[quote=“mhps, post:36, topic:2849”][quote=“josojo, post:35, topic:2849”]My conclusion so far:
punishing on a protocol level would help improve security and calm critics.[/quote]
From what I have seen, heavy weight critics have either been misunderstanding the facts (Maxwell) or critisizing on theoretical or priciple arguement (Cunicula, killerstorm). You can’t calm the latter ones with discouragement solutions because determined attackers will attack at any cost. There has to be a solution that places a technical hard stop to any attack.[/quote]
I am taking a different point of view.
Cuniculas critic is this one:
Quote from: cunicula on October 17, 2012, 03:20:09 PM
You do lose a little due to compound interest. I get 1% interest a year from PPCoin. This is compounded every time I get a block. Getting the block earlier increases the compounding frequency.
I concede that the benefit is extremely small.
My problem is as follows:
- There is a positive incentive to adopt modified code.
- The modified code invalidates the proof-of-stake mechanism.
A cheap attack is to release modified code and pay new users a small amount to adopt it. Stake contributed by these corrupted clients would no longer secure the network. You depend on the residual users who decide to use the original code out of altruism. Again, admittedly just a tiny bit of altruism would suffice to motivate them.
Anyways, the broader point is that security should be created by block validity rules. These rules are enforceable. Modifiable code should not be the basis for security.
The blockchain-based solution is to require stakeholders to submit work when they submit signatures. This rule can be enforced in the blockchain.
My proposal would eliminate the first point - the fact that there is a positive incentive to adopt modified code. In fact, one would get a punishment if one uses the modified code and mints on several branches. Hence it would resolve this kind of critics completely! Can you argue that?
and Sunny’s answer to Cunicula was:
This probably belongs to the same type of issues as the other open issue that minters may stop processing transactions. I generally consider under these type of situations most rational nodes would not try to modify client to gain very little profit. Tragedy of the commons most likely does not apply as the gain is minimal.
Ideally it would be nice to not have this type of issues, but in practice it might not be easy to completely rid of them given the design goals and other more serious attacks to defend. Also if it’s true that users are easily bribed to adopt corrupted clients, then there are likely a lot more tragedy of the commons type of attacks to all cryptocurrencies including bitcoin.
From
https://bitcointalk.org/index.php?topic=101954.msg1278690#msg1278690
Thus Sunny admits that something like my proposal of punishment on a protocol level would be ideal, but his argument is that it opens new vulnerabilities. I would like know them!
killerstroms bribery attacks have a very small probability to succeed. But since they can be carried out for free, you can try as often as you want. Thus they might be dangerous. Just a small discouragement could do wonders, because then there are small cost and you will not participate in a bribery attack very often.
Of course, this does not completely resolve the problem, but even Bitcoin has not completely solved this problem.