[runeks]

> One of the challenges in an on chain PKI system is you need some of kind social pre-consensus on launch.

The greatest challenge, in my opinion, is that there’s a central point of failure: just compromise whichever device stores the private key for the genesis block and you get to redefine history as you please.

Compromising a Bitcoin mining pool cannot be compared to this, since it would just result in this pool’s miners losing their revenue and moving somewhere else (it can never enable rewriting the entire chain history).

[zmanian]

You would need to compromise 2/3rd of the keys in the genesis block. But yes but this tradeoff unlocks massively high transaction throughput.

[Ironchefpython]

If this system depends on trusting 2/3 of the keys in the genesis block, why not simply sign all individual transactions with keys in the genesis block, and unlock even higher transaction throughput?

I mean if you gotta trust a centralized authority anyway, ditch the blockchain and make it simple.

[sunnya97]

What centralized authority? The keys in the genesis block aren't owned by a single actor, but by multiple.

You can keep the validator set static all the time (use the ones from the genesis block), this might be useful for private chains. But Tendermint also allows for dynamic validator sets. This is useful for Proof of Stake, where validators can come and go, and their voting power can change in accordance with changes in their stake deposits.

[zmanian]

It's hard to evaluate the security of a flippant comment but there is clearly a security benefit of live BFT system vs a non-BFT system.

[sunnya97]

You would have to compromise the devices of validators who have atleast 2/3 of the voting power.

In Bitcoin, just compromise the devices of mining pools that have atleast 50% of the hashing power, and reconstruct a chain that is longer than the current canonical chain, thus rewriting the chain history.

[runeks]

> In Bitcoin, just compromise the devices of mining pools that have atleast 50% of the hashing power, and reconstruct a chain that is longer than the current canonical chain, thus rewriting the chain history.

Rewriting the Bitcoin blockchain using 100% of the current hashing power would take an entire year. Thus, with 50% of it it would take two years, assuming the network hashrate doesn't increase (which it does).

Don’t you think someone would notice — over the course of two years — that their mining pool has been compromised and no longer extends the current best chain?

Compromising Bitcoin mining pools lets you move hashing power somewhere else, which is noticeable since the extension of the current best chain would slow down. Compromising the genesis keys in PoS system let’s you create as many valid chains as you want in little to no time.