Talk:Proof of Stake

From Bitcoin Wiki
Revision as of 23:24, 24 March 2012 by Ids (talk | contribs) (Created page with "Surely proof-of-stake is vulnerable to malicious forking of the blockchain, whether motivated by double spending or just sowing destructive confusion of multiple versions? Ea...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Surely proof-of-stake is vulnerable to malicious forking of the blockchain, whether motivated by double spending or just sowing destructive confusion of multiple versions?

Each version of the blockchain is a full, self-contained "version of reality". If you (the malicious party engineering a fork) burn through your "stake" - whether bitcoins owned, bitcoin days destroyed, or anything similar - on one version of the blockchain, that still doesn't stop you creating another version, starting from the same block-before-yours as you started from for your first effort, where your same "stake" still exists and hasn't been burned through. (And then another, and another... All forking from the block that records your untouched stake.) So with trivial computational effort, you can create huge multiple forks; and there's no easy way for the network to pick a winner.

Proof-of-work doesn't suffer this problem. A malicious party trying the above trick would have to perform fresh work for each fork, since the work finding a hash of adequate difficulty on one fork has no transferable value to the other(s).

Am I missing something? Iain Stewart 23:24, 24 March 2012 (GMT)