PPC questions, Gav weighs in

The first thing I did after buying BTC was buy some PPC and hold, I wish I purchased more PPC!

In any event as you can see I am a supporter of PPC (and mined XPM in the first few days but not much)

Gav made the following comments on PPC and I would be looking to any one to rebut or critique these comments

Criticisms of Proof-of-stake by GibbsSamplePlatterin Bitcoin

"[–]gavinandresen 12 points 22 days ago

I think Andrew Miller put it best: “The trouble with Proof-of-stake is that there is nothing at stake.”

Consider the basic function of proof-of-work and the blockchain: together, they let the network come to a consensus when there are two (or more) different, competing chains.

Miners must decide to dedicate their hashing power to just one chain-- they cannot “bet on” more than one. So their best strategy is to work on the chain that they think most other miners are working on, and that quickly drives the system to a consensus on a single, best chain.

The trouble with proof-of-stake is there is no natural incentive stopping a miner from assigning their stake to multiple, competing chains. If you try to create such a system, you “go meta” – you started by trying to solve the transaction double-spend problem (which proof-of-work and the blockchain handle nicely), and end up trying to solve a proof-of-stake double-spend problem."

from this thread

Personally I think PPC may be the large value chain not BTC.

Any how over too you!

From what I understand:
Peercoin has duplicate stake detection. You could try to do this - assign your stake to multiple competing chains, but other nodes may only take the first block you send due to the duplicate stake detection. That means you would end up on one fork anyway.

(Disclaimer: I am by no means an expert, so correct me if I am wrong)

Here is “gmaxwell” and a a few others in an IRC discussion today discussing the issue, if it helps:

<hoolandi> Lepton: So does proof of stake somehow provide more security? <Lepton> apparently it defends the coin againt the 51% attack vulnerability <Lepton> im no expert <Lepton> try #ppcoin maybe <hoolandi> Okay thanks <Lepton> also it should be noted that PPC is still mainly PoS <Lepton> PoW*** <hoolandi> Really! <Lepton> and slowly transitioning to PoS <hoolandi> So wait, you have to bootstrap a PoS coin from PoW? <Lepton> yup <hoolandi> That actually makes sense. <Lepton> else how will the initial coins be distributed <hoolandi> Of course. <Lepton> best would be 1 per human being on this planet <hoolandi> Agreed <gmaxwell> PPC is not really PoS... The developer signs blocks to choose the chain. Origially that was just supposted to be for bootstrapping but the PoS stuf was found to be insecure several times. Its not clear if PoS can ever work as a consensus mode. Which is sad... <hoolandi> gmaxwell: Signs blocks to choose the chain? You mean it's not automatic? <Lepton> gmaxwell, arent they removing the checkpoints gradually? <gmaxwell> But it seems fundimental: In POW you burn costly energy to attempt blocks, if the work you're attempting doesn't become part of the longest chain, then its just wasted. You have something at stake that drives you to an honest consensus. For PoS, paradoxically, you have nothing at stake... no reason to not attempt to PoS mine any and all potential forks that you don't dislike. <gmaxwell> hoolandi: the developer runs some automated process that does it, centerally selecting the winning blockchain. <Lepton> I could swear i read that <helo> just as ripple is removing centralization gradually <gmaxwell> Lepton: that was what it originally claimed, but the vast majority of blocks have been PoS blocks for a long time. <hoolandi> gmaxwell: That's kind of weird. <gmaxwell> Lepton: http://www.cryptocoinexplorer.com:2750/chain/PPCoin < the PoW ones are the ones with high difficulty, as you can see, there aren't so many. <cocaine> gmaxwell: you think if PoS would be worked out <cocaine> it would be superior to PoW ? <Lepton> so its almost fulyl PoS now? <gmaxwell> cocaine: at this point I suspect it's not possible for PoS to be worked out without using another higher level of consensus to make sure you can't use your stake on more than one fork at a time. <hoolandi> gmaxwell: So in that case, it's unclear if PoS actually increases the security of the network (protection from 51% attack notwithstanding) <gmaxwell> hoolandi: even in terms of protection from 51% attack... the first PoS reworking PPC had to do was to try to stop a PoS miner from effectively majority attacking the chain... he worked by trying many many possible histories of the chain to find ones where— "miraculously"— coins he owned kept getting PoS selected. <cocaine> gmaxwell: It does sound like a fundamental problem. However, I am certain it can be resolved in time. <pajamas> is there any chance that funds could be removed from gox by a hacker? <stormlight> CampBX cost 8$ per trade. Is that common? <gmaxwell> (the rework POS selection depend on POW blocks to make it harder for a PoS attacker to control the inputs to the PoS selection and get themselves selected over and over again) <CStars> security is not secure <Lepton> oh heres what i read <Lepton> from the developer of ppc <Lepton> "Moreover, ppc would also gradually transition to this operation mode of checkpoint. Even before that happens, I cannot arbitrarily shutdown ppc network either. The checkpoint system in ppc and xpm also builds in consistency check to protect network if checkpoint key is compromised. Overall the defense mechanism is much more effective against sustained 51% attack and is a great asset to help small altcoin networks." <gmaxwell> cocaine: I've not seen any real glimmer of progress on that. <cocaine> gmaxwell: I think that will happen once bitcoin becomes big enough, there will be an incentive then. <cocaine> right now, the incentives are weak. <AfterEffects> ppc still centralized? <gmaxwell> Lepton: yea, that was the original claim... that it would be removed after the network changed to PoS, but ... it hasn't happened. So you've basically got a centerally controlled network. The developer could allow a consensus to build one way then forcefully checkpoint it another. <hoolandi> AfterEffects: The choice of the chain is what you mean by 'centralized' ? <Lepton> gmaxwell, that was like 2 weeks ago <gmaxwell> (the consistency just means that the dev can't issue conflicting checkpoints)

This needs to be answered IMO before I get involved with something like PPC - it sounds like a great idea and I’d like to see it (or something like it) take off. I hope Sunny King can make some clarification here, or in one of his weekly updates to address the attack vector, mitigation, and weakness as it relates to PPC.

Way I see it, PoS blocks have to contain the hash of the previous block, so you can’t submit the same PoS to both forks unless you happen to find a solution to your block on both forks.
If it were possible, you’d never have orphaned PoS blocks.

However, I didn’t read the source code to verify this. I read the whitepaper and analyzed actual PoS blocks on a block explorer, and my own generated (and some orphaned) PoS blocks.

The BTC crowd seems not to realize that there is a bit of PoW mixed into the PPC PoS block generation, only using a low difficulty and a limited number of tries, to keep energy consumption low. This is what won’t give a solution on both branches of the fork at the same time.

If this was an actual problem (ie not solved by the requirement for low difficulty PoW during PoS) then it could be solved by adding to the protocol the ability to submit a “proof of abuse” transaction where the transaction contains the block headers from both forked chains that prove the miner is attempting an attack. Then from there you could figure out some interesting punishments for such abuse like the transaction automatically applying/being lock time on the abusive account.