RE: Scaling, Decentralization, Security of Distributed Ledgers (part 3)

But the notarization relies on the security of the random beacon, which is only secure up to the chosen safety threshold of ⅔ (and a ⅓ liveness threshold) as stated in §7 DECENTRALIZED RANDOMNESS BEACON on pg. 9 where ƒ is the number of Byzantine nodes, t is the number of nodes for quorum, and n is the total number of nodes:

For simplicity of exposition we describe the random beacon protocol for a single group G with |G| = n and n > 2ƒ(G).

The adversary cannot predict the outcome of such a signature if ƒ ≤ t − 1 and cannot prevent its creation if ƒ ≤ n − t.

Slight correction and clarification is needed on the quoted DFINITY analysis.

Note their whitepaper is presuming ½ safety and liveness thresholds, but I presume ⅔ safety and ⅓ liveness thresholds, because their assumption is unrealistic about proof-of-stake security.

Also I wrote:

¹ _{It seems every whitepaper including yours and DFINITY’s presume that the long-range and nothing-at-stake vulnerability only applies if the safety threshold is exceeded. But @‍monsterer2, @smooth, and myself (as well as other experts) have explained that (c.f. also) the unlimited profits of cost-free nothing-at-stake means that there’s no cost that is too high for obtaining the necessary stake to exceed the safety threshold. Thus it is disingenuous to claim that nothing-at-stake only applies when the safety threshold isn’t exceeded. Proof-of-stake is entirely not viable as a widely deployed solution on the Internet if the nothing-at-stake vulnerability is not ameliorated. Note Ouroboros does discuss this vulnerability and names it the “Past majority attack.” These extant proof-of-stake systems only function because an oligarchy is in control milking the users. The oligarchy prevents the “Past Majority Attacks” yet extracts maximum rents in other numerous ways, such as monopolizing the rewards, fees, and doing market price manipulation.}

And I wrote:

in DPoS, depending on the amount of validators, a group of whales can easily obtain total control of the validator elections, while in PoA this kind of control seems theoretically possible, but very impractical

I seem to strongly disagree with your characterization of reality. Why do you think it is impractical for an attacker to obtain 50+% of the stake? Actually AFAIK that is the norm, not the exception as I had explained in an earlier post in this thread. For example, launch an ICO then buy your ICO from yourself cost-free and surreptitiously taking 80% of the money supply. Or walk away from the development and let it crash to 50 satoshi per token, then buy it up for cheap and then restart development. Or buy it cheap in the next crypto-winter when alts are dead again. Or simply buy the 50+% on the open market and after obtaining it, recoup all the costs by increasing transaction fees to the maximum that the ecosystem can bear. And take all the block rewards and all the transaction fees for every block forever at no additional cost. I have an unanswered question in prior post for @shunsaitakahashi about how he plans to solve the problem of transaction spam and allowing the market to set the transaction fees without enabling the oligarchy to raise transaction fees to nosebleed levels? That is the fundamental insoluble problem for Bitcoin and the block size issue.

This is a fundamental reason why all proof-of-stake systems are run by a 50+% oligarchy behind the curtain. Seriously AFAIK this is the reality. Do you know something about this specific issue that I don’t? (intended sincerely as a question not condescending rhetorical)