Hybrid PoW/PoS wouldn’t change that.

in pure PoS a government or organization can buy coins and manipulate the gain without spending large resources

The cost of attack is cheaper in PoW than it is in PoS.

if PoS suffers an attack, it’s game over

Not in the case of the finality layer proposal from Luke Parker

It’s true that some of the staking will be done on centralized services but that’s no different to how mining pools centralized hashpower. I don’t know GhostDag but I’ve heard that Nano is not really secured. Most blokchains that have experimented with DAGs at some points, have walk back to a more classical blockchain (Avalanche for instance). I’m not saying consensus based on DAGs data structure can’t be an option but classical blokchain + PoS have been a lot more battle tested. DAGs are still a bit exotic as far as I understand.

“Long-range” and “nothing-at-stake” attacks are theoretical attacks that have never impacted a blockchain that correctly implement PoS.

• Complexity: That’s an engineering problem. Users care about security, the complexity of the engineering is irrelevant to them.
• The rich will be more rich: Every staker would earn the same APY. This is only a issue for PoS blockchains that have had unfair distribution. Also parameters matter, PoW will still be rewarded.
• Long range attacks and nothing-at-stake: No blockchain have been impacted by those. You need a correct implementation and hybrid PoW/PoS prevent long-range attacks anyway.

By the way, why would you delete your post (which has for effect to make it invisible) rather than explaining your reasoning and why you changed your mind?

I see that this post was linked to the Monero sub reddit then deleted by the author after just a few hours. (self)censorship is going strong over there lol…

https://www.reddit.com/r/Monero/comments/1mlvaaf/responding_to_criticisms_of_a_hybrid_powpos/

This argument often comes up to claim that PoS would be less secure than PoW but let’s examine it closer.

Hashpower can also be bought and if you think about it would be cheaper to buy 51% of the hashpower than 51% of the XMR supply. CPU price would not increased as much as XMR price as the attacker attempt to buy enough resources to reach 51%. Plus, it’s easier for Monero holders to mount a counter attack as staking takes two clicks of a button while running a miner is more cumbersome.

Running an effective 51% attack like the one ran by Qubic is a lot cheaper than attacking PoS. The attacker needs is to create a bogus blockchain with manipulated supply and market it well to incentivize the miners well enough. The attacker doesn’t risk his own capital in the attack (since he’s a seller of XMR not a buyer).

Again, Qubic isn’t even a state sponsor attack. It’s conducted by a new and small project and it has been successful at creating enough panic to see the price of XMR dropped significantly. With this in mind, how can you justify that PoW on Monero would be more secure than PoW/PoS considering that the XMR supply has been, as you said, fairly distributed from the start.

It’s been repeated so much that Monero will never adopt PoS that to many it’s inconceivable that PoS becomes one day part of the security mix but this Qubic’s attack will certainly force us to reconsider this stance.

By the way I don’t know if Aaron Day has commented on the reasons for choosing Zano for it point-of-sales system but I bet that fast finality was a key factor in his decision and honestly it makes sense. You can’t have a serious in-person payment solution being widely adopted with unpredictable, long finality times. Now if we want to stick to online payments only, fast finality isn’t as important but we have to be honest about the limitation of PoW for the digital cash use case.

A benefit of PoS that is relevant to the Monero use case is that it would allow faster finality times. How do you implement sub 5s finality with PoW? You can’t… If there is a use case for which fast finality matters is certainly in-person payments. I think this is a drawback for Monero that isn’t being discussed enough.

There has been many chains (I’ll take eCash - XEC as a model, fork of BCH that implemented the avalanche consensus) that have successfully implemented a hybrid PoW/PoS approach and I think exploring this for Monero would make sense. One of the big concern with PoS is coin distribution especially for crypto that had a pre-mine. That’s not a concern that Monero will ever have. PoW is still important to guarantee that the blockchain can be retrieved in a trustless manner. PoS has by design a trusted setup.

Let’s take the best of both worlds and make Monero a better medium of exchange that it’s already is.

I gave up on Reddit, the best is to be active and grow alternatives like monero.town