The reason why I love this community is that the question of PoS is being brought up for network security reasons and not for the economic benefit of the token holders. This forum really is a breath of fresh air in the crypto community.
So, it comes down to math. We need to maximize the cost of an attack. By cost I mean the total investment in hardware + recurring energy/bandwidth costs x time to achieve 1/3+ of elders. Since that cost is relative to the proportion of honest nodes on the network, then it becomes a balancing act. What does the normal honest farmer look like, and what does an attacker look like?
Maidsafe may have a substantial initial farming setup, which they know they can trust, but outside of that I’d be weary of counting on any “trusted” member. I’ve been in this forum literally since day 1 and would not dream of asking the community to “trust me” with anything. If you ever see me saying “trust me” then run away from me, as it will either be an impostor or I will have been corrupted/coerced to scam you. I totally subscribe to the “don’t trust, verify” motto of the bitcoin community.
Now, even though this project and community are altruistic in nature we must not be naive. There is a lot of money on the line (not only ours), and Maidsafe has some very powerful competition in this space. I remind you that a direct competitor raised in excess of $205M in their ICO, which I believe is many times what Maidsafe has available to them. Outside of crypto there are very big companies with significant investment in cloud storage which Maidsafe will compete against. Any exchange that lists our coin and allows for shorting of said coin is widening the number of potential attackers who could benefit economically from a successful attack.
So I don’t care if we are altruistic. You can mark these words: “whatever can be exploited, will be exploited”.
One thing I predict is that all the potential threats will likely come from data centers, not from individual machines running from people’s homes. For this reason I suggest that known IP ranges from the big cloud computing platforms are banned from becoming elders, at least in the early stages of the network.
Back to the OP and PoS, I keep thinking about it and keep coming to the same conclusion. Any PoS requirement will likely help the attackers, because they can afford to pay more than we can.
The quote above and the one below contradict with each other:
You claim on one hand that it would weaken the security while on the other hand you say: No SAFE is secure. You can’t have it both. If Farming means you just need an address without an account you should be good and secure with so staking as well.
Maybe I not really understand what you mean here, now it’s like you say: No there is no security in that again.
This one I don’t get. Safecoin will need Vaults to keep balances anyway… Unless we would all pay with rounded Safecoin. But we won’t. If someone needs to spend 0.00001 Safecoin there’s an index somewhere knowing which address owns what. Same for Farming.
Thanks for your honesty. Yes I’m still with some sort of Staking some Safecoin unless we’re at several millions Vaults. You claim it simplifies the network for the attacker, I actually think it would make things more complex for them.
Yes, this is it. And because you can buy a lot of these cheaply in the cloud, there’s risk for an attack when the network is too small. It might take up to 2 weeks or maybe 3. But after some time even the bad folks become Elders in the groups. That’s why I came up with the idea to request some Safecoin at stake as well. We could even say: no staking, but just burning some Safecoin, maybe worth several dollar if you want to Farm. That way you make it way harder for an attacker…
If the Evil Farmer burned/staked several USD per Vault in Safecoin they might loose it all if their attack fails. That’s a risk for them.
It adds to the original cost of hiring bandwidth and CPU in the cloud. They really have money at stake now.
If it cost you 400.000 USD just to start 100.000 Vaults with the risk of loosing it all if your attack fails, than that’s a real problem for them.
On the other hand, if you’re a Farmer from home… Staking some dollars worth of Safecoin isn’t really a problem. These people buy loads of GPUs these days just to mine Monero or Ethereum.
400k USD is nothing to FiIecoin. That’s less than 0.2% of their economic resources.
Amazon makes billions annually from its web services (AWS) business. 400k USD is nothing to them.
My post was long, so perhaps you missed the bit at the end:
So … I agree with neo mostly … I doubt that staking will be necessary, but would propose some ideas if it were to be initiated … I’m sure both neo and polpolrene can shoot them all down straight away, but nothing ventured nothing gained - ideas need to be free.
don’t use Safecoin - use a new separate staking token
give out staking token to forum members based on time and/or activity on the forum - so built in aging/reputation.
require staking only for senior nodes
add an algorithm to reduce required stake relative to total number of nodes which transitions to zero when a ‘safe’ level of nodes are operating.
So, this is an incentive to join the forum and get involved. It is also rewards those who have been here for a while and have kept the faith. It automatically goes away as node number increase. And I’m sure there are a dozen reasons why it won’t work. But it was a fun thought experiment. Now on to my next task …
Not complex (in fact the opposite) but expensive which is a different matter.
