1/ Ehhh, I addressed directly Casper’s handwaving attitude regarding “weak subjectivity” or the reliance on social consensus in my thread. @VitalikButerin believes this kind of weakness is trivial. But it’s not.
2/ To have long-dormant nodes or new nodes “ask their friends, block explorers or businesses” to find out which is the canonical chain in a *permission-less protocol* is unacceptable.
3/ It assumes a) you have some trusted parties you can talk to and b) they are forever alive, available or not compromised.
4/ To quote @NickSzabo4 : “Trusted third parties are security holes.”
5/ To hand-wave this weakness away (or misleadingly used the term “weak”) is like saying a foundation of a house has a small crack, but it’s no big deal. When it fact it can grow into a huge liability over the long term.
6/ I also addressed directly your argument that reliance on social consensus is fine, since PoW also needs it. Like I said, it’s not whether you need social consensus, it’s *how much*. The goal is to minimize it, not to rely on it as a protocol building block.
7/ @VitalikButerin claimed that in PoW “cost of attack and cost of defense are at a 1:1 ratio”, which I agree with. What I don’t agree with is the claim that PoS can do better.
8/ PoS security "comes from putting up economic value-at-loss”. And since you arbitrarily decide on the stake/penalty value, you claim this is asymmetric.
9/ However, this “value-at-loss” is not truly at risk until a later point in time. It is *not 100% committed* unlike PoW. Your threat of punishment only works if and only if attackers remain on the same chain.
10/ Sure, you could put an arbitrary value on the penalty and claim that’s it’s a huge wall of defense, but because of the “weak subjectivity” vulnerability, there’s a small backdoor to the side of the castle, making the hugeness of the wall irrelevant.
11/ I want to take the opportunity to put away the misguided idea of achieving better cost of attack/cost of defense ratio than 1:1. @TuurDemeester also addressed this in his critique of PoS medium.com/@tuurdemeester…
12/ Take public-cryptography for example. One might cite it as an example of asymmetric attack/defense ratio.
13/ However, it is only asymmetric from the point of view of the owner of the private key, and dependent on the fact that this key is forever kept secret. In other words, public-key cryptography security is *relative*.
14/ You can defeat the asymmetry by somehow forcefully switching the roles: become the owner yourself.
15/ The true cost analysis of attacking public-key cryptography must include social engineering attacks: kidnapping, extortion, torture. You can make attacking cost much lower than the cost of brute-forcing the key.
16/ So anything that has asymmetric attack/defense ratio has to be relative. There’s always a way to go around the asymmetry.
17/ PoW security, otoh, is *absolute*. It doesn't matter which frame of reference you come from, the cost of attack is the same. PoW ledger immutability is objective, it doesn’t care who you are.
18/ Ledger immutability that relies on relative security will always be weaker than one that relies on absolute security.
Correction: it is only secure*
19/ EDIT (13): it is only *secure* from the point of view of the owner of the private key
