elective-stereophonic
elective-stereophonic
The PoMAS (Proof of Minimum Aged Stake) Algorithm [Updated 5/11/2015] singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Nxt Client: Nxt 1.11.15

Author Topic: The PoMAS (Proof of Minimum Aged Stake) Algorithm [Updated 5/11/2015]  (Read 1527 times)

colin012

  • Hero Member
  • *****
  • Karma: +65/-18
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile

The Proof of Minimum Aged Stake Algorithm
PoMAS

Introduction
     The Proof of Work (PoW), and Proof of Stake (PoS) algorithms both have fatal flaws. First of all, both algorithms are vulnerable to Greater than Fifty Percent (>50%) attacks. In PoW algorithm cryptocurrencies, if any one person or group of people controls greater than 50% of the computing power (which is a real risk with large mining pools) then the blockchain can be rewritten. In PoS algorithm cryptocurrencies, if any one person or group of people controls greater than 50% of the currency itself which may seem an impossible feat except for the fact that in PoS currencies, the rich are always accumulating a greater percentage of coins with every block they are awarded which inevitably leads some individual or small group of people owning more than 50% of the coins.

     Aside from this, there are other issues with each algorithm. In PoW algorithm cryptocurrencies, a large amount of electricity is used up mining, which is wasteful and expensive. Further, it relies on a central hashing algorithm, which is weakened or broken by advances in cryptography and/or computing, can lead to attacks on the blockchain. In PoS algorithm cryptocurrencies, the rich always get richer which causes social and economic problems therefore making PoS currencies ineffective for widespread use.

     This whitepaper aims to explain a new type of algorithm for use in a cryptocurrency, called the Proof of Some Aged Stake algorithm, with the lofty goal of eliminating the aforementioned problems with PoW and PoS algorithms. This is achieved by selecting the miner of the next block in a deterministic, yet unpredictable way. This is so that anyone in the network can confirm the legitimacy of that miner's right to that block but cannot tell who that miner will be before the previous block goes through.

The Meaning of "Minimum Aged Stake"
     This algorithm relies on the ageing of an account's stake to verify that the account was not expressly made to claim a block in the near future which is why it is said that the stake is "aged." However, it does not matter how much stake an account has when it comes to who gets to mine the next block so long as they hold a minimum amount, which is why it is said that the account has a "minimum stake." Together, the algorithm proves the account has, at least the "minimum stake," not necessarily a large stake, that has been "aged" for some period of time. Hence, it is said that there is "Proof of Minimum Aged Stake."

The Decision Among Eligible Accounts

Choosing a 256 Bit Number
     Among accounts that are deemed eligible to mine the next block (i.e. they have a minimum stake that is sufficiently aged), one is chosen based on the signatures (there are 2 block signatures discussed later) of the block that came before it. The length of those signatures must be at least 256 bits long and a multiple of 256 bits long because those signatures gets signed with 256 bit signatures and it is ideal that every 256 bit output is as evenly represented as possible for any single account signing them. If the signature is between multiples of 256 bits in length, some 256 bit combinations are guaranteed to represented more often than others for a single signing account. If the signatures lengths together only total 256 bits long, then even one collision between 256 bit inputs guarantees that one 256 bit output is not represented at all for a single signing account; if they total at least 512 bits long, it is much less probable that one output is not represented for all given inputs and a single signing account. Now, because the more multiples of 256 bits means more evenly represented output, the transaction signatures are added to the block signatures before they are all signed together.

Selecting Who's Block to Use
     The block is selected based on whose signature produces the largest 256 bit number. To prevent everyone from submitting their blocks all at once and slowing down the entire network, a new group of possible winning values, starting at the top, is selected every second and stays open of 10 seconds. It follows this equation to determine the end of the next eligible group:

2256-1-(s+1)X(2256-1/60)

     The beginning of the next eligible group can be determined by the end of the last eligible group minus one. After 10 seconds of being eligible a group is no longer eligible. If no eligible group submits a block after 70 seconds have passed, eligibility is expanded to all accounts with a balance greater than 0. If a valid block has been submitted and the eligibility window closes on it, it becomes the new block and the second block signing period opens.

The Second Block Signature
     Because it is feasible that one could add transactions to themselves to the block they are making and manipulate the signature to improve their odds of winning a second block, this block must, itself, be signed by another person who does not have control over the transactions included in the block. For this reason, after the first block is accepted, a second block signer is selected in the same way as the first. It uses the same set of eligible accounts as was used for choosing the block creator with the exclusion of the account that signed the first block. The 70 second countdown starts over so that accounts who missed their window to be the block creator have a second opportunity to sign the block.

Determining Which Accounts are Eligible

Minimum Requirements
     Because it is feasible that someone may be able to predict which possible block is selected the block before it, a minimum of 3 blocks of stake ageing are required to insure that people don't fund new accounts with numbers designed to get the new blocks as soon as they come out.

