Re: Proof that Proof of Stake is either extremely vulnerable or totally centralised
If he does succeed , then he has to wait 20 to 90 days before another optimal window is open to try again, if coin age is involved.
True, but the problem with coin-age is that it's very easy to accumulate 51% of the active stake with much less "real stake", which makes the attack cheaper. From what I know, the PoS trend since 2014 is to refrain from coin-age for the "weight" of a stake (e.g. NXT, Blackcoin).It's basically a tradeoff: With coin-age it may be more difficult to launch continuous attacks, but it's much easier to launch a single double-spend attack. You have to decide what is worse - a single successful attack may already make people lose confidence in the coin and bury it deep in the "shitcoin" hole.
Quote
PoW miner has no such wait period and can run continuous succeeding attacks with no wait time.
But he has to pay for the electricity all the time.Quote
I don't care if the guy own 80% of a proof of stake coin, by combining all of my coins into a single block, and using max coin age, I could get 1 block added per dormant period and he can't stop me therefore including my transactions in the blockchain.
OK, you may have a point here. depending on the length of the "dormancy" period. But there have to be some actively minting whales for that. (Maybe Anonymint could find some trick here, however 
)Quote
Bottlecaps is a prime example, it was 51% attacked multiple times,
all they did was reimburse Cryptopia for the double spend coins, and as of today it is still trading there,
with increased required confirmations to 200 and running a checkpoint server.
all they did was reimburse Cryptopia for the double spend coins, and as of today it is still trading there,
with increased required confirmations to 200 and running a checkpoint server.
Quote
(They could have done a rolling checkpoint and stayed decentralized, but they choose a centralized solution.)
But only with an extremely long confirmation time, and that was my point. Bottlecaps is a very small coin and not really used for something useful. It's simply a pennystock for gambling on exchanges, so nobody cares about it requiring so many confirmations. A coin with real merchants and clients waiting for goods and services wouldn't be able to recover "as a currency" without a hard fork.Quote
I think the fear is that an attacker could focus his attack specially trying to fork the network into more than one branch.
Agree here, but I have to investigate more.Quote
Easy ways to mitigate this is choose random times or allow set times in the wallets to block reorgs between a time range of between 1 hour to 2 days.
Would all clients block the same reorgs? Hm, looks complicated.Quote
Also the wallet designer could include a manual Allow Reorg Button , that lets the client reorg from any time, if they were forked so they don't have to redownload the blockchain from scratch.
Possible, but I don't like this solution - I think a client which does the "button click" automatically would be more popular, and then you have no reorg protection anymore.Quote
*FYI: Blackcoin choose ~8.3 hours for their no reorg limit.*
Currently the lowest one, AFAIK.
Interesting, thanks. They're one of the more interesting "traditional" PoS coins out there.Currently the lowest one, AFAIK.
Since the network always accepts the longest chain, he would end up in creating every new confirmation and getting full control over the blockchain.
OK, here it seems you're right, my bad. While others can find blocks, the dominant miner/attacker would simply orphan them. In this case PoS has a point.I am however not sure if there is really no way to censor transactions with PoS coins. I have read something somewhere, but have to search it, I think it was a post by Anonymint.