[dyndos]

The key distinction is that PoW is permissionless, whereas PoS is permissioned.

Bitcoin is secured by hashpower, which is produced by physical capital outside the network. Nobody needs to ask for permission to start hashing and trade kilowatts for sats.

PoS networks are secured by on-chain assets. This means you can't "mine" it without first buying tokens from someone who already owns them. You need permission from an existing player in order to start participating.

Another aspect of this is 51% attacks are recoverable for PoW, but are a permanent takeover condition for PoS networks. If a single entity ever accumulates more than half the tokens on a PoS network, they are unassailable.

[fogof]

> You need permission from an existing player in order to start participating.

This is an incorrect explanation of what a permissioned blockchain is. A permissioned blockchain is one in which the ability to add blocks is limited to a certain collection of entities whose public keys are hard coded into the blockchain's consensus mechanism. We don't say that needing to buy tokens constitutes needing "permission" any more than you need permission from a chip manufacturer to buy ASICs to mine a PoW cryptocurrency.

[dyndos]

Manufacturing ASICs from scratch requires a lot of capital, but it is fundamentally possible. There is no way to acquire a permanent, unassailable monopoly over ASIC hardware in general.

It is possible to acquire an unassailable monopoly over PoS tokens. You might be able to buy scraps from random traders, but will the >51% whale be willing to sell their core holdings when they can simply live off their staking yield?

>A permissioned blockchain is one in which the ability to add blocks is limited to a certain collection of entities

I agree. Ripple is an example of a chain which explicitly follows that model. PoS regresses to something like this because a 51% majority attacker can control consensus.

[lottin]

> There is no way to acquire a permanent, unassailable monopoly over ASIC hardware in general.

Is ASIC hardware made of silicon? In that case, an entity who owns the entire supply of silicon has a "permanent, unassailable monopoly over ASIC hardware in general".

[samatman]

I hope you're joking?

Silicon is the second most abundant element in the Earth's crust, after oxygen: and only because there are two oxygens in silicon dioxide.

If someone corners the market on silicon, Bitcoin dominance is the least of our problems.

[lottin]

OP's argument is that PoS is a problem because the supply of tokens is finite, and that PoW doesn't have the same problem because it relies on physical capital instead.

But physical capital is also finite.

[ptx]

What are the advantages of a permissioned blockchain over the same collection of entities without the blockchain? If you have a set of trusted entitites that sign and publish the data, why do they need the blockchain part?

[jtsiskin]

One entity can sign and publish the data, but that doesn’t mean everyone agrees with it. If everyone agrees, they yes they could all sign the data as well. And if the ordering of the data is important, might as well put in a pointer to the previous data. And now we have a blockchain!

[dyndos]

You're right, a set of trusted entities don't need a blockchain! It's a terrible datastructure which only makes sense in a very narrow circumstance.

Followed through to its ultimate conclusion, a set of trusted entities should simply run some kind of performant database.

[pa7ch]

I also generally understood permissionless to mean sybil attack resistant without closed membership which is the unique property of pow and pos systems.

[sunshinerag]

The inability for anyone to modify the hard coded public keys makes it permissioned.

[decentralised]

>Another aspect of this is 51% attacks are recoverable for PoW, but are a permanent takeover condition for PoS networks. If a single entity ever accumulates more than half the tokens on a PoS network, they are unassailable.

This is not true. PoS has many design flavours and the one Ethereum is planning on implementing includes random selection of validators and the amount staked has no influence on the inclusion or the vote "weight".

Also with PoS an attacker will always incur economic losses similar to having your mining rig burning down if you were to try to foce a bad block through. In PoW networks attackers can keep on mixing attacks with producing normal blocks and remain profitable

[null0pointer]

If amount staked has no influence on inclusion or vote weight then what’s to stop a large ETH holder from splitting their wallet into several smaller wallets with the minimum staking balance and just gaining vote weight that way?

[shoulderfake]

Because the validators are chosen randomly by the network.

[grlass]

Random doesn't mean unweighted. Choose a number at random from this list [5, 10, 5, 12, 8, 5].

[X6S1x6Okd1st]

Not to mention that Ethereum has shown willingness to hard fork to punish/reward specific actors.

If an actor pulled off a 51% attack on Ethereum I'd be surprised if there wasn't an effort to just hard fork them out of their resources.

