What can users do to get certainty over which one is the correct fork? In POW you can check the POW. Is there a trustless solution for this in POS? Or is the only solution essentially to ask around and hope that people aren't lying to you?
In practice, it's the same as with Bitcoin: you have to get the correct, current software. It's just that the software will include a block hash from a few months back.
You might argue that Bitcoin is defined as the chain with the most hashpower, period. That would remove all subjectivity from Bitcoin, but it would mean that a 51% attacker could arbitrarily change the rules and steal people's funds. That's not how it actually works; a 51% attacker still has to follow the rules of the protocol for their blocks to be accepted by the non-mining nodes, and that means there's social consensus on the correct software to run the protocol.
That's not how it works. Hashpower decides the canonical chain, not the rules of the system. Hashpower makes sure that the blockchain can't be rewritten. Hashpower can't change the rules of the system, because those blocks would be invalid and rejected by the network.
There's no consensus needed on which rules to use. Everyone can use whichever rules they want, by using different versions of the software. Different rules define a different currency, like euro or dollar. Using the best currency with the best rules is just a game theoretic focal point. Everyone chooses to use the best version of the software, because they assume that everyone else does so too, even in the absence of communication. There is no "correct, current" software in Bitcoin, because it would be a single point of failure.
There's no objective protection against long-range attacks in PoS, because there's no hashpower to prove the canonical chain. It requires the provider of the "correct, current" software to decide which chain is the right one.
51% attacks can not arbitrarily change the rules nor can they steal funds. They can double spend or prevent finality. Nodes enforce the rules of the network by rejecting blocks they deem invalid.
- wait a bit to make sure that you can talk to different people on the network and see what each of them see
- check checkpoints on twitter or websites like etherscan (are they seeing the same thing I’m seeing?)
In projects like Mina, since you do not download the history of the chain (there’s a single zero knowledge proof of a few kB that covers the whole history) you must rely on a marker for “chain quality “ to differentiate potential forks.
Note that there was also some research on how to get signal from the transactions you see that you’re on the correct fork (from some ex colleagues working on libra): https://eprint.iacr.org/2019/1440.pdf
DennisP|3 years ago
You might argue that Bitcoin is defined as the chain with the most hashpower, period. That would remove all subjectivity from Bitcoin, but it would mean that a 51% attacker could arbitrarily change the rules and steal people's funds. That's not how it actually works; a 51% attacker still has to follow the rules of the protocol for their blocks to be accepted by the non-mining nodes, and that means there's social consensus on the correct software to run the protocol.
Geee|3 years ago
There's no consensus needed on which rules to use. Everyone can use whichever rules they want, by using different versions of the software. Different rules define a different currency, like euro or dollar. Using the best currency with the best rules is just a game theoretic focal point. Everyone chooses to use the best version of the software, because they assume that everyone else does so too, even in the absence of communication. There is no "correct, current" software in Bitcoin, because it would be a single point of failure.
There's no objective protection against long-range attacks in PoS, because there's no hashpower to prove the canonical chain. It requires the provider of the "correct, current" software to decide which chain is the right one.
polyomino|3 years ago
baby|3 years ago
- wait a bit to make sure that you can talk to different people on the network and see what each of them see
- check checkpoints on twitter or websites like etherscan (are they seeing the same thing I’m seeing?)
In projects like Mina, since you do not download the history of the chain (there’s a single zero knowledge proof of a few kB that covers the whole history) you must rely on a marker for “chain quality “ to differentiate potential forks.
Note that there was also some research on how to get signal from the transactions you see that you’re on the correct fork (from some ex colleagues working on libra): https://eprint.iacr.org/2019/1440.pdf
hanselot|3 years ago
[deleted]