6
Is Qubic's attack strengthening the case for Monero to migrate to hybrid PoW/PoS? (monero.town)
submitted 2 days ago by LogicallyMinded@monero.town to c/monero@monero.town
22 comments fedilink hide all child comments

Although far to be a total victory, Qubic's merge mining attack on Monero shedded light on a weakness for pure PoW blockchains. Indeed, merge mining enables an auxiliary chain to incentivize the concentration of the hashpower in exchange of extra rewards. In the case of Qubic, the flaw is more apparent as Qubic has been intentionally adversarial but the same issue would remain for other non-adversarial auxiliary chains such as Tari or DarkFi. Because of the extra rewards offered, it would be rational for economically motivated miners to direct their hashpower to those auxiliary chains, hence concentrating hashpower over time.

Maybe some smart brains will figure out a solution that would prohibit merge mine on a pure PoW blockchain but assuming this can't be done, a PoW/PoS mechanism could be an alternative solution.

It's exactly because of security concerns that some PoW blockchains have moved to a hybrid PoW/PoS model.

eCash (a fork of BCH by Amaury Sechet, the founder of BCH), has moved to a hybrid PoW/PoS (Nakamoto+Avalanche consensus) to prevent 51% attacks on the network and improve the user experience (sub 3 seconds finality). The goal of eCash is to be the best form of digital cash which requires fast finality. Still in the case of eCash, it can be debated whether or not digital cash with optional privacy can be the best form of cash (to most Monero folks, the answer would be no).

Another example is Boolberry that was relaunched as Zano with the migration from pure PoW to a hybrid PoW/PoS chain. Here again, security concerns motivated the transition. On the user experience front, Zano also benefited from the integration of PoS by offering faster transaction finality. Notably, it's likely why Aaron Day chose Zano over Monero for the launch of his point-of-sales system as long finality times aren't acceptable for in-person merchant payments. It's questionable whether Zano is secured enough with PoS as the coin distribution was heavily influenced by the Boolberry premine, but this is not an issue that Monero would have.

Due to its fair launch, focus on medium-of-exchange and lack of supply held on exchanges (thanks to the delistings) Monero is really well positioned to augment its consensus with PoS without fearing attacks related to the concentration of XMR in the hands of a few. PoS presents the advantage to lower the barrier to entry to participate in the consensus and earn a share of the coin emission. It should make the network more resilient to the attack of a small actor (let's be honest, Qubic is a small actor). Plus some PoS consensus such as Avalanche can allow for a high degree of coin concentration without risking the network of being attacked. Even with a classic PoS consensus, Monero would certainly be one of the most secure PoS chain out there.

In addition, PoS would enable faster transaction finality which is a key feature Monero lacks to be the best digital cash possible.

That said, PoW still has its importance for Monero. In pure PoS blockchains, a new validator joining the network needs to connect to a set of trusted validators to load the blockchain history. Those are usually maintain by the core teams or foundation. The real utility of PoW is to enable a new validator to bootstrap the blockchain in a trustless manner (by seeking the chain with the most work rather than trusting a given set of validator). Hence a PoW/PoS model is preferable to a pure PoS model.

It's no secret that the culture of the Monero community is generally opposed to PoS. Maybe this strong stance is slightly ideologically driven. We certainly can be proud of being one of the few respected PoW blockchain left out there but maybe this Qubic event will change the narrative. Whichever path Monero takes next, hopefully the chain will gain in resiliency.

all 23 comments
sorted by: hot top controversial new old
[-] LogicallyMinded@monero.town 2 points 1 day ago

I see that this post was linked to the Monero sub reddit then deleted by the author after just a few hours. (self)censorship is going strong over there lol...

https://www.reddit.com/r/Monero/comments/1mlvaaf/responding_to_criticisms_of_a_hybrid_powpos/

[-] XMRbutterfly@monero.town 2 points 1 day ago* (last edited 1 day ago)

I am u/314stache_nathy (I posted this), PoS have problems and make a hybrid sistem with PoW+PoS is bad why PoS have  'long-range attacks' and 'nothing-at-stake'.

PoW is better than PoS and a hybrid sistem have other problems (in adition with PoS problems), like:

  • Complexity
  • The big players only be more big with time, the rich will be more rich
  • The PoS turns all blockchain vulnerable to mentioned attacks (long-range attacks and nothing-at-stake).
[-] LogicallyMinded@monero.town 2 points 1 day ago* (last edited 1 day ago)

"Long-range" and "nothing-at-stake" attacks are theoretical attacks that have never impacted a blockchain that correctly implement PoS.

  • Complexity: That's an engineering problem. Users care about security, the complexity of the engineering is irrelevant to them.
  • The rich will be more rich: Every staker would earn the same APY. This is only a issue for PoS blockchains that have had unfair distribution. Also parameters matter, PoW will still be rewarded.
  • Long range attacks and nothing-at-stake: No blockchain have been impacted by those. You need a correct implementation and hybrid PoW/PoS prevent long-range attacks anyway.

