00:36:22 Forgive my tired mind; when a messgae is hashed then signed one can always just pass the hash of the message. 01:00:09 We could just throw a bulletproof at it, right? :) 07:57:28

not sure how to search history here... but has there been much discussion on hybrid pow pos? 07:58:20

i saw stuff on key signing for mining hete but not requiring stake 07:58:33

i saw stuff on key signing for mining here but not requiring stake 07:58:37 use search bar in the room 08:00:10 may not find tho with some specific keywords 08:13:31 Currently 43 unknown blocks out of the last 100 09:35:40 @rucknium:monero.social added one more pool, fixed some cryptonote new ones that did not return data. also added "miner" information that some pools return as a curiosity 09:42:35 also - if anyone can get monero API details for ntminerpool.com that'd be nice. They do say in chinese "For API access, please join our QQ group and contact the administrator." / 商务合作 API接入请加QQ群联系群管理员 10:19:22 noname, we discussed minimal PoS past meetings: https://libera.monerologs.net/monero-research-lab/ 10:19:23 In a paper from 202x analyzing the impact of OFAC sanctions on miner's compliance (btc + eth), control of consensus on a hardware level was suggested. My intuition is that we better have a branch on the sideline to deal with it - signed bocks and minimal PoS inluded. 10:19:25 this refers to "strong" vs "weak" signing, as described in the paper. Strong signing needs an additional ZK proof to ensure anonymity of the miner who "steals" the block from the malicious pool. 10:19:27 I think we should start having discussions about changing the asic resistance policy, the argument: “so everyone can mine” is similar to the one small blockers made in 2017 “so anyone can run a node” 10:21:24 If every person in the world can mine Monero, it means that if someone gives a incentive to attack it they will be able to ammass a lot of compute in a short period, people are greedy 11:08:35 morning guys, where did scumbags hashrate was gone? 11:08:37 yesterday it reported 40%, right now its 26% according to https://miningpoolstats.stream/monero 11:33:26 I’m just curious why the government (especially US gov) wasn’t just taken powers of its pocket dogs like AWS and Azure and haven’t done the same as cum_from_beyond but with much much power. 11:33:27 is it because they just don’t want to? or there are some reasons behind it? 12:11:29 price fell so some miners stopped mining 12:32:00 they claimed it’s their goal. 12:32:01 also they claimed that “unknown” is all controlled by qubic, but today the unknown’s hashrate is 26.3% compared to yesterday 40%. 12:32:03 so even that is false statement? 12:32:50 obviously it's not "all" controlled by qubic, that would be impossible 12:33:00 kekw 12:33:02 a single solo miner would foil that statement 12:37:49 well done qubic team (I know you are here, little spies) and thanks for free XMR anyway, regardless how much it’s impacted on price nor it was just correction — it will reflect on the price in future, because all you did will improve network stability and security. 12:37:51 gj team, is there any active bounties on network improvement? 13:03:22 DataHoarder: Thanks. Running latest version. 13:03:44 annelinlol: What do you mean by active bounties on network improvements? There are some bounties here: https://bounties.monero.social/ 13:05:12 A bounty works well when the work product is well-defined, noncontroversial, and easy to verify its correctness and quality. 13:05:46 [Rucknium](https://matrix.to/#/@rucknium:monero.social)I know and participating in some. I meant bounties for proposals that will harden security of network in future to defend against such attacks, and I can’t find one that related to it 13:07:19 For a major change, you would have to get some kind of community support for it before it would go to a bounties stage. It is rare for a change to not have any downsides or parties that could be harmed. 13:07:41 I should add "IMHO" to "For a major change, you would have to get some kind of community support for it before it would go to a bounties stage." 13:08:05 what is the downsides of PoW+PoS idea mentioned before? 13:08:20 what are the downsides of PoW+PoS idea mentioned before? 13:09:06 A lot of people in the Monero community dislike PoS. That would not be a good candidate for a bounty to implement it at this point in time, since the money and labor could be wasted if the community rejects it. 13:10:52 e.g. https://reddit.com/r/Monero/comments/1mbum1q/monero_with_hybrid_consensus/ 13:11:11 for what reasons? haven’t they changed their mind after the odds with centralized pools? 13:11:40 ^ That thread was from 10 days ago. 13:20:23 not to mention that average reddit enjoyer have 100$ of savings, not much different in /CryptoC or /Bitcoin, why /Monero should be different? 13:20:25 IMO, there should be difference on the “i hodl 0.1 xmr pos is shit” and entities that are using Monero for their tasks if not everyday, but close to it. 13:20:27 But I agree that there is a huge risk of capital centralization and things can be screwed up with one posioned whale, but shouldn’t there be any countermeasures to avoid it? 13:21:03 not to mention that average reddit enjoyer have 100$ of savings, not much different in /CryptoC or /Bitcoin, why /Monero should be different? 13:21:05 IMO, there should be difference between the “i hodl 0.1 xmr pos is shit” and entities that are using Monero for their tasks if not everyday, but close to it, when we talk about the Monero community. 13:21:07 But I agree that there is a huge risk of capital centralization and things can be screwed up with one posioned whale, but shouldn’t there be any countermeasures to avoid it? 13:27:30

