Proof-of-Stake Time?


#1

Has anyone here seen this yet?


#2

[quote=“Sentinelrv, post:1, topic:3504”]Has anyone here seen this yet?

http://www.vericoin.info/downloads/VeriCoinPoSTWhitePaper10May2015.pdf[/quote]

Interesting reading.

Would be nice to have the point of view of SK on it as the number of Peercoin active full nodes keeps going down.

I like the variable interest rate idea.


#3

[quote=“Sentinelrv, post:1, topic:3504”]Has anyone here seen this yet?

http://www.vericoin.info/downloads/VeriCoinPoSTWhitePaper10May2015.pdf[/quote]

[member=890]Sentinelrv[/member], could you reach out to [member=79]Sunny King[/member] to get his point of view on VeriCoin Proof-of-Stake-Time?

Sounds like an interesting enhancement to standard PoS for a project like “Peerassets”: only good-willing minters would have an interest in owning Peerassets shares.


#4

Honestly, PoST seems like a more developed (and more complicated) implementation of my suggestion in this thread from last year:

https://www.peercointalk.org/index.php?topic=3059.msg29718#msg29718

I eventually let the idea die because I decided that it isn’t really necessary.

First of all, many people who don’t take the time to understand Peercoin raise the concern of an attack achieved by storing up too much coinage. Peercoin already caps the probability of minting at 90 days (not 6 months as the VeriCoin paper asserts.) Thus, I find it a bit disingenuous of the authors to allude to this false objection in their discussion of Peercoin.

Secondly, POS minting really boils down to a form of lottery wherein players have no ability to choose their numbers but interestingly can predict precisely when their numbers will win. While stakeholders have a natural incentive to maintain honest live nodes, the security of the blockchain is ultimately not based upon thousands of random hashes across each block that have no chance of winning. Rather, the strength of the blockchain is derived from the inability of attackers to manipulate transactions so as to guarantee the hashes that will mint a continuous series of blocks.

As far as I can tell, PoST does not fundamentally change this aspect of energy-efficient POS minting, and therefore it really doesn’t improve blockchain strength. In other words, simply encouraging stakeholders to mint more frequently does not automatically make attacking the network more difficult.

Consider that for any level of participation, there will always be some number of stakes an attacker can amass to statistically guarantee a consecutive series of blocks. While PoST may theoretically increase the quantity of unique stakes required for a successful attack, it does not necessarily increase the cost of such an attack when considered in terms of the required coinage. As the average coinage destroyed in each block decreases, the total expense of producing attack chains also decreases.

Finally, we should anticipate that the eventual incentive for large stakeholders to hold coins and mint blocks is not derived strictly from avoiding inflation but from securing the value of the blockchain. In a future where POS cryptocurrency has been adopted for world-class finance I suspect that there will be no shortage active minters who have a strong vested interest in submitting high-value blocks at every opportunity. Conversely, smaller stakeholders will be mostly uninterested in minting and prefer to absorb inflation as the cost for participating in secure transactions.


#5

[quote=“learnmore, post:4, topic:3504”]As far as I can tell, PoST does not fundamentally change this aspect of energy-efficient POS minting, and therefore it really doesn’t improve blockchain strength. In other words, simply encouraging stakeholders to mint more frequently does not automatically make attacking the network more difficult.

Consider that for any level of participation, there will always be some number of stakes an attacker can amass to statistically guarantee a consecutive series of blocks. While PoST may theoretically increase the quantity of unique stakes required for a successful attack, it does not necessarily increase the cost of such an attack when considered in terms of the required coinage. As the average coinage destroyed in each block decreases, the total expense of producing attack chains also decreases.[/quote]

What we need to realize here is that a 51% attack can be done only with 51% of the currently minting coins.
So it sounds like the more coins minting, the more secure the network is. Or am I missing something?

We could even totally forbid minting if probability for a stake to find a block at a specific date is above a certain threshold, like 90%.
This would drastically reduces the risk of such an attack as the valid stakes will have to be found on a far shorter period of time than before.

I also like the variable reward rate incentive to mint frequently.

What do you think?

Peercoin holders should realize that they are the ones and only ones who are securing the network.
They are shareholders of the Peercoin company, this is totally different than Bitcoin.

EDIT: btw what is the product/service offered by this Peercoin company?


#6

I think this may be a useful approximation, but I’m not sure it accurately represents the true probability of attack. As I was trying to explain above, the “lottery” nature of minting allows some younger, smaller states to mint earlier than older, larger stakes. Therefore, winning multiple consecutive blocks using a single wallet is determined more directly by the total number of transaction outputs it contains rather than by the total balance. If a protocol such as PoST promotes the replacement of relatively few older, larger stakes in favor of a great number of younger, smaller stakes, then while it is true that more transaction outputs will be needed to win a consecutive chain, the ultimate goal of improving blockchain security is not necessarily improved.

