Traxo, I know the Nothing at Stake problem and that PoS is not "objective" in the sense that there isn't, in every moment, a "longest chain" that all participants can identify. What you quoted from your chat is basically what Andrew Poelstra wrote in his well known essay: "
On Stake and Consensus" (page 9 and 10, if you want to re-read it).
I wasn't clear enough but that was what I meant with this phrase:
PoS has some disadvantages, because no external resources are "burnt" and so its consensus depends on the blockchain history, but it can be organized in a way the disadvantages aren't relevant for a working cryptocurrency system.
Even Poelstra does not object that:
However, proponents argue that since for an honestly-created history, long stretches of blocktime correspond to long stretches of real time, any revision of so much history is sure to contradict the history as remembered by participants in the system. Thus such an attack would be detected, recognized as an attack, and the new history
rejected.
If this is implemented correctly, there is no problem with this, except that it changes the trust model from that of Bitcoin. New users who encounter multiple histories are no longer able to distinguish them on their own; they need to ask existing participants in the network (which may include friends and family, large corporate entities with reputations to maintain, public websites, etc.) which history they know to be the true one. This is not a distributed consensus!
The last remark "This is not a distributed consensus" is the key: PoS is not "objective" in the sense of a
mathematical consensus model, but in part "subjective". I invite you to read Vitalik Buterin's article about
Weak Subjectivity.
The "shocking document" you cite is much more superficial than Poelstra's and Buterin's documents (and the linked Bitfury document, which is also mostly correct) and completely ignores "altruism-prime", which in my opinion is the most important mechanism why PoS works: because for honest stakers it's more important to keep the value of the coin (in simple terms, "forks are bearish") than to win a bit more transaction fees or block rewards by minting on multiple chains. That is also why block rewards are low or inexistent in PoS currencies, because in a highly inflationary PoS currency stake grinding and forking on multiple chains would be incentivized.
An explanation of altruism-prime:
Altruism-prime is essentially the combination of actual altruism (on the part of users or software developers), expressed both as a direct concern for the welfare of others and the network and a psychological moral disincentive against doing something that is obviously evil (double-voting), as well as the fake altruism that occurs because holders of coins have a desire not to see the value of their coins go down.
"Altruism-prime" has been tried to refute with a short seller attack (attacker lends a large part of currency supply, double spends it, short sells it, creates a chain reorganization and profits from re-buying at a much lower price) but this short selling attack is not only very expensive and unpractical, but also possible with PoW and may be even cheaper, if the attacker buys hashing power for a part of his lended coins (for a long lasting 51% attack you need about 5% of the market cap of a currency).
The choice of of which forged blocks to mine upon is either based on enforcement power (e.g. the grouping of stake with the most stake) else PoS devolves as stated.
That is what I meant with "51% (nodes with 51% of "active" stake) must be honest". Honest nodes are different than an "oligarchy".
Even if the stake grouping with the most stake is not a majority of the stake, it must necessarily be coordinated (not randomly autonomous) in order to maintain the longest chainthus fulfills the definition of an oligarchy in control.
"Coordination" is only necessary to avoid new nodes (or some that have been offline for a long time) being lured into an attack chain. That is done normally by frequent hard-coded checkpoints in every new minor version that don't differ from Bitcoin's checkpoints included in the Bitcoin versions. In some currencies like in NXT, a concept named "TaPoS" or "Economic Clustering" is used, that allows a new user to rapidly check if his node is on the same chain than his friends or his service providers (exchanges etc.).
That all does
not prove that an "oligarchy" is needed. The only thing is that there must be a trustable website to download the code, but that is also true with PoW currencies.
For Qtum and EOS (wasn't that the successor of Bitshares?), I can't comment them, because I never followed these coins. Bitshares was a bit shady, that's true, but I liked some of their innovations (but not DPOS, that is truly an "oligarchy".)
CoinoUSD is an IOU like Tether, while NuBits is/was (it still exists but is totally irrelevant) a totally flawed model. I was talking about BitUSD.
What is your proof it is a myth?
I've followed the ICO in 2013 and even invested a few satoshis there. Those that participated all were given their "stake".
I can't prove that "BCNext" didn't participate, but my point is that from these 73 founders, a lot were respected forum members. Maybe 10 or 20 could have been collaborators of BCNext and CfB and/or sockpuppets, but that is not the point I wanted to make.
(PS: I don't want to hijack anymore, theymos, if you want you can move the discussion about PoS into a separate thread - "Can PoS work?" or something like that.)