can be fixed if the rewards for pos are reduced vs pow. but blocks are still produced 50/50. like emissions goes to pow 90% but pos blocks are 10% rewards. 13:27:32

it's not so much a huge risk, as it is a 100% guarantee. PoS has no effective countermeasures against it, because it's built into the incentive structure. There's nothing really at stake with PoS, slashing etc doesn't work because it's not aware of off-chain collusion, which is why it can't be used as a decentralization mechanism. 13:28:59 I also would’t treat botnet mining guys as Monero community, mostly because they’ll instantly switch to more profitable crypto when price is going down (we already see it), but they will scream hard for the PoW to be remained. 13:30:47 if we talk about pure PoS — yes, it is. 13:30:49 but it’s not so clear in case of hybrid PoWPoS with unequal rewards, as mentioned above. 13:32:58

hybrid doesn't solve anything, if PoW doesn't work for your use case, you will not remain decentralized. The 51% attack and selfish mining (and botnets/selfish miners) unconcerned with the coin fundamentals like decentralization is a more expensive attack, but poses the same risk at the end of the day, wiping the value proposition that *was* provided by decentralization away. 13:33:54

the main issue with hybrid pos is the zk proof around balances for stake weight. 13:35:12

disagree here. hybrid means the 51% attack requires both ownership of coins plus hashpower. 13:35:34

The current attack is a fairly clever attack economically, because rather than bringing 100% of the cost of hash rate to the table, you simply subsidize selfish miners for short duration "marathons" in an attempt to bleed mining hash over under your control, so they get their attack hash for a steep discount. And it's quite clear that a substantial group of people with CPU hashra

te don't care about the OG crypto fundamentals that Monero represents. 13:36:01

would be solved with a hybrid approach 13:37:04 when it comes to CPU power mining, how it differs from PoS as for capital approach? 13:37:05 More capital you have => more computing power you can buy => more chances to takeover 13:37:07

forcing p2pool etc doesn't really work imho 13:37:24

a hybrid approach can be used as a sort of checkpointing defense especially against these sorts of short term/burst attacks. 13:37:47

because the amount of capital required as well as coin liquidity 13:37:58

you can't just buy 50% of monero network to stake 13:38:17

This is true, but PoW has a real cost to attack, and PoS does not. Collusion is economically "free" for PoS 13:38:19 I meant hybrid ofc 13:39:16

The hybrid system would provide a defense as long as PoS actors and PoW 51%ers are unlikely to collude, which I would think would be the case in this scenario 13:39:40

nothing at stake attack doesnt work in a hybrid model where it requires pow block construction as well 13:39:49

so you dont even need slashing etc 13:40:01 huh? you still need to obtain XMR somewhere while good percentage of major holders just won’t sell it to you. 13:40:17

if both miners and stakers collude it's not an attack. it's literally a network upgrade 13:41:26

anyway, these are just some ideas that i had based on what i read and experienced 13:42:00

Yes, of course there is a cost to obtain stake, the point is there's no cost to collude because nothing is actually at stake, for stakers. As long as such PoS bad actors didn't also overlap sufficiently with PoW power, there is a defense there on an established ecosystem like Monero 13:43:16

