Eric Voskuil is a Bitcoin thinker, distributed methods knowledgeable, frequent speaker at main trade conferences and lead developer of *libbitcoin*, the oldest different full node implementation of Bitcoin. In his [cryptoeconomics writings](https://github.com/libbitcoin/libbitcoin-system/wiki/Cryptoeconomics), Eric solutions the hypothetical, “how does Decred fail?”:

> Overcoming censorship just isn’t doable in a PoS system, because the censor has acquired majority stake and can’t be unseated. As such PoS methods should not censorship-resistant and the speculation is subsequently invalid.

https://github.com/libbitcoin/libbitcoin-system/wiki/Proof-of-Stake-Fallacy

As for a way this is applicable to the Decred system: the entities which collectively management the Decred ticket pool have the facility to undo blocks assembled by PoW miners, or IOW they’ve the facility to “censor”. In Decred, the ticket pool can vote to undo blocks and destroy “misbehaving” PoW miners by stripping them of block rewards. It is completely the case PoS has energy over PoW in Decred-land.

As a result of it is *theoretically doable* for a censor to acquire the DCR enough for controlling the ticket pool, it follows Decred is absolutely able to turning into now not censorship resistant, if it ever was. This thought experiment is kind of alongside the identical strains because the Zcash trusted setup, in that for those who’re counting on Decred to be censorship-resistant, then you will need to assume the ticket pool is not surreptitiously managed by a would-be censor. Whether it is, then this, women and gents, is “how Decred fails”.




View Reddit by insetteView Supply

bitcoinBitcoin
$
10,574.60
$
10,574.60
0.13%
ethereumEthereum
$
174.78
$
174.78
0.15%
rippleXRP
$
0.256105
$
0.256105
1.15%
bitcoin-cashBitcoin Cash
$
290.84
$
290.84
1.05%
litecoinLitecoin
$
65.50
$
65.50
2.13%
binancecoinBinance Coin
$
23.00
$
23.00
6.58%
tetherTether
$
1.00
$
1.00
0.09%
eosEOS
$
3.25
$
3.25
1.59%
bitcoin-cash-svBitcoin SV
$
130.50
$
130.50
1.05%
cardanoCardano
$
0.044441
$
0.044441
1.99%

10 COMMENTS

  1. considering voting numbers and blocks of votes

    it will be reasonably obvious how many votes are controlled by one entity until they attempt to obfuscate

    and again , why would you vote to deprive yourself ?

  2. I’m not sure I’m a fan of this argument.

    When you put it this way, isn’t bitcoin just as vulnerable to failing or censorship given that it’s theoretically possible for the majority of the hash rate to be controlled by a single entity.

    Not just that but by this metric everything that can fail will fail is sort of what I’m taking away from this philosophy.

  3. I agree that 100% censorship resistance is not possible in PoS but it’s a bit ridiculous to not mention that it is even worse for pure PoW in Bitcoin.

    Do you want the power to censor in the hands of the PoW miners where the incentives are misaligned or do you want it in the hands of the stakeholders where the incentives are more aligned?

    Decred’s hybrid consensus isn’t perfect for sure but it’s better than any alternative I’ve seen, especially after witnessing the repeated pitfalls in BTCs consensus.

    PS: It’s a bit funny that a developer of an alternative BTC node implementation would say that when some Decred developers started out the same way.

  4. This doesn’t make any sense.

    He misunderstands what “censorship resistance” means. It doesn’t mean there is no way to censor it.

    If a government entity wanted to attack Bitcoin they could. It’s as simple as spending the ~$20-40B (my very rough estimate; pick your own) required to buy mining hardware and run it.

    What censorship resistant means is that it’s expensive to attack the network. It’s costs a lot, relative to the value of the transactions you’re running on the network.

    Once an entity has taken control of the Bitcoin network, the prices of BTC will fall as no one will trust it anymore. And the miners they bought won’t work on other coins, so are worthless. The $20B they spent on the attack is gone and they have nothing to show for it.

    Networks that are more censorship resistant are more expensive to attack. Bitcoin fares very will in this metric. An attacker has to willing to lose a lot of capital to successfully pull of an attack. At its current scale, it would have to be a nation state.

  5. It might theoretically be possible to acquire majority stake and then destroy integrity of the network by re-writing blocks, but, practically speaking, it’s a strategy of self-destruction, as all value invested would be destroyed.

    Kind of like buying a piece of real estate and setting it on fire.

  6. While the system may not be 100% successful, it is the best system we have at the moment and certainly one that is one step beyond what bitcoin has demonstrated.

    The article does not mention that the censor to the POW miner will suffer an economic disadvantage when doing so. If this process were to happen in an unjustified manner, it is inevitable the value of DCR would drop leading to a huge loss for the censor.

    The airdrop at the start, in addition to spurring interest in decred was also to limit the possibility of the POS side being acquired (and thus controlled) by a malicious entity. Again, whilst not foolproof, I can’t imagine a more open and transparent way to do so whilst maintaining a reasonable balance of privacy and transparency.

