Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Topic OP
Coin days not a good measurement of stake (Critique of PPCoin)
by
LaggedOnUser
on 12/05/2013, 00:22:24 UTC
I've been thinking about PPCoin.  While I like the idea of combining Proof-of-Work with Proof-of-Stake to save energy, I think maybe PPCoin is doing it wrong.

The measurement of stake that PPCoin uses is "coin-days", the age of your coin since it was last spent.  That is not actually measuring stake.  If I have 100 coins and let them mellow for 10 days, I don't have 10 times as much stake as I did on the first day.  I still just have 100 coins, exactly the same stake as on the first day.  Letting coins age requires no effort or energy to be expended.  Thus, rewarding someone for the age of their coin is nonsense.

Imagine if we treated currency that way.  "I have two $100 bills in my wallet.  I've kept the first one for 100 days, but I've received the second one only yesterday.  Obviously, the fact that the first $100 has been sitting there makes it more trustworthy."  The age of the bills in my wallet does not measure their validity.

As an experiment, imagine that the average age of a PPCoin is 10 days (this experiment assumes coin age is unlimited, although I think it may be limited in practice).  Assume that there are a total of 1,000 PPCoins coins in the whole world as a simplified example.  As an attacker, I acquire 1/10 of the available coins (in this example, 100 coins) and let them age 100 days.  My coin age = 100 days * 100 coins = 10,000 coin-days.  The rest of the network has 900 coins * 10 days = 9,000 coin days.  It looks like my ageing the coins just gives me free leverage to take over the network.  Since it doesn't reflect any actual additional stake being invested in the coin, it actually weakens it rather than strengthening it.

Furthermore, spending the coins arbitrarily destroys their coin age, which doesn't make sense either.  Both the buyer and seller of a pile of coins value them equally -- why does one have a lot more stake than the other?  This also reduces the incentive to spend the coins.

A proof-of-stake coin should actually measure stake!  Age of a coin is not an investment because it costs them nothing, and it is not a stake.  Just because you can measure something, like coin age, does not make it important.

How to fix, if this is indeed a problem?  Don't know, cause I'm not a coin designer.  My guesses:
1. Use amount of coins as a measurement of stake rather than coin-days.  That way, a person would have to acquire 51% of the coins to execute an attack, without the free leverage added by coin age.
2. Use amount of coins times the age of the person in the network not the age of the coin.  That is, measure the number of blocks they have helped mine and weight their amount of coins by that as a measure of their trustworthiness.  Not sure if or how to accomplish this.  However, it has the benefit that they can buy and sell coins freely without diminishing their stake in the network.
3. Ignore amount of coins and use the number of blocks the person has helped mine as a measure of their trustworthiness.  This would reward durability of mining, which unlike coin age is actually a measurement of stake.  Call it mining-days rather than coin-days.

Imagine that 1,000 people have equal computer power and mine the coin every day for one year.  That is 1,000 mining-years.  A new person who wanted to overtake the network would not just have to muster 51% of the network, but would have to do so until his total contribution was more than the rest of them put together.  To exceed the rest of them in the second year, the attacker would have to provide 2,000 mining years in one year all by himself just to exceed their combined, growing stake.  Since he only has 1 year to do it in, he has to muster 2,000 times the capacity of the rest of the network combined.  At least that is how I imagine it.

Well, comments?