Yes, and thus is exactly what happens is 49% of validates start censoring. The legitimacy of the chain exists on the social level and not the protocol level - just as it does with BTC.

What's new here is the cost as it forces participants (stakers) to choose a side.

>just as it does with BTC.

Reminds me of the (largely failed) bitcoin XT fork. Bitcoiners didn't choose what was right for the network- they chose the easy path in an attempt to prevent fragmentation and keep the price high.

I have no reason to expect that ETH users won't do the same, just as they did in the DAO hack fork: they just choose whatever fork happens to profit them in the short-term at the expense of the decentralization of the network. Because at the end of the day it's just a money-making scheme to them.

>What's new here is the cost as it forces participants (stakers) to choose a side.

It doesn't force the stakers to do anything. The default behavior is to do nothing and accept censorship, in the same way that the default behavior for Bitcoin was to do nothing and accept small block sizes.

That's not what happened. Bitcoiners defended decentralization over throughput. The argument back then was that we should first experiment with scaling with other solutions and try to innovate as far as possible, and after that see how much actual L1 block space is needed. Now we are starting to see that it was the right choice.

How is LN the right choice for decentralization? you need central relay nodes with a ton of liquidity. Besides there is nothing stopping you from setting up LN over a L1 that isn't cramped, you have a limited throughput of settlement transactions.

Satoshi himself even suggested a blocksize increase. It is really a no-brainier when the cost of storage and bandwidth will continue to decrease over time, especially in a cryptocurrency like Bitcoin where the vast majority of the hashrate is from ASIC farms that can bear the cost of a single node while the rest simply use SPV wallets.

Well, the idea is that most people should be able to run a full node. Even now, you need a quite large SSD to sync and store the blockchain. Ideally, you'd want to run full node on a mobile device. Block size can be increased in the future when it's reasonable to do so.

Even with larger blocks, there's still the issue of latency and throughput. LN offers trustless instant settlement with very high throughput. Everyone is able to run their own node and open channels, so it doesn't really depend on any central third parties, even if there's some degree of concentration of liquidity. There should always be multiple routes and it should be possible to circumvent any bad actors. And obviously, L1 is still available for everyone.

In addition, there are other L2 solutions such as fedimints and statechains. The beauty of layered architecture is that there can be multiple competing solutions on L2, and L1 can be kept simple, secure and decentralized.

Here's a good article on the problems of scaling with big blocks + SPV: https://www.coindesk.com/markets/2017/07/30/could-spv-suppor...

Doing nothing is still a choice, and will result in their stake being slashed in the non censored "fork". If socially the non censored chain is deemed legitimate, this is a negative outcome that cannot be undone - hence a "commitment".

Without slashing, miners do not have to make any commitments - their funds are duplicated in both chains and they can switch to mining whenever they like.

That's the social consensus, or "L0 consensus". It's a fork, so on only on this fork the attackers would lose the ETH.

The social consensus means that actual humans, in front of these 2 forks of ETH , the original chain being attacked, and the one where all the attackers stake has been deleted so it's safe (and also non-attackers "richer"), humans would call the latter "Ethereum" and use that. And the former would fall into irrelevance.

Does that really work?

Suppose I stake enough ETH to create a fork that passes muster (which may include quite a bit of inactivity penalties for the honest folks, etc). Then I validate honestly, withdraw my stake, and launder those ETH for different ETH.

Now I make my anachronistic fork. I use those same private keys, invent inactivity penalties for everyone else, etc.

This fork is of dubious value. If I publicize it, anyone can prove that cheating happened, although I can’t actually be slashed because, on the real chain, I’ve already withdrawn and, on my chain, I won’t slash myself. Anyone who looks at (centralized!) websites will know my chain is fake. Anyone who sees both chains will clearly know that funny business happened.

But perhaps I can fool a node that was simply offline during the attack. As far as a regular node is concerned, both chains are a bit funny — slashable votes occurred. But I can probably fudge my chain so it wins over the real chain, and I can potentially attack my victim node.

The best part of this attack is that it cost essentially nothing. The computing resources I used are negligible. I spent 0 ETH, although I needed access to some private keys that required having money at some point to obtain.

At least with PoW, I need a lot of hashing to do this.

Sure, the L0 consensus means I’m unlikely to be able to double-withdraw $10bn from a pair of exchanges, but that’s a pretty weak argument for using Ethereum over a centralized system.

Why not just ditch the whole Proof-of-Stake system and use a classical consensus system then?

Because social consensus can be achieved on which Ethereum fork to use but not on every transaction that fork processes.

Solving that doesn’t sound nearly as difficult as a full PoS (or proof of anything) scheme.

What would be an easy way to solve that?

Because people won't all agree and update their software every 12 seconds for each new block.

In classical consensus, users don't need to agree on every block, they need to agree on who signs the blocks on their behalf.

Sybil attacks caused by the nothing at stake problem.

Any reasonable implementation of classical consensus isn't susceptible to Sybil attacks. You manually select which peers sign transactions for you, in the same way that you manually select CA's to sign TLS keys for you.

Manually selecting peers doesn't prevent sybil attacks, it just moves the problem one layer up (to the social level).

Either you have some trust in all participating parties or you don't. Classical consensus algorithms assumes the former. Achieving consensus when a percentage of parties cannot be trusted and may even be bad actors is a seperate problem.

The problem is already on the social level, it's just that in Classical Consensus, trust is established explicitly. Whereas in Proof-Of-Stake, it's established implicitly by means of controlling monopoly money.

If the stakers disagree with each other, or if the users disagree about who ought to be stakers, then that's a social problem. That's really no different than the problem of notaries disagreeing with each other or with users disagreeing about who ought to be notaries.

The difference is that in PoW, Miners have to stop when it becomes unprofitable for them (due to economies/dis-economies of scale). PoW is decentralized so long as normal people have great economies at a small scale (They have free access to electricity, they are using hardware they already own anyways, they would pay for heating anyways). In PoS, Stakers just get more and more power.

They can only burn the honest validators stake on the softfork though. The main chain won't be impacted.

I can think of plenty of ways to profit that don’t require burning an honest validator’s stake as the source of profit.