Talk:Proof of Stake: Difference between revisions
Created page with "Surely proof-of-stake is vulnerable to malicious forking of the blockchain, whether motivated by double spending or just sowing destructive confusion of multiple versions? Ea..." |
m wording readability improvements |
||
Line 3: | Line 3: | ||
Each version of the blockchain is a full, self-contained "version of reality". If you (the malicious party engineering a fork) burn through your "stake" - whether bitcoins owned, bitcoin days destroyed, or anything similar - on one version of the blockchain, that still doesn't stop you creating another version, starting from the same block-before-yours as you started from for your first effort, where your same "stake" still exists and hasn't been burned through. (And then another, and another... All forking from the block that records your untouched stake.) So with trivial computational effort, you can create huge multiple forks; and there's no easy way for the network to pick a winner. | Each version of the blockchain is a full, self-contained "version of reality". If you (the malicious party engineering a fork) burn through your "stake" - whether bitcoins owned, bitcoin days destroyed, or anything similar - on one version of the blockchain, that still doesn't stop you creating another version, starting from the same block-before-yours as you started from for your first effort, where your same "stake" still exists and hasn't been burned through. (And then another, and another... All forking from the block that records your untouched stake.) So with trivial computational effort, you can create huge multiple forks; and there's no easy way for the network to pick a winner. | ||
Proof-of-work doesn't suffer this problem. A malicious party trying the above trick would have to perform fresh work for each fork, since the work finding a hash of adequate difficulty on one fork has no transferable value to the other(s). | Proof-of-work doesn't suffer this problem. A malicious party trying the above trick would have to perform fresh work for each fork, since the work done in finding a hash of adequate (i.e. difficulty-satisfying) quality on one fork has no transferable value to the task of finding one on the other fork(s). | ||
Am I missing something? [[User:Ids|Iain Stewart]] 23:24, 24 March 2012 (GMT) | Am I missing something? [[User:Ids|Iain Stewart]] 23:24, 24 March 2012 (GMT) |
Revision as of 23:27, 24 March 2012
Surely proof-of-stake is vulnerable to malicious forking of the blockchain, whether motivated by double spending or just sowing destructive confusion of multiple versions?
Each version of the blockchain is a full, self-contained "version of reality". If you (the malicious party engineering a fork) burn through your "stake" - whether bitcoins owned, bitcoin days destroyed, or anything similar - on one version of the blockchain, that still doesn't stop you creating another version, starting from the same block-before-yours as you started from for your first effort, where your same "stake" still exists and hasn't been burned through. (And then another, and another... All forking from the block that records your untouched stake.) So with trivial computational effort, you can create huge multiple forks; and there's no easy way for the network to pick a winner.
Proof-of-work doesn't suffer this problem. A malicious party trying the above trick would have to perform fresh work for each fork, since the work done in finding a hash of adequate (i.e. difficulty-satisfying) quality on one fork has no transferable value to the task of finding one on the other fork(s).
Am I missing something? Iain Stewart 23:24, 24 March 2012 (GMT)