1/ Ehhh, I addressed directly Casper’s handwaving attitude regarding “weak subjectivity” or the reliance on social consensus in my thread. @VitalikButerin believes this kind of weakness is trivial. But it’s not.https://twitter.com/VitalikButerin/status/952548219988226049 …
-
-
3/ It assumes a) you have some trusted parties you can talk to and b) they are forever alive, available or not compromised.
Show this thread -
4/ To quote
@NickSzabo4 : “Trusted third parties are security holes.”Show this thread -
5/ To hand-wave this weakness away (or misleadingly used the term “weak”) is like saying a foundation of a house has a small crack, but it’s no big deal. When it fact it can grow into a huge liability over the long term.
Show this thread -
6/ I also addressed directly your argument that reliance on social consensus is fine, since PoW also needs it. Like I said, it’s not whether you need social consensus, it’s *how much*. The goal is to minimize it, not to rely on it as a protocol building block.
Show this thread -
7/
@VitalikButerin claimed that in PoW “cost of attack and cost of defense are at a 1:1 ratio”, which I agree with. What I don’t agree with is the claim that PoS can do better.Show this thread -
8/ PoS security "comes from putting up economic value-at-loss”. And since you arbitrarily decide on the stake/penalty value, you claim this is asymmetric.
Show this thread -
9/ However, this “value-at-loss” is not truly at risk until a later point in time. It is *not 100% committed* unlike PoW. Your threat of punishment only works if and only if attackers remain on the same chain.
Show this thread -
10/ Sure, you could put an arbitrary value on the penalty and claim that’s it’s a huge wall of defense, but because of the “weak subjectivity” vulnerability, there’s a small backdoor to the side of the castle, making the hugeness of the wall irrelevant.
Show this thread -
11/ I want to take the opportunity to put away the misguided idea of achieving better cost of attack/cost of defense ratio than 1:1.
@TuurDemeester also addressed this in his critique of PoShttps://medium.com/@tuurdemeester/critique-of-buterins-a-proof-of-stake-design-philosophy-49fc9ebb36c6 …Show this thread -
12/ Take public-cryptography for example. One might cite it as an example of asymmetric attack/defense ratio.
Show this thread -
13/ However, it is only asymmetric from the point of view of the owner of the private key, and dependent on the fact that this key is forever kept secret. In other words, public-key cryptography security is *relative*.
Show this thread -
14/ You can defeat the asymmetry by somehow forcefully switching the roles: become the owner yourself.
Show this thread -
15/ The true cost analysis of attacking public-key cryptography must include social engineering attacks: kidnapping, extortion, torture. You can make attacking cost much lower than the cost of brute-forcing the key.
Show this thread -
16/ So anything that has asymmetric attack/defense ratio has to be relative. There’s always a way to go around the asymmetry.
Show this thread -
17/ PoW security, otoh, is *absolute*. It doesn't matter which frame of reference you come from, the cost of attack is the same. PoW ledger immutability is objective, it doesn’t care who you are.
Show this thread -
18/ Ledger immutability that relies on relative security will always be weaker than one that relies on absolute security.
Show this thread -
19/ EDIT (13): it is only *secure* from the point of view of the owner of the private key
Show this thread
End of conversation
New conversation -
-
-
@hugohanoi@VitalikButerin Hugo, care to explain how is this only the issue of PoS? Competing chains with *subjectivity* as to which is canonical are also pretty common in PoW. Ever heard of BCH vs BTC?!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
