Re: [bitcoin-dev] Opinion on proof of stake in future
> PoS is not suitable for use as a consensus system, because
it is constitutionally incapable of producing a consensus.
true - but only for a system that is starting from nothing.
since bitcoin already exists, and we have a consensus, you can use
bitcoin's existing consensus to maintain that consensus using
references to prior state. and yes, you simply have to limit reorgs
to not go back before PoW was abandoned in favor of PoS/PoB (assuming
all incentive problems are solved).
ie: once you have uses PoW to bootstrap the system, you can "recycle" that work.
On Thu, Jun 24, 2021 at 4:41 PM yanmaani--- via bitcoin-dev
wrote:
>
> No, 51% of the *coin holders* can't do diddly squat. 51% of miners can,
> but in PoW, that's a different set to the coin holders.
>
> The basic problem with PoS, anyway, is that it's not actually a
> consensus system ("weak subjectivity"). Either you allow long reorgs,
> and then you open the door to long-range attacks, or you don't, and then
> you're not guaranteed that all nodes agree on the state of the chain,
> which was the purpose of the system to begin with.
>
> To put it more plainly: for PoS to work, you need a consensus on which
> block was seen first. But if you had that, you could presumably apply
> that method to determine which *transaction* was seen first, in which
> case you could do away with the blockchain entirely. (Real-world
> implementations of PoS, such that they are, do away with this
> requirement, scrapping the global consensus on ordering in favor of
> having each node decide for itself which block came first.)
>
> In other words, even if you solved all the incentive problems, the fact
> remains that PoS is not suitable for use as a consensus system, because
> it is constitutionally incapable of producing a consensus.
>
> On 2021-06-24 00:14, Billy Tetrud via bitcoin-dev wrote:
> >> This is not true in a Proof of Work system and this difference
> > absolutely should not be trivialized.
> >
> > That is in fact true of Proof of Work as well. If a colluding
> > coalition of miners with more than 50% of the hashrate want to censor
> > transactions, they absolutely can do that by orphaning blocks that
> > contain transactions they want to censor. This is not different in
> > proof of stake.
> >
> > On Wed, Jun 23, 2021 at 11:14 AM Keagan McClelland
> > wrote:
> >
> >>> Premise: There is a healthy exchange market for PoS Coin X with
> >> tens of thousands of participants bidding to buy and sell the coin
> >> for other currencies on the market.
> >>
> >> The difference here though is that Proof of Stake allows the quorum
> >> of coin holders to block the exchange of said coins if they are
> >> going to a particular destination. Nothing requires these staking
> >> nodes to include particular transactions into a block. With that in
> >> mind, it isn't just that you require the permission of the person
> >> who sold you the coins, which I can agree is a less dangerous form
> >> of permission, but you must also require the permission of at least
> >> 51% of the coin holders to even receive those coins in the first
> >> place. This is not true in a Proof of Work system and this
> >> difference absolutely should not be trivialized.
> >>
> >> Keagan
> >>
> >> On Wed, Jun 23, 2021 at 2:30 AM Billy Tetrud via bitcoin-dev
> >> wrote:
> >>
> >>> Barrier to entry in PoS is being given permission by the previous
> >> owner of a token
> >>
> >> The idea that proof of stake is not permissionless is completely
> >> invalid. It pains me to see such an argument here. Perhaps we can
> >> come to an agreement by being more specific. I'd like to propose the
> >> following:
> >>
> >> Premise: There is a healthy exchange market for PoS Coin X with tens
> >> of thousands of participants bidding to buy and sell the coin for
> >> other currencies on the market.
> >>
> >> If the premise above is true, then there is no significant
> >> permission needed to enter the market for minting blocks for PoS
> >> Coin X. If you make a bid on someone's coins and they don't like you
> >> and refuse, you can move on to any one of the other tens of
> >> thousands of people in that marketplace. Would you agree, Cloud
> >> Strife, that this situation couldn't be considered "permissioned"?
> >>
> >> If not, consider that participation in *any* decentralized system
> >> requires the permission of at least one user in that system. If
> >> there are thousands of bitcoin public nodes, you require the
> >> permission of at least one of them to participate in bitcoin. No one
> >> considers bitcoin "permissioned" because of this. Do you agree?
> >>
> >> On Thu, Jun 17, 2021 at 1:15 PM Cloud Strife via bitcoin-dev
> >> wrote:
> >>
> >> Barrier to entry in PoW is matter for hardware and energy is
> >> permissionless and exist all over the universe, permissionless cost
> >> which exists for everyone no matter who because it's unforgeable.
