Before the official release of Peercoin v0.4 on 04/07/14, Sunny King paid us all a surprise visit on the PeercoinTalk chat. I transcribed the entire chat for everyone in the community to read. Before you start reading though, most of what is discussed has to do with an issue raised in the following linked thread, which you may way to read before continuing…
Read This Thread Before Continuing on: http://www.peercointalk.org/index.php?topic=2606.0
iheartcryptocoin: Sunny says “v0.4 Release build is complete and is under final validation. Expect announcement later today.”
Drummel: Yup, just patiently waiting it’s arrival.
Sentinelrv: iheart, are you still here?
iheartcryptocoin: yeah hey sent
Sentinelrv: Have you seen this thread yet?
Sentinelrv: http://www.peercointalk.org/index.php?topic=2606.0
iheartcryptocoin: yeah reading it now
Sentinelrv: I can’t see peercoin.net on my work computer, because it’s too old, but is there any mention of PoW also being used to secure the network on there? I know you originally wrote some of what is on there.
iheartcryptocoin: I did contribute based on what was already there
Drummel: Yeah, I quoted a segment of it. Unfortunately the information is limited, but it is there.
iheartcryptocoin: I didn’t write anything basedon looking at code
Drummel: And I only based mine on Peercoin.net’s information
Sentinelrv: Ok, whenever we find the truth here, it’s all going to need to be corrected.
iheartcryptocoin: I’ve been digging into the code for past several weeks so that I can contribute code though. Plan to go through it all after official 4 release to make sure I can speak intelligently
iheartcryptocoin: a lot on the site needs to be corrected
Drummel: Agreed.
Sentinelrv: It says this on there also: “Acquiring 51% of all existing coins requires more effort and resources than acquiring 51% of all mining power.”
Drummel: I like being an active community member, but I cannot read code so I must rely on Peercoin’s website and the Peercoin community to help me understand it, and with misinformation that slows down the process of spreading the proper word.
iheartcryptocoin: look a it nt on a phone
Sentinelrv: From what I understand now, you don’t need 51% of all the coins. You need 51% of the minting power or whatever it’s called, which is significantly less than buy 51% of all the coins. That’s misleading.
iheartcryptocoin: actually looks like the css has finally been fixed
iheartcryptocoin: nice
Drummel: Right. So for a lame example if 100 people are minting you need 51 of thsoe people to be “evil” it doesn’t matter that 1million people have PPC, they aren’t all minting
Sentinelrv: Yeah, as long as that’s true. All these mistakes are making us look like amateurs.
Drummel: nod
Sunny King: hi guys
Drummel: Heya Sunny, good to see ya!
Sentinelrv: We need to have a talk with Super to get these things sorted out and come up with a game plan.
masterOfDisaster: I feel a bit sorry that I brought this dicussion here
iheartcryptocoin: hey if you lok at sunys paper he describes the protocol
Sentinelrv: Hi Sunny.
Drummel: Agreed, Sent.
iheartcryptocoin: oh hey speak of the devil!
masterOfDisaster: but i think it is worth investing some time in it
iheartcryptocoin: welcome SK, great to see you
masterOfDisaster: hi sunny!
Drummel: iheart, you mean the whitepaper, right?
Sentinelrv: And the chat goes wild!
iheartcryptocoin: yes whitepaper
Drummel: baseball cheering
Sunny King: rc1 has passed on testnet so we are ready for v0.4 release
Drummel: I will look at it again. It’s been a few months I am sure I forgot too much
iheartcryptocoin: The protocol for determining which competing block chain wins as main chain has been switched over to use consumed coin age. Here every tran saction in a block contributes its consumed coin age to the score of the block. The block cha in with highest total consumed coin age is chosen as main chain. This is in contrast to the use of proof-of-work in Bitcoi n’s main chain protocol, whereas the total work of the block chain is used to determine mai n chain. This design alleviates some of the concerns of Bitcoin’s 51% assumption, where the system is only considered secure when good nodes control at least 51% of network mining power. First the cost of controlling significant s take might be higher than the cost of acquiring significant mining power, thus raising the cost of attack for such powerful entities.
iheartcryptocoin: @SK nice, any changes to the code?
