Multi bitcoinwisdom bit
16 commentsBitrex ethereum phasespear
In this piece we examine proof of stake PoS consensus systems. We look at their theoretical advantages and weaknesses. We then analyse the specific details of some of the most prominent and novel PoS systems attempted thus far, where we learnt that some pure PoS systems becomes increasingly complex, to the point which they became unrealistic. We review the latest Ethereum proposal, which we think is a significant improvement compared to previous attempts and it could provide net security benefits for the Ethereum network.
However, the system may still be reliant on proof of work PoW , which is still used to produce the blocks and at this point it is not entirely clear to us if the PoS element of the process contributes to ensuring nodes converge on one chain. Essentially one is trying to construct a data structure with the following properties: PoW uses the most accumulated work rule to decide between competing valid chains fork choice rule.
This is not only an apparent solution to criteria three above, but the PoW mechanism also inherently solves the block production and block timing issue. While total accumulated work is the fork choice rule, a block producer is also required to include an element of PoW in each block, a stochastic process, and therefore the issue of who produces each block and when each block is produced, is also be addressed by PoW.
PoS is the general concept of a fork choice rule based on the most accumulated stake i. However, unlike PoW, this does not necessarily directly address the issue of who produces each block or when blocks are produced. Therefore these issues may need to be addressed by alternative mechanisms. PoW is also a solution to the coin distribution problem, something which may also require an alternative solution in PoS based systems.
Theoretical overview of PoS. Essentially the issue is about timing and how to determine which updates to the ledger occurred first. Actually if one third or more of the actors are disruptive, the problem is provably unsolvable, from a mathematical standpoint, as Leslie Lamport proved in It is shown that, using only oral messages, [reaching agreement] is solvable if and only if more than two-thirds of the generals are loyal; so a single traitor can confound two loyal generals.
The Byzantine Generals Problem PoW can therefore be considered as an imperfect hack, which seems a reasonably strong Byzantine fault tolerant system, but certainly not a mathematically robust one. It is in this context, of imperfect systems, which one should analyse PoS alternatives, as like PoW, these systems will also have flaws. In PoS there are two competing philosophies. One of which is derived from PoW. PoS is typically looked at in the context of PoW, as an alternative which solves or mitigates against negative externalities or problems inherent in PoW based systems: Perhaps the most widely cited advantage of PoS systems is the absence of the energy intensive process which PoW requires.
If PoS based systems can achieve the same useful characteristics as PoW systems, environmental damage can be avoided. Another major problem with PoW based systems is that the interest of miners may not align with that of coin holders, for example miners could sell the coins they mine and then only care about the short term, not long term coin value.
Another issue is that hashrate could be leased, with the lesee having little or no economic interest in the long term prospects of the system. PoS directly ties the consensus agents to an investment in the coin, theoretically aligning interests between investors and consensus agents. Another key advantage of PoS based systems is potentially improving decentralisation. PoW mining has a number of centralising forces which are not applicable to PoS: General and economic weaknesses of PoS.
PoS only appears to be a proposed solution to the chain selection problem, leaving the other problems open. Although these other issues could be less significant than the chain selection issue. One of the most common criticisms of PoS systems is that they allocate new funds in proportion to the existing holdings. If one invests in a PoS system at the start, you can maintain your share of the wealth, alternatively in a PoW system your wealth is diluted as new rewards are distributed to miners.
Indeed, if rewards are allocated in proportion to the existing holdings, one could argue its not inflation at all and that the reward is economically equivalent to adding more zeros to the currency. Therefore one can even claim the reward system is pointless and does not provide an incentive at all.
However this only applies if all users become PoS validators, while in reality some users will want to use the funds for other purposes.
Another issue is that staking requires signing a message from a system connected to the internet. Although it may be possible to mitigate this downside by having a private key only entitled to stake for a short period of time, after which the balance reverts back to the owner.
Although if there is a slashing rule punishment for voting on two conflicting chains , a hacker could conduct action which destroys the funds even if this mitigation strategy is used. Another potential mitigation strategy could be the creation of specialist hardware for staking. Core to the consensus problem is timing and the order of transactions.
If two blocks are produced at the same time, PoW solves the problem by a random process, whichever block is built on top of first can take the lead and then miners are incentivised to build on the most work chain. In contrast this process in PoS based systems is not entirely clear. If two blocks are produced at the same time, each conflicting block can build up stake. Eventually one block may have more stake than the other, which could make it the winner.
The problem here is that if stakers are allowed to change their mind to back the winner, such that the system converges on one chain, why would they not use their stake on multiple chains? After-all stake is a resource inherent to the chain and not linked to the real world, therefore the same stake can be used on two conflicting chains.
