We can't escape from proof-of-work (PoW) and maintain decentralized consensus. Period.
I'd love to see a proof of that. Not meant as a challenge and I don't necessarily disagree at this point. It just seems hard to say that because we don't know of a way there can't be a way, and such a proof would be interesting.
In fact I have a vague notion of idea that may be possible, but I haven't reduced it to a usable form. (Not at all related to PoS or other such techniques, and my idea may too devolve to PoW in some unseen way.)
Let's start with the refutations I did in the past couple of months to some old quotes from jl777 about the ability to game stake and shorting together. I think the insight was there. I need to get back to that when attempting to prove it and write a paper. I didn't want to dig right now as it is a lower priority tangent for me at the moment. Hey that is no attack on jl777 as he has said he is agnostic to the choice of PoW or PoS, so he will adjust as to what is proved. To prove that assertion will be more difficult than just having a single insight, similar to
proving P ≠ NP.
My comment may have been unclear. I have a vague notion of a (maybe) non-PoW method that might actually work.
I have no idea whether it is possible to prove that no non-PoW method is possible. I don't think showing that PoS is impossible (not sure if we are even there yet, but as you say, refutations of claimed PoS methods always seem reasonably easy, if tedious) is sufficient.
I'd love to see a proof of that. Not meant as a challenge and I don't necessarily disagree at this point. It just seems hard to say that because we don't know of a way there can't be a way, and such a proof would be interesting.
This is no proof, but you can say for certain that the cost of executing a double spend in any POS system is a simple constant proportional to the amount of stake you control. In POW, the cost is super linear in the number of blocks, which is far better security.
I am bringing a conversation about block chain consensus over from the
wrong thread to this one which is more applicable to recent discussion of my design, Dash's, etc..
I can see there was no way for me to respond without being forced to do the work that I was trying to delay since it isn't the highest priority for me.
We had our 2 hour daily brownout so I wasn't able to complete my thoughts. I was actually editing the prior post when the brownout hit. I haven't had time to get a battery backup set up (the high quality charger and inverter can't even be purchased here and was on order from the USA since July but another thing on my TODO list that this chicken running around with his head cut off can't keep up...because my waking hours are finite).
jl777 (and others, actually jl777 didn't start the thread I am referring to) had made the argument (many moons ago, not necessarily reflecting his opinion now as all of us are continually learning) that someone who purchased stake to game theory control a proof-of-stake coin would not have an incentive to do so because they wouldn't be able to extract their stake fast enough on the exchanges if they did something harmful to the coin that negatively impacted its market value. I pointed out (some months after that thread had died) that logic doesn't hold true if it is possible to short the coin. The profit can be attained external to the coin itself, i.e. another example of unbounded entropy of life (Second Law of Thermodynamics). I am thinking the reason this relates to my attempt at a conceptual proof of P ≠ NP (and also to
my point today to smooth about why Zerocash anonymity is paradigmatically distinct from IP obfuscation), is because it is yet another example of where unbounded entropy can't be made into a barrier (other than Coasian barriers which fail in waterfall collapse).
Many want to argue against PoS making the point about nothing-at-stake (the ability to apply your stake to multiple chain candidates simultaneously because no
external resources are consumed by applying stake unlike PoW where electricity is consumed and each hash computed is unique to that chain). But I don't view nothing-at-stake as the fundamental issue. The fundamental issue is that the entropy of stake is bounded. Thus if you own sufficient stake you can control every single outcome of the mining. No matter how you jumble it to make it more difficult it remains the fact that finite entropy can be known a priori and thus controlled. This is the point
I (as AnonyMint) made to the author of Decrits back in 2013 on bitcointalk.org. Whereas with PoW, even if an entity controls 99.999% of the hash power, no one can win every block announcement unless they have 100% of the hash power. Now with Satoshi's design that fact didn't help security once the adversary had 49+% of the system hash power because the adversary could always form a longer chain that blacklisted the block announcements of the minority. But in my reformulation of PoW, I claim that (in theory) even a 99% adversary can't monopolize and destroy the permissionless quality of the consensus.
Second Law of Thermodynamics: In any cyclical process, the entropy will either increase or remain the same.
Entropy: a measure of the amount of energy that is unavailable to do work.
One might argue that if it ends up being a comparison between controlling 100% of the stake versus 100% of the PoW, there is no distinction. The distinction remains that the
stake is finite and bounded by the money supply (even if it is increasing, we know what it is a priori),
thus one can know (even if the calculation is very jumbled and obfuscated)
when they've acquired sufficient stake to control the outcome of mining (and thus double-spends, force their changed protocol on the minority for complex reasons, etc). Whereas,
PoW is always unbounded. On any block announcement, no one can't predict a priori how much PoW resources will be applied to solving it. And this is only possible because PoW is an unbounded,
consumed resource and PoS is a bounded,
unconsumed resource. I am currently developing an abstract conceptualization that this is very much analogous to the dichotomy (duality perhaps) of categories that I believe can maybe be employed to prove P ≠ NP.
What this categorical theory tells us is that PoS can't be permissionless and PoW can be. Up until recently, apparently no one had figured out how to make PoW permissionless against a 49 - 99% adversary. I claim to have solved that. Yes there are tradeoffs as guaranteed by the CAP theorem.
PoS is a private club of trust and reputation. It is not a mathematically trustless paradigm we can use to make a
decentralized paradigm for the internet.