> >>
> >> Barrier to entry in PoS is being given permission by the
Re: [bitcoin-dev] Opinion on proof of stake in future
No, 51% of the *coin holders* can't do diddly squat. 51% of miners can,
but in PoW, that's a different set to the coin holders.
The basic problem with PoS, anyway, is that it's not actually a
consensus system ("weak subjectivity"). Either you allow long reorgs,
and then you open the door to long-range attacks, or you don't, and then
you're not guaranteed that all nodes agree on the state of the chain,
which was the purpose of the system to begin with.
To put it more plainly: for PoS to work, you need a consensus on which
block was seen first. But if you had that, you could presumably apply
that method to determine which *transaction* was seen first, in which
case you could do away with the blockchain entirely. (Real-world
implementations of PoS, such that they are, do away with this
requirement, scrapping the global consensus on ordering in favor of
having each node decide for itself which block came first.)
In other words, even if you solved all the incentive problems, the fact
remains that PoS is not suitable for use as a consensus system, because
it is constitutionally incapable of producing a consensus.
On 2021-06-24 00:14, Billy Tetrud via bitcoin-dev wrote:
This is not true in a Proof of Work system and this difference
absolutely should not be trivialized.
That is in fact true of Proof of Work as well. If a colluding
coalition of miners with more than 50% of the hashrate want to censor
transactions, they absolutely can do that by orphaning blocks that
contain transactions they want to censor. This is not different in
proof of stake.
On Wed, Jun 23, 2021 at 11:14 AM Keagan McClelland
wrote:
Premise: There is a healthy exchange market for PoS Coin X with
tens of thousands of participants bidding to buy and sell the coin
for other currencies on the market.
The difference here though is that Proof of Stake allows the quorum
of coin holders to block the exchange of said coins if they are
going to a particular destination. Nothing requires these staking
nodes to include particular transactions into a block. With that in
mind, it isn't just that you require the permission of the person
who sold you the coins, which I can agree is a less dangerous form
of permission, but you must also require the permission of at least
51% of the coin holders to even receive those coins in the first
place. This is not true in a Proof of Work system and this
difference absolutely should not be trivialized.
Keagan
On Wed, Jun 23, 2021 at 2:30 AM Billy Tetrud via bitcoin-dev
wrote:
Barrier to entry in PoS is being given permission by the previous
owner of a token
The idea that proof of stake is not permissionless is completely
invalid. It pains me to see such an argument here. Perhaps we can
come to an agreement by being more specific. I'd like to propose the
following:
Premise: There is a healthy exchange market for PoS Coin X with tens
of thousands of participants bidding to buy and sell the coin for
other currencies on the market.
If the premise above is true, then there is no significant
permission needed to enter the market for minting blocks for PoS
Coin X. If you make a bid on someone's coins and they don't like you
and refuse, you can move on to any one of the other tens of
thousands of people in that marketplace. Would you agree, Cloud
Strife, that this situation couldn't be considered "permissioned"?
If not, consider that participation in *any* decentralized system
requires the permission of at least one user in that system. If
there are thousands of bitcoin public nodes, you require the
permission of at least one of them to participate in bitcoin. No one
considers bitcoin "permissioned" because of this. Do you agree?
On Thu, Jun 17, 2021 at 1:15 PM Cloud Strife via bitcoin-dev
wrote:
Barrier to entry in PoW is matter for hardware and energy is
permissionless and exist all over the universe, permissionless cost
which exists for everyone no matter who because it's unforgeable.
Barrier to entry in PoS is being given permission by the previous
owner of a token for you to have it via transfer or sale, both
choices they never have to make since there are no continuous costs
with producing blocks forcing it. A permission is an infinitely high
barrier to entry if the previous owner, like the premining party,
refuses to give up the token they control.
You're skipping the part where you depend on a permission of a
central party in control of the authority token before you can
produce blocks on your rasberry Pi.
Proof of stake is not in any possible way relevant to permissionless
protocols, and thus not possibly relevant to decentralized protocols
where control must be distributed to independent (i.e.
permissionless) parties.