For example, if I am attempting to build an attack chain and the average coinage of currently minting stakes is small, then I can afford to create a very large number of transactions which directly increases my chances of success. At some point there is even a statistical certainty that I could produce six consecutive blocks so long as I amass a large enough number of transaction outputs.

However, if I am competing against larger coinage stakes which are minting blocks, then my huge collection of small coinage transactions will not be able to muster sufficient chainweight to pull off a successful attack. I will be forced to consolidate my holdings into fewer transaction outputs in order to build a chain strong enough to replace the primary chain.

This is why I decided that protocol adjustments to encourage more frequent minting are ultimately unnecessary. The real incentive for stakeholders to mint is derived from securing their savings and not from annual interest (which is really just avoiding inflation). In my opinion, the Peercoin “company” offers money in its purest form to date (medium of exchange, unit of account, store of value, etc.) In the future, tremendous wealth will subsist in Peercoin and the minters will be nations and institutions. At that point, fretting over lazy stakeholders will seem quite passe.


#7

I think this may be a useful approximation, but I’m not sure it accurately represents the true probability of attack. As I was trying to explain above, the “lottery” nature of minting allows some younger, smaller states to mint earlier than older, larger stakes. Therefore, winning multiple consecutive blocks using a single wallet is determined more directly by the total number of transaction outputs it contains rather than by the total balance. If a protocol such as PoST promotes the replacement of relatively few older, larger stakes in favor of a great number of younger, smaller stakes, then while it is true that more transaction outputs will be needed to win a consecutive chain, the ultimate goal of improving blockchain security is not necessarily improved.

For example, if I am attempting to build an attack chain and the average coinage of currently minting stakes is small, then I can afford to create a very large number of transactions which directly increases my chances of success. At some point there is even a statistical certainty that I could produce six consecutive blocks so long as I amass a large enough number of transaction outputs.

However, if I am competing against larger coinage stakes which are minting blocks, then my huge collection of small coinage transactions will not be able to muster sufficient chainweight to pull off a successful attack. I will be forced to consolidate my holdings into fewer transaction outputs in order to build a chain strong enough to replace the primary chain.

This is why I decided that protocol adjustments to encourage more frequent minting are ultimately unnecessary. The real incentive for stakeholders to mint is derived from securing their savings and not from annual interest (which is really just avoiding inflation). In my opinion, the Peercoin “company” offers money in its purest form to date (medium of exchange, unit of account, store of value, etc.) In the future, tremendous wealth will subsist in Peercoin and the minters will be nations and institutions. At that point, fretting over lazy stakeholders will seem quite passe.[/quote]

[member=8565]learnmore[/member], would you be willing to try to put some numbers (statistics) over your assumptions? It would be helpful to understand what you are trying to explain.

At some point there is even a statistical certainty that I could produce six consecutive blocks so long as I amass a large enough number of transaction outputs.

I guess you have already sold all your peercoins :wink:


#8

I really regret letting my math skills slide so much since college… :frowning: Unfortunately I can’t produce the appropriate equation, but I do believe the concept is intact:

If I have a single very large 90-day-old TxOut in my minting wallet my probability of producing any single block is relatively high because the high coinage of my stake effectively lowers the difficulty of a successful coinstake hash. At the same time, the probability of producing a consecutive string of blocks is 0 because I will have to wait at least 33 days between each opportunity to mint.

On the other hand, if I have a million very small 90-day-old TxOut(s) in my wallet my probability of producing any single block is very low compared to the previous example, but my probability of producing a consecutive string of blocks is much higher because I now have many many more chances of obtaining a string of “lucky” hashes.

Due to the energy-efficient design of POS, I can easily calculate the entire set of available coinstake hashes for each of my million TxOut(s) spanning a 10-year-or-more search space. It is my assertion that at some high very number of TxOut(s) over a sufficiently long period of time, the probability of hitting 6 consecutive blocks by chance alone approaches 1.

I could then use these pre-calculated hashes to attempt a double spend at precisely the right moment where my attack chain begins its “lucky streak.” If the total weight (or trust) of the primary chain is low due to a predominance of small stakes minting, I may succeed in replacing it with my attack chain. However, if the primary chain contains some very large stakes, my chain trust will be comparatively weak and my attack chain will be discarded by clients.

Therefore, increasing minting participation by promoting smaller stakes with lighter coinage does not actually provide more security and may even decrease security against double spend attacks.

I hope this clarifies my point, but I agree that it would be much better put into a formula by someone with greater abilities than me!


