RE: Our Plan for Onboarding the Masses
Well, it is certainly complicated (I had another reply written but in fleshing out the different scenarios it got very complex and I gave up).
And I'm not sure that an attacker electing a 'smaller' number of witnesses is good either (can cause significant damage even with a minority, in fact according to BFT the threshold of malicious witnesses that can destroy the system is 33%).
The ideal number you want a minority stakeholder to be able to unilaterally elect is certainly zero, which is what approval voting strives for (assuring that all elected witnesses are 'acceptable' to the largest portion of the stake).
Of course that is an ideal and all real systems are likely to fail to live up to that ideal at some thresholds and under real conditions, but I think the one we have is pretty good. I would still like to see the vote limit increased or removed, which would further increase the vote weight totals (even a modest increase would keep steemit out more definitively; right now it is very close) and give us stronger protection on the backup list which is another vulnerability in a sense (even a relatively small stakeholder can promote witnesses from the backup list, which can be a type of long-term attack)
BTW, I'm not sure why you disagreed with my earlier reply which said this:
then becomes easier all else being equal for one large stakeholder to elect some witnesses even if not all of them
That's the same thing you are saying, as far as I can tell.
Yeah, practically a good max threshold you'd want to allow would be either the classical n=3f+1, allowing each stakeholder to elect max f replicas (Where we got our max n given by 20). But that usually applies more in the case of the classical BFT protocols (PBFT and alike), doesn't it?. Doesn't Steem follow the classical 51% threshold we see in most PoS and PoW?
I disagreed with the point of:
Since, with less votes they should be able to elect even less.
I do get the point with the coverage though, and I think it is a good idea to have no limit at all where votes could aggregate much more, which would make it practically impossible to elect any top witness for a single stakeholder. At the same time this could motivate big stake holders to vote a large quantity of capable witnesses (to increase this coverage) which would also lead to a denser field (making the witness election process more interesting - leading in practice also to the situation I was wanting to achieve).
But in this context I think either you got a small amount of votes to avoid the big influence of a single stakeholder, or you have a fairly large amount of votes to achieve this high level of coverage.
I would have to do the math behind it, but I feel 20 would be the worst possible threshold, and 30 also not being very great.
I don't think there has ever been a real proof, and I vaguely recall some reasonable argument it was actually 33%. But I may be misremembering or wrong.
If you have further analysis I'm interested to see it. In my view 30 being well over 20 is probably somewhat okay because it allows coverage to all acceptable primaries (which should tend to overlap a lot among reasonable stakeholders) as well as some backups. But without a stronger argument than that, confidence can't be too high. If we could gain significantly by increasing 30 to say 50, I don't think the downsides would be that serious and we should consider it.
In the literature they generally accept 51% for PoW but put a big * next to it, since it has been proven that there are ways to circumvent safety with much less already (25% for selfish mining) and there is a certain mathematical probability to get even worse done with 25%.
PoW is more "probably 51%". In PoS since the node is chosen deterministically I don't see why 51% could be a big problem. But I also didn't read any "real mathematical proof" for it yet either.
Classical BFT is only 33% because of asynchronous network conditions, under synchronicity it can do 2f+1 (51%) as well.
I'll check if I can get a reasonable analysis out of it. Unfortunately most of it is more based on game-theory and crowd behavior and is not very deterministic. Like "People are more likely to vote on people which are on the top of the list already anyway".
Yes I was referring to Steem/DPoS which claims to achieve non-probabilistic finality, unlike PoW.