The assumption is that social consensus works but is slow, so can be effective for determining which coins were deposited for staking three months in the past, since the social consensus process would have had three months to arrive at that determination.
Individuals would likely use different means of arriving at this consensus, from public forums, to having personal lists of trusted nodes that their node polls, to referring to well known public blockchain explorers. And of course, if their own node was online three months ago, it wouldn't have to trust anyone.
Social consensus is vulnerable to the formation of factions, and only works when everyone is actually united. As we've seen from the 2-party US political system to the bch/segwit/segwit2x factions of Bitcoin, achieving social consensus around something is rare.
I personally would not want to use social consensus to determine the result of chain turbulence caused by a weakness in the consensus code. If we are going to fall back on social strategies, haven't we forgone the biggest advantage of blockchain in the first place? (the ability to know the state of consensus without needing to trust anyone)
Here is the irony in blockchain and computerized value systems in general: value is a collective social phenomenon. There is no way to avoid social consensus when creating a value exchange system between participants. In Bitcoin, it's people who have the biggest computational power decide what happens. In proof-of-stake, it's people with the most money decide what happens. In the latter, you might as well just argue that every country's government be set up as a trusted validator proportional to their population instead of Ethereum early adopters.
Cryptocurrencies are a platform attempting to solve the very human issue that value transfer systems are social and emotional. The original concept with Bitcoin was that your money could go from A -> B and no one could stop it -- except for those people who can actually stop it because they have vast amounts of network influence for whatever reason. Notwithstanding, even if you have millions of dollars in cryptocurrency, if someone really wants it badly enough they can probably hit you with a wrench until you reveal your keys. The only thing stopping this is a strong system of property law enforced by someone capable of physically removing you from the rest of society if they deem you to be in violation of social pacts.
The only major advantage offered by cryptocurrencies is that at least you can know the numbers appearing in your bank account aren't completely made up by a bureaucrat in an office somewhere. Regardless of your feelings about fiat, you can generally rest assured of this if you buy equities, which are well tracked and actually represent a corporeal stake in some company. So, aside from being a geeky toy and new market for gambling, where has cryptocurrency actually succeeded?
There's a significant difference between the social consensus you use to pick Bitcoin and the social consensus that you use to resolve a proof of stake fork. With Bitcoin, you choose it once and then it's stable forever.
With Etherum's social consensus, you have to re-choose your platform every time someone creates an alternate history. It's an ongoing process which can cause a lot of confusion and disruption in the future. It's a lot worse than a system you can be confident will not change once you have gotten set up.
The value of Bitcoin is that it is very difficult to manipulate. In this, we have already seen it succeed repeatedly. The inflation is the same, legacy nodes all still work, nobody has ever invalidated addresses or taken money they didn't have the keys to.
Yes, with bitcoin you lose your money if someone can find you and decides to hit you with a wrench repeatedly, and then somehow they get away without conviction of assault. In PayPal, you can lose access to your account simply because some low salary moderator flagged your account as violating their restrictive terms of service.
Just because bitcoin hasn't solved the problem entirely doesn't mean that it's not a big step forward. It's a big step forward!
> There's a significant difference between the social consensus you use to pick Bitcoin and the social consensus that you use to resolve a proof of stake fork. With Bitcoin, you choose it once and then it's stable forever.
A government with sufficient means can freely create a new history for Bitcoin and make that history canon. The work in blocks originating earlier in the chain is exponentially less than the blocks succeeding it.
>The value of Bitcoin is that it is very difficult to manipulate. In this, we have already seen it succeed repeatedly. The inflation is the same, legacy nodes all still work, nobody has ever invalidated addresses or taken money they didn't have the keys to.
The value of Bitcoin is whatever people believe it's worth. Control of the hashing power is trivial, and actually free, for the government of China. All they have to do is march their army into the mining warehouses and seize the means of production. Then there's nothing to stop Bitcoin from becoming the PBOCoin, with blacklists, inflation, and so on.
You could argue that, "Wait, it has the most work but it's not the valid chain! People elsewhere will continue the original chain." Okay, so which is the real chain? The answer is: whatever people believe is the real chain! And it comes back to being 100% established socially and emotionally by human beings.
Fun history of Bitcoin/cryptocurrency forks:
1. Value overflow bug in Bitcoin creates two Bitcoin chains, one with a person with 2 billion Bitcoins and one without. Which chain is the real Bitcoin chain? This is the first incident where 'the code is the contract except when no wait it's not'.
2. Berkeley DB bug makes two Bitcoins, just pick one and roll with it.
3. Ethereum DAO bug fiasco inadvertently creates two socially constructed versions of Ethereum, Ethereum Spicy Rollback Edition and Ethereum Classic. Which is the real Ethereum?
4. Bitcoin people can't agree with one another on anything, so one group of Bitcoin people make 8 MB Malleable Cash Bitcoin and another group makes Segwit2X Bitcoin, but some other people don't agree with the 2X part so maybe they'll make Segwit-not-2x Bitcoin too.
Which is the 'real' cryptocurrency that merits 2000 cheeseburgers of purchasing power today? Why, whatever we believe it to be!
> With Etherum's social consensus, you have to re-choose your platform every time someone creates an alternate history.
