A note about Cold Storage Minting

I have read the proposals given in http://www.peercointalk.org/index.php?topic=2783.0 but I haven’t had time to go through all the posts made in that topic. I might have a good suggestion for the developers.

The cold minting should include two addresses. First address indicates the actual cold storage and the second address is for the newly generated coins. Whoever controls the private key of the first address is free to change the second address as they want. The second address could be changed to same as the first address. In that case cold minting would generate compound profit. However, compound interest should be an option rather than a rule.

I would be happy if cold storage minting allowed me to bury the private key of the big stash but still get monthly payouts in the form of newly generated PoS coins. For example, I have 50000 PPC in cold storage and I cannot spend them because I lost the private key. However, I was smart enough to assign a different address for the generated interest and I still have the private key to spend those coins. Every month approximately 50 peercoins are generated via PoS and even though I have lost the private key of the cold storage itself I can still spend the generated interest.

Please let me know what you think of my idea. In my opinion it would be absolutely vital for the cold minting to allow taking generated coins immediately to a hot wallet address while leaving the original cold storage intact. It would be just too inconvenient to regularly access the private key of the cold storage in order to spend the generated profits. What is more, each time you access the private key of your cold storage you make yourself a bit more vulnerable to theft.

About pools… Firstly, it does not matter how exactly PoS Cold Minting is implemented, pools can be formed. Secondly, my method discourages pool formation because the pool members would have to give away their peercoins to the pool operator. Who guarantees that the pool operator won’t run away with their members’ coins?

Sigmike addresses the drawbacks of a similar idea here: http://www.peercointalk.org/index.php?topic=2783.msg28885#msg28885

He writes:

[quote author=sigmike link=topic=2783.msg28885#msg28885 date=1404552522]

No, the holder of the minting key won’t be allowed to move the reward (or the coins) to another address. But this is precisely to avoid pools.

If you can move the reward then you can build variance reduction pools very similar to bitcoin pools. To do that you split each reward to all the members of the pool, proportional to their amount. And you keep a fee.
If you do that, most people will want to join the biggest possible pool because they would get more frequent rewards. They wouldn’t have to wait a random amount of time to finally find a block.
That inevitably leads to always bigger pools, like in bitcoin.

If you can’t move the reward you can’t do that. You can mint for someone else, but you can’t split the reward across members nor take a fee. You’re a minting service provider, you’re not a pool.

i oftenly wondered if cold minting would be a successful or useful feature for PoS coins.
I mean that now i have my well encypted ppc wallet running 24/7 in my rig getting the 1% interest.
i know i am not so secure because someone could steal my wallet trying to break the encryption.
this is what i get as “stake”. i am staking my wallet’s security to mint.this could be an answer to the “nothing at stake” myth :slight_smile:
this is just my thinking, i hope cold minting will get ppc to the next level

Alas, I think this is a non-issue because who would like to give their private keys to a pool operator? I sure wouldn’t. I can only guess that you did not properly understand my text. Simply put, you fear pools so much because of Bitcoin that you fail to see that no one would really use pools for PoS mining. What is more, even if the reward is sent to the same address that minted it pools can be made so please reassess what I have written. It is not very pleasant to have an important suggestion being discarded due to obvious misunderstanding.

Your suggestion doesn’t really add anything valuable to what is already proposed by sigmike. You can spend your rewards and/or portions of your “stake” whenever you like at any time with the private spending key.

There is virtually no risk to using the private key to spend coins. If you are uber-paranoid, you could even form the transaction completely off-line and then later broadcast to network. Rather than being “inconvenient” keeping up with only a single key for stake and rewards is actually the far simpler and more secure solution.

Yes it does. It is much more convenient to receive reward to a separate address so it does not compound by default.

Yes there is risk. It’s not about paranoia, it’s about convenience. Do you understand that some of us have so many coins that they would rather bury the private keys and not touch them in 10 years? How on earth would I spend the profit every month if I had to dig up the private key each month? Please try to understand what I’m trying to say here and don’t just give me copy-paste answers. I’m trying to make a point here.

Hyena, I had an idea similar to yours in thread I linked to. Sigmike explained to me, in the quoted text in my first post, that he want to prevent the creation of variance reduction pools, so my idea wouldn’t be used. I think he would make the same argument here, which is why I quoted his response. Hope this helps!

Yes I have read that post several times and it does not make sense to me. PoS variance reduction can only be done by hoarding as many coins as possible under the same minting address. Who on Earth would give away their whole stash just to reduce variance? There’s simply too high risk that the pool operator runs away with everyone’s coins. That said, Sigmike’s fears are unreasonable. There will never be PoS pools because the more coins you have the more securely you’d want to store them. Giving your coins to the pool operator’s mercy is just stupid.

Cold storage minting means that you would only have to give the minting key to the pool operator, not the private spending key.

Ok, I see the problem now, thanks for pointing that out. However, I already came up with a solution:

The minting key should have the power to withdraw 10% of the coins held by the private spending key. Such power can only be used once and then the private spending key must be used in order to restore the minting key’s power. A minting key that has its 10%-withdraw power used up cannot mint any coins until the power is restored by the spending key. This mechanism will obstruct PoS miners from forming pools because the pool operator would automatically gain full control over 10% of everyone’s coins. If the pool operator is hacked every pool member will lose 10% of their minting stash.

In addition, PoS miners should be left with a possibility to disable the 10%-withdraw power but in that case reward is sent to the spending address to generate compound interest.

