[betwixthewires]

Thanks for that link, it has been a few years since I've read it.

I spent a lot of time talking about this topic with people. The article does have a point, that the security model of proof of stake is fundamentally different and relies on a key assumption (from the article you linked):

> any new node coming onto the network with no knowledge except... the set of all blocks and other "important" messages that have been published...

This is referenced in the OP as a point of security failure. The assumption is that we can rely on social interactions between nodes and that that is good enough. The criticism is that a new node can have no way of definitively knowing that their copy of the chain is the widely used canonical chain. An eclipse attack can occur, or as the OP stated new nodes may need to rely on authoritative sources to get current state which puts centralized power centers in the security model.

It is not a deal breaker (IMO), remember, PoW relies on the security assumption that it is prohibitively difficult for more than half the network to collude. I'd argue these assumptions are equally tenuous. I think as long as disparate, non colluding sources of the canonical chain are available (arguable if this is foregone, seeing as we need PoW to ensure consensus and resistance to collusion, probably not, but all it takes is one person to not collude and contention exists) it wouldn't be a problem.

Another big sticking point is the fact that no external resources must be invested, and/or that there is no ongoing cost. I find this to be the big problem with PoS schemes, I've had quite a number of discussions focused on these two particular issues (stemming from the same fundamental difference, that an internal capital stake is made) and I see benefits of not having ongoing cost and benefits of having it, and also of having a fully self contained system as well as having a system grounded in the outside world. All in all I have come to the conclusion that these differences make neither better nor worse, but that they are simply two completely different game theoretical environments with different security and incentive properties.

[TTPrograms]

I think the issue most have with the "no external stake" is that there was a common misunderstanding regarding Bitcoin value propagated for a while - that is, the cost of the consensus mechanism (compute + electricity) defines the price of Bitcoin. In reality it just sets a floor on the price of Bitcoin. The value of the dollar is not set by the cost of paper. So the "self-referential" nature of stake value and attack value just means that asset value is not pegged to the consensus mechanism in as strong a way as in PoW. As long as asset value is driven by other factors (e.g. utility) that is not really a major concern.

In practice social networks form a cornerstone of all of the unstated assumption of all consensus mechanisms. I'm more worried about supply chain compromise in wallet code than I am about an eclipse attack on a new node. At that point we know our models are too simple to make real world security comparisons.