Limiting the Use of Multiple Accounts to Increase Mining Chances

Minimum Stake
     In an effort to help cull this behaviour and to make 51% attacks more expensive, variable minimum balances should be employed block to block. The minimum balance should be such that the value of itself multiplied by the number of accounts it would allow to be eligible is at a maximum while the number of accounts it would allow to be eligible is at least 50% of all accounts with balances. In this way, the cost of a 51% attack is maximized while still allowing at least half of users to participate.

Fees for Funding Accounts with Zero Balance
     To further discourage this behaviour and increase the cost of a 51% attack, variable fees should be applied to funding accounts that don't have any balance. This be such that, with current averages, the mining reward for mining less than 1,000 years is not worth while. This can be represented as follows:

fn=365,242Rn-1Rn-1/1+En-1

Where fn is the fee for the new block, Rn-1 is the average mining reward per block over that past 1,000 blocks, Bn-1 is the average blocks per day over that past 1,000 blocks, and En-1 is the number of eligible accounts in the previous block.

More to Come...
« Last Edit: May 11, 2015, 07:31:52 pm by colin012 »
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

k_day

  • Full Member
  • ***
  • Karma: +12/-0
  • Offline Offline
  • Posts: 149
    • View Profile
Re: The PoSAS (Proof of Some Aged Stake) Algorithm
« Reply #1 on: April 29, 2015, 03:39:26 am »

No time to get through all of this tonight, but I read the intro.

How is this different from the concept of coin age like Peercoin and others use?
Logged
NXT --> NXT-BY7Y-UB4X-6Z3C-8PP3V

colin012

  • Hero Member
  • *****
  • Karma: +65/-18
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
Re: The PoSAS (Proof of Some Aged Stake) Algorithm
« Reply #2 on: April 29, 2015, 12:50:25 pm »

No time to get through all of this tonight, but I read the intro.

How is this different from the concept of coin age like Peercoin and others use?

As far as I am aware, Peercoin is still a true Proof of Stake coin where the more coins you have, the more coins you get from "minting" as they call it. In the system I am presenting, it doesn't matter how many coins you have as long as you have more than 0.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

ChuckOne

  • Hero Member
  • *****
  • Karma: +293/-17
  • Offline Offline
  • Posts: 3450
  • ☕ NXT-4BTE-8Y4K-CDS2-6TB82
    • View Profile
Re: The PoSAS (Proof of Some Aged Stake) Algorithm
« Reply #3 on: May 04, 2015, 09:37:23 pm »

No time to get through all of this tonight, but I read the intro.

How is this different from the concept of coin age like Peercoin and others use?

As far as I am aware, Peercoin is still a true Proof of Stake coin where the more coins you have, the more coins you get from "minting" as they call it. In the system I am presenting, it doesn't matter how many coins you have as long as you have more than 0.

So, rich guys simply distribute their stake to 1000s of smaller accounts and therefore have effectively a higher change of generating a block?
Logged

colin012

  • Hero Member
  • *****
  • Karma: +65/-18
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
Re: The PoSAS (Proof of Some Aged Stake) Algorithm
« Reply #4 on: May 07, 2015, 05:46:28 pm »

No time to get through all of this tonight, but I read the intro.

How is this different from the concept of coin age like Peercoin and others use?

As far as I am aware, Peercoin is still a true Proof of Stake coin where the more coins you have, the more coins you get from "minting" as they call it. In the system I am presenting, it doesn't matter how many coins you have as long as you have more than 0.

So, rich guys simply distribute their stake to 1000s of smaller accounts and therefore have effectively a higher change of generating a block?

That is the only problem I see so far in PoSAS but I think it is preventable. The trick is making it so that doing something like that is more trouble than it is worth. I have toyed with a few ideas in my head but I think I have come up with few ways that, when combined, will successfully make this behavior more trouble than it is worth:

1.Variable minimum Tx fees for funding accounts with 0 balance. The trick to this is making a minimum TX fee expensive enough so that the extra forging profit received by the extra account will not exceed the fee spent to fund it for a very long time. 100 years should suffice. This presents a new problem: no one will want to fund new accounts at all due to the high fee and this makes a barrier for new users. To aid in this, a special smart contract can be made where the "sponsor" of the new account is automatically paid back.

2. Requiring a fee for ever account sending funds in a single TX. This makes it so that people with funds spread across multiple accounts must pay more to use them together and that in order to even use funds from an extra account, it must have more than the minimum TX fee.