By the way, why would you delete your post (which has for effect to make it invisible) rather than explaining your reasoning and why you changed your mind?

[-] XMRbutterfly@monero.town 1 points 1 day ago* (last edited 1 day ago)

More complexity increases the chances of a possible attack, and in PoS networks, attacks don't need to be sustained, if PoS suffers an attack, it's game over, in PoW an attack needs to be sustainable to work, and PoW has been much more tested and in Monero PoW is much more decentralized, the only problem is pools (PoS+PoW and PoS doesn't solve, on the contrary, it worsens the situation, in PoW+PoS as PoW has fewer miners, and in pure PoS a government or organization can buy coins and manipulate the gain without spending large resources, and governments can just print money).

I deleted my post because I now believe that PoS won't solve this issue, we need to further improve PoW, which is already well-tested and works well (it's not perfect, as it still needs improvement), and PoS centralizes too much power in the hands of the richest and creates complexity in the network (which in itself increases the chances of having a vulnerability).

If you want to discuss this further, I strongly recommend joining the Matrix room of the MRL: https://matrix.to/#/#monero-research-lab:monero.social

And Monero room: https://matrix.to/#/#monero:monero.social

I'm glad that more efforts are being made to improve Monero.

[-] ReversalHatchery@beehaw.org 1 points 14 hours ago

couldn't it work in such a way that it's hybrid, but PoW transactions are stronger?

PoS verifiers make the process fast, and PoW verifiers will make sure with more effort that the transactions are valid. but if PoS verification gets gamed somehow, PoW verifiers will override it in 10 minutes. Basically a 2 level verification procedure. and everyone who accepts Monero as payment can decide which verification process they want to rely on: the fast one, or the one that can't be easily influenced by the rich. I think often the latter is not a real concern, like with small value transactions.

maybe we could have a safety system that in case enough PoW verifiers find that a PoS verifier incorrectly verified the transaction, the PoS verifier's stake could be taken from them.

[-] LogicallyMinded@monero.town 1 points 1 day ago* (last edited 22 hours ago)

in pure PoS a government or organization can buy coins and manipulate the gain without spending large resources

The cost of attack is cheaper in PoW than it is in PoS.

if PoS suffers an attack, it’s game over

Not in the case of the finality layer proposal from Luke Parker

[-] Electricd@lemmybefree.net 1 points 1 day ago

The big players only be more big with time, the rich will be more rich

Heh, not really true. They proportionally get the same. It's a percentage, not a fixed revenue

[-] g2devi@feddit.nl 1 points 1 day ago* (last edited 1 day ago)

IMO, while a hybrid approach might be eventually necessary, I don't see PoS as part of the solution. But there are viable solutions (see below).

The problem with Qubic is that a few players can (temporarily) disrupt the network. The tokenomics of Qubic allow it to attack temporarily but it will ultimately fail by that same tokenomics. With PoS, the problem is that a few players (the stakers) can disrupt the network. The requirements for staking (e.g. not turning off your machine for a set period of time, etc) encourage people to stake with a service so it encourages non-custody and centralization. And since PoS gives stakers more stake, their power to disrupt can only grow.

So you're trying to fix one set of disruptors by adding a second set of disruptors. Not exactly a solution, IMO.

Of course there's slashing. If it's purely algorithmic slashing, then it can be gamed and taken advantage of by either disruptor. If it's "trusted individuals" then you're just adding another set of disruptors to the mix. With so much complexity and potential for collusion, it's almost certain that failure will eventually result.

So what's possible? There are other consensus mechanisms that greatly reduce block reorderings like GhostDag (see Kaspa) that might be used to support the current PoW. Nano also has no transaction fees and seems to keep working. Instant validation of mutually agreed upon transactions also work if both parties are online at the same time (it doesn't work otherwise). If I give you cash, and you accept the cash and give me a receipt for that cash in real life, I don't need a third party to validate it so it would be wrong for a third party to not confirm it on the blockchain as finalized. You can even add the condition of having both parties have a copy of the receipt and both parties have to sign it. That extra condition is usually a part of the transaction of big ticket items like houses for extra security. True this approach wouldn't work if one party is offline, but since I estimate for over 90% of transactions both parties are online (since NFC cards aren't common but phones and computers are), this approach would all the blockchain to keep working even if there is an attack. The other supports are there for offline transactions.

[-] LogicallyMinded@monero.town 1 points 1 day ago

It's true that some of the staking will be done on centralized services but that's no different to how mining pools centralized hashpower. I don't know GhostDag but I've heard that Nano is not really secured. Most blokchains that have experimented with DAGs at some points, have walk back to a more classical blockchain (Avalanche for instance). I'm not saying consensus based on DAGs data structure can't be an option but classical blokchain + PoS have been a lot more battle tested. DAGs are still a bit exotic as far as I understand.

