutably the chain, and so is everyone else running a full node, thus making it the canonical chain.
As a newcomer - how can I tell the "right" chain apart? In Bitcoin I simply choose the one that burned the most work - it's trivial. In PoS I do what? The longest? Its trivial to produce a long chain. The longest and that have many different public signatures?
The one that everyone else is using. Look at websites, ask friends, etc. After you do that once, you've got the right one from then on. Kinda trust-on-first-use, which most of us use for SSH anyway, and you can verify that you and the people you know are on the same chain beforehand.
I feel like the "I would just choose the chain with the most hashpower" idea kinda falls down in that you still have to choose which crypto - Bitcoin, any of the bitcoin forks, Ethereum, Ethereum Classic, etc. You're relying on the internet etc for information to help you decide which cryptocurrency you're going to use when you start out, you can do the same thing for which Proof-of-Stake chain. Most of the time, there should be one obvious choice, more obvious than which crypto to use, I imagine.
How it's better than WebMoney then? About other cryptos - well, yeah, there can be only one. If you don't control 51% of overall humanity hashrate it's not secure (and not better than WebMoney).
I don't know much about how WebMoney works other than what I just read on Wikipedia, but it looks like WebMoney might be best compared to a permissioned blockchain where a group of companies mine the blocks.
Proof of Stake has the advantages that anyone (with sufficient money, or by gathering into pools) can become a validator, and the system itself provides extremely strong incentives not to cheat by slashing their stakes if they do. This slashing weeds out bad actors over time, as well - once their money's gone, they can't stake anymore.
I could imagine all sorts of shenanigans that could cause a small group of companies operating a money system to cheat, either of their own accord, or forced to by a government, organized crime, hackers, etc. Much harder to attack a huge self-healing group of globally distributed validators with extremely strong incentive not to cheat.
Well I too could imagine some sorts of shenanigans that will mislead the majority of validators especially in PoS that doesn't lock any of validators computation resources. It's even worse in the sense that a validator can be anonymous and doesn't hold any legal responsibility (in contrast with WebMoney). Thousands of validators could be one entity now or in future and you'll never know that (in contrast with PoW). Some infuencer (just like Vitalik) can come and convince validators to mine incompatible fork of Ethereum - you can do this for free and won't be slashed on main chain - and why not, maybe this fork will prove better and people switch (yeah this can happen with any crypto that's not Bitcoin)?
All I'm saying that Satoshi really produced the one undeniable cryptocurrency. His idea is sound, you don't need any friends or websites, or "common" knowledge besides his simple idea of the most work burned chain. Anything other is really questionable.
Seems Jeff has launched a malicious attack on proof-of-stake, been unsuccessful, and has lost his stake. In this case his reputation.
You can't hand-wave over "complexity" and then call it "opaque" and self referential using a bunch of vague and imprecise analogies. The "step 2 complexity" is where the system justifies itself. It's where it's proven sound. Just because you're too lazy to get into the weeds and technicals of it does not make the system flawed. A casual read of the overview of Ethereum 2's proof-of-stake mechanism[1] would have helped Jeff save his reputation staked on his blog post.
I think this article is saying that proof of stake doesn’t work because the community can decide to ignore the consensus algorithm and pick a different, modified chain. Proof of work has the same property though, as exhibited by the author’s own example of ETH vs ETC.
I think the author's point is that in a PoW fork, the hash power is a fixed resource and must split between forks. In a PoS fork, prefork holders can stake the same amount of coins on both forks, thereby "doubling" the total coin being staked. With PoW, the fact that the hash power has to split between forks gives a mechanism for a consensus between forks to be found. With PoS forks, you might as well just continue to stake both forks.
On PoW, if one fork is much less popular, it will be feasible to attack because you can rent enough hash power to produce a larger chain. If only slightly less popular, this isn’t feasible.
On PoS, a substantially less popular fork will be possible to attack, because you can afford to buy enough coin to stake and take control of the validators. The economic value of your coins will be divided between the forks based on market consensus. A more popular fork will be hard to attack because the coin will be too expensive.
In my view these are a similar type of security guarantee, what am I missing?
In both PoW and PoS, providing security to prevent attacks requires allocation of economic resources (spending hash power, or holding and staking tokens).