If what we are considering is facing a very powerful enemy, allow the defence to a basically monetary aspect is precisely the opposite of what needs to be done.
If we also punish the most unprotected, which are those who will not be able to pay the entrance, the thing not only becomes more insecure but undermines the ethics of network.
And if exists ways that this attacker benefits economically (and exist), the network are shooting themselves in the foot.
I’m trying to find something good in this proposal and, truthfully, I do not find any.
Sorry if I look like rude, this british forum is, sometimes, too much polite for what I’m used to.
Aside from the principle (excluding those with less money) doesn’t this also make it harder for everyone to farm, and especially those who we want most (the majority who have relatively few resources)?
It seems counter productive to make it harder for the majority (those with less) to farm, as it will inhibit growth. So on the one hand it deters attackers, but on the other slows network growth and keeps it more vulnerable to attacks. So it’s not clear if the idea improves things or makes them worse.
I haven’t followed the full thread, so sorry if this point has already been made - if so please point it out so I can see the response.
The biggest con is indeed that everyone needs some Safecoin to start… But this didn’t prevent mining pools from other projects to still attract loads of people that even paid big dollars for some GPU. SAFE allows almost anyone to Farm, without the need to buy a GPU or some ASIC. So I’m not that scared that we exclude that much people. It’s there only until we reach several million Vaults
This depends for a big part on the amount of storage we’ll see in the beginnings of the network. Let’s say we’ll jump to 40.000 Vaults in a few days… Loads of storage available. So Farming Reward goes down, people make less and some of them will even stop Farming. That’s a problem! Now some attacker could start something like 20.000 Vaults and take over some groups after becoming Elders.
Now look at the dynamic of my little Stake idea:
It costs Vaults like 4.40 USD (just an example) to begin Farming. It will be staked and you only get it back after you become an Elder and reached a certain age within that level. So here’s an incentive to keep mining even if it’s not profitable…
On the other hand it costs some evil group at least 88.000 USD to start an attack, apart from hiring the Vaults in a data centre somewhere.
So, for you as a home Farmer it just costs you 4.40 USD for example… Not really a big problem, but this mechanism now forces you to keep Farming until you at least get that money back…
For a group that says: “Hey, the SAFE Network is still small, let’s attack it” it cost them 88.000 to begin with. And they probably find that too much of a risk because they even don’t know if that attack will suceed.
When the network really grows to several million Vaults this protection is no longer needed. Hope you get the point I’m making here because some don’t really get it I think.
It isn’t just a matter of cost/stake, it’s both that and also having to obtain Safecoin in the first place which is quite a hurdle for the masses we need to attract in order to grow big enough to take off the stabilisers!
I don’t think we want to be as big as bitcoin in terms of miners, so that’s not a positive comparison for me. We want to be a lot bigger and much faster. I think we want as low a barrier as possible to begin farming because we want literally everyone who has suitable hardware to be able to join, and for the network itself to protect itself from attacks.
I’m not saying we won’t need special measures to start with because of vulnerability while the network is small, and this might be a good option, but I’m cautious in case we handicap network adoption while trying to grow it to a self sustaining size. It doesn’t feel like a good option to me at this point because it could easily have the opposite effect to that intended, and I’m not sure how it can be evaluated to ensure that’s not the case. So I urge caution and would like to hear other ideas.
Alternatives?
The ideal is to start large and grow fast, and if that fails, then try anew. Being lazy I am often inclined to do the simplest or easiest.
One reason I favour that approach is because there is little incentive to attack a network that isn’t proven, and I think we tend to overdue the paranoia because we see how big a change this project promises, and we are sure it will happen. And let’s face it, a lot of us are here because we’re a bit paranoid (with good reason!) about what’s happening in the world.
But I’m skeptical that others see this as likely, or a big enough threat to want to spend a lot to try and stop it. And if we can just step back and have another go, their costs rapidly escalate, meanwhile we can be rallying support to defend this great innovation from sabotage.
I see this as a delicate balancing act and, somewhat, as a conundrum. How do you generate enough benevolent participation in the beginning to safeguard the network against sophisticated, well-financed acts of sabotage but at the same time keep it low-key so as not to shake the behemoths of the world unnecessarily? Stealthy launch is probably called for and, then, before the sleeping giants know it, the genie will be out of the bottle.
