Proof of Stake and "Weak Subjectivity"

1 Like

I enjoyed this article. The entire blog is fantastic. Vitalik is crazy smart.


Yet another demonstration of how we are still under the radar: Vitalik is unaware we solved the nothing at stake issue in version 0.4.0. The solution sigmike and I designed is much more elegant than using deposits.


Perhaps you would like to go into more detail in a comment on his blog post? That would bring awareness to the entire readership. BTT thread

1 Like

I would love to see someone take a look at Jordan and sigmike’s solution and give their thoughts.

I posted info about the change Sigmike made in the thread miner linked to…


So what you are doing is essentially discarding new blocks associated with duplicate stakes.

I approve of this decision. It is not a full resolution of nothing @ stake though.

There are two distinct of nothing @ stake issues.

  1. The possibility that miners will mint on every fork they see to maximize block output.

  2. The possibility that someone who owned a whole bunch of coins in the past will build on the distant past.

You certainly cover the first. The second issue is much trickier and I’m not sure if you have it covered. Let’s examine the second issue for a moment.

Suppose for example, that pirate held 51% of all coins at some point in the past. He didn’t, but you could see how this might happen. Pirate was supposed to have held 20%. Given that only a fraction of stake actively mines, even 20% could be enough.
Pirate no longer owns these coins, but decides to take them back. To do this he uses his 20% of coins to build a private blockchain. If the % of miners actively mining on the main chain is less than 20%, eventually pirate will overtake the main chain. A checkpoint, of course, could prevent this.

I don’t think you can address this issue with your system duplicate stake detection. If you apply duplicate stake detection over a long-time range, miners will get stuck on a fork when they download the wrong block (or set of blocks) by accident. Ways of addressing this issue include:

  1. Checkpoints
  2. Downloading candidate blockchains in their entirety. Computing a set of suspect inputs associated with duplicate stake or double-spending within the candidate blockchains. Recalculating total chain difficulties for each blockchain after subtracting out blocks signed by the set of suspect inputs. Selecting the true blockchain based on the recalculated total difficulties.

(2) is essentially a form of long-range duplicate stake detection. I don’t think Vitalik is aware of this option. I also don’t think any blockchains are using a system like this right now.

1 Like

i think his mind is too recursive.

Benjamin’s analysis is exactly correct.

We have solved this issue with checkpoints that are hard coded in the source code with every release, which you correctly identified as a solution. These are quite different from the checkpoints that can be issued by Sunny King in Peercoin. Nu doesn’t allow checkpoints to be issued in real time by a trusted party. Bitcoin has the exact same implementation of checkpoints that Nu has.

So we completely resolved all the issues.

You might want to take a look at this record and see what has been discussed and what conclusions the peercoin community has made.

I don’t mean to imply that nothing@stake is a security risk for nubits.
As Jordan Lee mentioned, solutions are in place for both types of nothing@stake attacks. The solutions used by nubits are short-range duplicate stake detection and long-range checkpoints.

I just wanted to clarify that

  1. duplicate stake detection as implemented in nubits does not obviate the need for long-range checkpoints.
  2. It is possible to use a different form of duplicate stake detection that allows for well-defined consensus without checkpoints. I don’t think Vitalik is aware of this alternative method.

I don’t think long-range checkpoints are bad. But even if you are absolutely opposed to them, you do not need to reject POS. You can have an alternative flavor of POS that generates long-run consensus without any checkpoints.

Vitalik’s answer:


I posted a reply to Vitalik’s answer. I don’t know if he’ll see it, though…

He did see it and he did answer it:

Right. He said

So, the system still relies on weak subjectivity

So, according to him, the peercoin/nubits solution embodies what he has learned to love. Welcome aboard, Vitalik! :smile:


can you care to sum up what weak subjectivity is…I tend to think that vitalik prose is too complicated for me…:slight_smile:

Vitalik and Sunny are admiring each other, no secret here :slight_smile:

do u have a link that shows that sunny likes ethereum?