In PoW my GPU can only hash one chain at a time so I have to pick a fork to continue on. This is true for everyone else too, so the incentive is to mine the fork that will most likely live since you can’t earn coin without mining.
In PoS, I hold tokens and when a fork happens, I’d hold tokens in both forks now (same parent token in both child forks). I can trivially run 2 validators where I stake my tokens in both forks. This is possible because validation in PoS was meant to not consume much resources, so running 2 is affordable. The incentive is to stake both forks because doing so means I’ll pick the right fork (by picking all) and thus preserve my stake in at least one fork.
I think the punishment system described elsewhere in this thread solves the issue of existing validators running both chains. If that’s correct you’d have to buy more coins to stake to “attack” the cheaper chain (which is much like renting hash power to attack a PoW chain).
>This can be solved via two strategies. The first, described in broad terms under the name “Slasher” here and developed further by Iddo Bentov here, involves penalizing validators if they simultaneously create blocks on multiple chains, by means of including proof of misbehavior (ie. two conflicting signed block headers) into the blockchain as a later point in time at which point the malfeasant validator’s deposit is deducted appropriately. [...] The second strategy is to simply punish validators for creating blocks on the wrong chain.
> That is, if there are two competing chains, A and B, then if a validator creates a block on B, they get a reward of +R on B, but the block header can be included into A
What if it can't (we do ETH 2.342 variant (which doesnt cost us anything contrary to PoW forks) with modified header and later it wins)?
But in practice, hash power isn't used to choose between forks. Nobody says ETC is invalid because it has fewer hashes than ETH. It's still a valid chain, even though it has less market value. The same would be true of PoS: one fork would have more legitimacy and market value than the other.
If you're not actually forking, but just operating the protocol normally, PoW chooses between branches just fine, but so does PoS. With Ethereum's version, there's even "finality," which means it's impossible to revert more than a few minutes without destroying a third of the total stake: https://ralexstokes.medium.com/the-finality-gadget-2bf608529...
That's a strict improvement over PoW which only offers a probabilistic guarantee. Both systems can be bypassed by a hard fork, but in both cases the fork will face the same challenge of market value and legitimacy.
> Nobody says ETC is invalid because it has fewer hashes than ETH.
I think you are quite wrong there. At some point the exchanges had to pick which chain was going to get the ETH ticker and which chain was going to get the ETC ticker. While it's hard to say exactly why they did what they did, certainly the amount of hashpower on each chain was a significant factor.
I think the difference here is that doing so would be a hardfork and would require everyone to opt into the change. Contrast this with PoS where if 51% of the stakers woke up one morning and decided to rewrite the last 2 weeks of the chain they can immediately do so, and anyone who disagrees must opt out.
With slashing PoS, if stakers tried to rewrite the left 2 weeks of the chain they could have their stake taken away as a penalty for signing votes on multiple forks.
And both chains continue - but it usually becomes very clear which chain is stronger - and the weaker chain can be killed off because it can be attacked more easily - which devales the value of that chain. 24 vs 520 in this case is the has rate difference, or a 20x difference.
I guess... how long does it take to determine this? I have a transaction on a PoS PoS (lol) chain, and then... I guess... I've given my goods away for some coins. Now... it turns out my coins are lost because it was on the weaker chain?
Not trying to be disingenuous here. Is this occurring in a matter of a few blocks, a few days? Does this bring crypto closer or further from potentially being an actual currency one day?
I tend to think this centralizes things (PoS as opposed to PoW). I can't imagine I'd want to put my money into some whale controlled currency personally. But I'm not sure that part has really changed considering I think of PoW as relatively whale controlled (and rather centralized, and against all of the generally accepted Keynesian economic theories).
A POS POS chain may not have a ton of value or attacks. But when splitting off, ETC for example probably was hit by some attacks until the value was gone.
The way it works is whoever accepted your coins can have them lost and you could respend them if you were the attacker.
In US all cryptocurrencies are treated as commodities and regulated by Commodity Futures Trading Commission under the U.S. Commodity Exchange Act but when Ethereum switches to Proof of Stake they will be regulated as security by Securities and Exchange Commission (SEC) and all "stake" holders will need to register their stakes and comply with the laws that govern the Securities Industry[1].