  7. Let me know if I’m wrong here, as not an expert, but the notion of a binary censored/not censored I think is false. Even if an attacker spent an enormous amount of capital, and didn’t mind burning most of that capital in an attack, when a PoW-created block is created 5 PoS tickets are called to vote yes/no on the validity of that block. If 3/5 tickets vote yes, the block is accepted. Meaning, even if an attacker controlled some unrealistically large number of tickets (say 80%), statistically they could censor most blocks, but not all. Eventually 3/5 “defender” blocks would get a chance to let transactions that were censored through. This would allow the network to function, albeit with slower throughout, as the defenders fought to regain control through acquiring DCR and tickets however they could.

  8. Eric’s argument makes sense for pure PoS, but not for Decred, since the duty of block authorization is segregated from the creation of blocks.

    Permabullnino’s recent article has a really great conceptual overview of this and it’s advantages.

    [https://medium.com/@permabullnino/introduction-to-crypto-accounting-an-analysis-of-decred-as-an-accounting-system-4d3e67fce28](https://medium.com/@permabullnino/introduction-to-crypto-accounting-an-analysis-of-decred-as-an-accounting-system-4d3e67fce28)

    In pure PoW and pure PoS, the creation of blocks and authorization of blocks is performed by the same entity. Once an entity dominates 51% or more of that process they can directly control creation of the longest chain.

    But in Decred’s hybrid model, PoS has no power to *create* blocks, and therefor has no way to influence which is the longest chain. When PoS disapproves a block, *it is still considered a valid block that extends the tip of the chain,* only the regular transactions get stripped out. As of this writing there have been 9 blocks disapproved by PoS. See [https://explorer.dcrdata.org/disapproved](https://explorer.dcrdata.org/disapproved) in case you want to check those out.

    If you want to censor a transaction, you need to somehow ensure that transaction is kept out of the longest chain forever. This requires the PoS attacker to own more than 99.99% of the ticket pool. So long as there are 3 honest tickets, in theory they will be selected at some point and approve a block containing the transaction. At that point the PoS attacker would be powerless to undo it, since all PoS can do is authorize the next block.

    This write up has good info about these kinds of adversarial situations: [https://www.reddit.com/r/decred/comments/7f9ie1/detailed_analysis_of_decred_fork_resistance/](https://www.reddit.com/r/decred/comments/7f9ie1/detailed_analysis_of_decred_fork_resistance/)

    An argument can be made that PoW miners would be economically incentivized to adopt the censorship heuristics of the PoS attacker in order to collect the full mining reward. If the assumption is that 100% of the PoW is honest, I’m skeptical they would be so quick to side with the malicious stake, for the simple reason that it would require running a modified version of the block validation software. If I where PoW miner or pool, I would be very interested to see how the community and devs want to fight back before I take the risk of customizing my mining software to collude with the attacker out in the open.

    *edited for clarity and fixing typos

  9. I think the way you’ve positioned this quote is a bit questionable because Eric is not specifically citing Decred in his wiki entry. I am not keen to knock down the strawman you have setup, but it is easy enough to do.

    First off, while libbitcoin is indeed an old codebase, AFAICT, they did not have a full node implementation until January 2014, which is after btcd, gocoin and bitcoinj had theirs, so the claim that libbitcoin is “the oldest alternative full node implementation of Bitcoin” is almost surely incorrect, beyond being misleading. Without really digging into the various older alternative full node codebases, I can’t say offhand who had the first alternative full node offering, but I can tell you it almost certainly is not libbitcoin.

    Eric’s broad statement about PoS in this wiki entry is a false implication. In short, this quoted statement is saying that “PoS systems are not censorship-resistant when an adversary has acquired majority stake, but PoW systems are censorship-resistant in an analogous scenario”. Let’s start with censorship resistance in the context of PoW: I take this to mean that any user of a coin can create a transaction and it will eventually be mined. While the slippery and disingenuous reader may argue that “this isn’t what is meant by censorship resistance”, this is the standard way of defining the term. For example, let’s assume 90% of miners will intentionally omit a particular tx from the blocks they create, while 10% of miners will not. In this PoW scenario, a particular tx may not get mined immediately, but it will get mined eventually, conferring the referenced censorship-resistance to the PoW system under consideration.

    In the case of Decred’s hybrid PoW/PoS system, let’s assume 90% of the stakeholders are willing to vote ‘no’ on blocks that include a particular tx, versus 10% willing to vote ‘yes’, despite this being an extreme measure. Just like with pure PoW, in Decred, a block that includes the tx will eventually get mined when a block is chosen such that the 90% have <50% of the votes on that particular block. While I am speaking about the specific case of Decred here, most PoS systems operate similarly, e.g. there is a queue where each PoS block is validated by one or more stakeholders.

    By merit of this counterexample to the original claim, the original claim is proved false.

Comments are closed.