Bitcoin's advantage is mainly its name recognition and unchanging nature (== trust and protocol stability). You could never get the necessary support for any meaningful changes.
For people who want proof-of-stake there are plenty of coins doing that. Etherium is probably the best known most established option.
But no coin really solves the other big challenge of crypto-currency: barely anyone uses them as currency. Most of those that do do it for illegal purposes: ransomware payments, marketplaces for illegal goods and services (including the malware SaaS providers), illegal money movements etc. But for the vast majority of people it's more like digital gold than like digital cash: an investment vehicle that derives its value from its limited supply.
As an investment it doesn't actually create economic value (unlike investing in real companies), so you need to have a pretty positive view of the other use cases to judge the overall impact as positive
I have actually used it to rent VPS, buy game keys(mostly steam), donate to some OSS devs who were promoting crypto currency, donated some to random friends(all of whom lost interest or their wallet secrets), converted to other currencies, lost my own wallet key etc.
All these happened in very early days of bitcoin when one could mine using CPU and join a mining pool and others like litecoin were up and coming.
But then, I lost interest as txn fees were eye watering and I was scammed several times by various steam key selling sites never completing my order and blocking me immediately if I complained. I realized that, this non-reversible form of currency was excellent for scam and fraud and I could not cry on the phone about these scams unlike how I can for my MasterCard/Visa/Amex.
Now I come to think of it, if I held onto my bitcoins, I would be retiring wealthy, but alas, I was young and naïve :’)
Bitcoin's advantage is that it's value has continued climbing, aside from some fairly big blips, irrespective of its design or utility. That's why people buy it and hold it. It's a magic piggy bank.
If a truly stable cryptocurrency was released that was actually suitable for everyday transactions at scale, the people who buy bitcoin would laugh at it for not offering a return on investment. It seems like such a currency will have to be adopted from the bottom up to succeed, not trickle from the top down.
Here's a question for you: What happens to the value of bitcoin when some other crypto-currency starts doing the things bitcoin has only promised? Does it crash, or does the magic bubble around a completely useless technology persist for as long as people are willing to believe in it?
About a decade ago Dogecoin made a big push to get online and offline business to accept it. Making a block every minute was quite beneficial for that, and the price used to be somewhat stable. Today nobody pays in Dogecoin. Lots of companies that used to except Bitcoin/Litecoin/Dogecoin stopped doing so because off lack out demand.
The issue isn't that crypto currencies can't be used as currency, it's more that they don't get used as currency outside niche use cases because they don't have a good USP. Most countries have decent enough currencies and payment systems
>But no coin really solves the other big challenge of crypto-currency: barely anyone uses them as currency
Monero mostly is. What's also important, monero users are also against any kind of speculation. Of course most monero transactions are probably related to illegal activity, but they are in fact used as cash would.
> My next question is are there downsides to proof-of-stake, and why has bitcoin not moved towards it?
There are minor downsides in theory. Proof-of-stake is a bit less "democratic" and gives more voting share to those who have more money, vs. just are mining. In practice, proof-of-stake coins seem to be doing fine. The main one here is Ethereum.
The main reason Bitcoin hasn't is due to inertia and the interest for miners (who do proof-of-work) to use their democratic power to keep bitcoin invested in proof-of-work.
Proof-of-stake ruins it's security with a rich get richer endgame where the stakers concentrate until it's not distributed enough and one entity or group can collude and control the system and there's no way to exit that state.
Wasn't there a few times when one of the large cryptocurriencies were almost under control of large mining pools where their combined computation would have gone over half? That seems like another "who has more money".
How would they be allowed to switch to BTC (or another decentralized cryptocurrency) at a greater rate than they're currently allowed to switch to USD? I'd imagine it wouldn't be much harder to crack down on one than the other, given that the USD is also predominantly a digital currency.
More erratic and authoritarian compared to what time?