Under the US law "security" is "The term “security” means any note, stock, treasury stock, security future, security-based swap, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement etc."[2]
Ethereum falls under this since it is "profit-sharing agreement", it is an investment(stake) which allows other investors(stakeholders) to profit off of that owned security.
Proof of stake cryptocurrency allows stakeholders to profit by holding their coins(stake) and if they do not comply with all aforementioned security laws(reporting, market controls etc.) all their coins(stake) can be seized and Etherum can be shut down by SEC as an unregistered security.
That's simply false. When you stake you're being rewarded for your work securing the network, no different than mining. Further, if you do not stake you do not "profit".
If you "stake" you invest and you are a stakeholder if you do not "stake" you are simply a user of Ethereum and all investments, stakes and stakeholders need to be regulated in order to protect investors and market. Cryptocurrencies and crypto tokens are not outside the law in particular not outside of financial and capital market regulation laws.
The author's central argument has been formally proven: https://eprint.iacr.org/2016/919.pdf. PoS protocols cannot offer a client with no a priori knowledge of the history of transactions a way to distinguish between an honest validator set and a corrupt validator set. There's no way to compare chain quality in-band.
> There's no way to compare chain quality in-band.
Just like with PoW where the longest chain and greatest hash power is the "honest" chain (even that is arguable), PoS functions similarly where the greatest staking power is the "honest" chain.
I've done a little bit of research into event-sourced databases and journaling filesystems, but not nearly enough to be on expert on them. I think this article touches on exactly the crucial point.
If I have a private key to my coins, why is someone else allowed to disallow a transfer of them? When I announce a transaction, because of the way mining works, that transaction gets sent to every miner, so that if they were to solve the block they could include my transaction.
Why is Bitcoin made up of back-links to previous blocks? Isn't a block no more than a memoization of a event-sourced log at a point of time? That's just a really badly constructed journaling filesystem.
Instead there should be no cryptographic mining PoW or PoS, all online miners would track all transactions since the last block was created. If at any point they did not have all of the transaction(which means if anyone else has reported a transaction that they have disallowed, easily compared by simply checking every miners head hash), they are considered to be offline and do not receive a mining share. All miners who are online when a new memoization is created gets a share of the reward.
Help me out here, why do we need to solve the Byzantine General's problem for this?
> If I have a private key to my coins, why is someone else allowed to disallow a transfer of them?
They are allowed to try, but no single entity can completely block a valid transaction from being confirmed.
The legitimate reason they may do so is because they believe you are trying to double (or N) spend the transaction, and they have chosen a conflicting transaction instead, likely the first one they saw.
> Why is Bitcoin made up of back-links to previous blocks?
Blocks are a way to get everyone on the same page, when a new block is found everyone is now working on top of the same history. The reason to use ~10 minute blocks of transactions instead of 2 second blocks or even updating on every new transaction is to avoid a constant stream of conflicting states arriving from different parts of the world, which would increase the necessary communication between nodes.
> If at any point they did not have all of the transaction(which means if anyone else has reported a transaction that they have disallowed, easily compared by simply checking every miners head hash), they are considered to be offline and do not receive a mining share.
In that case if I'm a miner I can just create a transaction that I share with no one, include it in my block, broadcast the block and now all other miners are considered offline because their blocks didn't include my transaction and I get 100% of the reward.
You would get 100% of the reward of one transaction, a price that you yourself paid. And that's fine, since memoization of the block is work that needs to be done. And the block would be valid if it was not missing any transactions. They would then update to your block, and would be back online. Except they would not have been considered offline.
> Why is Bitcoin made up of back-links to previous blocks? Isn't a block no more than a memoization of a event-sourced log at a point of time? That's just a really badly constructed journaling filesystem.
My understanding is that the chain of blocks, whereby each successor block is dependent on the hash of the previous one, acts as a self contained proof that a huge amount of work went into generating this. The rule that everyone needs to follow then is to simply always trust the longest chain presented to them (or the one that was most difficult to build depending on the amount of solutions at every difficulty.) By only looking at the last block, you lose this consensus mechanism. Not sure exactly how that isn't an issue with PoS though since they aren't verifying with work, and it seems that they can just keep track of the head of the transactions.
