Thanks for replying and appreciate your engagement with my posts!
> I, on the other hand, am looking to create tools to be used by competing groups of good people where at least 2/3 are honest.
Oh I agree that 2/3 of people are honest, but with a few caveats:
- “2/3 of people are honest” != “2/3 of capital is honest”. Especially post-2008, I think most people will have a much harder time believing the latter claim than the former.
- I talked to many people who actually don’t understand why accepting payment for votes is bad; it really is a nontrivial argument to make why the possibility of doing so leads to a violation of the core principles of DPOS, rather than being an efficiency-improving market transaction like working for the employer that offers to pay you the most.
- It’s hard to continue being honest if some people start acting dishonestly and then clearly don’t get penalized for it. Crypto communities are anonymous online communities that anyone is free to join, and where everyone can easily feel unaccountable under the shield of anonymity, so it is an environment that encourages scummy behavior much more than others. Our own lived experience in the crypto community (see: hacks, thefts, scammy ICO tactics, non-transparent bribes to social media influencers of various sorts) IMO confirms this.
> I have faith that such a community will be far more competitive in a market competition for mindshare than one that elects vote buyers.
I suppose this is one place that we differ. I believe that once a crypto platform becomes truly mainstream, it will be difficult for it to have hodlers that have values and beliefs that are far different from the general populace. If crypto platforms whose communities have morals are better for investors, then even investors without morals will join those communities seeking to free-ride off of others’ morality for profit, and pretty quickly they will regress toward the mean.
> The reality is that it is not possible to “prove” the economic exposure of an individual because they might have more to gain or lose outside the system than inside.
This is true, but a red herring. Whatever the in-protocol incentives are not to do harmful action X, there could always be larger extra-protocol incentives to do it. The point of having large in-protocol incentives is two-fold:
- The higher the in-protocol incentives not to do X, the higher the extra-protocol incentives to do X are required for X to happen, and so the lower probability of someone actually having those incentives and X happening.
- If there is an in-protocol penalty of size P, then an actor with less than $P cannot break the system no matter how irrational they are, and an actor with $k * P can only break the system a maximum of k times no matter how irrational they are.
> The one thing that cryptography will never be able to prove is censorship. You cannot objectively prove that someone received your message unless said person cooperates by generating a cryptographic proof. Therefore, you cannot punish them for failing to include your transaction using objective cryptographic proofs.
This is also true as written, though once again with caveats. Specifically, if you add network synchrony assumptions, you absolutely can detect serious cases of censorship. See: https://ethresear.ch/t/censorship-rejection-through-suspicion-scores/305
In Casper FFG, ultimately the users *are* in charge. Casper FFG is designed so that in the event of a split connected to non-uniquely-attributable faults (including censorship) a minority of participants can make a minority fork, and the market then decides which fork should be valued higher. On each of the two forks, validators that stay on the other fork lose a large portion of their deposits (you can’t be on both forks because of slashing conditions).
And the bounds within which you can do this definitely are smaller than proposed time windows for Casper slashing violation inclusion, Plasma fraud proof inclusion, etc.
If you have an application which really requires very fast transaction confirmations, and for such fast confirmations to happen reliably, then IMO the correct domain in which to build such systems is level-2 platforms on top of secure base-layer platforms like Ethereum. The level-2 platforms can be built in such a way that they depend on the second level for performance, but not safety (see: state channel hubs, Plasma operators). They can then have the incentive of reputation and expected future revenue to drive them to perform well in the present, and the negative costs of any failure are mitigated. I actually think DPOS as a consensus algo for Plasma chains and state channel hubs (and systems like Loom) could work reasonably well; the ability for any user to easily fall back to the base chain and switch to another chain provider serves as an important check limiting the downside potential of any malicious layer-2 chain operator or cartel trying to cause harm.
Author: Vitalik Buterin