“We design and implement TwinsCoin, the rst cryptocurrency based on a provably secure and scalable public blockchain design using both proof-of-work and proof-of-stake mechanisms. Different from the proof-of-work based Bitcoin, our construction uses two types of resources, computing power and coins (i.e., stake). The blockchain in our system is more robust than that in a pure proof-of-work based system; even if the adversary controls the majority of mining power, we can still have the chance to secure the system by relying on honest stake. In contrast, Bitcoin blockchain will be insecure if the adversary controls more than 50% of mining power. Our design follows a recent provably secure proof-of-work/proof-of-stake hybrid blockchain by Duong et al. (ePrint 2016). In order to make our construction practical, we enhance Duong et al.’s design. In particular, we introduce a new strategy for difficulty adjustment in the hybrid blockchain and provide an analysis of it. We also show how to construct a light client for proof-of-stake cryptocurrencies and evaluate the proposal practically. We implement our new design. Our implementation uses a recent modular development framework for blockchains, called Scorex. It allows us to change only certain parts of an application leaving other codebase intact. In addition to the blockchain implementation, a testnet is deployed. Source code is publicly available.”
What is the new capability being offered here over existing proof of stake systems like Peercoin? Or is this just a formal security model against threats that the designers feel are important?
A Provably Secure Proof-of-Stake Blockchain Protocol
This repositoryThis repository contains a Haskell implementation of the Provably Secure Proof-of-Stake white paper[1], done in conjunction with members of IOHK, the University of Edinburgh, the University of Athens, and the University of Connecticut.In the paper that lends its name to this project¹, a “Proof-of-Stake” protocol with rigorous security guarantees is described in detail, one upon which a full-fledged cryptocurrency can be based.This repository is the first implementation of a cryptocurrency that uses the provably secure distributed consensus “proof-of-stake” model proposed in the aforementioned paper.The paper was as closely followed as possible by the implementation’s authors.
I’m a strong believer of hybrid protocols.
The difference with peercoin is that peercoin gives no chain weight to PoW blocks, meaning that the chain is secured purely by PoS.
However, I’d rather see use moving towards a more true hybrid too.
the long range attack is very hard on any chain, it’s still a distributed consensus system nobody would accept such a long range fork as almost everyone has something to lose.
A true hybrid could simplify the stake modifier algorithm considerably.
Does it fix a known vulnerability? Not that I know, but simplicity reduces the chance of unknown vulnerabilities.
Would an honest minority that mints end up with a fork and continue on their own chain, eventually the “bad” chain would be pruned out by the network? Those that do not mint would be susceptible to attacks?
This supposed “attack” by bribing people to do things and they say “a double spend could happen quite easily”
The document was written July 2014
If this could happen “quite easily” in the last 3 years why hasn’t it happened?
People who assert claims, should have to show proof of concept before publishing papers like this…
I’m going to write a paper that says Bitcoin is unsecure and I can control the Bitcoin chain because I could easily bribe people who are running Bitcoin nodes and mining farms quite easily. See how stupid that sounds?
What is even more interesting is that their paper finalizes with “4 Conclusion” and there is no conclusion in it. It’s empty. Do we assume they have no conclusion? lol.
The ‘bribe attack’ is just the N@S attack. The argument says there is nothing at stake should the attack fail. What it fails to mention is what the bribes cost, what failure costs for the attacker, and what the loss is for the people that take the bribes. The attacker must attempt to bribe the specific 6 people that followed their txn, in an extremely short period of time. So basically, this means the attacker will have to submit some txn with monetary importance (like an exchange deposit) over and over again until they get all 6 bribes. Then, on the side of those being bribed, they stand to lose whatever stake they just made for sure, plus most likely the rest of their investment if peercoin crashes. Finally, those being bribed are being implicated in a fraudulent act and the person broadcasting bribes to try to get people to customize their clients on the fly to start minting on a particular block instead of the current chain is opening themselves up to prosecution just by offering it. And remember, they are asking people to do this over and over again until they get 6 in a row after making a big txn like a deposit to an exchange (and we’re assuming the exchange doesn’t lock their funds afterward, or the vendor refuse to deliver the goods). Even with all this, are these bribes happening every time 1 or 2 of the 6 succeed? Or is it a ‘pay-on-fraud-delivery’? I just don’t see this as being at all practical as an attack on a decentralized system.
TL:DR To perform a bribe attack you must simultaneously communicate your bribe to anonymous entities while keeping it secret from the person you are double spending, a seemingly impossible task. This is in addition to a number of other difficulties spelled out above.