The Byzantine General's problem states that messages can be corrupt, missing, misinformation, or otherwise unreliable. Thus to avoid exploitation by the few, we need some PoW mechanism.
The Bitcoin network is not this. The Bitcoin network is everyone meeting at a central square, fully able to communicate - all having a full list of all transactions - and the dude with the password takes the reward and decides which transactions make it in.
But they have no messaging problems! Bitcoin is not the same difficulty as Byzantine Generals! The work is meaningless when everyone is always communicating. There is no possibility of any miscommunication. The rules of a miner are simple: Add all transactions to the list. Make sure no one spends more than they have. That's it. If there is ever a merge conflict(a double spend) based on those rules, first transaction wins. It will most likely be known that it fails instantly, but if not by the time the memoization happens it will be known.
Consensus becomes whichever one has all the transactions. If there is a firewall issue such that you can not reach the main chain, you can simply not issue any transactions. Same as today.
I can see a potential that I am in the wrong here, not knowing about a crucial detail, but I don't know what that detail is.
> The Bitcoin network is not this. The Bitcoin network is everyone meeting at a central square, fully able to communicate - all having a full list of all transactions
Not at all, you can start right now trying to sync (from scratch) a new node with the network and regardless of how many malicious/corrupt/etc information you receive from whichever nodes you find (there's no central square) your node will never show you an invalid state, it will at worst be out of date or missing information.
> But they have no messaging problems! Bitcoin is not the same difficulty as Byzantine Generals! The work is meaningless when everyone is always communicating.
Of course there are messaging problems, it's a completely open network full of malicious nodes or nodes going offline or being unavailable. And your node doesn't have to always be communicating, it can go offline for months at a time and then sync back up with no issues.
> If there is ever a merge conflict(a double spend) based on those rules, first transaction wins.
The first for whom? Different nodes might receive transactions in different orders.
> Consensus becomes whichever one has all the transactions.
What if A and B have all the transactions except for 1 double spend, where A picked transaction 1 and B picked transaction 2, because that's what they saw first. Which of them do you follow? You can't just leave it to chance, you have to be very confident that everyone else will pick the option.
But CRDT's actually are a harder problem than Bitcoin. When you have a local square, you don't even need CRDT's.
> And your node doesn't have to always be communicating, it can go offline for months at a time and then sync back up with no issues.
If you are writing blocks offline for months, then all your transactions getting wiped out upon connection with the main chain(as its many more computations ahead of you) seems like an issue to me. A sane system would disallow transactions when not connected to the main chain.
Proof of work determines who can mint a block its not the nakamoto consensus algorithm bitcoin uses its just part of it.
Proof of stake determines who can mint a block same as proof of work, the consensus algorithm is then one of many different algorithms people use for consensus.
Talking about proof of stake/work as if its the sole consensus is like when people call the case of their computer the hard drive part. I mean it does have a hard drive sure but your not really getting it.
I’ll preface by saying I think Proof of Waste schemes should be illegal. Proof of Stake schemes eventually over time become de-decentralized because as with PoW there is incentive to having a large stake (as demonstrated by the large private mining pools.) Eventually what you have is a clique of large powerful players in control of the financial system. You’ve basically reinvented banks but you made them extremely inefficient along the way. I don’t see any way how decentralization schemes eliminate the potential for organization, as centralizing inside a decentralized system is beneficial and highly efficient vs. remaining disorganized/decentralized.
Decentralization seems fundamentally at odds with natural order and thus maintaining its decentralization costs energy. Compare that to USD which backpacks on the energy spent maintaining a nation, the cost of USD is essentially amortized by the simple existence of the US.
Following this line, wouldn't corporations form around the large stakes? So essentially banks, but with transparent holdings?
I'm not well versed enough in financial systems to game out the implications of this, but as someone who believes in the efficiency of free markets, it seems like a good thing to have more transparent banks.
I'm a strong supporter of free markets* -- meaning, free markets are efficient and good, but efficiency isn't the only consideration for society so reasonable regulation is just and necessary. I'm not convinced you get any additional transparency from a blockchain that the government doesn't already get into any organization it wants to. Public ledgers also have remarkably poor privacy, which is necessary for some transactions and/or individuals.