IIUC to get to the "every time" you're talking about just once, more money would need to be invested by attackers than it would cost to 51% attack bitcoin.
Miners and stakers are bound by the protocol. Their power to "decide what happens" is limited to the ordering of transactions, a subset of which is censoring them. Ordering transactions may sound trivial, but it is what gives the network resistance against double spends.
It is not in their power to affect consensus rules such as making money out of thin air or stealing other people's money. In that sense Bitcoin and many other cryptocurrency systems are trustless.
It is tempting to trivialize the creation of value in Bitcoin but there is are many diverse interests with an economic incentive to keep each other in check.
Virtually all of these currencies are very vulnerable to what's called a "Sybil attack." Bitcoin is no different [1].
Of course, to economists the concept of a "Sybil attack" is nonsense. Imagine if tomorrow the US Congress voted to give every citizen a billion dollars. Would this be a Sybil attack on the US dollar? Or would it be democracy at work? There's no difference. At the end of the day the majority (of the authority) sets the rules and does literally decide what happens.
It is easy to create a crypto currency that is not vulnerable to sybil attacks; define a central authority. The source of the sybil weekness is not being a crypto-currency, but rather being a peer to peer system.
A central authority isn't really required (depending on your definition of "central authority"), just a connection to at least one semi-trusted node. For example, Blockstream Satellite.
What you're saying is absolutely nothing new. There's a lot of FUD and confusion in this thread (no surprise) but this has been apparent from the very beginning. "A Proof of Stake Design Philosophy" [1] makes the essential nature of cryptoeconomics very clear. In short: (a) all currencies are social phenomena (b) all the fancy math does is replace the "men with guns" that protect physical currencies -- that is, currencies must be economically defensible and (c) what actually gives real-world currencies their value is the presence of a tax authority who creates the currency and then demands it back at some later point [2]. PoS creates an absolute demand for the currency; it is nothing more than a formalization of currency power.
> So, aside from being a geeky toy and new market for gambling, where has cryptocurrency actually succeeded?
A better question is -- why are there so many currencies to begin with? Why isn't there a single currency that everybody uses?
Once you understand the answer to this question the value of cryptocurrencies become clear. You said it yourself: currency is inherently a contextual and social value construct. Different communities have different values. Communities that develop currency power will always triumph over communities that don't because they can collaborate more effectively. Currencies don't "succeed," communities succeed -- and they do this partly by leveraging currency power. The answer to your question is right in front of you but you just don't want to see it: the cryptocurrency development communities themselves are already wildly successful and have demonstrated the ability to raise enormous funds and collaborate effectively.
> A better question is -- why are there so many currencies to begin with? Why isn't there a single currency that everybody uses?
Groups of people live in bordered countries and like to have their own currencies for their own countries. There is, it's the United States Dollar. Why everyone uses USD, either directly or as a metric, is outside of the scope of this discussion.
Your argument about communities is where this all falls apart -- as I already stated, at some level you need the threat of violence to enforce the property rights necessary for any kind of personal wealth to flourish. Cryptocurrency doesn't solve this issue, or even approach it. It just creates a new virtual asset, backed by nothing and valued by faith, on top of an established system of community and law.
Social consensus's suitability depends on the use-case. For example, social consensus is used to determine 'what is Bitcoin', and works pretty well for that use (the BCH hard fork notwithstanding).
For determining the state of the blockchain at some point in the past, it is probably effective, because the fact unambiguously revealed itself at some point in the past.
The trusted sources can even be Trusted Execution Environments that automatically output the state at t minus 3 months. There is very little room for factionalism, given deviating from the truth is so obvious when the whole interested world could see the objective truth three months prior and would have trusted sources they can rely on to relay that fact to them.
The problem is that with social consensus you can argue for the way that it should have been in addition to arguing about the way that it was. This is exactly what happened with the DAO. Socially, the Etherum community decided that the DAO attack should not have happened, so they made a new client that required everyone to upgrade, and then they altered history that had actually happened.
This of course resulted in two factions, one that disagreed with the change and one that agreed with the change.
If you are using Etherum and your client complains that there are two valid histories and then asks you to use social consensus to pick the 'true' history, do you feel confident in the platform? Especially if you know that you have thousands of millions of dollars that you wanted to put into the system.
Agreeing to use social consensus to enforce the protocol doesn't give a green light to using it to change the protocol. As the DAO and the BCH hard fork showed, having an objective proof of work consensus protocol doesn't protect the blockchain from a social consensus to change the protocol.
That being said, depending social consensus to determine what happened could make it more likely that a faction will use it to determine what should have happened. I personally don't think it will make it very likely, given the inertia of the original chain, but we'll see.
It didn't alter history. No transactions were reverted. It changed the rules by moving ETH from the attacker-owned contract address to a new contract address from which DAO investors could withdraw their funds. You might say that's semantics but in this technical context it's important, had the HF suggested altering history it would have gained less support IMO.
Individuals would likely use different means of arriving at this consensus, from public forums, to having personal lists of trusted nodes that their node polls, to referring to well known public blockchain explorers. And of course, if their own node was online three months ago, it wouldn't have to trust anyone.