Although far to be a total victory, Qubic's merge mining attack on Monero shedded light on a weakness for pure PoW blockchains. Indeed, merge mining enables an auxiliary chain to incentivize the concentration of the hashpower in exchange of extra rewards. In the case of Qubic, the flaw is more apparent as Qubic has been intentionally adversarial but the same issue would remain for other non-adversarial auxiliary chains such as Tari or DarkFi. Because of the extra rewards offered, it would be rational for economically motivated miners to direct their hashpower to those auxiliary chains, hence concentrating hashpower over time.
Maybe some smart brains will figure out a solution that would prohibit merge mine on a pure PoW blockchain but assuming this can't be done, a PoW/PoS mechanism could be an alternative solution.
It's exactly because of security concerns that some PoW blockchains have moved to a hybrid PoW/PoS model.
eCash (a fork of BCH by Amaury Sechet, the founder of BCH), has moved to a hybrid PoW/PoS (Nakamoto+Avalanche consensus) to prevent 51% attacks on the network and improve the user experience (sub 3 seconds finality). The goal of eCash is to be the best form of digital cash which requires fast finality. Still in the case of eCash, it can be debated whether or not digital cash with optional privacy can be the best form of cash (to most Monero folks, the answer would be no).
Another example is Boolberry that was relaunched as Zano with the migration from pure PoW to a hybrid PoW/PoS chain. Here again, security concerns motivated the transition. On the user experience front, Zano also benefited from the integration of PoS by offering faster transaction finality. Notably, it's likely why Aaron Day chose Zano over Monero for the launch of his point-of-sales system as long finality times aren't acceptable for in-person merchant payments. It's questionable whether Zano is secured enough with PoS as the coin distribution was heavily influenced by the Boolberry premine, but this is not an issue that Monero would have.
Due to its fair launch, focus on medium-of-exchange and lack of supply held on exchanges (thanks to the delistings) Monero is really well positioned to augment its consensus with PoS without fearing attacks related to the concentration of XMR in the hands of a few. PoS presents the advantage to lower the barrier to entry to participate in the consensus and earn a share of the coin emission. It should make the network more resilient to the attack of a small actor (let's be honest, Qubic is a small actor). Plus some PoS consensus such as Avalanche can allow for a high degree of coin concentration without risking the network of being attacked. Even with a classic PoS consensus, Monero would certainly be one of the most secure PoS chain out there.
In addition, PoS would enable faster transaction finality which is a key feature Monero lacks to be the best digital cash possible.
That said, PoW still has its importance for Monero. In pure PoS blockchains, a new validator joining the network needs to connect to a set of trusted validators to load the blockchain history. Those are usually maintain by the core teams or foundation. The real utility of PoW is to enable a new validator to bootstrap the blockchain in a trustless manner (by seeking the chain with the most work rather than trusting a given set of validator). Hence a PoW/PoS model is preferable to a pure PoS model.
It's no secret that the culture of the Monero community is generally opposed to PoS. Maybe this strong stance is slightly ideologically driven. We certainly can be proud of being one of the few respected PoW blockchain left out there but maybe this Qubic event will change the narrative. Whichever path Monero takes next, hopefully the chain will gain in resiliency.
I see that this post was linked to the Monero sub reddit then deleted by the author after just a few hours. (self)censorship is going strong over there lol...
https://www.reddit.com/r/Monero/comments/1mlvaaf/responding_to_criticisms_of_a_hybrid_powpos/
I am u/314stache_nathy (I posted this), PoS have problems and make a hybrid sistem with PoW+PoS is bad why PoS have 'long-range attacks' and 'nothing-at-stake'.
PoW is better than PoS and a hybrid sistem have other problems (in adition with PoS problems), like:
"Long-range" and "nothing-at-stake" attacks are theoretical attacks that have never impacted a blockchain that correctly implement PoS.
By the way, why would you delete your post (which has for effect to make it invisible) rather than explaining your reasoning and why you changed your mind?
More complexity increases the chances of a possible attack, and in PoS networks, attacks don't need to be sustained, if PoS suffers an attack, it's game over, in PoW an attack needs to be sustainable to work, and PoW has been much more tested and in Monero PoW is much more decentralized, the only problem is pools (PoS+PoW and PoS doesn't solve, on the contrary, it worsens the situation, in PoW+PoS as PoW has fewer miners, and in pure PoS a government or organization can buy coins and manipulate the gain without spending large resources, and governments can just print money).
I deleted my post because I now believe that PoS won't solve this issue, we need to further improve PoW, which is already well-tested and works well (it's not perfect, as it still needs improvement), and PoS centralizes too much power in the hands of the richest and creates complexity in the network (which in itself increases the chances of having a vulnerability).
If you want to discuss this further, I strongly recommend joining the Matrix room of the MRL: https://matrix.to/#/#monero-research-lab:monero.social
And Monero room: https://matrix.to/#/#monero:monero.social
I'm glad that more efforts are being made to improve Monero.
couldn't it work in such a way that it's hybrid, but PoW transactions are stronger?
PoS verifiers make the process fast, and PoW verifiers will make sure with more effort that the transactions are valid. but if PoS verification gets gamed somehow, PoW verifiers will override it in 10 minutes. Basically a 2 level verification procedure. and everyone who accepts Monero as payment can decide which verification process they want to rely on: the fast one, or the one that can't be easily influenced by the rich. I think often the latter is not a real concern, like with small value transactions.
maybe we could have a safety system that in case enough PoW verifiers find that a PoS verifier incorrectly verified the transaction, the PoS verifier's stake could be taken from them.
The cost of attack is cheaper in PoW than it is in PoS.
Not in the case of the finality layer proposal from Luke Parker