That is an interesting point. The purpose of government access to that information in this case is to protect the public from shady practices, right?
Potentially the benefit is the distribution of the information. As in it becomes standard for these new banks to make public which addresses/transactions they are associated with. The market will probably do a much better job at detecting especially harmful practices. Especially given that the asymmetry of information in fraud is often the only thing that makes it work.
The privacy question is an interesting one. It seems like it pretty quickly reduces to some fundamental problems in crypto-system design. How can we design a system that is totally open on one end and totally anonymous on the other? And furthermore how do we guarantee that the banks won't set up addresses on the anonymous side to do shady things with?
Not really sure how to align the incentives here. Potentially a combo of escrow and batching transactions. It would be interesting to hear ideas from people who work in this space.
I know nothing about proof of stake but it sounds like he's saying it is vulnerable to the same kind of 51% attack as proof of work but you need 51% of the coins instead of 51% of the hashing power?
If so that sounds safer than proof of work. What am I missing?
Given enough time he is saying a single bad actor could amass 51% and attack the chain. It would also be a very expensive attack as they would risk the value of their stake. A PoW attack doesn’t require the same amount of investment.
Not only would it risk the market value of the stake, but in Ethereum's version a double-spend attempt would result in near-immediate destruction of the stake.
If a coin is worth a trillion dollars, could a nation state just start buying up huge amounts, essentially indicating a 51% attack will occur soon, causing a rush for the door, causing prices to drop, despite the clear demand?
Or would prices go up because there'd be a guaranteed buyer and a group buying at the moment.
Dogecoin, which was made as a joke, has the 6th largest market cap of cryptocurrencies. It’s incredibly hard to predict how it would affect the market.
Honestly, I don't understand why crypto, and especially PoW, is so special. My understanding is that crypto is good because 1) you can't "forge" crypto (mining is different since it takes resources), and 2) you can make transactions that are harder to track. Particularly because governments "forge" (print) money all the time, and heavily track how we spend.
Ultimately, currency only has meaning because we assign value to it. The only intrinsic currencies are food, shelter, luxuries, etc. If people stop accepting Bitcoin, "I can prove that I have X bitcoin" no longer means anything. If government outlaws bitcoin and forces you to use USD, it doesn't matter that they can't forge or track bitcoin, because you have to use USD.
A lot of people argue that PoS is bad because roughly "the people who control the most etherium can dictate the rules", but the people who control the resources we need will always dictate the rules.
> Forking a proof-of-stake chain can create two chains, each of which is endorsed by a majority of stakers in that chain. This split can repeat ad infinitum. Which will be the “real” one?
Isn't this the same as Bitcoin vs. Dogecoin vs. etcCoin?
The author is poorly informed. Splits have happened and do happen, there's about 3 or 4 direct Bitcoin forks but they have little use. Social consensus is what ultimately controls which blockchain is viewed as the legitimate one. So if some plurality of rich stakers wanted to do a hostile takeover of a network, the community could create a fork where the oligarch coins are frozen and continue from there.
> So if some plurality of rich stakers wanted to do a hostile takeover of a network, the community could create a fork where the oligarch coins are frozen and continue from there.
What's the "community" here? What would incentivise users to consider the new fork to be the legitimate one? If rich oligarchs control the first one - how do you build trust in the new one as opposed the current one? As a fiat currency - I would assume the rich oligarchs would have a great chance of leveraging wealth into ensuring that the current coin gets marketed and hence holds trust? The USD holds its current position because the US Gov stands behind it - what would keep the oligarchs propping the current coin up as opposed to the forked coin?
I'm sorry if this sounds silly - as I'm not very into crypto.
Justin Sun tried to take over the Steem network and the community simply forked it. The network that has the most legitimacy is a matter of social consensus, always. That's true of all currency, by the way. If the world starts to reject a currency, that currency can undergo tremendous inflation in a rapid amount of time. This same fate that has happened to other currencies could happen to the USD. The German Mark lost its value in the 1920s. The Argentine peso is currently undergoing the same effect: https://tradingeconomics.com/argentina/inflation-cpi
Supply and demand are laws of economics. Can't be avoided. Currency issuers can control supply but they can't necessarily control demand. They can try to influence demand, but ultimately it rests on a community or a marketplace to decide that. Doesn't matter how absolute your power is, you can't beat economics in the long run. Read a history book about all the failed empires of history. It's almost always a monetary phenomenon that does them in.