[-] Electricd@lemmybefree.net 1 points 1 day ago

I've heard that Nano is not really secured

I'd like to know more on that

[-] Electricd@lemmybefree.net 0 points 1 day ago

PoW is an ecological disaster. Any change will be good. I would be okay to hold XMR to help, but I don't want to mine

[-] DragonSidedD@monero.town 1 points 12 hours ago

I think the majority of the Monero community shares this concern. If there was a better solution for the purposes of securing a decentralized ledger, we'd move on it quickly. Problem is, in all these years, as a community we haven't seen a better system.

PoS tends to continually centralize power. End of story. There is no situation where PoS does not ultimately fully centralize.

Ostensibly super fast mechanisms like Nano are subject to insane re-orgs, which they mitigate by checkpointing the chain, which means the re-orgs that should have happened, don't happen, ... it's a frickin' trainwreck and would be exposed as such under real-world high scale loads.

IMO the next-best solution to PoW is Federated Byzantine Agreement (FBA) aka "validator nodes" like Stellar. These are crazy high throughput, super efficient, and slightly more centralized -- that wallets have to choose a set of validator nodes, and hope that those nodes are not colluding.

Think of FBA Federation as being like the Fediverse: there are semi-centralized hubs. But anyone can spin up a hub and people can migrate easily. It's not 100% decentralized where every node is identical. But you get orders of magnitude more throughput and less electricity use.

[-] mariob@liberdon.com 0 points 1 day ago

@Electricd @LogicallyMinded this is debatable. I do not use much my computer, therefore, I better set it on mining rather than collecting dust.

In the winter time I set it towards max so it also produces heat and it lowers my heating bill also diminishing gas burns and reducing pollution.

In the summer time, I have to set it on very low, as the heat produced is really unbearable. Again, I would save on electricity bill as computers today are very power efficient, thus reduce pollution too.

[-] LogicallyMinded@monero.town 1 points 22 hours ago

Hybrid PoW/PoS wouldn't change that.

[-] Electricd@lemmybefree.net 1 points 1 day ago

Electrical heating is inefficient. It’s even more inefficient if your electricity is produced from non green or non nuclear sources

It will increase your electricity bill

[-] mariob@liberdon.com 0 points 1 day ago

@Electricd the power consumed is under 5% from my whole bill. I even plan to add a second computer. This one I will make sure is also optimized in KH/W.

[-] Electricd@lemmybefree.net 1 points 1 day ago

I’m just saying how it is. It generates more pollution

[-] mariob@liberdon.com 0 points 1 day ago

@Electricd everything generates pollution, but we still have to heat ourselves during cold season. If you meant is lower efficient, then I see your point. However, I will make that trade-off in order to secure the economy of the country.

[-] Electricd@lemmybefree.net 1 points 1 day ago

It generates more pollution than classical heating methods, yea, it is less efficient

economy of the country

What do you mean?

You wouldn’t have to do that with another proof system.

[-] Wave@monero.town 0 points 2 days ago

Monero to migrate to hybrid PoW/PoS?

TLDR

No. It's been said and it's true. As long as the banks have an infinite amount of money at their disposal, it makes no sense. An investor, even a bank itself, could own a large share without having earned it. Monero is fairly distributed from the start.

[-] LogicallyMinded@monero.town 2 points 1 day ago* (last edited 1 day ago)

This argument often comes up to claim that PoS would be less secure than PoW but let's examine it closer.

Hashpower can also be bought and if you think about it would be cheaper to buy 51% of the hashpower than 51% of the XMR supply. CPU price would not increased as much as XMR price as the attacker attempt to buy enough resources to reach 51%. Plus, it's easier for Monero holders to mount a counter attack as staking takes two clicks of a button while running a miner is more cumbersome.

Running an effective 51% attack like the one ran by Qubic is a lot cheaper than attacking PoS. The attacker needs is to create a bogus blockchain with manipulated supply and market it well to incentivize the miners well enough. The attacker doesn't risk his own capital in the attack (since he's a seller of XMR not a buyer).

Again, Qubic isn't even a state sponsor attack. It's conducted by a new and small project and it has been successful at creating enough panic to see the price of XMR dropped significantly. With this in mind, how can you justify that PoW on Monero would be more secure than PoW/PoS considering that the XMR supply has been, as you said, fairly distributed from the start.

It's been repeated so much that Monero will never adopt PoS that to many it's inconceivable that PoS becomes one day part of the security mix but this Qubic's attack will certainly force us to reconsider this stance.

[-] Wave@monero.town 1 points 23 hours ago

It’s been repeated so much that Monero will never adopt PoS that

That is beyond my knowledge. As far as I know, it was said that consensus adjustments are possible if they are necessary. You have explained your point of view well, thank you.

this post was submitted on 09 Aug 2025
6 points (87.5% liked)

Monero

2007 readers
10 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 2 years ago
MODERATORS
admin@monero.town