Security in POW = distributed PoS in disguise
Coins change POW to distribute hashrate more evenly among mining equipment (stake) holders. ASICs have a large stake, but it is concentrated. NiceHash renting is greatly distributed, but renters have no stake. A secure coin requires both a good distribution and a stake in the coin or txns. To be precise, it’s not distributed stake, but distributed provable losses in excess of the potential gains if there is a network partition by attack or accident. The electricity and equipment costs (the WORK in POW) are reduced when coins change POW, so the level of work is not proportional to security. Next paragraph gives another example. PoS attempts to take this to the limit, removing the work all together. The new PoS systems (Casper and Dfinity) are fixing the old problems.
Miner stakes protect BTC, not work
As hashrate shifts from the monopolistic stake your miners have in your coin to the free market of NiceHash renting, your POW gets hit with double spends and Cryptopia disables your coin. BTC is not immune, especially if lightning succeeds. If lightning allows 1000x multiplier on txns & BTC’s end game is 2% fees per coin transferred & it replaces USD ($40 triilion M2 velocity per year), then only $53,000 is needed for a 7-block 51% attack. (Actually, it will cost about $45k to gain $106k in fess and $530k in double spends if you had 10% of the txns on the public chain that gets voided). This assumes your hardware plus rentable equipment are 51% (actually 42%) of network hashrate. Therefore it is the stake that miners have placed into equipment that protects BTC, not work. New kinds of PoS work the same (requiring capital to be locked up). They require even higher levels of risk to their stake than BTC miners face.
POW coin creation is useful & better in combination PoS
POW can create value by proving there was waste. This makes it harder for people to realize it’s not providing security after the coins are generated. A PoS system could still use POW to allow users to create value without pools. They could create their own base txn, setting their own nBits value and disclosing the nonce that solves it, disclosing both in the txn that sends the new coin to their address. They just hash the txn with that nBits in it, then append the nonce. See bottom for how user fees determine the amount of coin that’s generated as a result of the nBits setting (the hashes/coin required).
How all this is related to topic at hand:
Security problem with delayed rewards
Delaying coins to miners is trying to make them more like stake holders, but it’s a “stake requirement” that does not clearly reduce ASICs from a larger coin (or renting) like the short-term benefit of a change in POW. It also does not reduce the risk of a double-spend like the new proof of risk (POR) types of PoS. But it would decrease total hashrate that would make a double-spend easier. Even as a pro-stake person, I see a problem.
Side note: Ideal Coin Idea
Users paying maybe 0.5% fees on txns would vote to increase or decrease the hashes/coin needed to get new coin (in the above coin creation) in order to keep constant value in the presence of Moore’s law. Past and future users are inherently motivated to target constant value. If past users effectively allow “pre-mines” (few hashes/coin), new users won’t join. Future users doing the same will collapse the coin from hodlers exiting at the prospect. So everyone will automatically adhere to a social contract of “constant value” or the coin dies (evolution will select coins that keep constant value). All coin parameters could be taken out of the hands of devs and put into the hands of the users paying the txn fees, in proportion to the fees, giving equal taxation with equal representation. The coin could evolve, with changeable parameters in each block header. (The votes are in the txns, so everything is atomic) such as max block size, block time, % fees, hashes/coin required to create your coin, and foundation’s address. I imagine coin-split schemes so that when blocks get full, the splits creating a hierarchy and each chain has an exchange rate with those above and below it in the hierarchy. The 0.5% fees go to foundation & distributed stake holders (Dfinity) who risk losing 10x the coins in txn if they attempt a double spend. So security is provided by POR = proof of risk that can exceed the stakes BTC miners have invested. And the Chinese government may not be able to control 74% of the stakes (if the Chinese get 74%) since it’s not in physical equipment. A big problem with this is that electricity is 1/2 price in China, so they get coin for less, so the POW for coin creation would be hardware-costly. Or instead of POW coin creation, use proof of burn or charity (BTC burning to trade your BTC for this new coin at an exchange rate determined by users in each block header).
P.S. [Moderation edit by @daira: personal attack on Zooko deleted.]
P.S.S. 51% on new PoS:
PoS could also have a 51% attack that prevents loss of capital. The capital itself that is being placed at risk (not the txns) could be “double-spent”. If the risk factor is 10x, then a large actor with 51% of the stakes (5x the txns in blocks) and 50% of the txns could double-spend the same block 11x to make a profit. Dfinity gets around this by randomly selecting the stakers from all the stakers. Doing that correctly is probably the hardest part because choosing block leader is little more than a random selection we all agree on. Everyone with coin could potentially be a staker, so an attacker would need 51% of the market capitalization of the coin to attack, which is a lot more than having 51% mining equipment in POW. The capital could be borrowed which would be like renting mining equipment.