> Splits have happened and do happen, there's about 3 or 4 direct Bitcoin forks but they have little use. Social consensus is what ultimately controls which blockchain is viewed as the legitimate one.
If you had a node running since 2016 and didn't touch it at all, right not it would still be following the Bitcoin blockchain and not any of the splits that were created since via hard-forks.
It certainly can be bootstrapped by PoW, but doesn't need to be (and usually isn't in practice). The initial stake if it's not bootstrapped by a different consensus mechanism is simply created (not too differently than PoW creates coins). You have an initial block that anyone can create (but in practice, it's generally the creators of the coin who do that), and then the coin created in that and subsequent blocks is distributed in some way (sale, give aways, etc). The fairness of the distribution is always something highly scrutinized by the larger cryptocurrency community, and many coins (pow and pos) have massively unfair distributions of their currency (ie to themselves as a money making or "funding" scheme).
> Does 'proof-of-stake' need to be 'bootstrapped' by a period of 'proof-of-work'?
I think it's optimal if they do, because proof-of-work is more fair in the beginning, so it's easier to do a fair distribution launch with PoW. With Proof-of-stake, I've never seen a network launch that didn't result in a cartel.
PoW algos adjust difficulty based on how much hash power is in the network. So you could do this, but people would see it and react to the demand plus you'd also have to sell most of the mined coin in order to cover your electricity costs.
Pure Proof of Stake is interesting in that the "stakers" are literally every single person in the economy -- mitigating much of this problem of the "pool" of stakers deciding that they don't agree with one another.
The self-referntial part is not the biggest problem, in the past money was created to fund an army which then made the money stronger in a virtuous cycle.
Its biggest flaw is that it removes the friction from switching sides, and makes it a subject of politics. BTC was created to be the opposite, to take the power back from politics
One thing that PoW has for it is the idea brought up in the paper: where the coin is not just based on popularity of usage, fame or hype but its usage is actually measurable in a very real sense: through how much energy it consumes. The paper mentions how CPU power gives you (in a way) the ability to vote within the system.
With a famous PoS coin you can measure its popularity based on number of transactions and usage across the globe - but who can really tell that those transactions were just not very few users pretending to makeup a busy network?
With PoW on the other hand you have a very tangible way to measure interest in the network: they’re literally consuming energy and they’re literally many different entities since no single entity could ever consume that much energy.
This criticism doesn't seem very substantial, what exact problem does PoS have that PoW doesn't have? Why doesn't PoW have the exact same "50/50 consensus split issue"?
Bitcoin nodes can _also_ choose to pick an alternate chain, see every hard fork.
A Bitcoin node simply doesn't consider BSV blocks to be valid, they break Bitcoin's rules, that's what makes them hard-forks and is not related to this discussion.
When there are multiple competing valid chains, with PoW the main chain is whichever one has the largest amount of work done. Eventually everyone converges to the same chain automatically.
With PoS, how do you objectively chose between two competing chains?
> Similarly reduced, proof-of-work systems work like this:
>
> 1. The list of valid transactions determines who has coin.
> 2. <complexity>
> 3. People with computers decide which transactions are valid.
> You don't need to know any more detail about proof-of-work systems to be instantly suspicious.
Hm, I think this misquote says all there is to say about the reasoning in this blog.
"People with coin" in step 3 is way too broad. And indeed, ETH PoS has a consensus protocol to decide which "people with coin" get to validate, and that doesn't work by "because the blockchain says so".
Annoyingly, this guy's reasoning is faulty, but one cannot comment on his 'blog'
An inductive proof (which most mathematicians accept as valid) has exactly the structure he wants to call invalid.
You prove N(0) case, then you prove N(i+1) case in terms of the N(i) case.
This is how proof of stake is structured.
It is true that one must START a proof of stake system in a valid state but then the correctness of a state depends upon the correctness of the state prior.
