Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: Proof-of-stake is more decentralized, efficient and secure than PoW- white paper
by
jonald_fyookball
on 01/04/2015, 19:27:57 UTC
Quote from: koubiac on April 01, 2015, 05:39:49 PM
Quote from: jonald_fyookball on April 01, 2015, 11:34:33 AM

Exactly.  The percentage of mining from other people would drop to zero in a false chain that the attacker generates on his own through grinding.  It would have to, by definition, since the attacker must create the entire chain.  However, since no one really knows who owns what coins, the network would not be able to tell the difference except that perhaps there is a longer time than usual between blocks.  


Ok I think the reason why we had a hard time understanding each other is because you're talking about an entirely different implementation of PoS than that derived from Peercoin.
I guess it's closer to NXT's protocol although I'm not particularly familiar with it.

Explaining in details how NeuCoin's (and Peercoin's) implementation works would be too long to do here but you can take a look at the white paper (sections 3.1 to 3.2 starting page 13) if you want more details.

However, it's not possible to grind through stakes the way you described. Basically, the kernel (which is the equivalent of the stake modifier in Peercoin) is designed in way that prevents you from grinding in a efficient manner. This is explained in details in sections 3.3.3 of the white paper.
 


I'm not particular familiar with NXT or various implementations, i'm speaking in terms
of general principles.  Based on the whitepaper, there's a complex calculation involving
the UXTOs and the block headers of previous blocks. I still don't see how that prevents
"grinding" or using computational power to build a chain.

If it is difficult to compute, isn't that almost becoming proof of work and everything
that goes along with it?  (If its difficult to compute for an "average" computer,
wouldnt an ASIC do it easily?)

You seem to be saying that it is not difficult to build a chain of 1 block, but it
difficult to build a chain of many blocks under this implementation.  
What exactly makes that possible?  I haven't seen any explanation of that assertion,
if that's what is being claimed.

(Please note that even with proof of work, building a longer chain technically
isn't exponentially more difficult than building a shorter chain. It only
becomes exponentially more unlikely to execute a successful 51%
attack because of the diminishing probablity that you can keep up in a
LINEAR fashion in real time with the main chain)

Maybe I'm missing something, but it sounds like a self-defeating argument:

"We'll prevent this from turning into proof of work by making it really
hard to compute."  Tongue