PoS miners can rule over PoW miners

I discovered an interesting strategy which is attractive for anybody who is a big PoS miner as well as a big PoW miner (i.e. holds a lot of coins and also manages a lot of hash power).
Not sure this is new, but I have not seen it described earlier.
Not sure this is correct either; extracting the PPC rules from the source code is tricky.

The strategy is as follows: When you discover a new PoS block while there is a PoW block at the tip of the block chain, you attach your new PoS block BEFORE the PoW block. That is, you deliberately orphan the PoW block.

This is possible because the PPC network prefers PoS blocks over PoW blocks. (If the network is forced to choose between competing block chains, it chooses the chain with the largest amount of trust. A PoW block has trust value 1, while PoS blocks have much higher trust value, so the PoW block will always loose.)

This strategy is attractive because it allows you to kick the PoW blocks of competing miners out of the block chain. As a result, the PoW difficulty will decrease and you can mine more PoW blocks for yourself.

So, which of the mining pools will be the first to implement this strategy? I hope to see some massive orphaning of PoW blocks in the coming weeks.

This idea is inspired by a similar strategy for Bitcoin which was recently published: Ittay Eyal, Emin Gün Sirer, Majority is not Enough: Bitcoin Mining is Vulnerable, http://arxiv.org/abs/1311.0243

Is this “strategy” (though, I personally look at this as more of an exploit) something that can be identified by a set of markers?

If it is this simple, it just re-validates why proof-of-stake (which peercoin is designed around) always wins over proof-of-work.

Proof-of-work was a good idea to get cryptocurrencies started. But in the long term, it will be proof-of-stake that succeeds all other coins.

Sunny King saw all of this ahead of time. This is why he also added checkpointing in the initial stages of protocol which are about to be changed soon.

We can look forward to peercoin becoming one of the cryptocurrency backbones, and proof-of-work problems overtaken by proof-of-stake won’t be an issue… To clarify:

Talking about “proof-of-work” in cryptocurrency in 5 years from now, will be like people talking about VCR’s instead of DVD or Blueray today.

The future is proof-of-stake and always will be…

You could almost come up with a cryptocurrency proverb:

“He who owns peercoin, and has stake in peercoin, will forever earn free peercoin, and help secure the network automatically”

Ehm … no. The fact that PoS always wins over PoW is precisely the cause of this issue. Increased PoW orphan blocks will not be good for PPC.

Proof-of-work was a good idea to get cryptocurrencies started. But in the long term, it will be proof-of-stake that succeeds all other coins.

I hope you are right. Resource consumption for PoW is clearly getting out of hand, and PoS seems to be a very interesting alternative. But I think it will be very difficult to convince the Bitcoin crowd, especially those who have vested interests in PoW mining.

We can look forward to peercoin becoming one of the cryptocurrency backbones, and proof-of-work problems overtaken by proof-of-stake won't be an issue... To clarify: Talking about "proof-of-work" in cryptocurrency in 5 years from now, will be like people talking about VCR's instead of DVD or Blueray today.

How did you come to those assumptions?

Under the current PPC protocol, PoW mining will never go away. While the PoW hashrate continues to increase, the PoW revenue will slowly decrease and eventually there will come a time where more coins are produced with PoS than with PoW. Even then, the PoW hashrate will be huge and approximately 1 out of 8 blocks will be PoW blocks.

Let’s set aside the wild predictions for the moment and look at how Peercoin actually works.
You may see that anybody who can afford to invest 100,000 PPC in stake minting has the power to crush a competing PoW block every other day. This would do some real damage to the PoW game. I don’t think it should be ignored based on uncertain notions about the future of Peercoin.

@singlethread, I’m not very well-versed yet in the specifics of how blocks are attached (targeted). Is this something that a takes a customized version of [font=courier]ppcoind[/font] to do?

And thanks for the link to the original Bitcoin topic describing how this could be employed, I’ll take a look when I get a chance.

Yes. The normal ppcoin software always attaches new blocks at the end of the chain.
But it is possible to make a modified ppcoind which attaches the block at a different point. The other (normal) ppcoin nodes would accept this differently-attached block as valid. The modified ppcoind can use that to get a (small) advantage over the rest of the network.

Ehm… can you elaborate? Not good for PPC in which regard? As far as miners no longer wanting to mine?

How did you come to those assumptions?

Under the current PPC protocol, PoW mining will never go away. While the PoW hashrate continues to increase, the PoW revenue will slowly decrease and eventually there will come a time where more coins are produced with PoS than with PoW. Even then, the PoW hashrate will be huge and approximately 1 out of 8 blocks will be PoW blocks.