As recently as 1989, most of the world's currencies were tightly controlled and exchange rates were fixed. In many countries like the Soviet Union, you were not even allowed to bring local cash outside of the country at risk of high penalties. Sending an international wire transfer was a multi-day operation that probably involved telex messages and several phone calls.
Today you can send money instantly across the European continent in a single currency at essentially zero cost. The USA is also catching up and finally bringing their banks to the 21st century with Fedwire. Everybody has multiple credit cards and uses them for online shopping across the world. Any physical product you might imagine can be ordered from China with a one-click digital payment.
None of these improvements were thanks to Bitcoin or any other cryptocurrency.
You shouldn't take advice from people who don't even know how to spell the names of the networks they're lecturing about. Blockchain has become a buzzword like you mentioned, everyone has an opinion, even people who don't understand anything. But the technology has come a long way since the early Bitcoin days. There is no need to build your own chain, for a fun project you can simply launch a token on existing smart contract platforms such as Ethereum. Building your own chain is complicated if it's not a clone of an existing one, that's not a side project.
>My next question is are there downsides to proof-of-stake, and why has bitcoin not moved towards it?
There aren't any obvious ones but imo only time will tell. Bitcoiners feel there is a higher centralization risk in PoS. Which is true for some PoS systems but really depends on how exactly set up. Ethereum for example has a significant number of "home stakers" (small-time solo validators), which in Bitcoin simply isn't a thing anymore since it's practically all mining farms. And people in Ethereum are working towards further decentralization whereas Bitcoin Core is more or less ossified. There hasn't been a BTC hard fork in years and even the forks that happened were about relatively minor things, mainly block size.
There are some downsides but also huge upsides aside from not wasting energy, for example offering very fast finality.
Bitcoin has not moved to it, because arguably the new system would not be Bitcoin any more. It's a coordination problem where you have to get most users (including centralized exchanges) to stop following the PoW chain and start respecting the PoS chain, but they will only do that if they believe everybody else will. Ethereum was able to pull that off because Ethereum foundation and Vitalik (its creator) announcing and implementing, and practicing the switch many times, has a lot of weight. (And then still, some miners remained, but that chain is now known by a different name and not generally known as "Ethereum".) Bitcoin is a lot less coordinated in that sense, even less invasive changes to the protocol are difficult to pull off.
If it is based on proof-of-work it needs to be something useful.
If someone can prove proof-of-work won't work without wasted work then we need to make some sacrifices to make it workable. Because we cannot allow slow as molasses and/or extremely wasteful for all future.
If it is based on proof-of-stake there needs to be a fair distribution model.
I have some ideas for both, especially the first but I want to give them some more thought :-)
On the one hand we have people wanting a proof of work system there the work has value. On the other hand we have a developing AI industry giving out vast amounts of "work needing done". Someone needs to try connecting those.
> My next question is are there downsides to proof-of-stake, and why has bitcoin not moved towards it?
The main threat against any cryptocurrency is that a malicious actor will gain control of 51% of the voting power of the system, and use it in nefarious ways that ultimately break the cryptocurrency. Different Proof-of-X systems handle that problem in different ways.
It's generally considered that Proof-of-Work is easier to 51% attack, but also easier to recover from that Proof-of-Stake. The attack and recovery both use the same mechanism - add more hardware mining power to the system. There is no hard limit on this baked into the system, it's just a matter of how much mining power is available to purchase irl. And recovery can be accomplished without having to hard fork the network.
Proof-of-Stake on the other hand may be more difficult to 51% attack since it requires an attacker to obtain 51% of all the currency value in the system. But if this is accomplished, then it's difficult or impossible for the honest participants to rectify, since there's no more currency available to purchase. The attacker isn't going to sell them any of his 51%. So there's an inherent hard limit baked into the system, and the attacker now has 51% of it (including 51% of all newly created currency as well, since new currency is created by staking existing currency). The only fix is for the honest participants to hard-fork the network and create a new version of it that excludes the attacker. (There are other mitigations like slashing for malicious behavior designed to prevent attackers from gaining 51% in the first place).
