Hey! Thank you for taking care of the Korean community! 
Regarding your question -> the novelty comes from the fact that the PoS will be used only for governance. The PoS will be used primarily in the form of users voting with their token balances. There will be no staking, so I see how PoS could be confusing. At a later stage the PoS could also be applied to oracles.
This makes sense. I think most people see “PoS” and think they can earn AE as rewards very easily by simply keeping their wallet open and running on a laptop and staking like most other PoS coins out there right now.
So when they hear that there is no staking they get confused, and think that they will not be able to earn reward AE passively, and that mining would be too technically or mechanically out of their reach. That “mining” would be too complicated.
But from what I understand, “mining” with AE will be much more accessible to the average user with a decent laptop, correct? That with the Erlang Cuckoo Cycle algo, mining will be more RAM dependent, and that one will be able to easily mine AE via it’s wallet using even a laptop’s resources, and receive reward AE?
Or will they have to run a full node on a Linux machine or vps or something to do this??
Using »Proof of Stake« to describe the mechanism is very confusing indeed.
@AELifer, you are correct with your assessment that the cuckoo cycle PoW does not lend itself as much to specialised hardware, i.e. ASICs, but a powerful GPU will still have a considerable edge over a CPU, so while you can mine with a laptop and not have to compete with ASICs, you will still have to compete with GPUs.
Regarding your last question: unfortunately there are no Windows builds for Epoch currently.
Thank you for reply, Vlad.
How does your statement relate to this one?
A hybrid ASIC solution for Cuckoo Cycle pairs a bunch of DRAM chips with a small low-power ASIC, which needs to run just efficient enough to saturate the limited DRAM bandwidth. In terms of solutions per Joule of energy, this might be reasonably efficient mining platform.
(from GitHub - tromp/cuckoo: a memory-bound graph-theoretic proof-of-work system)
Specialised hardware will always outperform general hardware, at which point it comes down to the margins you can get with the specialised hardware. The claim is, that for cuckoo pow, this margin is not big enough to make the development and manufacturing worth it.
However, I’m not aware of any studies investigating just how big or small the margin actually would be.
Edit: Oh and earlier today, an article was published by the lead developer of Sia, which gives a great overview, as to why the whole endeavour of »ASIC resistance« might be futile anyway: The State of Cryptocurrency Mining | by David Vorick | The Sia Blog
What’s happened to the Cuckcoo Cycle, is that no longer being used by Aeternity?
We’re still using cuckoo cycle pow. Nothing has changed there.
Awesome, can you briefing explain the link between the cuckoo cycle & bitcoin-ng? They’re being used together?
Thanks for the info and the link, very interesting.
The problem with the margin argument is that it only holds temporarily. If the market cap of the ecosystem increases sufficiently enough or yet more efficient ASICs are developed, it will break down. I.e. while it might be possible to devise a POW scheme which makes ASICs not worthwhile now, I don’t see how one can plausibly promise this for future developments.
When using Bitcoin-ng, miners need to solve a computational puzzle in order to produce blocks, just like in the original Bitcoin protocol. The computational puzzle (PoW) for Bitcoin is based on finding special SHA256 hashes. The original proposal for Bitcoin-ng used the same puzzle as Bitcoin. We opted to use cuckoo cycle instead of SHA256.
So Bitcoin-ng is a consensus protocol/algorithm, where cuckoo cycle is used to solve some of the problems, that need to be addressed to make the system work, e.g. leader election.
Does that make sense?
I wasn’t really thinking of profitability, although that is sort of implied by the computational margin as well.
I definitely share your assessment that guaranteeing permanent ASIC resistance—i.e. ASICs never having more than a e.g. 2x advantage over a GPU—is most likely not feasible. You can commit to playing a cat and mouse game, in the hope that you end up ahead of the hardware.
It’s a complex topic and not just a binary matter of ASICs are bad and resistance is good, where a lot of arguments are very emotional and not always rational.
Yes! Great explanation, thanks very much, I had misunderstood the role of the cuckoo cycle.
Power concentration is bad for systems which are supposed to be decentralised, and profitability of ASICs tends to generate such concentration, as we can see on the Bitcoin chain. So trying to find ways out of that is worthwhile.