Exactly. You’ve just explained my point. You said this yourself:

[i]"eventually there will come a time where more coins are produced with PoS than with PoW"[/i]

That was my point. Somehow you feel it necessary to argue it, and then say something that mimics what I was trying to convey.

Let's set aside the wild predictions for the moment

I agree with that… Since you no longer want to do that, please explain how you’ve mathematically reached this prediction:

[i]"the PoW hashrate will be huge and approximately 1 out of 8 blocks will be PoW blocks"[/i]

…and finally…

You may see that anybody who can afford to invest 100,000 PPC in stake minting has the power to crush a competing PoW block every other day. This would do some real damage to the PoW game. I don't think it should be ignored based on uncertain notions about the future of Peercoin.

For someone who doesn’t like wild predictions, you sure seem to do your fair of share of them.

100,000 PPC, against how many coins in circulation? Perhaps you might be able to help your theory seem plausible if you could also associate that with a price per coin as well. This way we could talk in real world dollar figures.

So far PPC is $7/coin, that would be a $700,000 investment at today’s prices.

I also assume that for your theory to work, Sunny King would have to sit idly by and not propose new code changes.

Peercoin is still being developed as we speak. 0.4 is due out soon and is being worked on as we sit here debating about the future.

I’m confident about Peercoin so far, and I’m also confident in Sunny King managing this project.

This month old news by Cornell University alarmed everyone in the beginning. It turned it to be not a big deal afterwards.

It appears that they published the paper and notified the media before getting peers to review their research.

Well one peer did review their research and has an opposing view here:

https://freedom-to-tinker.com/blog/felten/bitcoin-isnt-so-broken-after-all/

This seems like a legitimate vulnerability, thanks for discovering it singlethread. The POW process should be independent from the POS process, and orphans should be minimized since those represent wasted hashing power and PPC aims to be an efficient cryptocurrency.

Preventing reorganizations for when a single POS block at the end of the chain replaces a POW block at the end of the chain seems like a workable solution, no?

Not good for PPC in which regard? As far as miners no longer wanting to mine?[/quote]
One problem is waste of resources on orphaned blocks.
Another problem is honest PoW miners walking away, causing lower difficulty, causing higher volume of minted PoW coins.
Another problem is reduced reliability of the block chain. If more blocks are orphaned, more confirmations are required for the same level of confidence.

[i]"eventually there will come a time where more coins are produced with PoS than with PoW"[/i]

That was my point. Somehow you feel it necessary to argue it, and then say something that mimics what I was trying to convey.

[i]Even then, the PoW hashrate will be huge and approximately 1 out of 8 blocks will be PoW blocks.[/i] It seemed to me like you suggested that PoW mining would become unimportant in the future. That is incorrect; PoW mining will always play a central role in PPC and the PoW hash rate will only go up.

please explain how you've mathematically reached this prediction:

[i]"the PoW hashrate will be huge and approximately 1 out of 8 blocks will be PoW blocks"[/i]

..and finally..

You may see that anybody who can afford to invest 100,000 PPC in stake minting has the power to crush a competing PoW block every other day. This would do some real damage to the PoW game. I don't think it should be ignored based on uncertain notions about the future of Peercoin.

The PoW difficulty is managed such that one out of every 3 to 13 blocks is a PoW block. There are currently ~ 20 million PPC. Collectively these can produce at most 200,000 PPC per year via PoS minting. The revenue of PoW minting is determined by difficulty. At current difficulty, PoW minting produces ~ 150 PPC per hour = 1.3 million PPC per year. So PoW minting revenue must be reduced by a factor 5 to get to the same level as PoS minting. This means difficulty must increase by a factor 5^4 = 625, which means hash rate must increase by a factor 625. All of this should be common knowledge.

Strategic PoW orphaning could be done as follows: Split your 100,000 PPC into 50 portions of 2000 PPC, and use one portion every two days. After 90 days, 2000 PPC provides coin age of 180,000 PPCday. At the current PoS difficulty level 6.5, this means you can expect to mine a PoS block every 6.5*2^32/180000 = 155096 seconds = 1.8 days.

By orphaning a PoW block every two days, you destroy about 2% of all PoW blocks. Of course you don’t do this to your own PoW blocks, so you gain a 2% advantage in PoW hash rate over your competitors. If you run a medium-big mining operation, this gains 2% of 150 coins per day = 1000 PPC per year. Not a stunning amount of money, but quite worthwhile. By combining PoS and PoW minting, you managed to double your PoS revenue.

I know 100,000 PPC is a big investment, but I guess there are some big miners around who have that kind of money. Of course you can start small: 6000 PPC is enough to destroy a PoW block every 8 days. That is still 0.5% increased PoW revenue.

