Re: Proof-of-stake is more decentralized, efficient and secure than PoW- white paper
Sorry but this analysis fails. Your numbers on PoW and PoS are calculated differently.
Your PoW analysis looks decent, for the case of carrying out the attack for a full year, and assuming 0 frictional costs (ASIC rental service fees, organizational costs, etc). However the PoS analysis should give exactly the same number, because by construction we have chosen parameters such that both networks pay the same security fee to the miners. Why would I buy the PoS coins? I can borrow them, perform the attack, and return them. interest rates are frictional costs. The 6% is calculated from the full money supply but we only need to get 51% of the staking coin, so one could argue this attack would be cheaper than the PoW for the normal case of not all coin being staked (some people might actually want to transact in it).
I don't think it does, and I can't say I've ever seen this kind of argument against PoS before. The fact that the cost of a 51% attack scales with the market cap is a well known fact.
There is no reason for the "PoS analysis to give the same number". I'm not making any frictionless hypothesis in the case of PoW. If anything, I'm not taking into account the economies of scale that someone willing to buy the equivalent of 51% of the network's hashrate would enjoy.
The economics of PoW and PoS security are fundamentally different.
While borrowing the coins might seem like a better option than buying them, the security precisely lies in the fact that one cannot simply borrow 25% of the total currency. In our example, how would you go about borrowing $25B worth of coins? Let's suppose you could, I guess that in return, you would need a ~$25B collateral. Once you've attacked the coin and made the price plummet (unlike PoW, the attack can be traced back to you), I very much doubt you collateral wouldn't be seized. Therefore, the attack would still cost you $25B.
Also, in the example I gave, I haven't made the hypothesis than 100% of the coins were mining but only 50%.
Well I am more interested in facts that you know and can articulate than those which are "well known".
I am interested in particular in how you are avoiding checkpointing.
In terms of the 51% attack, obviously we don't buy asics we go directly to hash rental markets. I just want to reverse a TX a few blocks in, not own the whole network. Similarly with PoS. I put $25B worth of BTC in a smart escrow, so that I only get it back after I return the requisite numbero of PoS coins to the lenders, with interest / fee / whatever. Then I reverse the transactions on the PoS network I need to reverse, and get you your coin back. There is no reason why a few nice doublespends will crash the price to zero, and anyway the lenders have agreed to accept the units back at contractual terms independnet of price vs. any other asset. If those numbers seem too large, you can replace them with the actual market cap of your coin for a more realistic scenario.
Yes I can see how the security against reversing transactions is proportional to market cap, because you are paying 6% of market cap per year (in your example) to those who secure the network. It is well known that you "get what you pay for".. except of course when you don't
Quote
By time weighting do you mean the use of coin age in the mining equation? If so, the goal was to diminish the variance of the mining process to encourage small stake miners to mine. It has proven ineffective to attract more miners and it greatly hurts the security of the coin.
Concerning the 1 second rule, it is enforced by the fact that the only parameter that varies with time in the kernel (PoS's equivalent of Bitcoin's block header) is the time stamp which has a 1 second granularity.
Interesting. Isn't there a range of timestamps I can look through? Do blocks need to be sequential in timestamp? (they don't in bitcoin classic) Time enforcement is very central to these networks, if you have some new approach I would like to hear it.