Finally had time to properly read that article. Pretty depressing really. If PoW by itself cannot ensure decentralisation because of the stated economics of ASIC manufacturing, and other “structures and schemes” are required to effect decentralisation, then what is the use of PoW in the first place?
I mean, the whole purpose of PoW is to make it too expensive for any one party (or coalition) to have enough control to manipulate the chain single-handedly. This is not true anymore if few or even just one party controls almost all of the hash rate.
In the article they argue that such a party cannot afford to play dirty because that would lead to hard forks and people going elsewhere. However, that’s true for any centralised system (which it then effectively is): if the central party becomes untrustworthy, people move elsewhere. But this is how all traditional and centralised systems (in an open market) have worked.
Interesting discussion. I just wanted to add that staking will be available for answering oracles, which is of course not a consensus mechanism.
Just so you know everyone - ssh is Sascha Hanse - æternity’s lead blockchain engineer.
Yes good to know, thanks
Again, »power concentration« is not a binary thing. Is a network controlled by 300 independent actors better or worse than one controlled by 3000 people? What if the former requires an attacker to spend $300m and the latter just $30m? Or when the smaller network can come to consensus faster than the bigger one?
I’m definitely all in favour of making systems decentralized but everything comes at a cost and trade-offs need to be considered.
I think the biggest problem with the ASICs is exactly the issue of scale and hardware manufacturers having strong incentives to pre-mine with them, while also massively increasing the barrier to entry. Maybe if ASICs designs were released together with the PoW algorithm, then the asymmetries might not be as bad. But in the end, whoever can scale their operations the best will win the race for blocks.
To give you an example where ASICs might be better, take the Goldfinger attack, where an attacker—in our context here not being in possession of ASICs or a majority of the hashrate—wants to destroy confidence in the network. If we ignore the fact that a lot of crytpocurrencies use the same PoW algorithms, then their hardware would end up worthless after the attack. Therefore it would be more expensive than an attack against a network secured by general purpose hardware, given the attackers ability to easily rent such hardware or buy and later sell it again.
One of the big advantages of PoW for cryptocurrencies is that it makes bootstrapping, and therefore participation, easy, at least in principle. There is no need to acquire coins to take part in the consensus protocol, something you’d need to do for Proof of Stake. All you need is just a piece of hardware that can solve the puzzles.
Your last point seems off. Take facebook as a popular example. They have enabled all sorts of questionable behaviour via their platform, yet people keep using it, exactly because they can’t just go elsewhere. Their data is in the walled garden that is facebook.
Forking an open source system—although there are definitely important issues to be considered in the case of contentious forks—is entirely possible and has been done successfully. If you fork your cryptocurrency and change the PoW algorithm, because some powerful player with sufficient hashrate to harm the network starts misbehaving, then the majority of the userbase will most likely follow you and the malicious player would be left alone with a dead fork, that nobody trusts.
Some caveats apply here, but the overall sentiment should be clear.
In the zcash forums there was/is also a big discussion about this, since they recently found out that ASICs for their PoW algorithm exist.
There is a lot more to this discussion and I hope that I don’t come off as a big proponent for ASICs, which I am not. I’m just trying to make the point that things are complicated.
First, thanks a lot for this exhaustive answer, your points are well taken. I’m fully aware that things are complicated, and I make my own arguments somewhat simplified not because that’s my die-hard conviction, but to just be very clear what I’m talking about. I know the whole area is full of trade-offs. Also, while I’m quite familiar with game theory and distributed algorithms (my PhD thesis was set in this area), I’m still a beginner in blockchain consensus. So I’m learning a lot here.
Regarding my last point seeming off though, I was thinking more of banks of other payment processors than Facebook. Granted, Facebook and other companies with a quasi-monopoly position are different. OTOH, with the new privacy regulations and FB and Google now offering complete exports of data, it would be conceivable that we might see new social networks (possibly on blockchains) where you can import your FB export… But this is just a side-note, and rather off-topic, so I’ll leave it at that.
@ssh this was in reply to you but I hit the wrong button, sorry.