[Cryptography] Proposal for a PoS blockchain

matbit at airmail.cc matbit at airmail.cc
Fri May 22 21:49:11 EDT 2020

Hi everybody, It may not related to cryptography at the moment, but 
later it faces cryptographic engagements.
So the question is “can we establish a blockchain (precisely DAG) as an 
infrastructure of a cryptocurrency, which uses only Proof Of Stack to 
securing transactions?”. What are the flaws of this approach?

The scenario is like that:
- I develop and release the prototype software and run the first node.
- As a founder and the first member of the network, I made a to-do list 
of future develops of that software. The goal is improve software and 
strengthen its security. Also I planned to add many more features to 
- The software daily mints x amount of new coins (call it newCoins), and 
these new coins are distributed among shareholders as soon as they are 
- The number of new coins is halved after a certain time, till reaching 
zero new coins.
- As a unique member of the network, I have total shares (cal it 
totalShares). So all the new coins go into my wallet.
- I announce the software release and invite ALL developers to join 
- The developers run software and join to network. There is no PoW, so 
there is no cost to join to network. Everyone can connect to network and 
validate the transactions or send & receive coins.
- In case of double-spends attack handling, or participating in polling 
ONLY the shareholders can vote. The only way to get shares is 
participating in software development.
- Developers review the to-do list and accomplish some of those tasks, 
if they like and can and want to do.
- After accomplish the task, developer claims her/his wage. She/he claim 
how many hours dedicated to that particular task. Say 5 hours.
- Network members vote on the new contributor's claim. If the claim wins 
the polling, the new contributor becomes a new member of the network. 
Now new member has some shares in network. New shares are calculated 
based on the hours dedicated to the accomplished task. For example if a 
contributor dedicate 5 hours to a task, she/he will have 5 shares. So 
now the new total shares are totalShares+5. So in next minting, the new 
contributor will get ((5/totalShares) * newCoins) coins.
- The new member also has the right to vote in proportion to her/his 
- With each new contribution, the number of shares increases, but the 
minting coins are fix, so the dividend of treasury will decrease.
- In order for the distribution of wealth to be fair, each share will be 
valid for the next 7 years from the issuance date. So contributors have 
two incentives to keep continuing to work.
- The to-do list is regularly updated by network shareholders. They 
polls regularly to add/remove tasks to list. The first goal of tasks is 
developing and maintaining software itself. Shareholders can/will add 
other tasks as well.
- The graph topology is DAG, so theoretically it will be scalable 
(unlike blockchains). Every block contains the hash of all its 
- Since this money is community-based, so the network members make it 
secure. We do not need PoW at all. The 51% attack still is possible like 
every other blockchains (PoS, PoW, DpoS, LPoS), but the cost of the 
attack is very high, because it destroys the member’s "current shares" 
and the “future’s income”.
- In early days this new money worth nothing, but after a while we will 
have the “pizza day”. This new money is a social contract -like 
Bitcoin-, and because of its scarcity will have some value. And its 
value increases over time. Since we are creating a “good money” which 
has many good features, it will be used as a currency in daily trades.
- Famous double-spend problem: So let start with CAP theorem which 
claims in partitioned distributed system you can not have both 
Availability and Consistency features together and you can have only one 
of them. So I prefer to choose availability in spending maturated coins, 
and Consistency in spending not maturated coins. Therefor I make a 12 
hour settlement time for transactions. That is, all transactions are 
immediately recorded in blockgraph and they are absolutely irreversible. 
But the recipient can not spend coins before 12 hours. This 12 hours 
makes an powerful security for transactions and help the network’s 
synchronization as well.
And now about double-spend problem. If a cheater actor try to spend a 
coin double(or multiple) time, both (or all) transactions will be 
rejected and all coins engaged in double-spend transactions will be 
seized in favor of network’s treasury. So the cheater will hurt itself. 
In fact after a certain percent of shareholder's confirmations the 
cheater even can not hurt itself and the second spending transaction 
simply will be dropped.
- This new money and its network are distributed and have no single 
point of failure.
- adversaries can bribe or force or eliminate the key persons or major 
shareholders (much like shouting down some mining farms), but here the 
community can fork with zero cost and continue the network. Note that 
the coins still are valid, but network abolished some corrupted 
shareholders, so they still have their coins, but can not vote anymore.
- At the end of the day we will have a proved “good money” and a robust 
software (client & wallet) to manage it.
- I think this kind of PoS is as secure as PoW, since everybody knows 
everything. We have a DAG and at least once in a day all leaves will be 
merged to a single leave. So having this merged leave hash is enough to 
ensure about the graph’s health. To make this hash (and implicitly the 
DAG history) immutable, shareholders will sign this hash and the hash of 
signatures can be registered in Bitcoin’s block (although in my opinion 
it is not too necessary). Is it right? Is there any flaws?
- In my opinion Satoshi used PoW as a mechanism to distributing coins in 
a loosely random and fairly way, despite the other functionalities of 
Pow (such as securing network). Is it true?
Any comment, hint, tip, note or critique is welcomed.

Thanks for your time

More information about the cryptography mailing list