Sunny King: there is only a small change to the windows setup file and update of copyright notice. otherwise it’s pretty much same as rc1
Sentinelrv: Hey Sunny, it seems we may have been spreading incorrect information about Peercoin to new people. If you get a chance, can you check it out here. You would know best: http://www.peercointalk.org/index.php?topic=2606.0
Drummel: We talked about a thread that explained transfering the wallet to the new system client. Is simply dropping the wallet.dat file back in enough? Or has anything changed for this release?
Sentinelrv: MasterofDisaster was speaking to your old friend Killerstorm and he brought up some stuff which confused us.
iheartcryptocoin: nice - are you open to some graphical revamps? Code is ready to go if you are - I can PM details for you to take a look
Sunny King: killerstorm has been unfairly criticizing ppcoin project since the start
Sunny King: probably because we worked privately in 2011 and didnot share our technology with another group on bitcointalk
Drummel: Heh, unfairly or not his voice seems to carry considerable weight to people easily swayed or those lost at the sea of information.
Sunny King: who were at the time also trying to design a proof-of-stake system
masterOfDisaster: i know and i think he sometimes choses the wrong tone as well. but is for sure is no idiot and was it his intention or not he helped improving peercoin
Sunny King: ppc’s security is completely based on proof-of-stake,
Sunny King: proof-of-work is used for minting only
masterOfDisaster: the only assisting account i could name is cunicula. but we all know who did create the first successful implementation
Drummel: which we worked out in the thread, but the information posted on Peercoin.net includes stating that you need both 51% mining and 51% of all coins, which seems to confuse people.
Sunny King: this is a bold move the other group couldn’t do because they don’t believe in proof-of-stake as much as we do
Drummel: nod
Sunny King: basically if you issue coins as shares then proof-of-work is not needed
irritant: Drummel: yes that is what i was thinking also
Sunny King: drummel you are right, the 51% on proof-of-stake is the minting coin not the total coins
Sunny King: but it doesn’t mean proof-of-stake security is weaker than proof-of-work, since 51% of mining power is a small fraction of total coin stock value
Drummel: Right.
Sunny King: and the fraction will be smaller and smaller as bitcoin’s inflation rate drops
iheartcryptocoin: 51% on consumed coin age, not on existing coins. An attacker would need to consume more coin age on their cain, and continue to consume more coin age to maintain the attack
iheartcryptocoin: for 51% PoW attack, they’s need ot maintain relative hashing difference, making attackm roe sustainable
iheartcryptocoin: that’s the theory correct?
Drummel: which would be a very costly venture I’d wager.
masterOfDisaster: i started a discussion regarding “PoW dual use”; for coin distribution and for block chain security. i did this for 2 reasons: 1) there is a wide-spread assumption that peercoin is more secure than other coins, because the PoW and the PoS process secure the network (we could consider making that true) and 2) if there’s a chance of enhancing the block chain security, then why not thinking about that?
Sunny King: i don’t think that’s true, that’s the other group’s thesis, they want a hybrid security model mixing pow and pos
masterOfDisaster: but what are the drawbacks of enhancing the security by including the PoW process to the security concept?
iheartcryptocoin: pure PoS is more secure for reason above if theory holds. Can’t sustain the attack. And ipervious to an entity bringing online a massive next gen asic with huge relative hashing power. It shouldn’t be possible to make available a huge amout of coinstake throguh a surprise attack
Sunny King: but if proof-of-stake security is already better, there is really no point of doing that wasting energy
Drummel: I think, if I understand master directly is - he is looking for a flat statement of fact to refute Killer’s comments.
masterOfDisaster: @drummel that would be nice as well, but i doubt that to be doable
Sunny King: mixing pow in security model weakens the pos security and waste energy
iheartcryptocoin: so between pure PoS and pure PoW, PoS security wins vis a vis 51% suceptibility. Seems legit I don’t see any glaring holes in the strat. Adding PoW would allow surprise attack making security weaker
Drummel: @iheart pumping in the Hash Power would destroy the whole concept of “green”. Better just to stay with PoS. Bitcoin will suffer 2 major future problems. 1) MASSIVE bloat in the chain and 2) Power Consumption that is just too insane for it’s worth.
masterOfDisaster: we are wasting energy. the pow process is here. that’s why i called it “PoW dual use”. i was pleading for phasing out PoW once. then i thought it would enhance the security and found it great. now i understand that PoW doesn’t enhance security and think: hey, now that we (still?) have PoW, we could use it to improve security
iheartcryptocoin: PoW is still a benefit because of the economics
iheartcryptocoin: it allows entry into the coin by those who don’t currently hold stake
iheartcryptocoin: without buying on exchange or through other means
Drummel: If Bitcoin is not even 2% of the “bank” network power, could you imagine the cost to run it’s network even at 10%?
