A Philosophy of Blockchain: What Would Satoshi Nakamoto Think of Proof of Stake?
We’ve been somewhat surprised by how many people ask us why we don’t use proof of stake instead. There are a few reasons, but most importantly…
written by Shannon Appelcline
The blockchain began with the Bitcoin ledger, which started on January 3, 2009, making it just more than ten years old. That’s still very young for a major new field of computer technology. It’s like databases in 1970, before the relational database model or the structured query language appeared, or like the TCP/IP-based internet in 1993, just a couple of years after the advent of the web page.
Given the youth of the field, it’s not surprising that we’re still exploring different routes forward: finding out how to best design and best use the immutable consensus ledgers that represent a whole new way to record and store information.
We’re still trying to decide what the philosophy of blockchain is, and what it should be.
Proving the Blockchain
One of the blockchain’s current technological discussions focuses on consensus: how do you decide what can be added to the blockchain? What can you do to make sure the blockchain is fairly constructed and remains immutable? This question has long been viewed through the lens of The Byzantine Generals’ Problem, which requires the consensus of selected “generals”, but accepts that some might be adversaries. A system is considered Byzantine Fault Tolerant if it can remain true despite the failure of some percentage of its components.
Traditional solutions to this problem predate the blockchain: Practical Byzantine Fault Tolerance (pBFT) achieves consensus by its community members engaging in multiple rounds of voting until they achieve sufficient agreement — even if some members are not responding or are responding maliciously. It was groundbreaking, but also has some severe limitations: because of its extensive communication requirements, pBFT requires a limited number of established actors: you can only have so many generals, and they must also be known in advance.
Despite these limitations, pBFT (or close variants) has come into use on some permissioned blockchains. The federated consensus used by Blockstream’s Liquid network is one such example. It’s a private network where cryptocurrency exchanges come together to support arbitrage between their companies, therefore a permissioned solution works well. The Hyperledger Fabric blockchain is similarly built around pBFT.
However, Satoshi Nakamoto realized that entirely different solutions would be required for permissionless public blockchains built on trustless transactions. One of the largest innovations of Bitcoin was thus his “Nakamoto Consensus” protocol. It contains multiple elements, including: block proposer selection (where someone is given the opportunity to suggest a block) and block inclusion (where the block is added to a blockchain, which may or may not become the main chain, depending on a stochastic process). Some people also consider Bitcoin’s scarcity and rewards structures to be part of the protocol.
It’s that first element of Nakamoto Consensus, the block proposer selection, that really catches peoples’ attention and that drives many of the discussions over the future of blockchains, and that’s because it’s core to the idea of permissionless blockchains such as Bitcoin. Technically, you could choose a block proposer through a random or a round-robin mechanism. (In fact, pBFT does the latter.) That works for permissioned blockchains, but it quickly falls apart on permissionless blockchain, as anyone could make any number of accounts to increase their odds of proposing blocks. As a result, Nakamoto Consensus required a Sybil defense mechanism to prevent people from gaining advantage in the consensus by creating numerous accounts. That’s what a good block proposer selection method does.
Two Sybil defense mechanisms have achieved strong attention: proof of work and proof of stake, both of which control Sybils by making them expensive. (There are also other proposer selection mechanisms such as proof of activity, proof of authority, proof of burn, and proof of capacity, but they haven’t yet achieved the same attention.) Though proof of work was Satoshi Nakamoto’s original Sybil defense, proof of stake is quickly gaining on it. There are now even systems that combine proof of stake with traditional BFT systems — such as the EOS blockchain, which uses proof of stake to vote for the “generals”, who then engage in BFT voting to achieve consensus.
So how do the two most popular Sybil defense systems work?
Proof of work is the traditional method of Sybil defense on a blockchain, used by Bitcoin and (at the moment) by Ethereum. Every participant is given the opportunity to solve a math problem. Whoever manages to do so is allowed to propose a block for the blockchain, contributing to the consensus and the growth of the ledger. Sybil defense is provided by the fact that it’s very hard to make these calculations, and so has real costs in energy.
