You are viewing a single comment's thread from:

RE: Twitter Evacuation Guide for Bitcoiners

in #dbuzz4 years ago

Hugo Nguyen has a bunch of great work on the topic on his medium

https://hugonguyen.medium.com/proof-of-stake-the-wrong-engineering-mindset-15e641ab65a2

https://hugonguyen.medium.com/proof-of-stake-private-keys-attacks-and-unforgeable-costliness-the-unsung-hero-5caca70b01cb

Indeed the whole reason this chain exists is due to a long tail event problem with DPOS that required humans to fix. And that's fine for a social network but not for a world reserve currency.

DPOS solves A few of the problems of regular PoS But introduces others (Validator collusion or coercion), either way what you get out of it is a massively increased throughput. Traditionally in blockchain a high throughput has been advertised as something desirable to compete with Visa, but should be recontextualized as a useful tool for social media. Visa is an L2 anyway.

Sort:  

"Indeed the whole reason this chain exists is due to a long tail event problem with DPOS that required humans to fix."

The problem wasn't necessarily with DPOS. It was the launch of the Steem blockchain where the launching party accumulated over 80% of the initial "bootstrap" mining period. It was a questionable launch (massive stake accumulation) + DPOS. That opened the door to a hostile takeover, which was aided by centralized exchanges using custodial funds to stake those tokens and vote for consensus witnesses by the attacker.

In the hard fork where we split from the Steem blockchain, what remained from the original pool of tokens from the Steem "ninja-mine" was put into the decentralized fund that's being used for various development and marketing proposals. So that massively disproportionate stake can no longer be held over the chain as an attack vector.

Hive also just recently hard forked and added a protocol to address similar potential attacks by exchanges or "bad actors." The protocol adds a 30-day waiting period on newly-staked tokens so that a wallet cannot stake and then instantly attempt to attack the network via validator voting. It gives the network time to recognize and address an impending attack on it - time to "circle the wagons," as some have put it. This would still be difficult to pull off, as it would require quite a large amount of tokens to be acquired and staked. And as noted with the Steem-Hive situation, users can simply split away from the attacker, taking their communities and apps with them.

It essentially makes an attack both unreasonable and costly due to the likely risk of failure. With Steem, Justin Sun already bought the main company behind the blockchain, so he was "locked in" to his investment at that point and most likely did not foresee the reaction. There's currently no company or sizable stake like that on Hive.

Regarding Hugo Nguyen's articles you linked...

I find his arguments against POS to be lacking, particularly his criticisms over attack vectors.

The idea that someone will be torturing any Hive witnesses, or all 17 of the top 21 needed for consensus, in order to attack and take over the chain is quite laughable. Likewise for any of the largest stakeholders that could possibly control all of the consensus witnesses. And again, even if either of these were to happen, a new chain could be spun up and the old one abandoned. Balances could be taken from the most recent valid snapshot, and then exchanges could simply update to the new version and leave the compromised chain/token hanging.

Simply stealing keys also has a remedy on Hive in the form of account recovery. But stolen keys isn't a problem that's exclusive to POS chains, so I don't think that's a valid reason to put POW above POS. You would need to steal a lot of separate account keys in order to gain the stake needed to control consensus.

The benefits gained from DPOS are faster speed, lower cost, lower hardware requirements, lower energy consumption, and increased agility when facing potential failures and attacks. Proof-of-work may be more secure in the strict sense of a "brute" attack, but a successful 51% attack on a POW network would be more devastating to that network than an attack on POS or DPOS network would be. And given that there are already massive mining networks, a 51% attack on a chain like Bitcoin certainly isn't impossible or even improbable. If we're going to accept Nguyen's "Black Swan" argument, then a successful attack is inevitable.

The Hive community already survived one.

This may not make the tokens here the most reliable form of money (and I would argue that the reasons for this are completely unrelated to DPOS and are rather in the rewards protocols themselves), but it does prove the case that Hive can offer not only censorship resistance, it can also offer network attack resistance to an extremely large degree. And there are still protocols that can be improved upon.

I agree it's harder now than on steem and did make it a point to show that it's fairly easy to break away from a successful attacker- and I think most reasonable people would think it's fine to recover a social network in this way.

But making problems more unlikely doesn't eliminate them, and to date PoW is the only system that can recover from these events without a human, and on top of that you need home users to be able to run their own sovereign full node on as little equipment as possible to achieve "full" censorship resistance & immutability. 51% attacks are mostly just inconvenient. You are supposed to wait 6 blocks for finality on btc, technically

I also agree that the tradeoffs DPOS makes in these areas are fine for it's use case. This is a great platform for a social network and people should use it. It's just not the kind of thing to put your life savings into maybe.

I think we disagree on how easy it might be to socially attack DPOS validators. I have been watching every major US brand, tech giant, social media platform, cable news and newspaper launch a coordinated assault on democracy for the past 4 years. But even this is easily forked away from more cheaply than it would be to pull off. Hive is a very powerful weapon for speech.

Wanted to add this tidbit: Hive has no ninja-mine; the largest holder has 3%. It takes roughly 30%+ to take out the top witnesses now. The exchange attack (Binance, Huobi, Polo) powering up users' funds for 3 months, and using it to overthrow the network has been solved. Any newly powered up stake takes 1 month before it is allowed to vote in governance. Any exchange attack now will not only lock their funds for 4 months if they wish to attack the network, but we would see it from a mile away.

Furthermore, I don't even think you can buy 30% of the liquid Hive in existence if you wanted to. If someone tried to attack, it would make us all very rich; if they were successful, we would be so rich that we could easily have resources to fork again, dump the token the attacker is buying and getting a free airdropped token like last time. Many Hivers doubled their net worth during the hostile takeover, selling their Steem and keeping their Hive for free. Without the ninja-mine, such an attack would be nearly impossible. It's an attack I welcome wholeheartedly.

And running a full node on Hive is easier than ever. It is effortless for anyone to run a full node, so we are very agile and decentralized from the point of entry standing as well. If any witnesses were corrupted (most are anon btw), we would easily see it and either unvote them from consensus quickly or fork the network again. Trying to capture Hive in a centralized way is like trying to catch air with a net. We still have whistleblowers' text on the chain; if governments could remove it, they would have already. Any attack on the network would make Hive go viral, the same way the hostile takeover did. The more you attack us, the stronger and more resilient we are. Hive is 10x more advanced than Steem, which should tell you something about this chain's anti-fragile.