Although far to be a total victory, Qubic’s merge mining attack on Monero shedded light on a weakness for pure PoW blockchains. Indeed, merge mining enables an auxiliary chain to incentivize the concentration of the hashpower in exchange of extra rewards. In the case of Qubic, the flaw is more apparent as Qubic has been intentionally adversarial but the same issue would remain for other non-adversarial auxiliary chains such as Tari or DarkFi. Because of the extra rewards offered, it would be rational for economically motivated miners to direct their hashpower to those auxiliary chains, hence concentrating hashpower over time.
Maybe some smart brains will figure out a solution that would prohibit merge mine on a pure PoW blockchain but assuming this can’t be done, a PoW/PoS mechanism could be an alternative solution.
It’s exactly because of security concerns that some PoW blockchains have moved to a hybrid PoW/PoS model.
eCash (a fork of BCH by Amaury Sechet, the founder of BCH), has moved to a hybrid PoW/PoS (Nakamoto+Avalanche consensus) to prevent 51% attacks on the network and improve the user experience (sub 3 seconds finality). The goal of eCash is to be the best form of digital cash which requires fast finality. Still in the case of eCash, it can be debated whether or not digital cash with optional privacy can be the best form of cash (to most Monero folks, the answer would be no).
Another example is Boolberry that was relaunched as Zano with the migration from pure PoW to a hybrid PoW/PoS chain. Here again, security concerns motivated the transition. On the user experience front, Zano also benefited from the integration of PoS by offering faster transaction finality. Notably, it’s likely why Aaron Day chose Zano over Monero for the launch of his point-of-sales system as long finality times aren’t acceptable for in-person merchant payments. It’s questionable whether Zano is secured enough with PoS as the coin distribution was heavily influenced by the Boolberry premine, but this is not an issue that Monero would have.
Due to its fair launch, focus on medium-of-exchange and lack of supply held on exchanges (thanks to the delistings) Monero is really well positioned to augment its consensus with PoS without fearing attacks related to the concentration of XMR in the hands of a few. PoS presents the advantage to lower the barrier to entry to participate in the consensus and earn a share of the coin emission. It should make the network more resilient to the attack of a small actor (let’s be honest, Qubic is a small actor). Plus some PoS consensus such as Avalanche can allow for a high degree of coin concentration without risking the network of being attacked. Even with a classic PoS consensus, Monero would certainly be one of the most secure PoS chain out there.
In addition, PoS would enable faster transaction finality which is a key feature Monero lacks to be the best digital cash possible.
That said, PoW still has its importance for Monero. In pure PoS blockchains, a new validator joining the network needs to connect to a set of trusted validators to load the blockchain history. Those are usually maintain by the core teams or foundation. The real utility of PoW is to enable a new validator to bootstrap the blockchain in a trustless manner (by seeking the chain with the most work rather than trusting a given set of validator). Hence a PoW/PoS model is preferable to a pure PoS model.
It’s no secret that the culture of the Monero community is generally opposed to PoS. Maybe this strong stance is slightly ideologically driven. We certainly can be proud of being one of the few respected PoW blockchain left out there but maybe this Qubic event will change the narrative. Whichever path Monero takes next, hopefully the chain will gain in resiliency.
I see that this post was linked to the Monero sub reddit then deleted by the author after just a few hours. (self)censorship is going strong over there lol…
https://www.reddit.com/r/Monero/comments/1mlvaaf/responding_to_criticisms_of_a_hybrid_powpos/
I am u/314stache_nathy (I posted this), PoS have problems and make a hybrid sistem with PoW+PoS is bad why PoS have ‘long-range attacks’ and ‘nothing-at-stake’.
PoW is better than PoS and a hybrid sistem have other problems (in adition with PoS problems), like:
“Long-range” and “nothing-at-stake” attacks are theoretical attacks that have never impacted a blockchain that correctly implement PoS.
By the way, why would you delete your post (which has for effect to make it invisible) rather than explaining your reasoning and why you changed your mind?