Just two points why would someone attack SAFE network just for fun and clean one of many competitor, when they offer something really different and if attacker will be known, it will bring very bad publicity to them and can loose much more then expected, while SAFE network in a worst case can make restart and run smootly weeks later with much bigger publicity forever.
If it is clear a big attack on the SAFE network has taken place, it is probably good publicity. Also how difficult is it to do an attack with a lot of vaults and staying unknown?
If I’m a new SAFE user with no safecoin how do I create a vault to GET safecoin to create a vault to farm safecoin? Assume I’m a user that knows nothing about exchanges and is new to cryptocurrency and is not inclined to spend REAL money on this SAFE network thingy.
I was saying IF. I gave the issues IF you did weaken account security
IF you weaken account security so that a section can read the account info then a baddie can read everyones (in the section) account info.
But in actually SAFE is secure so that a section NODE’s cannot read the account info and thus CANNOT read how many coins you have so PoS is impossible without changing the core security concept.
Yea if you combine the “IF you change things” with “what it is actually” then they will contradict won’t they
Vaults DO NOT KEEP Balances. Where did you get that one from. There is no mechanism and also it removes security to attempt to do so.
When a vault is given a coin all that happens is that a coin is created and the owner is set to the ID stored with the vault and a message is sent to the ID. The vault isn’t even being told it earned. But this may change with the response from the coin create attempt. (true/false)
No no no no The core code is given the information from the user who CAN access their account. The addresses are supplied through the API. The only list is kept by the user, usually in a wallet record and that is encrypted. The network cannot decrypt that even if it knew where to look.
The network (NODES) cannot see this information. If they could then a bad NODES could read everyones info that uses that section.
I think you missed the basic security issue here
Account information is Encrypted on the network. Only decrypted on the users device using the account secrets.
No NODE can read anyones account record or any list of coins they may have stored somewhere
The network has no way to know where to look for any coin list the user has. And the coin list is encrypted.
To provide a mechanism to see the list or account info by the section then breaks SAFE security and allows all NODES in a section to see account info of everyone. If the section can read the account info then everyone can, the NODEs are run by people remember and they can patch the code to disclose any unencrypted information.
Oh and the point about PARSEC was missed entirely.
One of the MAJOR selling points of PARSEC is that it is permission-less.
Permission-less means you do not need permission to be a part of it.
PARSEC permission-less is compared to PoS permission consensus and considered better than PoS
So you will make PARSEC permission consensus and broken one of its major selling points. Actually it is changing PARSEC to a PoS system.
Based on one of your own proposals like [this one] for example (Proposal for SAFEcoin division - read datastructure topic first - please discuss). Vaults have different personas, so client_manager etc. If you want to spend a divided Safecoin somehow that address needs to be frozen. And you also need an index somewhere to register who has what balance. There’s also a PUT-balance for example. That is on a per-token-base so you can indeed not know someone’s whole balance. But there is an index per coin if it’s divided. Not in the code currently that’s correct.
We can go on in circles here but I don’t think that’s the case. Staking in this case could mean that you make a public transaction recorded in a datachain. SAFE does allow for public transactions. So you could drop some Safecoin on an address… Nobody knows where it did came from…
Next thing you become part of a group and that group says: Do you have Safecoin? Give us that address (could be made public) and remove your ownership. Now it’s just an address and you burned maybe 3 or 4 Safecoin on which the group reached consensus you did. Now you’ve spent 4 Safecoin just to be able to farm and nothing is changed to PARSEC. It was just used to reach consensus on the fact you did burn some tokens.
Once you get to the level of Elder and get your coins back you could be allowed to Farm until you succeeded in getting these Safecoin (different ones probably) back. You move these to a non-public address again and you’re good.
You just download the binary for that and start Farming. That’s how it is now. If my idea got implemented you started the software (Vault) and it would ask you for some balance. That’s indeed a problem if you don’t have any money or can use an exchange to buy/sell. But it’s until the network is at several million Vaults. From that point on I think it’s close to impossible to take over a group.
And if you read it it is the section’s own wallet data structure so obviously the sections can read it. It is their own data
AGAIN NODES cannot read the data that is not theirs. Account and wallet data is not theirs. A vault is not an account. Its only holds a single value, the ID, that the vault has and the ID is sent the coin, not the vault.
Well it is.
Its plain english. PoS is a permisson based consensus.
PARSEC is a permission-less consensus
They are DIFFERENT things and including PoS into SAFE is to remove permission-less.