I also assume that for your theory to work, Sunny King would have to sit idly by and not propose new code changes.

One of the things that worries me about Peercoin is people's blind faith in Sunny King. I'm sure he is a clever guy. He pushed a very interesting idea and managed to make it work. He got a lot of things right, and some other things almost right. But he holds [b]no power[/b] over Peercoin. If there is something wrong with Peercoin (as I claim there is), the best Sunny King can do is propose a new coin (deceptively also called Peercoin). He can then ask everybody in the community to kindly upgrade their software, thereby invisibly converting their old Peercoins0.3 to Peercoins0.4. Until now this has always worked. But some day, when the stakes are really high, a significant fraction of the community may refuse to upgrade. From that point onwards there will be two separate coins, Peercoin0.3 and Peercoin0.4, and it is everybody's guess how those coins will be priced relative to each other.

What if the “priority” of POS blocks were reduced to always match the POW blocks, so whichever block was minted first would win out? What are the downsides to this approach?

I don’t know what the best solution is.
Reorganizations are necessary to resolve forks in the blockchain, so completely blocking certain reorganizations is not an option.

One idea is to always prefer the longest blockchain, i.e. PoS blocks and PoW blocks all have the same trust value. (I think this is also what Chronos proposes.)
I’m not sure if that would reduce the security benefit of PoS blocks.
I’m also not sure if this prevents all strategies based on PoW/PoS interaction. There is something funny about PoS blocks in the sense that their position in the chain is not part of the proof-of-stake. A proof-of-work, once discovered, can only be used at that specific point in the chain. A proof-of-stake however can be used for any block within a certain time window.

In fact a larger effect can be achived with a much smaller investment.
Split 4000 PPC into 1000 portions of 4 PPC and use one portion every day. Most of your investment is at maximum coin age: 880490 = 316800 coindays.
You can expect to mine a PoS block every 6.5*2^32/316800/24/3600 = 1.0 days.
This will kill 1 out of every ~ 24 blocks = ~ 4%

Is this including the delay of 520 block confirmations where your coins, used as stake, are no longer available, until that completes?

If confirmed there seems to be a business case. You don’t need to own thousands of PPC to execute such strategy. You just need to convince a few investers that you have a few percentage point advantage in risk-adjusted return.

Thanks for the debate from both sides. I want to hear from other developer types about any possible problem.

I don’t see where he factored in 520 block confirmations after a successful mint.

Once he does that, his advantage percentage is a lot smaller after factoring in the 520 confirmation. Considering the amount of investment required, I think someone who have to be a lunatic to spend this time and effort on that type of small reward.

Let’s see what the math looks like after 520 block confirms between mints.

There’s a potential weakness in this attack:

1. attacker must hold peercoins in order to mint POS. This incentivizes attacker to keep inflation low to protect the investment.
2. attack results in lower difficulty for attacker’s POW mining pool. However, all other miners also encounter this lower difficulty.
3. due to lower difficulty, inflation rate is higher, hurting the value of attacker’s stake.

In reality, the benefit to the attacker’s mining rate may make up for the inflation impact on the attacker’s stake, but it does have an impact on the profitability of the attack.

The 520 confirmations make no difference. The coins already collect coin age, even while they are still locked before confirmation. The only restriction is that they can not be spent, but we were not going to spend them anyway. We were only going to use them again to mine another PoS block, but not before they reach maximum coin age after 120 days.

Once he does that, his advantage percentage is a lot smaller after factoring in the 520 confirmation.

O rly? You could do this calculation yourself of course. As a first step, calculate how many days it takes to get 520 confirmations. Secondly, ask yourself how much difference those 520 blocks will make, given that coins younger than 30 days can not be used for PoS mining at all.

So basically, the PoS system is the main system for protecting against double spends, and PoW is just used to create an initial distribution of coins, right? I mean the PoW can vote on transaction order, but as stated their vote doesn’t count for much. So basically, wouldn’t it be best to complete the move by having to separate block chains, and make the PoS one the only one that can vote on transactions, and also eliminate the PoW entirely in a year or two when an initial distribution has been achieved. In that way peercoin can use only the superior PoS system and ditch the obsolete PoW system (soon)!

Based on this blockchain explorer, the POW blocks have higher difficulty than the POS blocks. http://ppc.cryptocoinexplorer.com/chain/PPCoin Are you sure a newly-minted POS block can “knock out” the latest POW block in this way?

im3w1l, POW can’t be phased out of PPC completely. The protocol is not designed for this to happen. This discussion might interest you: https://bitcointalk.org/index.php?topic=316813.0