The only real theoretical defense PoS actually brings to the table is centralization at the end of the day, which is the same defense mechanism that a central bank has 13:43:43

it's a true but jaded excuse for not thinking about pos as a valid option.. especially in a hybrid model. 13:44:20

slashing etc has been proven to work and also it's virtually irrelevant in a hybrid model as I mentioned before. 13:44:45 nevertheless I’m just curious how the decisions are made internally in Monero core team, especially protocol upgrade proposals 13:44:46

not true 13:45:01

I think, given the present circumstances, any defense structure including stuff like hybrid should be entertained and worked through. I'm actually surprised that I can't find any discussion from the core devs or the big pool operators organizing a defense discussion 13:46:17 and while Monero-like ring signatures are being widely used for some projects that claims tampering-proof voting systems, why not to use it for proposals voting, maybe even integrated in some wallets? 13:46:40

where's hyc samas these days? 13:46:59 hope they do, but not in public channels, which will be a bit unwise 13:47:58 kill/switch: These issues have been discussed in MRL meetings. For example: https://libera.monerologs.net/monero-research-lab/20250730#c546786 13:48:49

slashing et all has been "proven" to work on coins that have heavy centralization in wealth concentration, in which case those all have nice aligned incentives that dwarf the larger userbase capital. As long as there's no real incentive to collude to attack, PoS ultimately works great in those circumstances, but so would a handshake agreement at the Federal Reserve Board Meeting

work just the same. 13:56:38

https://gist.github.com/duggavo/7b5f1f8cad5bd56c9f27648ccc1728ba 13:57:07

totally agree with this proposal. it's what i was just talking about 13:59:52

I'm more concerned with the technical ability to implement this without leakage of privacy for stakers 14:00:26

and also the ramifications for planned/future upgrades and quantum resistance 14:02:01 "any discussion from the core devs or the big pool operators organizing a defense discussion" - the defense is ongoing. eventually cfb will run out of resources 14:02:31 and ultimately demonstrate how useless a 51% attack really is, especially one that can't be sustained 14:02:42

that's the great thing about PoW, it does have a real cost to attack, and that subsidy comes at a real world cost 14:05:02 just to clarify, what can one actually do with an actual 51% attack? 14:05:36

however, once/if they do start orphaning blocks, that put up further incentives to stop honest miners working on the chain 14:06:15

Mining without reward is slightly less fun I suppose :( 14:07:07 Double spend no? 14:08:03 with 100% or better luck, can orphan everyone elses blocks 14:08:31

Having your entire blockchain and minting effectively under control of an entity that explicitly has no concern for the fundamentals of the coin is, I would say, not great for anyone who's using Monero for the fundamentals... 14:09:15 yeah, the attacker themselves can double spend, if they manage to keep control for however deep the common confirmation acceptance is 14:09:22 You can only double spend your own funds.. but you can stop other people from being able to get confirmations at all (by reorging their chains) 14:09:58 "Having your entire blockchain and minting effectively under control of an entity that explicitly has no concern for the fundamentals of the coin is" thats already the case with what i call the "professional" pools 14:10:28

double spend... so they spend money which is accepted and then publish a longer chain where that send didnt exist. 14:10:29

potentially changing some network rules but less sustainable long term. 14:10:31

and censoring transactions 14:10:45

this is mitigated so long as those pools can't economically reorg the chain in their favor (selfish mine) 14:10:59 network rules? if a block comes in that doesn't match consensus, its rejected. doesn't matter how much diff it has 14:11:01 They can already though 14:11:07 fyi - yesterday a CEX deposit needed 12 instead of usual 10 blocks 14:11:23 kucoin has always req 12 14:11:31

that's not a rule but a guideline 14:11:46 and the daemon itself warns users to adjust confirmation times based on wacky diff deltas 14:12:17

longer conf times decrease odds of a double spend or shadow chain because the cost continues to increase 14:12:38 yeah just something I noticed 14:12:56 exchange was xt 14:13:09

but, any unmitigated centralization in a coin that has privacy and fairness as its prime market use case is, imo, a cancerous development with a predictable and unfortunate end 14:13:37