There's nothing of relevance to discuss and this has been figured
out long long ago.
https://github.com/libbitcoin/libbitcoin-system/wiki/Proof-of-Stake-Fallacy
https://medium.com/@factchecker9000/nothing-is-worse-than-proof-of-stake-e70b12b988ca
On
Re: [bitcoin-dev] Opinion on proof of stake in future
The key difference here is that in PoS the seller of the coin might still have a vested interest in the network, where in PoW the person you aquire energy from to mine and mint has absolutely nothing to do with the network. Anyone with power supply can sell it to you and has no further interest in what you do with that power. If you don't find a powersupply, you can build your own. That is not generically true for PoS. If the seller is still staked with more coins they hold, they are entrenched in the network and have "permissioned" you to partake only for what they sold to you. Even worse, if a super-majority decides to simply never sell, you cannot aquire significant stake and participate in minting. Am 24.06.21 um 10:12 schrieb bitcoin-dev-requ...@lists.linuxfoundation.org: Re: Opinion on proof of stake in future Premise: There is a healthy exchange market for PoS Coin X with tens of thousands of participants bidding to buy and sell the coin for other currencies on the market. If the premise above is true, then there is no significant permission needed to enter the market for minting blocks for PoS Coin X. If you make a bid on someone's coins and they don't like you and refuse, you can move on to any one of the other tens of thousands of people in that marketplace. ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] [Lightning-dev] Waiting SIGHASH_ANYPREVOUT and Packing Packages
Hi Michael,
> Browsing quickly through Greg's piece, a lot of the reasoning is based on
FOSS experience from Linux/Juniper, which to the best of my knowledge are
centralized software projects ?
> That is Greg's point. If Linux doesn't look further than the current
> version and the next version with a BDFL (Linus) a decentralized
> project like Bitcoin Core is going to struggle even more with longer
> term roadmaps.
I was far more inclined to recall the unsolved problems for Lightning/L2s
(pre-signed feerate/tx-pinnings) than calling out strong solutions to them.
I believe problem spaces are quite something stable in engineering/science,
at least until they're formalized differently. But even coming to consensus
on the existence of problems and a shared perception of the severity of
them can take a long time. In fact, it might even be the hardest step in a
decentralized ecosystem like Bitcoin.
And I fill in on the low-relevance of roadmaps, real development is a
continuous zigzag. If we look in the past and take the transaction
malleability issue, I think we can observe it took multiple proposals (bip
62, normalized txid, sighash_noinput, ...), of which we're even
implemented in Core, before to finally settle on segwit. Though I would say
lessons were drawn about shortcomings of every transient proposal.
> I think it is important to discuss what order changes should be
> attempted but I agree with David that putting specific future version
> numbers on changes is speculative at best and misleading at worst. The
> record of previous predictions of what will be included in particular
> future versions is not strong :)
I recognize it wasn't delicate to put exact version numbers, though note
multiple, alternative versions numbers were deliberately proposed for each
specific change and timelines given in terms of years, more as an invite
to open a discussion on such changes and where/when they could take place,
that in anyway a finite, consistent deployment proposal.
Further, I still believe it would be cool to have a bit more coordination
when Core implements sophisticated mechanisms designed for downstream
support, in the sense of feedback exchanged across projects all along their
release schedules. For e.g, with package-relay, as a Lightning team it's
likely you will have to rework your tx-broadcast module which might take a
few good weeks of review and test. Though, coming to this best practice
(imho) across the different Bitcoin layers might take years and that's
perfectly fine, we'll see what emerges :)
> What was making sense when you had like ~20 Bitcoin dev with 90% of the
technical knowledge doesn't scale when you have multiple second-layers
specifications
> It is great that we have a larger set of contributors in the ecosystem
> today than back in say pre 2017. But today that set of contributors is
> spread widely across a number of different projects that didn't exist
> pre 2017. Changes to Core are (generally) likely to be implemented and
> reviewed by current Core contributors as Lightning implementation
> developers (generally) seem to have their hands full with their own
> implementations.
Well I strongly believe that the Core review process is open to anyone :) ?
If some upper layers contributors are generously offering their time to
share back their experiences, especially during the design phase of
software features, I hope we might be on path to deliver better stuff.
Further, that's a more personal note, I'm worried long-term about
layer-monoculture cropping up in the ecosystem, a concern echoing the
history of Internet development [0].
> I think we can get the balance right by making progress on this
> (important) discussion whilst also maintaining humility that we don't
> know exact timelines and that getting things merged into Core relies
> on a number of people who have varying levels of interest and
> understanding of L2 protocols.
Yes, as answers to my post are showing, I might have lacked patience in
this case :/ Sometimes, it's hard to gauge your own cognitive dissonance on
topics.
Cheers,
Antoine
[0] See "Interactions between Layers" in "General Architectural and Policy
Considerations", RFC 3426
Le lun. 21 juin 2021 à 06:20, Michael Folkson a
écrit :
> I don't want to divert from the topic of this thread ("Waiting
> SIGHASH_ANYPREVOUT and Packing Packages"), we can set up a separate
> thread if we want to discuss this further. But just a couple of
> things.
