Thanks for your reply Koubiac.
The duplicate stake detection mechanism's purpose is to prevent miners from mining on multiple chain when a natural network fork occurs. Without this system miners could mine on both (or more) forks in order to avoid having their block orphaned and this would hurt the consensus.
It's not a security measure against people creating a fork in order to rewrite the transaction history.
OK thanks, I understand the motivation here now. This mechanism helps to force a consensus.
The chosen inflation level is not the only parameter that matters.
If you consider a PoS and a PoW coin that are economically identical (market cap, inflation, transaction volume etc..) the cost of an attack will be orders of magnitude higher in the case of the PoS coin.
Let's imagine as you say that the PoW coin uses a 6% inflation rate to pay for security and both coins have a $100B market cap.
- In the case of the PoW coin, the cost of a 51% attack will be 51%*$100B*6%~$3B
- In the case of the PoS coin, let's suppose that with a 6% inflation rate, 50% of the coins mine, then the cost of a 51% attack will be: 51%*$100B*50%~B25$
And this doesn't even take into account the fact that in our example the actual inflation rate for the PoW coin is 6% whereas for the PoS coin it's 6%*50%=3%.
Therefore, the PoS coin is paying twice less for a security level ~8 times better.
Sorry but this analysis fails. Your numbers on PoW and PoS are calculated differently.
Your PoW analysis looks decent, for the case of carrying out the attack for a full year, and assuming 0 frictional costs (ASIC rental service fees, organizational costs, etc). However the PoS analysis should give exactly the same number, because by construction we have chosen parameters such that both networks pay the same security fee to the miners. Why would I buy the PoS coins? I can borrow them, perform the attack, and return them. interest rates are frictional costs. The 6% is calculated from the full money supply but we only need to get 51% of the staking coin, so one could argue this attack would be cheaper than the PoW for the normal case of not all coin being staked (some people might actually want to transact in it).
NeuCoin's mining equation is simply:
hash(kernel)< target*balance of UTXO
OK, so now we see that the best way to mine NeuCoin is to form massive pools. This is not incentivised due to smaller more regular payouts like it is in bitcoin, but a directly higher return due to the formation of a larger UTXO balance. This looks completely broken to me. Am I missing something?
I'm not sure I get what you mean by that? Your probability to win depends on the size of your stake.
Let's imagine you and I both own 100 neucoins.
If we mine separately, we
both try once per second (therefore, together we try twice per second) to find a solution to:
hash(kernel)
If we put our coins together, we will
once per second try to find a solution to:
hash(kernel)
So it's exactly the same as trying once per second to find a number between 1 and 1000 or trying twice per second to find a number between 1 and 2000. The odds of succeeding are the same.
OK, you have a point there. What was the point of Sonny's time weighting again? What enforces the 1 per second rule, block time or hashpower?