[everfree]

IIRC they have written blog posts in the past saying just as much.

Without losing their stake to slashing penalties, though, the worst kind of attack 66% (not 51% iirc) can do anyways is a censorship or denial of service attack. Which is bad, but at least they can't revert transactions or double-spend like in a PoW model.

[polyomino]

The whole network is a political facade, EEA controls the morals of the system so they can and will do whatever they want.

[exo762]

> Another aspect of this is 51% attacks are recoverable for PoW

You can switch the protocol once. Making ASICs useless. But you can't do it twice.

> but are a permanent takeover condition for PoS networks.

This is false in both theory and practice. It is true that PoS does not offer in-protocol solution for the problem. But there is a historical precedent of people forking away money of Justin Sun in Steem project, creating Hive. Community has followed the fork, basically destroying Justin's Sun funds.

[lasagnaphil]

The incredibly illuminating thing about cryptocurrency hard forks, is that it reveals that money is just a numeric measure of the social relationships people have towards each other, and as a result the ledger and its rules can be dynamically changed according to the needs and desires of the people (in constrast to what many naive metallists say that money is and should be a fixed store of value such as gold). I think crypto people have been generally focusing too much about the ideal, technical aspects of absolute distributed, immutable ledgers, and focused less about the social, political aspects of their work.

It is this aspect that I view the current Ethereum hard fork as one of the most important test the crypto scene had in a while - it's more of a political test than a technical one. I'm assuming that there will be quite some friction between the miners and the owners - and I'm interested in how it would turn out. Those two groups are dependent of each other for their existence, and the rift between them would potentially be the demise of the project. Will the project succeed in establishing a governance structure that would address both the needs and desires of both groups? Or will the project go into tyranny with one group dominating over the other (which would eventually lead to everyone's downfall)? In other words, this will be more of a test of governance than about technology. I don't have high hopes for the miners though, since there's just too much investor pressure from all the crypto craze that hasn't really been stopped since the coronavirus, and the miners doesn't seem to have a strong enough coordinated willpower to land an effective strike.

[nickthemagicman]

That's pretty cool. The community can decide if something is corruption and take steps to fix it.

[skybrian]

It seems like this argument proves too much for your purposes, in the sense that it can be used to show that neither algorithm is any good as far as distributed governance is concerned.

While it’s true that you can’t buy Bitcoin (for example) unless someone else is selling, most people aren’t concerned about market liquidity for buyers due to whales being unwilling to sell. The permission to buy doesn’t seem hard to get?

Also, for the most part, people are happy when the price goes up, which is what happens when there are more buyers than sellers.

I guess in theory, money drops could distribute ownership more widely and that would be more equitable, but this sort of inequality (some people have a lot more Bitcoin than others) isn’t normally considered too much of a problem.

But if you’re going to take distributed governance seriously, neither proof-of-work nor proof-of-stake give ordinary people much of a say in how things go. In this way it’s similar to the stock market, where we’re told our votes are meaningful but in practice they aren’t unless you have a huge amount of shares. Participating in governance is usually an illusion and it’s not normally why you invest, unless you’re a corporate raider or something.

Similarly for mining. It’s done to make money.

[dyndos]

It's not about distributed governance; it's about abusing a dominant role in consensus. PoS is easier to capture, allowing the dominant party to censor and manipulate the settlement chain.

As for governance, with Bitcoin everyone is equally powerless to dictate how things should go. If you appreciate the fixed ruleset, you can choose to participate.

Ethereum is far more nebulous, being piloted by a foundation which hardforks the protocol at will.

[skybrian]

Okay, but in practice you’re going to trade on an exchange, which can… do whatever it wants?

[dyndos]

I don't trade, I accumulate. Through a handful of different exchanges, and then withdraw.

If I had to, I could plug an ASIC into the wall and 'trade' energy value for bitcoin directly with the network.

[CryptoPunk]

>>PoS networks are secured by on-chain assets. This means you can't "mine" it without first buying tokens from someone who already owns them. You need permission from an existing player in order to start participating.

Only in the most pedantic sense of 'permission'. There will always be thousands of disparate parties, across numerous markets, with offers to sell their ETH. It will never be harder to procure ETH than to procure hash-generation hardware.

[dogman144]

Ya I wonder if we’ll start seeing attempts to corner the market in PoS.