>
> > Browsing quickly through Greg's piece, a lot of the reasoning is based
> on FOSS experience from Linux/Juniper, which to the best of my knowledge
> are centralized software projects ?
>
> That is Greg's point. If Linux doesn't look further than the current
> version and the next version with a BDFL (Linus) a decentralized
> project like Bitcoin Core is going to struggle even more with longer
> term roadmaps.
>
> I think it is important to discuss what order changes should be
> attempted but I agree
Re: [bitcoin-dev] Opinion on proof of stake in future
> That is in fact true of Proof of Work as well. If a colluding coalition of miners with more than 50% of the hashrate want to censor transactions, they absolutely can do that by orphaning blocks that contain transactions they want to censor. This is not different in proof of stake. This power does not translate into them being able to block your acquisition of hashpower itself, a property extremely different than in proof of stake. On Wed, Jun 23, 2021 at 6:14 PM Billy Tetrud wrote: > > This is not true in a Proof of Work system and this difference > absolutely should not be trivialized. > > That is in fact true of Proof of Work as well. If a colluding coalition of > miners with more than 50% of the hashrate want to censor transactions, they > absolutely can do that by orphaning blocks that contain transactions > they want to censor. This is not different in proof of stake. > > On Wed, Jun 23, 2021 at 11:14 AM Keagan McClelland < > keagan.mcclell...@gmail.com> wrote: > >> > Premise: There is a healthy exchange market for PoS Coin X with tens of >> thousands of participants bidding to buy and sell the coin for other >> currencies on the market. >> >> The difference here though is that Proof of Stake allows the quorum of >> coin holders to block the exchange of said coins if they are going to a >> particular destination. Nothing requires these staking nodes to include >> particular transactions into a block. With that in mind, it isn't just that >> you require the permission of the person who sold you the coins, which I >> can agree is a less dangerous form of permission, but you must also require >> the permission of at least 51% of the coin holders to even receive those >> coins in the first place. This is not true in a Proof of Work system and >> this difference absolutely should not be trivialized. >> >> Keagan >> >> On Wed, Jun 23, 2021 at 2:30 AM Billy Tetrud via bitcoin-dev < >> bitcoin-dev@lists.linuxfoundation.org> wrote: >> >>> > Barrier to entry in PoS is being given permission by the previous >>> owner of a token >>> >>> The idea that proof of stake is not permissionless is completely >>> invalid. It pains me to see such an argument here. Perhaps we can come to >>> an agreement by being more specific. I'd like to propose the following: >>> >>> Premise: There is a healthy exchange market for PoS Coin X with tens of >>> thousands of participants bidding to buy and sell the coin for other >>> currencies on the market. >>> >>> If the premise above is true, then there is no significant permission >>> needed to enter the market for minting blocks for PoS Coin X. If you make a >>> bid on someone's coins and they don't like you and refuse, you can move on >>> to any one of the other tens of thousands of people in that marketplace. >>> Would you agree, Cloud Strife, that this situation couldn't be considered >>> "permissioned"? >>> >>> If not, consider that participation in *any* decentralized system >>> requires the permission of at least one user in that system. If there are >>> thousands of bitcoin public nodes, you require the permission of at least >>> one of them to participate in bitcoin. No one considers bitcoin >>> "permissioned" because of this. Do you agree? >>> >>> On Thu, Jun 17, 2021 at 1:15 PM Cloud Strife via bitcoin-dev < >>> bitcoin-dev@lists.linuxfoundation.org> wrote: >>> Barrier to entry in PoW is matter for hardware and energy is permissionless and exist all over the universe, permissionless cost which exists for everyone no matter who because it's unforgeable. Barrier to entry in PoS is being given permission by the previous owner of a token for you to have it via transfer or sale, both choices they never have to make since there are no continuous costs with producing blocks forcing it. A permission is an infinitely high barrier to entry if the previous owner, like the premining party, refuses to give up the token they control. You're skipping the part where you depend on a permission of a central party in control of the authority token before you can produce blocks on your rasberry Pi. Proof of stake is not in any possible way relevant to permissionless protocols, and thus not possibly relevant to decentralized protocols where control must be distributed to independent (i.e. permissionless) parties. There's nothing of relevance to discuss and this has been figured out long long ago. https://github.com/libbitcoin/libbitcoin-system/wiki/Proof-of-Stake-Fallacy https://medium.com/@factchecker9000/nothing-is-worse-than-proof-of-stake-e70b12b988ca On Tue, Jun 15, 2021 at 7:13 AM James MacWhyte via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > > @Lloyd wrote: > > Of course in reality no one wants to keep their coin holding keys >> online so in Alogorand you can authorize a set
