Busting the myth
Nothing-at-Stake is a busted myth because it is extremely unlikely that someone could successfully carry out this attack for both economical and technical reasons. When verifying whether the myth is true or false it is important to realize that Peercoin is not the only coin using PoS as a consensus mechanism and that there meaningful differences in the different implementations. In Peercoin there is a double-block protection mechanism (cancelling of top block for double stakes), coin age consumption and economical implications serving to protect against attacks. Now follows some variants of the myth and counter-arguments.
Version 1 of the myth: There is nothing that prevents minters from minting on several chains at once, and since doing so doesn’t cost anything, there is an incentive to do so. Therefore, the network will never reach consensus and there will be a multitude of competing chain forks.
Duplicate blocks are not propagated by the network and a limit is imposed on how often an attack can be attempted, by the coin age being consumed by staking. Secondly the top block is removed when a duplicate stake (using the same output more then once) is received directly punishing the attacker by delaying the reward, thus loosing out on compounding interest.
Another protection is that because the attacker has to own a considerable amount of coins, it exposes the attacker to exchange rate risk (the value of their investment collapsing); a risk that is increased by the person’s own attempt to attack the network. The argument is flawed because it argues that the attacker has nothing at stake, when in reality the attacker has to spend resources to acquire the coins used in the attack, thereby exposing themselves to exchange rate risk. It is also false because the probability of succeeding with an attack greatly diminishes for each new block confirmation. The attacker’s coin age is consumed, thus preventing an extended attack from taking place.
Version 2 of the myth: Everyone will mint on as many chains as possible, because no-one have anything to loose and nothing can stop them.
As already described, this won’t work since honest nodes will filter out and stop duplicate blocks from propagating on the network and double staking entities are punished. Furthermore all peercoins holders have an incentive to run honest nodes, because if the blockchain would fork, the exchange rate is likely to collapse. This is especially true for minting nodes, since staked coins can not be spent. While the profit would be relatively small, dishonest nodes minting on several chains would put their entire stake at risk (exchange rate risk). This myth is busted, because everyone have something to loose (the value of the coin) and honest nodes stops duplicate blocks from propagating.
Version 3 of the myth: The double-block prevention mechanism in Peercoin can be removed and there is an incentive for everyone to do so and then mint on as many chains as possible, because no-one have anything to loose and nothing can stop them.
Nothing-at-Stake assumes that a stake doesn’t have value, which is false. If there was multiple chains and chaos, the exchange rate of peercoins would collapse. Nobody would be able to trust that the coins they buy, receive or hold will be there for them to spend. There is a clear economic incentive for Peercoin users to not run a patched client that propagate double-blocks.
If everyone was minting on all chains and there was chaos, then the coin wouldn’t be worth anything at all. If it was worth nothing at all, there would be neither any point in holding nor minting peercoins. Why risk everything, when there is nothing to gain?
It’s in both the peercoin buyers and holders interest that coins are buried as deep as possible in the blockchain that has the most chaintrust. This is true also for custodians, such as exchanges. Everyone that are exposed to the exchange rate risk of peercoins, have an incentive to build only on the blockchain with the most chaintrust and protect the network against double-block propagation.
Also note that when coins are used as a stake, they are locked and can’t be spent for a long period of time. The greater the stake, the greater the incentive to not do anything that could cause the exchange rate to collapse. The greater the stake, the more chaintrust contributed to the blockchain that already has the most chaintrust. Consensus is reached, because Peercoin users have the value of the coin at stake.
For a more detailed rundown of the costs and probabilities associated with this attack, read this post by Peershares/NuBits architect Jordan Lee:
The block duplicate protection mechanism can be studied here:
Cancelling of the best block when duplicate block is received:
For a more in-depth study of the concerns surrounding this type of attack, the following links could serve as entry points:
And read this for an informal technical discussion about how PoS works:
Study the source code:
The argument that the double-block protection mechanism in Peercoin could be removed, is similar to the argument that the reward for mining a block in Bitcoin could be increased. Technically there is nothing that prevents this from happening in Bitcoin, yet is hasn’t happen. Why has this not happened in Bitcoin? Because Bitcoin miners have a stake in Bitcoin! But how great is this stake?
With Peercoin, the attacker must be fully invested in Peercoins. With Bitcoin, a malicious miner has resources invested in an infrastructure that can be pointed in the blink of an eye to perform mining on alternative coins. The attacker doesn’t need to own bitcoins, therefore it could be argued that the malicious Bitcoin miner has nothing at stake in Bitcoin.