While basic Proof of Stake may be ‘broken’, that does not necessarily mean that every variant of it is similarly broken. Several variations on proof of stake are more secure than the original.
But it is possible for Proof of Stake to be useful even if its NOT as secure as Proof of Work, because it is MUCH less expensive. This means that if you have a blockchain application that doesnt need to be absolutely 100% ultra secure, but it needs to make a profit/spend less money securing the network, then Proof of Stake (or an improved variation) is probably better for that application than Proof of Work.
For the ultimate store of value (Gold 2.0), Bitcoin with Proof of Work and the high level of security it provides is probably best. This is why Bitcoin has a place, and will survive, imo. For application that need slightly less security, Proof of Stake might be better. For example, lets say you want to run a prediction market, which is something that LessWrong seems to love. Its useful that your prediction market is not subject to 3rd party risk of a centralized source, and is instead secured by the blockchain. But maybe you dont need quite as much security as bitcoin provides. Maybe you need to run your prediction market at low cost, so that fees are low. Maybe a Proof of Stake variant is enough security, and provides better value. From what I’ve read, both Ethereum and BitShares will in the future allow you to run such a prediction market, and both will not require massive mining costs to secure the network.
Regarding ASICs, the problem is that the large mining pools that have developed as a result of the need to be maximally efficient in bitcoin mining have resulted in increased centralizaiton. Right now if you controlled or compromised the top two mining pools, you could attack the network. There is much more centralization in bitcoin mining now in the ASIC era than there was several years ago.
No, the argument I was making does indeed fully generalize to the entire category of Proof of Stake solutions. The goal is to create a dynamic membership set signature, meaning that people can come and go by some mechanism. But that requirement enables simulations because if the future membership set can’t be predicted, then neither can alternative past histories be differentiated. Then no matter the construct used, with enough sybil identities anyone can grind variations on history until one is found which benefits the one doing the work. In this way any proof of stake system devolves into proof of work, only with worse properties (since if you’re going to have proof of work anyway, double-SHA256 is about as good as it gets).
Furthermore, because the incentives are structured such that grinding histories is profitable behavior (and it needs to be for the system to be secure, since it is the same incentive that protects proof of stake when people follow the rules), you can be assured that unscrupulous people will grind histories, and others will too because the alternative is losing out. So proof of stake is NOT any less expensive than proof of work, because any proof of stake system becomes proof of work.
The solution to the mining centralization issue has nothing to do with proof of work algorithms or ASICs. The solution is things like smart property miners, coinbase-only mining, and delegated transaction selection. These are being worked on.
While basic Proof of Stake may be ‘broken’, that does not necessarily mean that every variant of it is similarly broken. Several variations on proof of stake are more secure than the original.
But it is possible for Proof of Stake to be useful even if its NOT as secure as Proof of Work, because it is MUCH less expensive. This means that if you have a blockchain application that doesnt need to be absolutely 100% ultra secure, but it needs to make a profit/spend less money securing the network, then Proof of Stake (or an improved variation) is probably better for that application than Proof of Work.
For the ultimate store of value (Gold 2.0), Bitcoin with Proof of Work and the high level of security it provides is probably best. This is why Bitcoin has a place, and will survive, imo. For application that need slightly less security, Proof of Stake might be better. For example, lets say you want to run a prediction market, which is something that LessWrong seems to love. Its useful that your prediction market is not subject to 3rd party risk of a centralized source, and is instead secured by the blockchain. But maybe you dont need quite as much security as bitcoin provides. Maybe you need to run your prediction market at low cost, so that fees are low. Maybe a Proof of Stake variant is enough security, and provides better value. From what I’ve read, both Ethereum and BitShares will in the future allow you to run such a prediction market, and both will not require massive mining costs to secure the network.
Regarding ASICs, the problem is that the large mining pools that have developed as a result of the need to be maximally efficient in bitcoin mining have resulted in increased centralizaiton. Right now if you controlled or compromised the top two mining pools, you could attack the network. There is much more centralization in bitcoin mining now in the ASIC era than there was several years ago.
No, the argument I was making does indeed fully generalize to the entire category of Proof of Stake solutions. The goal is to create a dynamic membership set signature, meaning that people can come and go by some mechanism. But that requirement enables simulations because if the future membership set can’t be predicted, then neither can alternative past histories be differentiated. Then no matter the construct used, with enough sybil identities anyone can grind variations on history until one is found which benefits the one doing the work. In this way any proof of stake system devolves into proof of work, only with worse properties (since if you’re going to have proof of work anyway, double-SHA256 is about as good as it gets).
Furthermore, because the incentives are structured such that grinding histories is profitable behavior (and it needs to be for the system to be secure, since it is the same incentive that protects proof of stake when people follow the rules), you can be assured that unscrupulous people will grind histories, and others will too because the alternative is losing out. So proof of stake is NOT any less expensive than proof of work, because any proof of stake system becomes proof of work.
The solution to the mining centralization issue has nothing to do with proof of work algorithms or ASICs. The solution is things like smart property miners, coinbase-only mining, and delegated transaction selection. These are being worked on.