Ramp Up Removal

A lot of the potential changes we’ve explored recently make some intuitive sense to most people. Whether we are talking about rewards based on coinage versus per block, or the time between blocks, most of this we can kind of imagine their effect. However, one change that is proposed is a little bit more in depth, and I would love to spark some discussion about it because it is a pretty meaningful change to the way the statistics works. I am talking about the removal of the ‘ramp up’, which is the portion of the maturation period where coins start to gain mint probability but have not yet achieved full maturity.

rampup1200×846 114 KB

This graph shows 3 different cases, one with our current ramp up of 60, one with and in-between of 30, and one with 0. I want to point out a few things here, first is that the difference between 60>30 and 30>0 is pretty big. That’s because it’s basically a different form of statistics, once the ramp up is identically 0 the statistics can be solved fully by a geometric series. With any finite ramp up, you have to fully treat the day by day calculation. So it’s a pretty big functional change to the modeling, and one of the tantalizing reasons why we would want to implement it.

It should be fairly easy to see that the optimum remains in a pretty similar place, but the mint probability skews towards higher utxo sizes, meaning that the blocks lost at optimum goes down as we remove the ramp up period. This is another reason why we would want to remove the ramp up period. Indeed, this argument can be used against the maturation period in general, which would devolve toward a solution akin to what black coin ended up doing with ‘PoS 2.0’.

My counter argument here is that the maturation period is a crucial concept of building opportunity cost to offset the ‘nothing at stake’ argument. If a person can buy coin, crash the network, then sell the coin before the market can react, then that leaves the doors wide open to attack. We do have the post-mint period where the coinstake is locked from transacting, but that is a shorter 3 days or so. The maturation period of 90 days is a significant time investment for an attacker to make.

One degree of freedom we have here is that the maturation period consists of 2 parts: the ramp_up and the min_prob_days. We can, for example, remove the ramp up and double the length of the minimum wait period to mint. This would get the benefit of a simplified set of statistics while still preserving a good bit of the opportunity cost. The question mostly comes down to how we model this opportunity cost. Is an intelligent attacker who looks at our network more deterred by a 60 day wait period before they even get a chance to attack, or by a 30 day initial wait with a total of 90 days before they reach full potential? We can also consider the implications on user interface, does a new excited minter like the added complexity and slow engagement of the ramp up process, or is it confusing?

The removal of the ramp up with nothing to replace it is my biggest concern with the recent protocol modifications proposed. I would love to hear from some others in the community about your take on this subject.

Firstly, it is indeed true that there is a wait for the minimum stake age. Moreover, the opportunity cost, assuming no movement in price, is small in any case relative to the much larger costs of attack.

There are capital requirements for an attack, but if an attacker can sell for the same price, then there is no loss apart from the opportunity cost as mentioned.

However, to meet the coin requirements for an attack, the purchase cost will be very large due to liquidity constraints. Purchasing a large amount of peercoin would push up the price. Selling the same amount of peercoin would subsequently dump the price. The cost of the resulting spread could easily outweigh any opportunity cost.

Moreover, an attack on the network would impact the value of the coins. The attacker would compromise the value of their own coins as the market responds to the attack. They’d have to rely on the market being unresponsive to such an attack. This imposes further risk to the attacker that the sold price will be lower.

Also, as the removal of the ramp-up and reduction of minimum age serves to reduce “blocks lost at optimum” and may encourage more minting, an expected increase in security level will make things harder for the attacker.

A pump and dump could shake out in the attackers favor as muchas against. The minimum time between purchase and attack gives time for the network to respond and return to equilibrium, a force that almost surely will work against said attacker (as the network absorbs the buys and returns to normal, it will trend downward toward the mean). The minimum age and the rampup are more than just about obfuscating thecoinstake, they are an integral part to the calculation of what is at stake when attackig the network.

The difference in security parameter is only about 10%. Id worry that that going from 90 days full maturity to 14 days is a reduction in attack costs by 85%.

A pump and dump scheme works if the attacker can promote enough buyers from the price activity and these buyers must remain in large number to provide exit liquidity.

An attacker has to buy up a massive amount of coins. This would be difficult and probably take a large amount of time due to the limited liquidity available on the market. The faster the attacker buys, the higher the price will increase. Likewise, the faster they sell, the more the price will decrease.

Even without an attack on the network, I think buying such a large number of coins in a short time-frame without massive transaction costs would be unrealistic. If an attacker accumulates coins slowly, then that in itself creates a time-cost.

In the event of an attack, users can become aware of this. The client could warn of deep re-orgs or large amounts of stale blocks so users are more acutely aware of a problem. The attacker will need to wait for nCoinbaseMaturity until they can spend their staked coins involved in an attack. This could be changed to a longer timespan if desired. Since an attacker has to wait to sell their coins, they will certainly make a loss from the depressed price as a result of the attack.

The time-cost would be the cost of capital minus the expected return holding Peercoin. If we assume this to be 10% APR, then it is only worth 2.41% over 90 days. The transaction costs and loss from the attack will certainly be much higher than this. The attacker also takes on considerable risk from ordinary fluctuating prices.

Perhaps we can change nCoinbaseMaturity from 500 blocks to a number of days? Perhaps as high as a week to give chance for the market to react to any foul behaviour. It works out as about 3 days right now.

I agree with tuning the post-mint, but it’s not kind to the user sometimes to lock their coin from transaction. The relevant time scale in my mind is the time from purchase to achieving a reasonable mint probability (say 1/2 of the maximum as a benchmark) to the time to sell. As such, yes the post-mint time is relevant. Currently, this total time is around 63 days. With removal of ramp up and doubling the post-mint, it’s still only around 37 days. Once we go to faster blocks, we’re talking about a comparison of something like 33 days to 21 days, so it’s better but still not quite there for me. I could maybe roll with setting the post-mint equal to the minimum age? I.e. 14 days in the new proposal.

After some discussions via discord, Matt and I have come to an agreement over 21 days of minimum maturity and 7 days of post-mint, for a total of 4 weeks minimum mint time from start to finish. This presumes a block interval of 5 minutes, and is based on simultaneous considerations including “blocks lost at optimum”, timescale of market forces, opportunity cost, obscuring the stake modifier, and other discussions of time scales. Please feel free to continue to use this thread to discuss this, or other, proposals for removing or fundamentally modifying the functional form of the maturation period.