1

There are currently many cryptocurrencies based on PoS (Proof of Stake). All these PoS algorithms differ from each other. Some or maybe all of them (I don't know) implement some kind of random election of nodes who participate in the "bookkeeping-process"/"block-forging-process" via having some amount of stake.

How can a random election work in an trustless decentralized environment?

Ini
  • 45
  • 4
  • You will require sybil resistance to prevent a flood of nodes increasing their chances at the random election. – tuxcanfly Aug 11 '17 at 14:46
  • Can you elaborate this in more detail? Please – Ini Aug 11 '17 at 14:48
  • Lets say my protocol dictates a random node will mine the next block. An attacker can create hundreds of thousands of nodes and increase their chance of mining. This is the classic sybil attack. – tuxcanfly Aug 11 '17 at 14:56
  • 1
    How does a protocol dictate a random node. Everybody can just pretend that his number is computed randomly. There is no trust in that environment. – Ini Aug 11 '17 at 15:06
  • I think we're in agreement. I don't think random election is going to work either. But if you're still interested in discussing try hopping onto #bitcoin-wizards on freenode. – tuxcanfly Aug 11 '17 at 15:11
  • I'll later today, not now. But there are already PoS cryptos and cryptos with other consensus algorithms that include random election out there. Why do they get excepted by the majority of people if they as you claim are not working or are not fair? – Ini Aug 11 '17 at 15:17
  • There is common trend where systems with insecure approaches deal with vulnerabilities by making the system more complicated. At some point, their market prominence is too low to be worth it for security researchers to look into ways to attack it, which may be misinterpreted as an indication of security. – Pieter Wuille Aug 12 '17 at 19:23

2 Answers2

0

The only way is to disallow membership changes in the "block-forging-process". The DPoS used by Bitshares does this for instance, with 101 forgers, as do the PAXOS and Raft algorithms. Otherwise it is trivially easy to Sybil attack the set of "block-forging-nodes", creating 10,000 indistinguishable, seemingly-valid chains with different forgers. You can require work to become a member of the forging set, but then you've just reduced the whole thing back to Proof of Work.

You may be interested in my blog on the subject: What's wrong with proof of stake?

Bob McElrath
  • 132
  • 3
  • Please explain "The only way is to disallow membership changes in the "block-forging-process" this more in detail. thx – Ini Aug 15 '17 at 02:05
  • 1
    It is straightforward to create an algorithm to select from one of a finite set of forgers (e.g. any PRNG will do). However once members can be added or removed or not respond (or worse, byzantine faults), the membership selection process can be gamed to become a forger/staker. – Bob McElrath Aug 15 '17 at 18:07
  • Ok I try it another way: How do you define membership? – Ini Aug 15 '17 at 23:03
  • membership: being one of the possible set of stakers/forgers. – Bob McElrath Dec 01 '17 at 00:15
0

I have recently provided a brief description in the answer to similar question here: How does Proof of Stake prevents dishonest behaviour compared to PoW?

Wapac
  • 1,044
  • 7
  • 16