I don’t believe I’ve given you a copy-and-paste answer. You’re requesting a significant adjustment of protocol just to support your idiosyncratic savings habit. Honestly, once the speculative phase of Peercoin has stabilized, I don’t think “burying” a pile of coins away for 10 years at 1% annualized return is a smart financial move. There is no reason for the protocol to specifically accommodate this behavior, so why add all the additional complication? If you really feel like you need immediate access to your reward interest without bothering to retrieve your private keys then maybe you are putting too much of your net worth into Peercoin. No one should be that desperate for 1%. Keep some “cash” Peercoins on hand for daily spending if you like and let the rest compound interest quietly. You can always purchase more PPC at the current exchange rate as well. As long as you are paying your bills on time without having to absolutely rely on Peercoin interest, you are really just talking about a psychological factor rather than a financial one.

Read my previous post. Also, it’s good for PPC to have a new feature implemented the best possible way and get it right the first time so that there would be no need to change the protocol later. If I want such a way to mint coins then I’m sure there are others too. I urge the developers not to mess this thing up and get it coded right on the first go. Remember, code complexity should never be feared because it’s the end user convenience that makes one coin better than another.

By the way, learnmore, 1% may seem too low of a reward right now but if PPC starts trading 1000$ per coin things will be different. It’s supposed to be the backbone currency — the ultimate store of value — isn’t it? Think big! I hope some devs join in this discussion soon because I’m still supporting the idea and I’d like to get some professional feedback.

Hyena, what you are trying to achieve is interesting - but it is not really “proof of stake” anymore, because you would “throw away” your original stake to receive regular income.

Your concept is much more similar to Proof-of-Burn (or PoB, see http://en.bitcoin.it/wiki/Proof_of_burn). Replace “throw away” with “burn”: What you do in PoB is send coins to an unspendable address and the amount of coins you sent there gives you a “score”. All addresses which burned coins compete for blocks and get rewards when they find one, and the probability of finding a block is determined by the “score” of your address (=amount of coins burnt). So it’s pretty similar to your proposal, but probably outside the scope of Peercoin at present.

I’ve just some days ago started a thread about the first coin that incorporates Proof-of-Burn, called Slimcoin. I am following this coin (and perhaps others if they implement it) to see if the PoB mechanism is sound, as I see it as a potential replacement for Proof-of-Work in Peercoin in the future when PoW gets insignificant because of the high difficulty.

First, thanks for the contribution!

I would argue that my specification does not suggest throwing away coins. All it intends to achieve is making it more comfortable for a stake miner to spend the monthly reward without touching the stake’s private key. The minting key should have control over 10% of the spending key’s coins to discourage Proof of Stake pools from forming.

My specification is actually much more fail-resistant than the currently favoured cold minting scheme. If you somehow lose the spending key then my solution still allows the owner of the minting key to get back 10% of the stake and continue getting monthly reward for the remaining 90% even though the minting spending key is permanently lost.

Your second proposal doesn’t convince me. Sigmike’s dual-key cold-minting proposal is designed that way to incentivate online minting without risk - with your proposal, you would expose every minter to the risk to lose 10% of his stake when the minting key is hacked. So he would also have to hold the minting key in cold storage, if he wants to be sure not to lose these 10%.

I think the three problems - move stake rewards without touching the private spending key, security of the stake and disincentivating pools - are not easy to solve in a combined way. Of course, we can continue to think about a solution …

[quote=“d5000, post:15, topic:2963”]Your second proposal doesn’t convince me. Sigmike’s dual-key cold-minting proposal is designed that way to incentivate online minting without risk - with your proposal, you would expose every minter to the risk to lose 10% of his stake when the minting key is hacked. So he would also have to hold the minting key in cold storage, if he wants to be sure not to lose these 10%.

I think the three problems - move stake rewards without touching the private spending key, security of the stake and disincentivating pools - are not easy to solve in a combined way. Of course, we can continue to think about a solution …[/quote]

I propose making it possible for the user to choose between Sigmike’s robust solution and my specification. If the user wants compound interest then they choose the robust solution. If the user wants reward to be sent to the minting address they choose my solution. I definitely like the idea of online minting without risk at all and this should be implemented. However, people who are willing to take a risk should have a possibility to send the reward to the minting address. Now it would be great if sigmike actually joined the discussion because perhaps my idea could be easily implemented on top of the proposed robust solution later. If it can then I would not push this idea very hard just yet because ideally we would want to have cold minting ASAP even if in the beginning it generates compound interest. If however adding my proposed functionality later would be tedious then I strongly suggest thinking about it before releasing any code.

As an optional feature, I would’t oppose your solution, but perhaps the problem is solvable other way. And I think your (second) solution and sigmike’s actual proposal will be completely different features (as far as I understand, they would be different “transaction scripts”). So I see no reason to stop development of cold-locked minting, as it is a really important feature to encourage minting which can be crucial for PPC’s security model and should not be delayed.

OK, then it’s cool I guess. I also would like to have cold storage minting in any form possible as soon as possible. Currently the greatest problem with reward going to a different address is that then PoS pools can be formed. To my understanding the only way to prevent pools from forming is to artificially add risk. Even with Sigmike’s solution pools can form, for example a set of billionaire friends who all trust each other could just put all their coins together. Thus the only discouraging factor is trusting the other party to own your coins. My hypothesis is that perhaps giving away 100% of your coins is unnecessarily large risk to discourage pooled mining. I would propose that even 10% at the mercy of the pool operator is high enough risk to discourage pooled minting.

People who trust each other can already pool their coins to form an ad hoc “minting pool.” They just send / combine their private keys in a single wallet. I may have misunderstood your comment, but SigMike’s proposal doesn’t add any additional vectors for centralization that aren’t already feasible if you trust someone.