There are other differences, but I believe those are the main ones, and one reason why Bitcoin hasn't moved to it.
I would change the emission so as to deter speculation and instead make it fair across generations: fix the block reward. I would make it as simple as possible so as to better stand the test of time.
I've also been fascinated by bitcoin but never made the leap.
The problem I always come back to is that it isn't a currency, a store of value, private, and I disagree with bitcoin's approach to decentralization. (A long list, I know. Every couple years I get the itch then rediscover all my complaints).
Attempting to create a decentralized currency based on anything other than a supply-constrained natural resource is simply a losing game as far as I see it. The currency will be based only on promises, belief, and trust. A decentralized network is more akin to a Mexican standoff, trust and belief aren't what keep everyone from pulling the trigger.
but most national currencies have long since abandoned of the idea of being backed by physical resources, and have shifted towards promises, belief, and trust. are you saying that de-centralization introduces unique aspects that make physical backing a necessity?
Exactly. State currencies have their issues, but they do at least accept that a currency built only on faith and trust must be centralized.
I am proposing that making a currency decentralized creates certain limitations. Without a central authority its extremely unlikely that a monetary system built on faith will last long. For bitcoin the claim is that the network is what you must have faith in, not a central authority. I don't find that compelling personally, mainly because I haven't found the protocol to be so bulletproof that I only need to trust it and can believe that the network will hold regardless of how many bad actors may attempt to corrupt it (not saying that is happening today, only that it is inevitable with time).
> mainly because I haven't found the protocol to be so bulletproof that I only need to trust it and can believe that the network will hold regardless of how many bad actors may attempt to corrupt it (not saying that is happening today, only that it is inevitable with time).
On the plus side, the protocol effectively has a built-in bug bounty program! :-D
bluntly put you can pay taxes only in that currency and governments have power to enforce it, meanwhile btc has only as much power as currencies you can exchange it to. If you couldn't exchange btc to fiat, it would lose value rapidly.
That would simply empower the countries with the most gold resources, eliminate access to capital for countries with little or no natural gold resources. On top of the obvious practical considerations for storing, securing, moving, and transferring it, gold is also extremely vulnerable to manipulation, corruption, contamination, and frequent, unpredictable swings in value. That’s kind of why we abandoned the gold standard to begin with.
Proof of stake is superior. The downside others are saying has been proven false time after time but bitcoiners continue to spread the misinformation because Bitcoin relies on people not understanding it's downside.
even just proof-of-work where the work isn't completely fake and worthless would be a huge improvement, but even that obvious layup is beyond the reach of web3 geniuses
Proof of stake is no different than most traditional governance structures such as corporations in that it relies on a committee with an honest majority to keep the system secure. Validators are supposed to act like some kind of completely neutral, decentralized system, but they are not.
For example, the fundamental principle of PoS is slashing for equivocation: when validators present two alternate versions of history (this could be part of a "double spend" attack), they are supposed to be slashed and have their stake taken away.
It takes 1/3 of validators to successfully pass off two versions of history to a double spend victim. However, 1/3 of validators can censor this slashing transaction. So if a double spend attack happens, the perpetrators of the attack are in charge of punishing themselves.
So, the fundamental security mechanism of PoS, equivocation slashing, can in fact never work in practice to punish an actual attack!
Another example is the idea that participation in a PoS chain is permissionless. This is the case in PoW. However, in PoS, 1/3 of the existing validator set could censor any new validators that would like to join, maintaining complete control of the chain. The existing validators only act as if the system is permissionless.
There has been a large amount of thought put into this paradox, and the PoS research community has settled on the idea that if the validator set breaks these norms, then users can just use a new chain with the same state, and a new, more trustworthy validator set. This has several problems:
- Philosophically, what is the point of creating a system that obviously doesn't work as intended, and then when this is pointed out saying "that's not a problem because users don't have to use the system"?
