I'm not exactly a fan of PoS because I'm worried it will lead to XMR becoming the thing it swore to destroy: Centralized currency. It will also make using it less fair because earning XMR would be more like a lottery rather than actual competition, even under a hybrid PoW-PoS system.
I think the best bet would be adopting dPoW instead to where XMR relies upon two other blockchains, such as BTC and ETC, in addition to itself to make attacks like those by Qubic far more expensive and challenging.
I’m not very familiar with dPoW but in principle I’m not a fan of being dependent on another PoW chain and it would delay finality further.
I’m not sure how PoS really risk to increase centralization in the case of #Monero. I think there is a case to be made for blockchain that had a premine but Monero supply is probably as decentralized as it can be. Plus, PoS would actually be fairer as it would lower the barrier to entry to compete for the block rewards (it’s easier to stake than to mine). Of course, we are likely to see the emergence of large pools but would that be any different than having large mining pools? I don’t think so, stakers can move from one pool another similarly to how hashers can. And in a hybrid PoW/PoS chain, the history of the blockchain is still guaranteed by PoW.
Really the only although critical benefit of PoW is to guarantee the integrity of the ledger without having to rely on a set of trusted validators. With PoW/PoS, when a new validator joins the network, it looks at the chain with the most work rather than rely on a set of trusted validators (for pure PoS chains).
PoS will lead to centralization because low costs means more wealthy actors will join Monero, which concerns me with the wealthy controlling the pools that are used. Since XMR is private, this makes noticing this centralization more challenging, meaning that problems with big pools could go unnoticed for a while. It can be quite anti-competitive compared to sticking to PoW.
We're so lucky that XMR uses RandomX and P2Pool. Those are the only saving grace in this kind of situation.
I’m skeptical that this concern isn’t equally applicable to PoW. PoW is a form of money and it’s unclear how centralized/decentralized the current hashpower is. Certainly, the current mix is far to be optimal as a small project like #Qubic can wreak havoc the #Monero network of this sort. I think the biggest concern with PoS concentrating the coin supply has more to do with the supply held on exchanges. In this regards, #XMR delistings could be a blessing.
Proof-of-personhood chains (such as #Idena) is a mechanism that can prevent the centralization of the coin supply in PoS chain but that’s a niche feature for now.
I suppose that PoW and PoS in their current forms are both susceptible to 51% attacks, just in different ways.
I like the concept of PoP as an alternative to state-issued identification, but I worry that it is effectively exchanging security for privacy in the grand scheme of things. It's sort of counterproductive for the goals of XMR in my opinion, especially for a privacycoin.
Maybe a dual dPow-PoS system could be the most beneficial solution. It could also be interesting looking into Proof of Burn.
To be clear RandomX is great, it’s not surprising that other chains want to adopt it but the flaw has to do with the skewed economic incentives generated by merge mining. It’s just an attack vector that is out there and that nobody had exploited until now. P2P is great as well but miner seeking to maximize their profit in the short term are incentivize to merge mine the most profitable auxiliary chain. I don’t know if that’s enough to allow a more sophisticated attacker to achieve a 51% attack but is this a risk we are willing to take?
A 51% attack on PoS would actually be more visible because the price would skyrocket as the attacker attempts to buy all the supply. The attack isn’t practical. With merge mine, an attacker can create its own bogus chain with little token supply on exchange while holding huge share of the premine. They pump their coins, incentivizing hashpower to mine their chain while pumping their bags at the same time. It just requires good coordination, marketing and network. No need for massive investment.