Sunny King: i don’t think it enhances security at all. i think baltharzar tried to do it to nvc.
Drummel: I’d think that within 5 years (depending on adoption) Bitcoin’s chain alone will have exceeded 100Gb’s. That’s going to be a whale hehe.
masterOfDisaster: why does mixing pow in security model weaken the pos security? the key is to find a proper BlockTrust for PoW blocks. you could as well enhance the security model by mixing PoW into it - given that there is a proper BlockTrust value that makes my assumption true…
irritant: quote from peercoin.net: “Maintaining the network through the hybrid proof-of-work/proof-of-stake algorithm reduces the risk of the Selfish-Miner Flaw, 51% attacks, and the block bloating that have been used to exploit other currencies.” maybe it is not accurate
iheartcryptocoin: PoW expands the interested community and thus makes the network interesting to more epople and encourages participation. This issue is totally seperate to 51% security issue. PoW doesn’t improve 51% security at all
iheartcryptocoin: @ irritant - no website needs ot eb tweaked, all of the text needs fixing though so that’l get done
Sunny King: it’s simple, with ppc you can’t take over the network immediately even if you have 99% mining power
masterOfDisaster: with a BlockTrust for PoW blocks that is waaaay beyond the BlockTrust of PoS blocks, PoW blocks can’t interfere with a PoS chain that is hiddenly created by an attacker, right?
Sunny King: if you mix then you can
irritant: okay
masterOfDisaster: eeerrrrmmm… not beyond, but below…
irritant: @ihc
Drummel: I understand that part Sunny, but if Checkpointing is removed and you retain 99% of the mining power does that same problem persist?
iheartcryptocoin: @ sunny the one weakness I see in the algo is the incentive for smaller stake holders to leave nodes online when chance of generating stake is so small
iheartcryptocoin: I have an algo that addresses that though
masterOfDisaster: with ppc you can’t take over the network if the PoW BlockTrust is deliberately chosen.
iheartcryptocoin: it’s good t chat in real time, we think very similarly
Sunny King: sorry drummel i was replying masterOfDisaster not sure what’s your question
Sunny King: what problem are you refering to?
masterOfDisaster: may i ask you to join this thread as i think it is easier to discuss complex topics outside a chatbox with little history: http://www.peercointalk.org/index.php?topic=2606
Drummel: It’s ok. I was trying to expand on that. If you retain 99% of the mining power after the checkpointing is removed, the network can or cannot sitll be ‘taken over’ immediately?
masterOfDisaster: i think my comments here just mess everything up. sry for that
iheartcryptocoin: @ drumel, cannot, as long as other nodes are minting via stake
Sunny King: it cannot be taken over immediaely because it’s a pure proof-of-stake security
Drummel: That’s the clarification I was missing - thanks.
Sunny King: you have to use proof-of-stake attack to take over the network
Drummel: And that just doesn’t seem sustainable in my mind as you sacrifice coin age in the attempt.
Sentinelrv: I’m going to have to post this whole chat later for everyone else.
masterOfDisaster: …which renders it vulnerable to attacks that work for pure PoS concepts. Attacking a soundly designed hybrid network would require attacking both parts of the hybrid system.
Ken: Is checkpointing simply waiting for enough people to mint via stake or are there other issues/threats?
Sentinelrv: That’s what I was wondering Ken.
masterOfDisaster: I don’t see much economical sense in attacking Peercoin as the staked coins are expected to devaluate a lot by the attack. But I think it might be short-sighted to consider only economical reasons for attacks…
Sunny King: you could sustain 51% attack but the cost could be higher than a proof-of-work coin of similar market cap
iheartcryptocoin: I may have mis-understood the code, but if 0 nodes are PoS minting, then PoW mining still continues to validate blocks So need someone to be minting. But any minting at all is givne priority over PoW
iheartcryptocoin: The reason would be if you control a rival network and the cost of destroying PPC is < benefit gained by your other network
Sunny King: yeah that’s one reason, there could also be security bugs
masterOfDisaster: we all know that there can’t be perfect security. all i’m asking for is to think about ways for maximizing the security
Sunny King: so checkpoint currently protect the network on top
iheartcryptocoin: similar to the price wars corporations have where one takes massive losses to drive other out of a market
iheartcryptocoin: the eventual gains make the original losses worthwhile
Drummel: You mean like Wal-Mart using brute force? That kind of concept?
iheartcryptocoin: exactly
iheartcryptocoin: anyone invested in PPC has 0 incentive to keep staking coins, anyone who has an alternative could infiltrate with purpose of destroying
Sunny King: iheart, well that argument works with pow altcoins as well
iheartcryptocoin: not to get too game of thrones/house of cards on you guys
Sunny King: it’s really just about the cost of attack
masterOfDisaster: that!