if you take bitcoin softfork upgrades as an example, pool tagging of soft fork options is technically a change in consensus 14:15:30

yeah codebase checkpointing gets into competing for nodes and node agreement on chain decisions rather than just miner power alone 14:15:49 https://gist.github.com/duggavo/7b5f1f8cad5bd56c9f27648ccc1728ba << k agree with this up u til (and including) #1. I dont agree with traditional _proof of stake_, but propose, what i call, _proof of pow_. This would mean that you can only stake coinbases (including tx fees). You cannot buy-in. 14:16:43 well that would suck for the current attack 14:16:56 because whatsisface is getting lotsa coinbase 14:17:07 yeah, but he has to hodl them 14:17:28 dude clearly has money to burn. i doubt the 50k he's getting a day matters 14:17:41 or whatever itis 14:19:09 Allowing buy-in would, imo, lead to a lopsided hoarding loop, like damn near every other pos chain 14:19:33 i don't think PoS is a solution in any form. 14:19:42 the real solution is we just get the $/xmr to go up 14:19:56 damn tft and his hyperfast emission curve 14:20:23

There are sooo many people with that much money to burn that are aligned against the interests and use cases of Monero, funding this attack at this time would be fairly easy to raise money for, especially since the attack really needs not much more than simple liquidity injection to subsidize miners with a perverse incentive 14:20:54 my proposal isnt the same as proof of stake, since it essentially only rewards pow miners 14:21:04 It promotes solo and p2pool mining, since you'd get 10% less rewards if you use a centralized pool 14:25:24 It would also reduce pow blocktime frequency to 4mins and increase reward to ~1.1xmr per block 14:25:32 I suppose after a decade of pumps and dumps the coins are well distributed, the early whales have had planty of occasion to dump 14:25:52 Doubt it 14:26:11 i'm at block 2000 on my testnet and have like 100k xmr 14:28:35 Damn, another 10 years of 100-400$ it is then 14:35:56

probably the most well distributed coin... fair distribution, equitable pow, long distribution period, low but relatively stable price for a long period 14:36:06 It promotes solo and p2pool mining, since you'd get 10% less rewards if you use a centralized pool <<>> so you don't consolidate the hundreds of p2pool payouts you get? 14:36:25

most used by far for txs per market cap of any coin... not even close 14:36:34

excluding erc20 stables 14:37:58

yeah this doesn't solve the issue 14:38:27

disagree here. 14:38:45 under benefits the hybrid proposal states "Preserves miner incentives" <<>> reducing miner payout by definition can't preserve the same incentives. How much it changes = ? 14:40:49

if it's 100% pow and 0% stake rewards distribution, then it would preserve incentives. however there's a cost to stake and keep nodes online as well as to hodl xmr so naturally pos incentive should be >0 14:40:54 another benefit given is "Encourages long-term holding, strengthening decentralization and reducing sell pressure." Is this a benefit for a currency that is made to be used? Again it depends on how large of an effect this will have but imho not something to be strived for 14:41:41

staking actually gives positive economic incentives to run nodes which is really good for the network health and resiliency 14:42:03

all of these are net positive to utility of xmr 14:43:03

i really think pos haters aren't thinking through the differences of a hybrid model and unequal weight payouts vs pure pos 14:44:02

i will always vote to keep pow until a more equitable distribution mechanism can be implemented where holding xmr is not a prerequisite to obtaining new coins 14:45:54

but a semi hybrid approach seems to solve issues like the one we have today while also creating new incentives for a new class of xmr participants at minimal cost to existing participants .... arguably net positive for everyone because if attacks like these continue, pow miners lose on ratio of coins they mine as well as price they can sell their mined coins for. 14:46:15

