Proof of work is the only way to get acceptable security properties for a monetary system. Proof of stake suffers from the "nothing at stake" problem, leading to grinding attacks etc.
PoS people always add more epicycles and claim it solves the problem. On closer inspection, it never has. At this point, I'm tired of wasting my time by humoring them.
Once again, this seems to be the case. I can see at least one trivial attack against RANDAO, as is often the case with many-party interactive RNG: you just have to be willing to lose your pledge.
> I can see at least one trivial attack against RANDAO, as is often the case with many-party interactive RNG: you just have to be willing to lose your pledge.
What is the trivial attack, and why does it involve losing your pledge? To the best of my knowledge none of Ethereum's slashing conditions involve the RANDAO, so you've piqued my interest.
Unless by "losing pledge", you mean extra-protocol slashing by social consensus?
You would be doing me a big favor by explaining the vulnerability in this system that I generally consider to be secure.
Let's say you're gambling 10k ETH on the last bit of RANDAO output being 1. You pay 5k to enter, and get either 0 or 10k back.
Become a contributor to RANDAO. Put up your pledge (say 1k ETH). Set up the bet. Wait to be the last person to submit their pre-image to RANDAO. Calculate what the post-image will be. If it has a 1 at the end (and you would win 10k), continue as normal. If it would have a 0 (and you would win nothing), refuse to disclose your pre-image and lose your pledge. Now it's 50/50 you win.
50% win and keep pledge.
25% win and lose pledge.
25% lose and lose pledge.
EV (0.510k + 0.259k + 0.25*-1k)-5k = 2k.
You can submit more than 1 pledge to get your odds arbitrarily close to 100%.
> Let's say you're gambling 10k ETH on the last bit of RANDAO output being 1. You pay 5k to enter, and get either 0 or 10k back.
Ethereum does not let you make a gamble like that on the protocol level, so it sounds like your proposed attack is against a theoretical gambling platform that naively relies on RANDAO as its sole source of randomness for resolving bets, and that naively allows a user to resolve their bet based on a user-selected RANDAO round, correct? From your previous comment, I somehow got the idea that you were going to describe an attack against Ethereum's Proof of Stake.
This section of this article does a good mathematical analysis of RANDAO biasability in the context of leader selection in Ethereum's beacon chain, in my opinion:
The takeaway from the math is that while it's true the RANDAO is biasable in one-off circumstances through the last-actor pre-image withholding attack you describe, trying to use such an attack to influence network consensus is a no-go. The majority of honest actors ensure that any attempt to bias the RANDAO is ephemeral, where it's only useful for doing a bit flip attack at an unpredictable block height against improperly implemented casino software.
I have to say I am a bit disappointed. I thought you were going to describe an attack against PoS.
Fiat currency is not backed by military power. Note that there exist several countries without militaries, and none of those countries have worthless currencies. And there have existed countries that put significant investment into their military and still wound up with a worthless currency at the end.
The US economy is the world's largest economy in gross value, is the largest or one of the largest trade partners of much of the world, and has very limited policies on capital control or other monetary restrictions. This means that there is going to be more depth on trading pairs via USD and even small currencies than you would likely have with other countries, you would have very little counterparty risk holding USD, and much trade will end up being denominated in USD anyways. So you'd be a bloody fool not to hold USD.
Magically blinking away the US military would not change any of the above consideration one iota.
So let me flip the question around: why do you believe that the US military is essential to its role as a major reserve currency?
> why do you believe that the US military is essential to its role as a major reserve currency?
Because it's the final backstop that compels people to pay taxes, and taxes are essential to that role.
If you refuse to pay taxes, they send a policeman to arrest you. If you evade the policeman's arrest, they send more policemen. If you somehow evade all the policemen, they send the military.
If the US had no armed federal agents, then people wouldn't pay taxes and the government would shrivel up and die, because governments can't survive on zero revenue.
In this way, the US dollar's value is reliant on the threat of physical force - or in a broad sense, a military.
Answer: nothing. No country has been invaded by the US military, or any other military for that matter, after selling, or even attempting to sell, oil in non-USD. Not Russia, not Iran, not Venezuela, not Iraq, not Libya, none of them.
(And I include the last few because there's no evidence they even attempted to sell oil in non-US currencies.)
> No country has been invaded by the US military, or any other military for that matter, after selling, or even attempting to sell, oil in non-USD. Not Russia, not Iran, not Venezuela, not Iraq, not Libya, none of them.
Are you sure about that? Iraq was selling oil for euros and was then invaded in 2003.
> Almost all of Iraq's oil exports under the United Nations oil-for-food programme have been paid in euros since 2001. Around 26 billion euros (£17.4bn) has been paid for 3.3 billion barrels of oil into an escrow account in New York.
I agree with the point you are making here. I just think that Proof-of-Work is usually a better choice for a cryptocurrency than Proof-of-Stake.
Conventional currencies (notably the US Dollar) are also backed by signifigant military (and thus electrical) power. I would posit that Fiat currencies are nessisary in some sense, but not that they are more efficient to maintain than cryptocurrencies. Cryptocurrencies tend to piggyback on the infrastructure and economy that are built on fiat (e.g. The internet).
We wouldn't have to overthrow mid-east dictators every time they threaten to price oil in Euros -- but obviously this wouldn't help much because we'd still need to maintain superpower status or risk losing the world order.
Okay, back up a little. Crypto miners mine crypto in order to become rich. With national currencies, this is impossible. Citizens cannot create their own currency, and that's a good thing. If money could be easily forged, it would either be worthless, or a speculative instrument, like every crypto in existence. National governments are the source and the only legal creators of money.
Crypto mining also makes the blockchain secure. What this means is that a malicious individual cannot, say, transfer crypto from another person's wallet to his own, or alter the software algorithm that controls the creation of the cryptocurrency.
Proof of work cryptocurrencies require miners to expend an enormous quantity of energy in order to prevent problems that national currencies don't have in the first place. Cryptocurrencies have no advantage over national currencies except for anonymous online transactions.
> National governments are the source and the only legal creators of money.
And those closest to the money printer benefit. And hint, the average joe is furthest from the printer. The future of the average joe is stolen via currency debasement and inflation, but those closest to the printer get richer.
It's people who hold debt who are robbed by inflation, not people who are in debt. The entire political program of the people closest to the money printer is to reduce inflation (and to lower government debt without changing the balance of payments, which by necessity shifts that same debt to individuals.)
There's nothing about crypto that shows it wouldn't have exactly the same size of a financial sector in addition to proof of work, so the two aren't doing the same things.
Forget fiat. When money was gold in a vault, that's proof of stake, not proof of work. For proof of work, you'd have to disintegrate the gold. I wouldn't put my trust in a dollar backed by the absence of gold.
edit: I think maybe bitcoin enthusiasts think that value is a sort of spirit, and that if you kill something valuable, then through a huge mass ritual you can direct that spirit into another vessel. Proof that you once had money, and further proof that no one else has that money, should be enough for people to treat you as if you currently have money.
Your gold analogy makes no sense to me, so either I'm misunderstanding it or you don't understand what you're trying to explain.
> I think maybe bitcoin enthusiasts think that value is a sort of spirit...
Interestingly, that is actually kind of how it works. The money you use itself has no value, it's value is in the things you use it to trade. So if you start trading in other currencies, those currencies receive that value, which gets reflected in the purchasing power metric.