Re: [bitcoin-dev] Opinion on proof of stake in future
> This is not true in a Proof of Work system and this difference absolutely should not be trivialized. That is in fact true of Proof of Work as well. If a colluding coalition of miners with more than 50% of the hashrate want to censor transactions, they absolutely can do that by orphaning blocks that contain transactions they want to censor. This is not different in proof of stake. On Wed, Jun 23, 2021 at 11:14 AM Keagan McClelland < keagan.mcclell...@gmail.com> wrote: > > Premise: There is a healthy exchange market for PoS Coin X with tens of > thousands of participants bidding to buy and sell the coin for other > currencies on the market. > > The difference here though is that Proof of Stake allows the quorum of > coin holders to block the exchange of said coins if they are going to a > particular destination. Nothing requires these staking nodes to include > particular transactions into a block. With that in mind, it isn't just that > you require the permission of the person who sold you the coins, which I > can agree is a less dangerous form of permission, but you must also require > the permission of at least 51% of the coin holders to even receive those > coins in the first place. This is not true in a Proof of Work system and > this difference absolutely should not be trivialized. > > Keagan > > On Wed, Jun 23, 2021 at 2:30 AM Billy Tetrud via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >> > Barrier to entry in PoS is being given permission by the previous >> owner of a token >> >> The idea that proof of stake is not permissionless is completely invalid. >> It pains me to see such an argument here. Perhaps we can come to an >> agreement by being more specific. I'd like to propose the following: >> >> Premise: There is a healthy exchange market for PoS Coin X with tens of >> thousands of participants bidding to buy and sell the coin for other >> currencies on the market. >> >> If the premise above is true, then there is no significant permission >> needed to enter the market for minting blocks for PoS Coin X. If you make a >> bid on someone's coins and they don't like you and refuse, you can move on >> to any one of the other tens of thousands of people in that marketplace. >> Would you agree, Cloud Strife, that this situation couldn't be considered >> "permissioned"? >> >> If not, consider that participation in *any* decentralized system >> requires the permission of at least one user in that system. If there are >> thousands of bitcoin public nodes, you require the permission of at least >> one of them to participate in bitcoin. No one considers bitcoin >> "permissioned" because of this. Do you agree? >> >> On Thu, Jun 17, 2021 at 1:15 PM Cloud Strife via bitcoin-dev < >> bitcoin-dev@lists.linuxfoundation.org> wrote: >> >>> Barrier to entry in PoW is matter for hardware and energy is >>> permissionless and exist all over the universe, permissionless cost which >>> exists for everyone no matter who because it's unforgeable. >>> >>> Barrier to entry in PoS is being given permission by the previous owner >>> of a token for you to have it via transfer or sale, both choices they never >>> have to make since there are no continuous costs with producing blocks >>> forcing it. A permission is an infinitely high barrier to entry if the >>> previous owner, like the premining party, refuses to give up the token they >>> control. >>> >>> You're skipping the part where you depend on a permission of a central >>> party in control of the authority token before you can produce blocks on >>> your rasberry Pi. >>> >>> Proof of stake is not in any possible way relevant to permissionless >>> protocols, and thus not possibly relevant to decentralized protocols where >>> control must be distributed to independent (i.e. permissionless) parties. >>> >>> There's nothing of relevance to discuss and this has been figured out >>> long long ago. >>> >>> >>> https://github.com/libbitcoin/libbitcoin-system/wiki/Proof-of-Stake-Fallacy >>> >>> >>> https://medium.com/@factchecker9000/nothing-is-worse-than-proof-of-stake-e70b12b988ca >>> >>> >>> >>> >>> On Tue, Jun 15, 2021 at 7:13 AM James MacWhyte via bitcoin-dev < >>> bitcoin-dev@lists.linuxfoundation.org> wrote: >>> @Lloyd wrote: Of course in reality no one wants to keep their coin holding keys > online so in Alogorand you can authorize a set of "participation keys"[1] > that will be used to create blocks on your coin holding key's behalf. > Hopefully you've spotted the problem. > You can send your participation keys to any malicious party with a > nice website (see random example [2]) offering you a good return. > Damn it's still Proof-of-SquareSpace! > I believe we are talking about a comparison to PoW, correct? If you want to mine PoW, you need to buy expensive hardware and configure it to work, and wait a long time to get any return by solo mining. Or you can join a mining