The argument for POS is not quite a simple as that, but this just shows there is nothing inherently invalid about having the validity of a system depend upon the validity of an earlier state of that system.
MANY, MANY systems have just this kind of guarantee.
p.s. I dont own any ETH, I just hate bone headed thinking...
This post raises two common criticisms against proof-of-stake: it's self-referential (and therefore cannot work), and it's subjective (and therefore cannot work). Each of them have a bit of truth to them, but (spoilers) I strongly disagree with the conclusions.
------------
The "proof-of-steak is self-referential (and therefore cannot work)" argument goes like this:
1. Proof-of-Stake chains claim to be secure because there is value at risk.
2. The value at risk are the coins _on chain_, which only have value because the chain is secure.
Therefore, as the "thing" giving the coins value is the coins having value themselves, this is self-referential, and so cannot work.
Two quick responses. First, PoW has the same dynamics, albeit a bit more obfuscated.
1. The PoW chain is secure because there are miners willing to mine on the chain.
2. The miners are willing to mine on the chain because they get paid in coins that have value.
3. The coins have value for a multitude of reasons (duh, speculation), but one seemingly necessary one is that the chain is secure enough to allow transfers (aka, the chain is secure).
So in PoW, we have the same self-referential dynamic.
Second, there's no reason why self-referential systems don't work in the first place. I'd argue that a much more informative way of thinking about PoS/PoW as mechanisms is in a recursive way:
1. Value at time T -> Security at time T
2. Security at time T -> Value at time T + 1
etc.
You can call anything that references itself a "perpetual motion machines." Merge sort references itself - that doesn't make it one.
I would argue the recursive bootstrapping described above is one of the most interesting mechanisms public blockchains have currently (rivaled only by the crazy composability of programs you see on smart contract chains like Ethereum).
---------
The "it's subjective (and therefore cannot work)" argument goes like this.
1. Stake is defined on the chain.
2. Stake determines which chain is the real chain.
3. Thus, if you have two chains that claim to each be the real chain, you cannot tell them apart.
I'll note: this is pretty much true. For most modern PoS protocols that exist today, some form of initial "checkpoint" is needed to sync the chain. You need a blockhash to start from.
However, after you sync your node for the first time using this has, this is no longer the case: as long as you sync your node to the chain more than once a month or so, you never need to do this again. Aka: you only need to get a hash of the chain upon initial sync.
Practically, IMO, this pretty much changes nothing. 99.99999999% of users don't read the source code of the nodes they run (in fact, most people don't run nodes :() - and since node releases are on the order of once a month [1], users can just get the block hashed packaged with the software anyways. In most realistic security models, not much is different.
---------
IMO, the biggest argument against PoS is it's complexity. Making a secure PoS protocol requires a lot more work than a basic PoW one. Managing this complexity appropriately is hard, and takes time + incremental steps if you want to do it well (and not fuck an existing network). That's mostly why Ethereum's PoS has been so delayed. But it's coming soon :). Shout out to the awesome people working on it!
Source: I spent 3 years working on a variant of Casper (Ethereum's PoS protocol) at the Ethereum Foundation.
The OP (me) explicitly pointed out that self-referential systems can work, for a while. The problem is that there's no way to resolve hard forks.
You (and Vitalik, in that "Nothing At Stake" paper) seem to assume there will never be a hard fork. That's proven wrong by history; hard forks are common. In fact, in the ETC/ETH fork, it was _ETH_ that got a major code change.
PoS, by definition, does not provide any way to resolve hard forks that split "stake". After the fork, both chains can appear perfectly consistent with a majority of stakers (in that split) voting "remain".
The ultimate irony, though, is that even with proof-of-stake, the entire crypto-economy becomes owned by a bunch of pseudo-anonymous elites. The end result is the exact same as our current system. At least with our current system we can pretend to have a democracy and kick out people who are being too visibly corrupt.
i assert there is no scenario in which cryptocurrencies, or any economy, doesn't devolve into what we currently have. as long as people are involved it is impossible to not have a government, in one form or another.
the question is - do you want to be governed by a bunch of anonymous people or do you want to have some modicum of ability to hold them accountable?
ugh