#9

[quote=“learnmore, post:8, topic:3504”]I really regret letting my math skills slide so much since college… :frowning: Unfortunately I can’t produce the appropriate equation, but I do believe the concept is intact:

If I have a single very large 90-day-old TxOut in my minting wallet my probability of producing any single block is relatively high because the high coinage of my stake effectively lowers the difficulty of a successful coinstake hash. At the same time, the probability of producing a consecutive string of blocks is 0 because I will have to wait at least 33 days between each opportunity to mint.

On the other hand, if I have a million very small 90-day-old TxOut(s) in my wallet my probability of producing any single block is very low compared to the previous example, but my probability of producing a consecutive string of blocks is much higher because I now have many many more chances of obtaining a string of “lucky” hashes.

Due to the energy-efficient design of POS, I can easily calculate the entire set of available coinstake hashes for each of my million TxOut(s) spanning a 10-year-or-more search space. It is my assertion that at some high very number of TxOut(s) over a sufficiently long period of time, the probability of hitting 6 consecutive blocks by chance alone approaches 1.

I could then use these pre-calculated hashes to attempt a double spend at precisely the right moment where my attack chain begins its “lucky streak.” If the total weight (or trust) of the primary chain is low due to a predominance of small stakes minting, I may succeed in replacing it with my attack chain. However, if the primary chain contains some very large stakes, my chain trust will be comparatively weak and my attack chain will be discarded by clients.

Therefore, increasing minting participation by promoting smaller stakes with lighter coinage does not actually provide more security and may even decrease security against double spend attacks.

I hope this clarifies my point, but I agree that it would be much better put into a formula by someone with greater abilities than me![/quote]

Ok, I’m seeing a bit clearer now. I guess you are refering to “Preprogrammed long range attack” as described in page 36 of Neucoin whitepaper:

http://www.neucoin.org/en/whitepaper/download

The problem has clearly been identified by SK and is being fixed at the moment, the fix might even be included in next v0.5 release, we’ll see.

Concerning stake size, I am not sure that PoST implies the use of smaller stakes, as far as I understand it’s more a question of right “time” than right “size”.

What I am sure of is that we need to permanently maximize the number of currently minting coins.


#10

Fixing this issue was one of the main reasons for moving the release schedule up, so yes I’m 99% sure it will be included in v0.5.


#11

First let me say - Awesome Forums guys! Really professional and inviting.

Hi I’m Jay Jay. I do mostly PR/Marketing for VeriCoin.

Earlier today a user on our forums pointed out this thread to me and I passed it along to the Developers to read for themselves.

To [member=8565]learnmore[/member] - Regarding…

“Peercoin already caps the probability of minting at 90 days (not 6 months as the VeriCoin paper asserts.) Thus, I find it a bit disingenuous of the authors to allude to this false objection in their discussion of Peercoin.”

We never intentionally meant to mislead anyone nor attempting to be disingenuous - we actually made a mistake. You are correct regarding 90 days.

For that we apologize and will make the correction when we add our addendum to the PoST WP.

Also - I know there’s a general sentiment that “all” we did was add a “time dimension” to the protocol but there has been some really surprising results that we didn’t discover during TestNET which we will be adding in the Addendum. Because PoST is multidimensional maintaining efficiency was one of our most difficult challenges. It’s still incredibly efficient and we believe that it’s worth the trade off for better security and the incentive that comes with the variable disinflationary I nterest rate.

I can tell you first hand that our Developers have nothing but the utmost respect for SK, Peercoin AND Primecoin in general.

If anyone has any questions or ever needs to contact us - I can act as a liaison between the Devs and Communities.

Wishing you all much success! :slight_smile:

Cheers.

Jay Jay
PR/Marketing Manager
Twitter: [member=32650]VeryVeriViral[/member]


#12

This is correct, well, correctish anyway. The thing you’re leaving out, the thing that makes PoST interesting to me, is that increasing participation increases that “some very high number of TxOuts”. The method of the pre-programmed attack is to create a ton of TxOuts which will mint at some point in the future. Via the nature of a random walk algorithm, the third or fourth generation of minting from that plethora of TxOuts will have a lower chance than the first generation to get consecutive blocks. Therefore, a pre-programmed attack relies on early generation minting.

If we reward minters more for getting consecutive mints (not missing their window for minting) it will generate a kind of ‘reputation’ effect where honest minters are rewarded more. This will not directly increase blockchain security, but it will incentivize honest participation in minting over dishonest and so will indirectly improve our security. In crypto, coin inflation is paying for security; here we are attempting to give the inflation mainly to the people doing the most to keep it secure.


#13

Interesting point. It would encourage hoarding more than before, though.