No I agree, PoS hybrid in this circumstance is worth entertaining, but really starting from something like https://gist.github.com/duggavo/7b5f1f8cad5bd56c9f27648ccc1728ba and step through thinking how to incentivize maintaining maximum decentralization/PoW against the economic incentives stacked up against Monero from its detractors 14:47:25

as i mentioned, I think pos actually increases decentralization in a hybrid model 14:48:20

by adding new users and incentivizing creation of more online nodes 14:48:49

At the end of the day, the big problem seems to be commodity hardware mining is in a state of mercenary havoc and short term thinking. Driving your hashrate behind closed, centralized projects chasing short term max rewards as the only consideration inevitably leads to this kind of thing. It doesn't consider that centralized economic models don't need miners long term, and you a

nd your rigs are just cannon fodder in the long run once you've cut your own legs off ;) 14:49:07

the proposal is fine except the difficulty lies in the implementation not the economic model 14:50:41

bitcoin mining is super centralized from a pool perspective already. we just havent had a bad actor who decided that it's worth it to attack Bitcoin yet. it will definitely happen as pow mining in bitcoin is a weakness 14:50:52

especially when block rewards drop to 0 14:51:50

What would the effect be of some kind of PoW loyalty mechanism, are there any projects that have done this or looked into it that kind of thing that anyone is aware of? I've never looked into such a thing as far as hot the incentives might align, if it's possible 14:52:08

What would the effect be of some kind of PoW loyalty mechanism, are there any projects that have done this or looked into it that kind of thing that anyone is aware of? I've never looked into such a thing as far as how the incentives might align, if it's possible 14:52:42

idk about loyalty but pow slashing could be a thing if we lock coinbase rewards longer and require key signing 14:53:34

seems like the pow lock time would need to be really long for it to make a difference at first cut 14:53:57

given rewards are so low vs cost of hash power 15:02:21 " It promotes solo and p2pool mining, since you'd get 10% less rewards if you use a centralized pool <<>> so you don't consolidate the hundreds of p2pool payouts you get?" << when you consolidate them, they wouldnt be eligible to be staked anymore 15:03:26 " another benefit given is "Encourages long-term holding, strengthening decentralization and reducing sell pressure." Is this a benefit for a currency that is made to be used? Again it depends on how large of an effect this will have but imho not something to be strived for" << agree. Is also leads to dumping 15:12:05

A large problem seems to be that miner's average overall knowledge has fallen off a cliff since the last time I was involved with it in any active capacity, which was in the early days of bitcoin. Watching Qubic follower's social media output like Rabid Mining on Youtube really highlights just how little they understand the fundamentals of what mining is even for; reviewing those

logs I was linked to from 30 July here, it is easy to see why @rbrunner's points there about how clearly and completely centralized Qubic's software and infrastructure is has gone either totally unnoticed or passed without concern under the nose of the rig owners and even some in the Monero space looking to understand the attack incentives. In the past mining and pool channels w

ere filled with many more long term thinkers about cryptos future. I think now it's really swamped with coin switching mercs chasing the fastest ROI, which is economically great, if you don't consider the future implication of the behavior. 15:13:39

In that sense, longer term thinking was a sort of implied subsidy that was built in to the meatbag portion of the "mining software" that this kind of attack roughly circumvents, through a weakness that developed and grew in that aggregate meatbag over time :) 15:32:11 On a quick search, I don't see a closed-form formula for the expected rate of orphan blocks when a major miner is pursing a selfish mining strategy. I did find this, a simulator: https://github.com/fdallac/selfish-mining-simulator 15:32:13 I haven't tried to run it yet, but from what the image shows it seems like a selfish miner should be orphaning 26% of honest blocks. If my interpretation is correct. 15:34:08 Qubic is either not pursing a selfish mining strategy very often, is not putting all of its hashpower toward it (which is self-defeating), their blocks aren't propagating well, something else is reducing their strategy's effectiveness, their hashpower is not as large as it seems, or I've misinterpreted the results in the example image. 15:35:37

