Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: PoS is far inferior to PoW - why are so many people advocating switching to PoS
by
gatra
on 13/11/2014, 14:33:06 UTC
Quote from: Daedelus on November 13, 2014, 01:23:08 PM
Quote from: Daedelus on November 13, 2014, 09:17:50 AM
Quote from: DumbFruit on November 12, 2014, 04:26:15 PM
Quote from: achimsmile on November 12, 2014, 07:00:49 AM
2. It does not bother to mention how many calculations are needed to secretly build a valid longer chain with a small stake in a specific PoS system. This is like saying sha512 algo can be cracked, without calculating how many tries one needs to crack it...

I'm eagerly awaiting a revised version that calculates needed computing power to n@s-attack, let's say current version of Nxt.
The tedious details that would go into trying to figure out precisely how NxT would be attacked don't resolve the problem that the paper is talking about, and more importantly, it's not the responsibility of us to put forward the security model.


The 'tedious detail' is what your argument is and relies upon. Until you provide this and show there is a problem, then there is no problem as it hasn't been articulated. It is in the same camp as stating categorically "The numbers 3 and 5 can never be used to give a sum of 23" and then not even attempting any calculations to check you are correct, as it isn't your "responsibility to put forward summation models".  



Below is paraphrased from Come-from-Beyond and is a question that was posed in May 2014. It has still gone unanswered (publicly at least, the silence of the initial Nothing at Stake zealots is telling I think).



Alice wants to attack the blockchain.
She owns private keys of 400 accounts totalling to 75% of the stake.
She is planning to rewrite the history from block 5'000.
Legit chain is at block 5'300 (less than 720).
Cumulative difficulty at block 5'000 is 8'000'000.
Cumulative difficulty at block 5'300 is 9'000'000.
How many SHA256 operations in average it's necessary to do to find a branch where cumulative difficulty at block 5'300 is at least 9'000'001?
Hint: Blocks from 5'000 to 5'300 were forged by 100% of the stake.



Without a detailed further explanation of the so called Nothing at Stake 'problem', further discussion is quite useless.

Bump.

I am genuinely interested in the answer,  I can only assume you are all busy with your calculators right now. I can wait.



My follow up question would then be...

Would doing this many SHA256 operations be at no cost?


If you still believe this would be free, check would it be possible to do. i.e. what is likelihood that you can do this many SHA256 operations to recalculate a better chain within the 720 block time limit?

There is no answer because the question makes no sense.
first answer this: why do you think there are many SHA256 operations involved? how would a large hashrate benefit an attacker?
it's not a matter of hashrate, it's 300 blocks * 60 seconds * 400 accounts = 7200000. Hashing that many SHA256 takes less than one second on a modern cpu.

The question is not clear because it talks about "the stake", but what is "the stake"? the total amount of coins? or the amount of coins actively forging at the given time? were your 400 accounts forging on the main chain at block 5000 or not?

If you control more coins at block 5000 than those that were forging at block 5000 then you can simply rewrite everything.