[krobbn]

Computing power is just a proxy for capital/resources. Why not be more efficient and use the capital directly and save power in the meanwhile.

Current market cap of ETH is ~$324B, thus getting 50.1% of ETH would require $162.3B in capital. However, as soon as you start acquiring ETH the price will increase, especially at those large volumes.

It would be insanely hard to come up with enough resources to buy enough ETH in a POS world to take over the network. Never mind the fact that as soon as it's become evident you've taken over the network the value of the network is essentially worthless and you've just destroyed billions of dollars worth of capital in the process.

[majormajor]

I wonder if a state actor could pull it off more cheaply. Start buying large amounts while letting it leak that you're going to take over the network. See if enough people will panic-sell on the leak to drop the price of your takeover.

It's kinda like taking over a condo building on a much larger scale: the people you buy out first can charge a premium; by the end, you set the terms.

[QTnqs6C5]

Why would people sell rather than fork to a version of the network where those ETH did not exist? One of the benefits of POS is that when you fork away from a malicious actor, they have to start over from the beginning while in POW, they can just point their hardware to your new chain unless you change the mining algorithm and screw over all the other miners.

[pcthrowaway]

This is exactly what happened with Ethereum in the early days when a bad actor was able to exploit a third-party contract to the tune of 5% of all ETH.

The Ethereum everyone talks about today is the fork, due to the Ethereum Foundation which owns the trademark leading the fork.

The Ethereum blockchain with the unaltered history is called Ethereum Classic

https://en.wikipedia.org/wiki/Ethereum_Classic#The_DAO_bailo...

[dyndos]

Note that the way this fork was pulled off was very ad-hoc.

Ethereum devs were unable to create a legitimate transaction reverting the DAO funds because they do not have access to the hackers' private key. The reversion was done with a "surgical state change" hardcoded into the client itself.

[krobbn]

Think of it this way, if another company announces they're planning to buy a publicly traded company, what happens to the value of the shares?

The price goes up, you've just made it more expensive for yourself to take over the network.

If you were to attempt to take over you'd be better to do so in silence. However, it would be hard to hide that kind of control and wealth when every information on the network is publicly available.

[majormajor]

In a public company, though, having been taken over doesn't defeat the purpose of the company.

If you're intentionally trying to take things down, sellers have a huge incentive to not be left in the 49% who hold something that's now lost its value - as you say, "as it's become evident you've taken over the network the value of the network is essentially worthless." I think you could get the value to go to worthless well before actually hitting 51% on intent alone, if you're a big enough power.

[jude-]

Why assume a state actor? Given the sorry state of DeFi contract security, it's far more likely that an enterprising hacker can gain a dominant staking position by pillaging and then staking ETH from buggy contracts.

[dyndos]

>Computing power is just a proxy for capital/resources. Why not be more efficient and use the capital directly and save power in the meanwhile.

Anyone can create new capital independently.

Nobody can create new tokens outside of the chain rules.

This means any newcomer can build up power in a PoW network, but "old money" is privileged in a PoS network.

[WJW]

There's an interesting academic paper that I can't find anymore where the authors analyze the game theoretic edges of PoS systems. Basically: since the thing you need to mine is the same thing that gets mined the optimal strategy for anyone holding a majority of a PoS coin is to never spend more than half of your mining reward so that even someone who manages to buy all the coins that become available on the market can never catch up to you.

Of course, this does omit some real-life considerations like people needing money for other reasons (to pay taxes, when they die, to buy a house, etc) but the basic principle stands: any initial whale in a PoS coin will basically never be dislodged if they play the optimal strategy.

[everfree]

Due to the sheer amount of ETH that is off-market and unavailable for sale, I doubt one entity would be able to acquire a majority of it.

If they can acquire a majority of only the active, staking ETH, then other big ETH holders can start chipping in stake to tip the scales back.

[Hjfrf]

What's the point? Once people realise that you control all transactions those tokens you've hoarded immediately become worthless.

You've destroyed other people's "money" at the expense of your own.

[Paradigma11]

If somebody does a 51% attack his tokens would be worth nothing the next day. Might be plausible if you target smart contracts that are worth a lot more than the coin itself.

Otherwise this is just a nonissue.

[newobj]

don't you suspect that in practice they are self-assailing because a known-to-be-taken-over network will immediately go into hyper deflation?