1
1
There are currently many cryptocurrencies based on PoS (Proof of Stake). All these PoS algorithms differ from each other. Some or maybe all of them (I don't know) implement some kind of random election of nodes who participate in the "bookkeeping-process"/"block-forging-process" via having some amount of stake.
How can a random election work in an trustless decentralized environment?
0
The only way is to disallow membership changes in the "block-forging-process". The DPoS used by Bitshares does this for instance, with 101 forgers, as do the PAXOS and Raft algorithms. Otherwise it is trivially easy to Sybil attack the set of "block-forging-nodes", creating 10,000 indistinguishable, seemingly-valid chains with different forgers. You can require work to become a member of the forging set, but then you've just reduced the whole thing back to Proof of Work.
You may be interested in my blog on the subject: What's wrong with proof of stake?
Please explain "The only way is to disallow membership changes in the "block-forging-process" this more in detail. thx – Ini – 2017-08-15T02:05:33.123
1It is straightforward to create an algorithm to select from one of a finite set of forgers (e.g. any PRNG will do). However once members can be added or removed or not respond (or worse, byzantine faults), the membership selection process can be gamed to become a forger/staker. – Bob McElrath – 2017-08-15T18:07:27.717
Ok I try it another way: How do you define membership? – Ini – 2017-08-15T23:03:04.753
membership: being one of the possible set of stakers/forgers. – Bob McElrath – 2017-12-01T00:15:02.930
0
I have recently provided a brief description in the answer to similar question here: How does Proof of Stake prevents dishonest behaviour compared to PoW?
You will require sybil resistance to prevent a flood of nodes increasing their chances at the random election. – tuxcanfly – 2017-08-11T14:46:29.870
Can you elaborate this in more detail? Please – Ini – 2017-08-11T14:48:36.667
Lets say my protocol dictates a random node will mine the next block. An attacker can create hundreds of thousands of nodes and increase their chance of mining. This is the classic sybil attack. – tuxcanfly – 2017-08-11T14:56:19.537
How does a protocol dictate a random node. Everybody can just pretend that his number is computed randomly. There is no trust in that environment. – Ini – 2017-08-11T15:06:43.503
I think we're in agreement. I don't think random election is going to work either. But if you're still interested in discussing try hopping onto #bitcoin-wizards on freenode. – tuxcanfly – 2017-08-11T15:11:59.633
I'll later today, not now. But there are already PoS cryptos and cryptos with other consensus algorithms that include random election out there. Why do they get excepted by the majority of people if they as you claim are not working or are not fair? – Ini – 2017-08-11T15:17:37.103
There is common trend where systems with insecure approaches deal with vulnerabilities by making the system more complicated. At some point, their market prominence is too low to be worth it for security researchers to look into ways to attack it, which may be misinterpreted as an indication of security. – Pieter Wuille – 2017-08-12T19:23:27.980