Proof of Stake (Casper Ethereum) explained

Johannes Hagemann
9 min readMay 12, 2018

--

In this post we will talk about the Proof of Stake algorithm which will come with the Casper protocol to the Ethereum Blockchain.

First I will explain some basics about Ethereum and the Proof of Work algorithm, but if you feel familiar with all of that feel free to skip this part and jump straight to the “Problems with PoW” part. :)

This post is based on the handout of my presentation about this topic. That’s the reason for the short but straight to the point sentences. You can find the presentation here.

Ethereum

In short Ethereum wants to be a ‘World Computer’ that would decentralize the existing client-server model. With Ethereum, servers and clouds are replaced by thousands of so-called “nodes” across the globe.

It has a turing-complete scripting language. That means you can write programs (contracts) with Solidity for example, that can solve any reasonable computational problem. → That basically means you can use loops and stuff like that. You can run smart contracts on top of Ethereum. Smart Contracts are applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party-interference.

Proof of Work

PoW is the most used consensus algorithm at the moment (used by Bitcoin, Ethereum, etc.). The algorithm has the purpose to validate transactions and to avoid double spending. It means that, in order to mine a block, you have to spend computational power.

How to mine a block?

Miners have to solve a mathematical puzzle. The first one who solves this puzzle gets the mining reward (which is 12.5 Bitcoins at the moment for Bitcoin) and the transaction fees of the block.

When miners mine blocks, they pick a number of transactions in the “mempool” (where all unconfirmed transactions are stored) and put them together in a block.

Problems with PoW

A big problem is that PoW consumes a lot of electricity (for example there were news, that the Bitcoin Miner use more electricity than the whole state Ireland at the moment).

We also have a problem with mining centralisation. Larger Mining Pools can lower the cost of their technical and operational infrastructure (datacenter costs, power costs, personnel) → that leads to centralisation. Another reason for centralisation with PoW is ASIC mining. Something like ASIC-resistant algorithms are possible (like Monero is currently working on), but the effectiveness is not clear.

And last but not least we have the problem that public decentralized PoW Blockchains don’t scale.

Centralization in Blockchains

Hashrate Distribution for Bitcoin (left) @blockchain.info/pools and Ethereum (right) @etherscan.io/stat/miner?range=7&blocktype=blocks

The graphs above show the hashrate distribution for Bitcoin and Ethereum. In Bitcoin we can see that only 4 big mining pools control over 50% of the whole hashing power and in Ethereum only 3.

Now that we see the problem we will look at hopefully a solution for all of this.

Proof of Stake

So it’s still still a consensus algorithm, that means it has the same purpose as PoW, namely to validate transactions and avoid double spending. PoS was first used by Peercoin in 2011.

In a PoS Blockhain we don’t have miners anymore, but something called validators. This validators vote on the next block, and the weight of each validator’s vote depends on the size of his stake. To become a validator you have to send a special type of transaction that locks up your ether into a deposit. The amount of ether someone locks up is his stake. The validators get a reward for their service, like in a PoW blockchain.

From an algorithmic perspective there are two major types of Proof of stake algorithms: chain-based PoS and BFT-style PoS. The chain-based Proof of Stake algorithm randomly selects a validator during each time slot (for example every 10 seconds). And then this validator has the right to create a single-block. This algorithm is e.g. used by Nxt and Peercoin. The BFT (Byzantine Fault Tolerance)-style PoS: The validators are randomly chosen for each round end up agreeing on whether or not the block becomes part of the chain.

Casper Protocol

The Casper Protocol is the Ethereums PoS implementation. There are two main Capers projects the Ethereum Foundation is working on:

  1. “Vitalik’s Casper” / Casper FFG (Friendly Finality Gadget) from Vitalik Buterin
  2. “Vlad’s Casper” / Casper CBC (Correct-by-Construction) or called Casper the Friendly Ghost from Vlad Zamfir

to 1.: Casper FFG is a hybrid PoW/PoS consensus mechanism. That means some Blocks will be validated with the old PoW algorithm and some with the Casper Protocol. So it will be a Multi-step transition to introducing PoS for the Ethereum network.

to 2.: Casper CBC is a pure Proof of Stake construct

Pros of PoS

“The cost profile of a repeated 51% attack in PoS is as if “your ASIC farm burned down” with each additional round.” ~Vlad Zamfir

It means that PoS makes a 51% attack a lot more expensive because if you are a bad actor and do a 51% attack you can loose your whole stake.