3. Variable stake age requirements. This would mean that for people funding a large number of accounts, the accounts they fund must wait longer to be eligible. Accounts with sponsors that aren't eligible to forge must wait as long as their sponsor has remaining to wait or a period of time dictated by the normal wait time formula. The wait time will automatically be lowered if they are funded by a sponsor with lower wait time for accounts it funds. So, let's say someone is funded by a sponsor and must wait a year but a different sponsor with only a wait time of 3 days, then they would only have to wait 3 days.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

jabo38

  • Sr. Member
  • ****
  • Karma: +40/-38
  • Offline Offline
  • Posts: 381
    • View Profile
Re: The PoSAS (Proof of Some Aged Stake) Algorithm [Updated 5/1/2015]
« Reply #5 on: May 10, 2015, 06:14:26 am »

1) NXT already has aged stake so you are about 1.75 years behind BCnext. hehehehe. 

But seriously, it does, it is just all or nothing over 24 hours.  The is a very important security feature.  As the NXT blockchain is immutable after 1440 blocks, but the coin age is also 24 hours.  So this effectively prevents somebody from faking they have a bunch of coins and attacking, because those coins will have to have been aged in.

2) NEM takes this a bit farther and the NEM chain is immutable after 360 blocks but coins are aged in over around 30 days.  The formula is basically 10% of the remainder that is not yet vested.  And while this just makes it that much harder to pull off NAS, I think the NXT method has been proven secure.  After a year and a half of people claiming NXT can be attacked, yet nobody ever doing it, I think just making the coin age requirement longer than the blockchain's reconfiguration age and one is safe. 

3) NXT (and NEM) are still susceptible to a good ole fashion 51% attack if somebody was able to collect keys for 51% of the coins, and while PoSAS would slow this down, it wouldn't stop it.  If somebody accumulated 51% of coins in PoSAS, I'm guessing they could still take over the chain, they would just wait a little longer than a day as the coins were aged in.
« Last Edit: May 10, 2015, 06:17:14 am by jabo38 »
Logged
Never Enough Money

colin012

  • Hero Member
  • *****
  • Karma: +65/-18
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
Re: The PoSAS (Proof of Some Aged Stake) Algorithm [Updated 5/1/2015]
« Reply #6 on: May 12, 2015, 06:18:30 pm »

1) NXT already has aged stake so you are about 1.75 years behind BCnext. hehehehe. 

But seriously, it does, it is just all or nothing over 24 hours.  The is a very important security feature.  As the NXT blockchain is immutable after 1440 blocks, but the coin age is also 24 hours.  So this effectively prevents somebody from faking they have a bunch of coins and attacking, because those coins will have to have been aged in.

2) NEM takes this a bit farther and the NEM chain is immutable after 360 blocks but coins are aged in over around 30 days.  The formula is basically 10% of the remainder that is not yet vested.  And while this just makes it that much harder to pull off NAS, I think the NXT method has been proven secure.  After a year and a half of people claiming NXT can be attacked, yet nobody ever doing it, I think just making the coin age requirement longer than the blockchain's reconfiguration age and one is safe. 

3) NXT (and NEM) are still susceptible to a good ole fashion 51% attack if somebody was able to collect keys for 51% of the coins, and while PoSAS would slow this down, it wouldn't stop it.  If somebody accumulated 51% of coins in PoSAS, I'm guessing they could still take over the chain, they would just wait a little longer than a day as the coins were aged in.

1. I am very aware of this. I would call NXT PoAS rather than PoS.

2. Same as 1 bit for NEM.

3. A 51% attack on PoSAS would require 51% of all accounts with a stake, requiring large stake holders to split their stake up amount multiple accounts and pay the TX fees for each transaction IN Addition to having the funds to supply those accounts with. By controlling that fee, it can be made more expensive than 51% of coins (even past 100% of coins) to control 51% of accounts though they don't necessarily have to control all these coins at the same time.

PoMAS (my most recent update to PoSAS) takes this a step farther by introducing a minimum balance greater than the smallest possible unit of coins. By controlling this value, you control the necessary stake held at a single moment to gain 51% of eligible accounts. If the minimum balance is 10, and there are 100,000,000 accounts with a minimum balance of 10, then to control half of the accounts, you would need to control (0.5*10*(100,000,000+1))+10, or 500,000,015 coins at the same time. This is in addition to the one time fees necessary to fund an account with 0 balance. Because one would have to simultaneously control a very large number of coins (as it is with NXT's PoS) AND pay many one time fees to place those coins in new accounts (the sum of these fees may even exceed 100% of all coins in existence), it is even more secure than PoS as far as the cost of a 51% attack.

Making it secure against other types of attacks (such as Future Control attacks where a user manipulates the block they submit to control the account that gets the next one) is where it becomes difficult. I suppose it would also be possible to perform a Time Window Control attack where a user runs a DDoS on public nodes to shut them down for the time windows before their submission becomes eligible to improve their odds of getting a block. This could be avoided if the window, after time eligibility was initially met, lasted until 10 seconds after a valid block was received rather than 10 seconds after becoming eligible.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬
 

elective-stereophonic
elective-stereophonic
assembly
assembly