undefined | Better HN

0 pointsTaek8y ago0 comments

No, in a proof of stake system collusion to rewrite history is essentially free.

In a proof of work system, even if you collude you still have to spend a non-trivial sum of electricity to create that alternate history. Electricity that would be making you money via the block reward if you were using it honestly.

It is provably more expensive to reconstruct history in a PoW setting, even when everyone is happily colluding.

0 comments

jcfrei8y ago

Whether it is more expensive or not is irrelevant. If a majority of the network (either in hashing power or number of tokens) decides to collude and start modifying network states for their own benefit then they will ultimately succeed. You argue that in a PoW system rewriting older blocks is more difficult than in a PoS system but that doesn't matter, because when a majority of the network becomes hostile and starts blocking all of your transaction attempts then the value of your coins immediately goes to zero. In a PoW system the records of your older transactions might be around forever but that's little more than damage control.

In such an adversarial environment proof of stake even has advantages over proof of work. If in a proof of work system a majority of the network starts to double spend or censor transactions, what can you do? You are essentially powerless because any fork (that tries to fix their malicious blocks) can be quickly taken over by the colluding miners. However in a proof of stake system you could simply fork once and destroy/invalidate all the tokens of the malicious miners.

TaekOP8y ago

If you are resorting to a hardfork to manage malicious actors, you can always change the proof of work algorithm, which would damage the malicious miners to a tune of billions of dollars in bitcoin.

Rewriting a year of history in a proof of stake system takes a couple days on consumer hardware. Rewriting a year of history in Bitcoin is going to require burning a literal hundred million dollars of electricity, if not an order of magnitude more.

In a proof of stake system, typically less than 30% of participants by coin amount actually do the proof of stake. And that's for systems that don't require you to bond coins for months. Exchanges frequently control that many coins. And if an exchange abuses their power, are you going to burn the coins of every single person using the exchange?

It gets worse than that though. You don't need current coins to attack the system. You only need old keys of coins that you sold. After you sell your coins, why wouldn't you sell your keys to an attacker too? If the attacker is paying for the keys, and you sold the coins anyway, there's nothing to lose for you.

Or an exchange can rotate their coins to new addresses and use the old coins to attack the system.

shrimpx8y ago

How is it more difficult to rewrite history in pow? Maybe only if you want to stick to the same exact algorithm going forward. But a modified node can do whatever it wants, including rewriting the blockchain from the beginning to use a different hashing scheme, making custom exceptions for individual block numbers, etc. It all depends on how the modifications align with the incentives of the coalition and user base.

j / k navigate · click thread line to collapse