- The coordination of this hypothetical switch to a better validator set is completely unexplored since it is totally outside of the PoS protocol. It may be very disruptive to users and result in downtime, loss of funds sent during the switchover period, multiple new blockchains, or other issues and confusion.
- The fact that the system does not work, and there must always be the possibility of human operators sorting things out based on an undefined recovery procedure means that truly autonomous and truly secure clients are not possible in PoS. This is a problem for both far-out concepts like self-owned self-driving cars, and for bridges between blockchains, which must always rely on either trusting the validators, or a multisig made of trusted people who can stop or reconfigure the bridge.
In fact, there is no clear dividing line between a PoS blockchain, a PoA blockchain (this has a predefined validator set), a multisig, and a single entity running a chain. The only differences between these models are a matter degree of diffusion of authority.
This is what Bitcoin people do not like about PoS. PoW has its own problems, but they are different, and PoW chains do not rely on a set of trusted operators in the same way.
This is a wonderfully insightful comment, I’d not heard of many of the points you raised.
As someone coming from the PoW worlds of Bitcoin and Monero there has always been something about PoS that gave me an ick, but I could never quite place my finger on it. Especially when Ethereum clearly seems to have PoS working well in practice. I’ve always had a suspicion that Ethereum could have never gotten off the ground, at least to the success level it currently has, if it had been PoS initially.
The mechanics of slashing not working are interesting. Do we know of any abuse attempts by validators and have we seen any validators get slashed yet?
Your point about PoS not being truly permissionless is a big one for me. Aside from it being fundamentally opposed to the core promises of cryptocurrencies, what’s to stop TPTB from slowly accumulating enough of a stake and then bam, we’re back to the legacy permissioned finance ecosystem but with MUCH more fine-grained tracking and telemetry. That seems like an extremely pernicious attack.
The point about trust is another big one. Cryptocurrencies are meant to be trustless. That means a user doesn’t need to trust anyone else as they can fully validate their view of the world for themselves. Of course they may trust other participants for efficiency, but they don’t need to. And caveat emptor, as with all distributed systems you must assume (trust) that you are not currency inside a partitioned network, since AFAIK there is no way a system can internally verify that it is not.
How much these things matter in practice only time will tell. Ethereum appears to be working well at the moment and just keeps chugging along.
I’d like to see more work put into finding ways to utilize the work from PoW. For example I have an idea to use Monero’s CPU-favoring PoW for PoW based DDoS protection as seen in Tor [0]. When a user accesses a website they are given a PoW challenge to complete. This challenge is actually for a share of mining rewards as in P2Pool. The mining reward share would go to the website operator. This would harmoniously improve several things about the web.
First, it would help protect websites against layer-7 DDoS attacks.
Second, this L7 DDoS protection reduces the webs dependence on companies such as Cloudflare, the internets biggest man-in-the-middle.
Third, it provides a way to pay website owners costing the users a small amount of their computers time and energy in much the same way as ads do currently.
Fourth, it reduces the webs dependence on advertising as the way to fund your website.
Fifth and finally, it helps secure the web-native currency in which website operators would be paid and which others can use for whatever they want.
There's nothing wrong with PoS as long as it is understood as a mechanism for diffusion of power and trust, like a multisig or a corporation. Probably PoS protocols do not need to have in-protocol slashing. Solana has already thought of this and does not have slashing IIRC.
PoW has its own problems. It is likely to be unstable for various reasons in the absence of inflation. I don't have time to find all the citations but there have been many papers about this subject. It's also not great for the environment, and there is something unfortunate about the fact that the best trustless protocol we can come up with as a species requires massive waste. Maybe it is currently the best we have but trying to come up with reasons that the waste is actually OK is a waste of time IMO.
I’m someone who doesn’t really use it, but was fascinated with it before “blockchain” became a buzzword.
edit: proof-of-work. I have been out of the loop for years :)
My next question is are there downsides to proof-of-stake, and why has bitcoin not moved towards it?