I've seen CFB claim in his discord that they switch it on and off during the marathons, I assume to test in production, while they wait to accumulate enough hash rate 15:35:58 It seems like difficulty has to adjust downward for this attack to work well. If Qubic is turning his miners on and off a lot, the difficulty won't adjust much. 15:36:57 But maybe the downward adjustment is only necessary when you have 25-33% hashpower. 15:38:03 So far I've seen them lose more blocks than they orphan 15:38:18 Maybe they don't do it right, maybe not enough hashrate. Many unknowns there 15:41:02 I haven't seen it in discussions, but how about multi-pow. 60% of blocks by RandomX, 20% by sha256 asics and 20% by scrypt asics. I know monero stands for decentralized mining, but the majority would still stay with cpu miners, and the chance of 51% attack should be reduced with the multi-pow, should it not? 15:43:08 a pow that requires some amount of randomx within but a high work factor by ASIC/GPU algorithms, but need to be combined. something that can be done with light mode randomx as well 16:06:27

functionally it's probably still mostly a propaganda attack at this stage, where they need to accumulate as much defector/mercenary hash power as possible to minimize their ultimate attack cost, so each round/marathon is intended to draw in more careless miners with the mining subsidy they provide. Adding different types of (less decentralized) mining hardware to a PoW won't ulti

mately solve for this type of problem long term, this same attack can be used on any PoW as long as there are enough mercenary miners willing to selfish mine/destroy coins. The attacker isn't as concerned with mining rig type or cost in this type of attack as long as enough miner mercenaries are willing to take the subsidy to attack, they bear the brunt of the costs for the attac

ker. 16:10:25

ASIC PoW'ers have more to lose though in that case I guess, as the hardware can be orphaned by PoW algorithm change on the chain under attack 16:18:40

Pretty smart to limit the miners to a ~weekly payout too, putting much more of the liquidity risk onto the miners who serve as willing and eager bag holders during the operation as well 16:19:01

From an attack perspective it seems quite well designed to exploit the human weakness element 16:52:25 frankly I don't get why PoS magically solves things. The network can also be attacked by someone with a huge stake. "Join my staking pool and earn 1200% staking rewards!" 16:54:37 any p2p permissionless network is going to be susceptible to attack, its just a matter of how resilient it is.. how robust it is... how well it is able to recover. Because the attack will end. For instance, this seems like a good nudge to explore referencing outputs by hash ID or whatever instead of the serial index 16:56:25 sequential index. there i tis 16:57:47 and a staking attack is so much worse because once you have the stake you have it. unlike PoW. yeah, really don't get it 17:01:08

realistically, that's probably right. This is a "relatively" new attack space that has matured under the umbrella of fifth generation warfare. If you have a large number of people working within a decentralized system that neither understand the benefits of decentralization nor value it enough to not willingly attack it for an offer of a dangling promise of future payoff, you've

got a problem in the root space that is outside the software domain. Its the same attack vector, whether you're killing some kind of representative democracy or a decentralized crypto system. 17:03:12 persistence is all 17:05:34 imo muddying up the consensus mechanism just opens new doors for exploit 17:07:14 PoS hybrid, trusted compute, blah blah. i'd hypothesize that if monero was worth like $10k today, this scenario wouldn't be occuring. we just need mr. $10 mill to buy up the books 17:11:20 i imagine there are also short term hacks that would get us through the attack with minimal annoyance, probably on the same level of centralization-adjacentness as PoS or whatever. the major pools should just have fast relay between them, or preferred relay. would suck for solo miners, but its essentially what p2pool has 17:13:48

as long as the scale of wealth inequality is large enough, and the threat of defecting from centralized wealth systems large enough, the cost of attack at some point on the inequality curve will at some point become trivial and worthwhile enough to pull the trigger on an attack to secure the enclosure within the dominant central paradigm. Eventually those interested in and value

decentralization no longer have enough resources to adequately defend it at the scale they are capable of 17:14:46

as long as the scale of wealth inequality is large enough, and the threat of defecting from centralized wealth systems large enough, the cost of attack at some point on the inequality curve will become trivial and worthwhile enough to pull the trigger on an attack to secure the enclosure within the dominant central paradigm. Eventually those interested in and who value decentrali

zation no longer have enough resources to adequately defend it at the scale they are capable of 17:17:06 Proof of pow 😝 17:17:37 This is why i'm against buy-in. Most pos chains are hoarded as quickly as possible and the grip js never released 17:17:39 Like 80% of zano is staked, 50+% of particl is staked 17:17:41 Bought up at low prices and hodled (staked) forever 17:19:35 PoS on coinbase just creates a different kind of buy-in. You have to buy hashrate. i think the idea is cool, and probably would be nice for a freshly launched crypto, but dunno what good it does here 17:28:01