[Cryptography] Securing cryptocurrencies
Ray Dillinger
bear at sonic.net
Fri Mar 13 14:57:31 EDT 2015
On 03/13/2015 02:39 AM, Natanael wrote:
> This is typically called TAPOS. Already thought of. One of the problems is
> that nothing stops you from chaining many unconfirmed transactions in the
> same block to inflate stake. There's also the problem that you can more
> easily disrupt the network by pumping out forks, getting other users to
> reference different conflicting forks.
Nope. Chaining many unconfirmed transactions in the same block
will only spend txouts that existed *BEFORE* the staked block
once - hence will add priority for those txouts only once.
The observation is that txOuts that existed before the fork are
the only finite resource that is limited in a useful way. The
protocol I advanced values only those txOuts for stake, and
values them each at most once in each branch. The problem
addressed was in fact *specifically* to remove the ability of
attackers to manipulate spends of the same stake to contribute
more priority to one branch than it contributes to another.
And yes, TaPoS alone (in whatever variant) is subject to short-
term forks which someone can DoS the system by cultivating.
That is why, as I already said, it needs to be a hybrid system
with proof-of-work until it reaches the kind of very large
scale where the law of large numbers smooths out the rate of
tx and spending.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150313/55edaa1b/attachment.sig>
More information about the cryptography
mailing list