The Ethereum Casper Project — Part 2/3
The Proof-of-Stake problem
This post is part of a research report conducted by BELEM for Crédit Agricole CIB in December 2018. The full report can be found at https://belem.io/research
In a way, the Proof-of-Stake problem can be formulated like this: can we reproduce the algorithmic equivalent of the Proof-of-Work by using algorithms inspired by those used in a private blockchain? We have good consensus algorithms where there is a known number of participants — can we extend these results for a variable and unknown number of participants, without basing the algorithm on the computing power available but on another quantity, say, voting rights or amount of cryptocurrency?
Overview of existing solutions using PoS
The first reference to Proof-of-Stake can be found in a BitcoinTalk forum thread in 2011. The first generation of solutions such as Peercoin led the way but did not initially make use of the available academic solutions. The first attempt was that of Jae Kwon with Tendermint, which was the first to attempt to apply research on Byzantine Fault Tolerance to a public blockchain. Since then, many projects using PoS have emerged (a non-exhaustive list includes Peercoin, PIVX, Stratis, Cardano, Decred, NEO, EOS and Tezos).
In the blockchain ecosystem, the main contributors to PoS research to date are:
- Sunny Aggarwal, who works on the Cosmos project
- Vitalik Buterin, Karl Floersch and Vlad Zamfir (Casper)
- Emin Gun Sirer (@el33th4xor) for the Avalanche Project
- Silvio Micali for the @Algorand project
- Dominic Williams & Mahnush Movahedi for the Dfinity project.
The difficulties of Proof-of-Stake
We summarise below the main problems with the PoS approach compared to the PoW approach.
- Nothing-at-stake
If it costs nothing to produce a block, then everyone can make a different version of the blockchain, all valid according to the rules of the protocol. In Proof-of-Work, creating blocks is inherently expensive, therefore no one has the means or interest to try to rewrite the blockchain.
Since signing or voting for blocks does not cost anything, PoS needs to put mechanisms in place to prevent multiple valid variants from competing with each other.
- Block proposal
This is how the nodes work together to determine the next block to be validated via consensus. In Proof-of-Work, block proposal is incensurable. A miner’s address is indeed anonymous. Miners could exclude blocks from addresses they do not know, but it’s expensive for them to do so.
Conversely, in Proof-of-Stake, blocks are partially censurable. Voters must have the cryptocurrency, so they can trace it and censure or ignore the votes of a given address.
- Cartel effect
This is, for example, if more than 51% of miners agree, they can just ignore all the other participants (and therefore look honest and respect the protocol). With Proof-of-Work, one needs to continually spend energy to censure others and rewrite their block if they get there. It is by design less profitable than being honest! (no further incentive to form a cartel). In Proof-Of-Stake, few things prevent it, especially if all validators come from a known set (per period)
- Initial investment
To participate in the consensus, it is necessary to invest or mobilise resources in one way or another, in the hope of collecting fees: purchase of equipment and electrical expenditure. It is truly an investment as it is also necessary to pay upfront before seeing a return, which remains rather uncertain. In short, it forces participants to commit for a some time.
In Proof-Of-Stake, mining requires purchasing of cryptocurrency. PoS solutions try to lock the coins in play for quite a long time to reproduce this effect and so replaces upfront payment with capital immobilization
Long term chain reorganisation
Can the blockchain be rewritten after some time? Is it easy to produce a altered, yet valid, copy of the blockchain?
In Proof-of-Work , it is by design exponentially expensive to rewrite the chain. If the network is partitioned, for example, it could happen, but a direct attacker could not manage it. For example, all Bitcoin miners take 10 minutes to produce a block, so it would take a lot more power than all miners put together to rewrite the chain in the long run faster than what the current chain is moving forward.
In Proof-of-Stake, since there is no cost related to the creation of the blocks, after a while the PoS miners are released from their commitment and could then rebuild an alternative copy of the blockchain. This is the challenge of PoS. With PoW, we know directly how much it costs. With PoS, we do not know if it’s possible; we try to show that it isn’t.
- Block immediate finality
PoW requires waiting a few blocks before considering a certain blockchain transaction. This is the promise of the PoS, that it is possible, thanks to the penalty mechanism in particular, to achieve transactions that are confirmed immediately.
- Objectivity
This is a strong argument in favour of Proof-of-Work. A disconnected participant who receives a copy of the blockchain is able to know if it is the original version without resorting to other external information (social). The amount of energy spent creating the blockchain makes it unique.
Proof-of-Stake solutions use additional information known as “social information”, which confirms to a participant that they in fact have an original copy of the blockchain. PoS protocols are in this sense subjective; the blockchain alone does not ensure its authenticity.
