PoS reward, coin age and minting time


I highly doubt this will happen. Even if peercoin has the same marketcap as bitcoin, i doubt we will see this occur. Only if peercoin’s marketcap is much bigger than bitcoin will we see the turning point.

Mining is for profit. We will see the turning point when the rewards are equal. So the condition is:

(Btc fees + btc reward) * btc price = (ppc PoW reward) * ppc price

As ppc reward decreases with hash power while btc reward only decreases discontinuously over a long period of time, and btc fees only seem to go up with time, it would require a very high ppc price to see this turning point occur.

This is actually a good thing, because this turning point also implies that peercoin’s energy consumption would be overtaking bitcoin’s. That will not ovcur when their marketcaps are equal, but instead only when peercoin has a much larger marketcap than bitcoin.


Can you explain this? I understand the value of continual distribution and decentralization. But how do PoW blocks ensure the PoS algorithm’s security? If the answer is just more coins in new hands, it seems like a very indirect tool given modest minting participation rates.

I suspect this might be out of context, and the fuller thought on nothing at stake is: “Even our PoS algorithm can [be gamed], but the gains are so small that it’s not worth spending time to do it.”


The reference is to the stake modifier which determines who gets the next PoS block. PoW implies a randomness that makes it even harder to control bits of the stake modifier. That said, it is already very difficult to control bits of the stake modifier with the current distribution, but it is certainly arguable that PoW still contributes to security in this very indirect way.


Pure proof of stake requires the adversary to control at least 51% of the staking coins.

Proof of stake with mining as in Peercoin requires the adversary to control at least 51% of the staking coins as well as at least 51% of the mining hash power. This is due to the mining blocks being included in the sequence of blocks. The adversary must somehow compute the proof of stake blocks as well as any proof of work blocks that are intertwined. However, these mining blocks do NOT contain transactions.


This isn’t quite accurate. I get what you are going for here, but you can easily have 6 PoS blocks in a row. The chainweight is only dependent on PoS, so one can mint a chain in private with 51% minting power and unleash it to overwrite any PoW basically for free. Sunny King would say that PoS is entirely responsible for the security of the chain.


Would there be a reason to not wait for 6 or more blocks where at least 1 block is a proof of work block followed by a proof of stake block?


We considered doing something like that, but ultimately adding a single PoW block to your attack chain isn’t very difficult so you dont get much in the way of security, on the other hand it may take a while on average for people to get the PoW confirmation. So the result would be that txns would take longer to verify without getting much payout in terms of security. You would likely get more bang for your buck by simply increasing the number of blocks you wait for to 8 or something like that.


Why is the proof of work block not difficult? So anyone can generate a proof of work block and collect the reward? The minimum should be that generating the proof of work block requires computation corresponding to the mining difficulty. Also, the mining blocks should not be generated independently of each other, that defeats the purpose of a chain?

So what is your meaning here? Why is it NOT difficult?

What is meant by proof of work confirmation in this context? On average of what metric?


If you have 51% PoS power, you can always make a heavier chainweight than the current chain because PoW blocks carry minimal chainweight. This means that you only need one PoW block in private, over however much time you want, to overwrite the chain. Because you are not competing in time, you dont need anywhere near 51% PoW power, you could do it with 1% (it might take a little while, but you would ultimately be successful)


In my own learning and testing with the Peercoin codebase, nStakeModifier each block seems to be the lynchpin of the whole PoS and PoW system.

If i’m not mistaken,

  • minting a PoS block totally depends on using a stake modifier within time window
  • PoS uses the entropy of stake modifier to ensure randomness of finding a block
  • mining a PoW block does not depend on the nStakeModifier
  • both PoW and PoS blocks can change the nStakeModifier value
  • if no one mines or mints blocks for a time, eventually PoS cannot mint because the window passes, but PoW can still mine


Im not sure what you mean by this. Can you elaborate? The other stuff looks right to me.


Sure, this is only noticible on a testnet situation. On Peercoin mainnet there is always someone PoW mining or PoS minting.

There is a variable in the code called nStakeModifierSelectionInterval , which is a number of seconds back to look in blocks for computing the next stake modifier. This is based on nModifierInterval, which is every 6 hours a new stake modified is computed.

If there are no blocks created in the past couple days, then the window has passed, and a PoS block cannot be minted. So only a PoW can be mined, then stuff can chug along normally again.