Therefore the nothing at stake problem means PoS systems can never make a contribution to system convergence and the idea is therefore fundamentally flawed. This is the idea that attackers could, for instance, buy a private key which had a large token balance in the past and then generate an alternative history from that point, awarding oneself more and more rewards based on PoS validation.
Due to the large amount of rewards given to the attacker, one could then generate a higher stake chain than the existing chain and a large multi year chain re-organisation could be performed. The solution to this problem is checkpointing, which is the process of locking in a certain chain state once a certain stake threshold has been met, such that it can never be re-organised.
Critics argue that this solution requires one to keep their node online at all times, since an offline node cannot checkpoint. However, in our view this is a matter of different priorities. If one wants each individual user to fully verify all the rules and the state of the system, then relying in these checkpoints is insufficient. There are strong incentives preventing them from allowing a large chain re-organisation.
To many, this is sufficient security and the risks posed by the long range attack problem are therefore irrelevant or too theoretical. In a pure PoS system, stakers also need to produce blocks.
These systems have often worked by selecting a sequence of authorised block producers randomly from a pool, where the probability is proportional to the stake. The issue here is a source of randomness is required inside the consensus system.
If the blocks themselves are used for generating the entropy, stakers could try to manipulate the content in blocks in order to allocate themselves future blocks. Stakers may then need more and more computing power to try more and more alternative blocks, until they are allocated a future block. This then essentially results in a PoW system.
In our view, the stake grinding problem is less of a fundamental problem with PoS, when compared to significant issues like the nothing at stake problem. All that is required to solve this problem is a source of entropy in the network and perhaps an Ethereum smart contract like the RanDAO , in which anyone can participate, can solve this problem. Peercoin is a hybrid PoW and PoS system, built on the idea of coin age.
The fork choice rules is the blockchain with highest total consumed coin age. Coin age is simply defined as currency amount times holding period. In a simple to understand example, if Bob received 10 coins from Alice and held it for 90 days, we say that Bob has accumulated coin-days of coin age.
In Peercoin, some blocks were produced purely using PoW, whilst other blocks were produced using PoW where the difficulty adjusts based on the coin age destroyed by the miner in the transaction the coinstake transaction as opposed to a coinbase transaction.
This was solved by centrally broadcasting checkpoints several times a day. Peercoin was therefore a centralised system. Stake grinding This may not have been an issue, since there was no selection from a validator pool as PoW was always required and coin stake altered the PoW target. At the time Peercoin was an interesting early novel approach, however the proposal resulted in a centralised system, not able to match the properties of PoW.
According to the Ethereum blog, betting should occur using the following strategies by default: The default betting strategy had a formula given below , to push the probability away from 0. The fork choice rule then is the sum of all the weighted probabilities, which have crossed a certain threshold, say 0.
For instance a chain of five blocks, each with a probability of 1 will represent a score of 5. Any validator who changes their mind after the 0. While changing your mind before the threshold is considered legitimate and there is no punishment in that scenario. In our view, this proposal is highly complex, which we consider as the main downside. The proposal was not adopted by Ethereum. In our view the proposal was never complete, as some parameters and aspects of the system lacked a specification.
Although the consensus by bet approach was interesting, it seemed too complex and there were too many uncertainties. The current Casper proposal represents a change in philosophy or a pivot, compared to some of the earlier PoS systems. Therefore the current version of Casper is less ambitious than before. PoS is no longer used to produce blocks or decide on the timing of blocks, which is still done by PoW miners.
The PoS system is used as a checkpointing process. In our view, this proposal is superior to the more complex earlier iterations of Casper. The Ethereum reward structure will be adjusted, such that PoS validators also receive a share of the rewards, in addition to the PoW miners. As far as we can tell, the details of this new allocation have not been decided yet. The latest iteration of Casper is a significant improvement from earlier versions, in our view, primarily because of lower levels of complexity and greater reliance on PoW mining.
In theory, there are only three problems with the new proposal: Core to the assumption behind this system is that its PoW which drives the chain forwards and that the PoS system only comes into play, once the PoW miners have decided on a chain, PoS votes are not even valid before 12 miner confirmations.
Indeed, if the two thirds majority cannot be achieved then the chain continues on a PoW basis. Therefore, we conclude, that the core characteristic of this latest Casper proposal is that the PoW happens first , and only after this does PoS potentially provide an extra assurance against a chain re-organisation, orchestrated deliberately by a hostile PoW miners.
PoW therefore still provides computational convergence, with the PoS mechanism defending against the threat of a human threat of a miner re-organisation. Therefore although PoS provides this safety, as point three above indicates, it also provides extra risk, therefore its not clear if there is a net benefit.