The inherent flaws of Proof-of-Stake
The primary function of cryptocurrency systems is to reach and sustain consensus in a network of distributed computers. The study of consensus protocols is almost as old as distributed systems themselves. Bitcoin's implementation leverages Proof-of-Work as a Sybil-resistance mechanism in its consensus protocol, meaning that miners follow the branch with highest difficulty. Over the years, many researchers have explored alternative methods to implement consensus mechanisms, most notably Proof-of-Stake. Unlike Proof-of-Work, Proof-of-Stake does not relies on external resources such as energy expenditure as a source of pseudorandomness, which (in PoW) is the crux of the mechanism's security. In the paper below, academics analyze the types of pseudorandomness used to select the block producers in various popular Proof-of-Stake schemes. In short, the paper shows the formal security limitations of the PoS schemes in which the block-producer order is determined by an in-chain source of pseudorandomness; such schemes either make it easier to perpetrate attacks such as selfish mining, or easier to manipulate via stake grinding
"At a conceptual level, the barriers stem from the following: all cryptocurrencies require some source of (pseudo)randomness. In Proof-of-Work, this pseudorandomness is in some sense external to the cryptocurrency: the first miner to successfully find a good nonce produces the next block, and this miner is selected completely independently of the current state of the cryptocurrency. In Proof-of-Stake, it is highly desirable that the pseudorandomness comes from within the cryptocurrency itself, versus an external source (due to network security concerns discussed in Section 2). One might initially suspect that with sufficiently many hashes or digital signatures of pastblocks, this can indeed serve as a good source of pseudorandomness for future blocks. However, we formalize surprising barriers showing a fundamental difference between external pseudorandomness and pseudorandomness coming from the cryptocurrency itself."
The consensus problem intuitively sounds trivial but is fiendishly hard. A common trap is to design protocols that assume a solution to consensus… without even realizing it. Prime example: "All nodes generate the same pseudorandom value by observing astronomical phenomena." https://t.co/Cd6rDr3SiJ— Arvind Narayanan (@random_walker) September 22, 2018
PoW's externalization connects bitcoin to fundamental properties of the universe.— Joshua Matettore (@matettore) September 22, 2018
This makes it an objective standard based on Physical constants.
PoS's internalization is by definition, subjective. https://t.co/ldJmsnmKXY
"0.16.3 Release and disclosure. Shamir BIP0039, Generic Signed Messages, post-Segwit scaling, LN Schnorr/Taproot, Privacy Coin Comparison and Bitmain Lawsuit."
The percentage of the network not upgraded after a major patch corresponds to economically worthless nodes. If they did or affected something useful, someone would have bothered to upgrade them. https://t.co/TSc0eRfB7a— Emin Gün Sirer (@el33th4xor) September 24, 2018
1/ Zap 0.2.2 has just been released! Tons of bug fixes, features and stability improvements are included in this release as LN continues its march onwards ⚡️🌩️— Zap (@ln_zap) September 24, 2018
Quick thread on notable changes, features, fixes, and general info below pic.twitter.com/GRGUM5zo1y
"The consensus in off-chain systems is typically achieved by leaders in the community. For instance, Bitcoin’s off-chain consensus (not consensus on transactions) is reached by large mining players such as Bitmain, core devs, and business entities interacting with each other and coming to an agreement."
News & Commentary
"Perhaps the best example of reflexivity leading to decreased prices is Ethereum. While I believe the concern around ICO projects being forced to sell their ETH-denominated treasuries has been overstated, it’s a useful and easy to understand example."
This article repeats a common fallacy, that Bitcoin is a failure because it's slower and more expensive than Visa. That's not the relevant comparison though. The question is whether it's slower/faster than other means of making censorship-free transactions https://t.co/QWNoIQN6ir pic.twitter.com/S3In4WXJvD— Joe Weisenthal (@TheStalwart) September 24, 2018
"Additionally, either the SEC or Congress would also have to revise Section 12(g) of the Exchange Act, which currently caps the total number of shareholders at 2,000 before a company is subject to public reporting requirements."
"Against this ideal, they then tested three scenarios conceivable in today’s world: Companies own data, people own data, or the sharing of data is essentially outlawed."
"This inflated money supply encourages consumers to spend and accumulate increasing debt which they will eventually find difficult to pay off, especially among those with a lesser income. As fiat money is circulated into an economy, the price of goods being purchased affects first the lower-income population and trickled slowing upward. The wealthier will retain spendable currency far longer than those at the bottom of the economic rung. As prices rise, the wealthy can still afford to purchase needed goods."