Sunny King: that’s also why we had checkpoint to prevent this, and several other altcoins adopted our checkpoint system
irritant: ihc: 0 incentive? 1% annual not enough?
masterOfDisaster: and the cost for an attack is a measure for the security level
Sunny King: iheart, the pos incentive structure is under review
Sunny King: there could be a proposal to enhance the incentive with minimal change to inflation model
iheartcryptocoin: let me know if you want to chat offline about that issue, there is a way for anyone to join the network and start minting stake based on the length of time they are connected to the network in addition to the coins they control
Drummel: Look at the other side. For Bitcoin unless you have good rigs for mining there is no incentive either. More people can use PoS with PPC than people can mine with Bitcoin.
Sentinelrv: Sorry if I missed your reply, but I think what Ken was asking is if you were simply waiting for a larger amount of people to engage in minting before removing checkpointing. If the amount of people minting rises, the network should be more secure because it would be harder to gain 51% of the minting power, correct? If correct, once you release cold-locked minting, I beleive the amount of people minting will rise dramatically. People are just waiting for a secure way to mint before they try it out.
iheartcryptocoin: adding the time connected portion incentivizes even small nodes to stay online
masterOfDisaster: i hope that pow will some day be phased out to really make peercoin energy efficent and not only relatively energy efficient. i think that checkpoints need to be phased out some day as well. but i don’t understand why thinking about enhancing the security by looking for a sound approach to utilize pow for secuity as well (while it still here) should not be discussedd…
masterOfDisaster: until there are lots of people mining and a lot of the created coins is taking part in the pos process, enhancing security by mixing the pow process is, sounds sweet
Drummel: @iheart, was that proof of connection or something?
iheartcryptocoin: MOD it is discussed, there are several examples of how PoW introduces new weakeness but none so far of how PoW removes weaknesses
Sunny King: sentinelrv, that’s one reason, yeah cold-locked feature should improve it
iheartcryptocoin: let’s keep exploring the idea of course
irritant: masterofdisaster: it would only weaken the security to use hybrid model , if i understand correctly
Drummel: @Sent we’ve seen a lot of that. When they feel comfotable things will change faster. Also having “one click” UI options will help those newer to the coin.
Sunny King: masterOfDisaster, you need to understand it’s a fundamental design choice, people claiming that mixing pow enhances it probably don’t believe in proof-of-stake technology
masterOfDisaster: pow alone has for sure weaknesses as well as pos alone does. i continue dreaming of an implementation with security by a mixed pos/pow approach
iheartcryptocoin: what specific weaknesses does adding PoW remove?
iheartcryptocoin: what weaknesses does it add?
iheartcryptocoin: and same for Pos. It’s not about belief, we can actually make list of known issues and weigh them
Drummel: Added weakness assumped would be easier chance of an attack based on hardware over coin-age? no?
irritant: MOD: you have to believe more in the pos security
iheartcryptocoin: once you burn coin age it is gone and you cannot get it back
Drummel: I believe in it. I definitely wouldn’t be here if I didn’t
iheartcryptocoin: one you have hash power, you have it until someone else buys more
Drummel: @iheart, Right!. Where as Hardware mining to secure with has power you can buy more.
iheartcryptocoin: so if no one gets more hash power you stay on top for ever. with PoS, the act of initiating hte attack removes your ability ot initate the attack again
masterOfDisaster: @sunny king: i believe in it, oh yes, i do. but i also believe that only a small part of peercoins are currently used in the pos process. and the probability for a successful attack is based on the ratio of the attackers coin age in relation to the total coin age at stake. as long as that is true and checkpointing seems to be the only other defense line, i tend to think of ways to improve the security. convincing people to join the pos process is one thing. trying to improve the concept is another
iheartcryptocoin: unless I have misunderstood something badly. Does that track with everyone? Is that wrong?
