Have we solved these two problems? Maybe an old question

From Factom whitepaper.

Some with a deep understand of Bitcoin have recognized that pure PoS consensus
mechanisms are fundamentally flawed . There are two attacks that make pure PoS unworkable.The problems are referred to as “Stake Grinding” and “Nothing at Stake”. Although Factom has PoS elements, it does not suffer from these problems.

Stake Grinding
Stake Grinding is a problem where an attacker with a sizable (say 10%), but not majority share can formulate false histories. From some point in history, they can costlessly fork the
blockchain, choosing to reorder past transactions such that their stake is always selected to create the subsequent blocks. They would be able to present this alternate version of history as part of an attack to steal value by double spending. Bitcoin solves this problem by strongly linking the information domain, where computers make decisions, with the thermodynamic domain, where humans burn energy. Considerable resources are expended in the thermodynamic domain, and is provable in the information domain. Bitcoin makes forming false histories hugely expensive.

Factom is unable to create alternate histories after the fact, since it is unable to insert
transactions into historical Bitcoin blocks. It is also unable to create parallel histories without being detected, since Factom is linked to Bitcoin with known Bitcoin private keys.

Nothing at Stake
The Nothing at Stake problem is more subtle. With a policy disagreement in Bitcoin, miners must choose either one policy or the other. If they choose against the majority, they will be burning lots of electricity without a chance of recouping costs. PoS miners do not face this dilemma. They can hedge their bets and costlessly create forks complying with each side of the policy. They would simultaneously agree with both sides of the disagreement. This would open up the economy to double spend attacks. One of two merchants following different forks will ultimately have that money becomes worthless.

Bitcoin solves this problem by having unintelligent unambiguous automatable rules for selecting the correct fork. In Bitcoin, the correct fork is the one with the most Proof of Work (PoW).Factom will also have unintelligent unambiguous automatable rules to select a correct fork, should one arise.

Below are my current thoughts. Disclaimer: I could be wrong.

I think this is solved by having a maximum chain re-organization depth. Forming a false history will require a reorg, so by limiting the possible depth, you limit this attack. Blackcoin uses a max depth of 500 blocks, for this reason.

There may be a solution here wherein minting on forks is punished. In the case of a fork, if a given utxo mints on two competing chains, both rewards are forfeit. @sigmike might be able to comment further on this, as I seem to recall he helped to invent this defense mechanism.

PPC doesn’t have these problems because it has centralized checkpointing. Yay! :wink:

N/B&C has no centralized checkpointing.

Maximum chain re-organization depth is not a solution to that because an attacker could target users downloading the chain from scratch, and the result would be a fork.

Peercoin already had a max depth reorganization before the Blackcoin fork because of the stake modifier calculation (it’s about a couple months IIRC). Maybe they added an explicit one though.

But Blackcoin did solve the stake grinding problem by using a dynamic stake modifier. But their solution introduces some DoS vulnerabilities.

Sunny King recently added his own dynamic stake modifier to Peercoin 0.5.0: https://github.com/ppcoin/ppcoin/commit/9bbc395388f7aee75930bc78eb65cff8fa47cd23. He did that after NeuCoin released their detailed analysis of Proof of Stake and the discussions that followed.

Indeed. It’s active in Peercoin, Nu and B&C.