More complexity increases the chances of a possible attack, and in PoS networks, attacks don’t need to be sustained, if PoS suffers an attack, it’s game over, in PoW an attack needs to be sustainable to work, and PoW has been much more tested and in Monero PoW is much more decentralized, the only problem is pools (PoS+PoW and PoS doesn’t solve, on the contrary, it worsens the situation, in PoW+PoS as PoW has fewer miners, and in pure PoS a government or organization can buy coins and manipulate the gain without spending large resources, and governments can just print money).
I deleted my post because I now believe that PoS won’t solve this issue, we need to further improve PoW, which is already well-tested and works well (it’s not perfect, as it still needs improvement), and PoS centralizes too much power in the hands of the richest and creates complexity in the network (which in itself increases the chances of having a vulnerability).
If you want to discuss this further, I strongly recommend joining the Matrix room of the MRL: https://matrix.to/#/#monero-research-lab:monero.social
And Monero room: https://matrix.to/#/#monero:monero.social
I’m glad that more efforts are being made to improve Monero.
couldn’t it work in such a way that it’s hybrid, but PoW transactions are stronger?
PoS verifiers make the process fast, and PoW verifiers will make sure with more effort that the transactions are valid. but if PoS verification gets gamed somehow, PoW verifiers will override it in 10 minutes. Basically a 2 level verification procedure. and everyone who accepts Monero as payment can decide which verification process they want to rely on: the fast one, or the one that can’t be easily influenced by the rich. I think often the latter is not a real concern, like with small value transactions.
maybe we could have a safety system that in case enough PoW verifiers find that a PoS verifier incorrectly verified the transaction, the PoS verifier’s stake could be taken from them.
The cost of attack is cheaper in PoW than it is in PoS.
Not in the case of the finality layer proposal from Luke Parker
Heh, not really true. They proportionally get the same. It’s a percentage, not a fixed revenue
IMO, while a hybrid approach might be eventually necessary, I don’t see PoS as part of the solution. But there are viable solutions (see below).
The problem with Qubic is that a few players can (temporarily) disrupt the network. The tokenomics of Qubic allow it to attack temporarily but it will ultimately fail by that same tokenomics. With PoS, the problem is that a few players (the stakers) can disrupt the network. The requirements for staking (e.g. not turning off your machine for a set period of time, etc) encourage people to stake with a service so it encourages non-custody and centralization. And since PoS gives stakers more stake, their power to disrupt can only grow.
So you’re trying to fix one set of disruptors by adding a second set of disruptors. Not exactly a solution, IMO.
Of course there’s slashing. If it’s purely algorithmic slashing, then it can be gamed and taken advantage of by either disruptor. If it’s “trusted individuals” then you’re just adding another set of disruptors to the mix. With so much complexity and potential for collusion, it’s almost certain that failure will eventually result.
So what’s possible? There are other consensus mechanisms that greatly reduce block reorderings like GhostDag (see Kaspa) that might be used to support the current PoW. Nano also has no transaction fees and seems to keep working. Instant validation of mutually agreed upon transactions also work if both parties are online at the same time (it doesn’t work otherwise). If I give you cash, and you accept the cash and give me a receipt for that cash in real life, I don’t need a third party to validate it so it would be wrong for a third party to not confirm it on the blockchain as finalized. You can even add the condition of having both parties have a copy of the receipt and both parties have to sign it. That extra condition is usually a part of the transaction of big ticket items like houses for extra security. True this approach wouldn’t work if one party is offline, but since I estimate for over 90% of transactions both parties are online (since NFC cards aren’t common but phones and computers are), this approach would all the blockchain to keep working even if there is an attack. The other supports are there for offline transactions.
It’s true that some of the staking will be done on centralized services but that’s no different to how mining pools centralized hashpower. I don’t know GhostDag but I’ve heard that Nano is not really secured. Most blokchains that have experimented with DAGs at some points, have walk back to a more classical blockchain (Avalanche for instance). I’m not saying consensus based on DAGs data structure can’t be an option but classical blokchain + PoS have been a lot more battle tested. DAGs are still a bit exotic as far as I understand.
I’d like to know more on that