Drummel: That’s the way I understood it as well, iheart.
irritant: someone mentioned something, when nobody is PoS minting, ,
masterOfDisaster: if you give pow blocks a certain BlockTrust that is added to the ChainTrust that helps defending against someone trying to create a pure PoS chain hiddenly
irritant: does PoW secure when nobody is PoS minting?
masterOfDisaster: which is released to fork the chain and become the main chain because of its high ChainTrust
irritant: i guess not because peercoin 100% relies on PoS for security?
iheartcryptocoin: this doesn’t account for a second issue which is coin concentration and hte rate of stake genration. In a widely spread market where relative coin age gain is even accross actors this better security is great. In a highly concentrated system where a few actors hold a large stake and rebuild that stake quickly, this security is weaker. This is a seperate issue and doesn’t make PoS weaker to Pow relatively
Sunny King: irritant, it does, but not against pos attacker
iheartcryptocoin: ha nice Mod! exactly
irritant: oh, right
masterOfDisaster: if pow block have a deliberately chosen BlockTrust, attackers need not only coins to create PoS blocks but PoW hashing power to compete with the “regular” chain as well (as there are PoW block in the chain)
iheartcryptocoin: Oh man, Proof of connection solves that MoD problem though
masterOfDisaster: that is what i’m talking about
iheartcryptocoin: and it does it better than PoW
masterOfDisaster: maybe i need to investigate proof-of-connection
Sunny King: masterOfDisaster, it sounds nice on the surface, but the cost of attack might actually be lowered if pos cost more to attack than pow
Drummel: You refer to a hidden chain becoming the new trusted chain, wouldn’t all balances remain the same at the cost of a temporary double spend? Or a loss of certain transactions, but not the loss of anyone’s balance? I don’t see this vector causing any long term problem even if it passed as coin age will be consumed (or am I just totally wrong? ) lol
iheartcryptocoin: really good point though MoD
masterOfDisaster: but i’m still not convinced that discussing about pow blocks with a deliberalty chosen BlockTrust value is a bad idea to counter PoS attacks
masterOfDisaster: the hiddenly created chain could include double spending transactions or other nasty things
iheartcryptocoin: in a mature economic system, double speds and thousands of lost transactions is a very real problem
iheartcryptocoin: because a lot of accounting is done seperately from the block chain. It would require a great deal of reconciliation
masterOfDisaster: and as you only need some part of the staked coins to have a chance for that the only thing you risk is the value of the coins you use for stake
iheartcryptocoin: and the ripples would be horrible and destabilizing
Drummel: I firmly believe in a “mature” economic system with PPC using POS it would be terribly difficult to do this (Not impossible), but it sure seems much harder than a 51% PoW attack in a mature market.
masterOfDisaster: by giving pow blocks some BlockTrust an attacker would need pow hashing power as well
iheartcryptocoin: this is the cornell attack, not the 51% attack
masterOfDisaster: @drummel: it would be difficuly and costly. but even more if an attacker did need pow hashing power as well!
iheartcryptocoin: any “bank” holding a large number of coins could mine a hidden PoS chain and the current main chain simultaneously
iheartcryptocoin: then release the hidden chain
masterOfDisaster: currently there’s no need for pow hashing power to execute an attack on pos - why would there be a need; pow is not part of the security model!
Drummel: That’s the thing we wanted to avoid I thought? Banking minting on user behalf? or do you just mean a bank that bought it’s own coins?
iheartcryptocoin: large being roughly >45% of the money supply
iheartcryptocoin: 4 to 5%
masterOfDisaster: please, before this gets more and more confusing: have a look here: http://www.peercointalk.org/index.php?topic=2606
iheartcryptocoin: good chat all
Drummel: take care, iheart.
NewMoneyEra: Thank You Sunny. We Appreciate You Working and Leading Us Toward Greater Liberty and Fairer Dealing for Humanity
Sentinelrv: I will have to transcribe this chat for everyone. I’ll do it later on, going back to work now.
masterOfDisaster: i’m off as well. i’ve created enough confusion for just one day…
Sunny King: Thanks all for your great support and it’s been my honor
Drummel: It’ll get sorted out, this kind of conversation is good for everyone.
Sentinelrv: Until the next interview, which should be coming up shortly. Ben is getting the questions together tonight.
iheartcryptocoin: great chat!