Another argument is that in PoS, a dollar is a dollar. The benefit here is that you can’t pool together to make a dollar worth more like it is with big mining pools. Also nothing like ASICs are possible, to have an technically advantage.

An obvious argument is that we don’t need to consume large quantities of electricity like with a PoW Blockchain. Also we don’t need to issue as many new coins, because we don’t have real costs for staking in Ethereum and so the mining reward can be smaller → no deflation → the supply goes down over time.

Cons of PoS

Now we will look at some prominent challenges of the PoS algorithm and some solutions.

Nothing-At-Stake problem:

A problem that can occur if we have a hard fork. When there is a fork in a Proof of Work blockchain (like Ethereum at the moment), the miners have the incentive to choose one branch, what they think is the correct branch, because they have real costs in resources. But when there is a fork in a Proof of Stake blockchain, the validators having no downsides to just stake both forks, because there is no real cost to stake it and they can only profit from it.

The scenario in this graph describes the Nothing-At-Stake Problem. We have a scenario where all validators stake both branches, when there is a fork and we have a guy who is “clever” and has 1% of the stake. He puts his transaction in one of the branches and then forks the blockchain and puts his 1% in the other branch which is winning then. That would be a scenario where one entity which has 1% of the stake could double-spend.

One proposed solution for this problem is called “Slasher”. That basically involves penalising validators if they simultaneously create blocks on multiple chains. For example Peercoin, which was the first PoS coin, had only rewards for producing blocks and no penalties.

Long range attack:

It’s basically the same mechanism as a 51% attack in a PoW Blockchain (make a longer chain that rewrites the blockchain in the attacker’s favor). But instead of starting an attack 6 blocks back, like you would do it in a PoW Blockchain, because you need a lot of hashing power, you now can go for example 60,000 blocks back because there is no equivalent time-intensive operation. To use timestamps is one proposed solution for this problem. → So that long range forks in Casper which revise blocks older than a finalised block are ignored by the protocol.

Delegated Proof of Stake

At the end I want to show some other variant of the Proof of Stake system. The Delegated Proof of Stake is e.g. used by Lisk, EOS and Steem. It was first developed by Daniel Larimer at Bitshares (also Co-Founder of Stemmit and CTO at EOS).

https://www.sketchplanations.com/post/148150419096/direct-and-representative-democracy-in-direct

The difference between a regular PoS system and a DPoS system can be compared to the difference between direct democracy and representative democracy. In the most PoS systems everybody can be a validator. In a DPoS system everybody can vote for delegates, and it is these delegates (e.g. 101 in the Bitshare implementation), who perform the function of validating transactions and maintaining the blockchain. Also the delegates are the ones who get the reward, so they have an incentive to act good, because they don’t want to get deselected.

The Pros of this system are that it is more efficient, because you only have a few validators who have to agree on things. The cons of this system are that it could be more centralized because the validation process is in a smaller number of hands. You could argue that this 101 Bitshare validators are more decentralized than the 3 Mining Pools who have more than 50% of the networks hashing power. One thing to say to this topic is, that this mining pools are composed by thousands of miners.

Conclusion

We discussed a lot of pros and cons about the Proof of Stake algorithm and I am still convinced that the implementation of PoS is the right thing to do for Ethereum.

About the Author

I am Johannes Hagemann a Computer Science student from Germany, Blockchain enthusiast and Software Programmer.

You can find/contact me here:

This text is based on my presentation about Proof of Stake and Scaling Solutions you can find the slides here:

For the Scaling Solutions on Ethereum part of this presentation, check out my post here:

Sources

Here are the sources I used (you can check them out to get more information):

--

--