Proof of stake is a newer Sybil defense, first used in production by Peercoin and being studied by Ethereum for a future release. Here, a random participant is chosen to create a new block based on their “stakes” in the system, usually defined as either quantity or age of cryptocurrency holdings. In other words, participants randomly get to make blocks if they either have a lot of digital assets or a lot of old digital assets; this is the core cost that prevents attackers from making numerous Sybil accounts. Early proof-of-stake mechanisms presumed that stakeholders were inherently incentivized to produce correct blocks, but that resulted in certain attacks, so newer systems create security by adding punishment: if a participant incorporates fraudulent transactions, then they lose part of their stake and the ability to create future blocks.
There are advantages and disadvantages to each system; however, to truly assess which is best for the blockchain community requires going back to the beginning and remembering the technology’s philosophical underpinnings.
Reconsidering the Philosophy
In recent years, Bitcoin discussion has mainly focused on its price, while wider blockchain discussions tend to concentrate on what can be done with the technology. But that omits a crucial topic: why the blockchain was created in the first place.
Satoshi Nakamoto’s original white paper on Bitcoin is heavy on technology and light on philosophy, but it offers a few clues with its discussions of “peer-to-peer” networks and its move away from “central authority”. Bitcoin was about giving power to the people, so that they could transact currency without having to depend on either a corporation or the state. As such, it was an outgrowth of the cypherpunks, who had been working on digital cash solutions for some time. They advocated for privacy and fought against government control and against censorship.
The philosophical underpinning of blockchain can easily be derived from the intersection of cypherpunk ideals with the decentralized, peer-to-peer technology imagined by Nakamoto. This meeting of ideas suggests a world where everyone is an equal: where everyone has the opportunity to contribute to the consensus, and where they can all interact on a level playing field.
It’s about reversing the plutocratic and autocratic trends of the physical world, where very small numbers of people have great influence and power, and instead creating a place where everyone has autonomy and agency.
At Bitmark, we abstract the core philosophies of the blockchain by saying that it should be open (so that anyone can access it), borderless (so that real-world barriers don’t impact our virtual equality), censorship-resistant (so that no one can prevent another person’s participation), and permissionless (so that anyone can add to the consensus).
And that brings us back to the question of proof of stake versus proof of work. For a Sybil defense system to truly uphold the original principles of blockchain, it needs to be a system that anyone can join, and the two most popular Sybil defense systems are not equals in this regard.
Comparing the Protocols
Bitmark has its own stake in this debate because we’ve created our own blockchain, the Bitmark Property System. Where the Bitcoin blockchain secures digital money, the Bitmark blockchain secures property rights, allowing people to own, transfer, and generate income from their data and other digital assets. In constructing the Bitmark public blockchain, we had to consider many questions about the philosophy of the blockchain; we then used the answers to guide the design of our blockchain. One of our decisions was to use proof of work, and we’ve been somewhat surprised by how many people ask us why we don’t use proof of stake instead. There are a few reasons, but most importantly:
We don’t believe that proof of stake matches the original ideals of Bitcoin, which are also our own ideals in creating the Bitmark blockchain.
In short, proof of stake reverses the egalitarian ideals of the blockchain. Certainly, miners have a lot of power in proof-of-work blockchains, but we know people who have purchased mining rigs solely to ensure that they would always have a voice on the blockchain. Though they might only be able to rarely produce a block, they can ensure that their transactions can never be censored. Every single person has that possibility on the Bitcoin blockchain (albeit at a higher price now than in its early days, due to its success).
proof of stake consolidates power in the hands of the few — the old and the rich — exactly mimicking the real-world environment that Bitcoin was trying to overthrow.
It prevents the many from participating, it allows the rich to get richer, and it creates new dangers of censorship. Though we speak of this at a personal level, every corporation, organization, and government should have the same concerns: newcomers could face new barriers to entry because a competitor could prevent them from participating in a proof-of-stake blockchain. Proof of stake has the very real possibility of creating digital plutocracies, and even absent other concerns, that dramatic change in philosophy would be enough for us (and we suspect for many blockchain enthusiasts) to abandon proof of stake entirely.
The other major issue with proof of stake is that it’s poorly tested. We have faith in proof of work because it’s been the backbone of Bitcoin and Ethereum for years; it’s processed three-quarters of a billion transactions. In contrast Peercoin, even with a market cap of $10 million dollars, is averaging about a dozen transactions an hour. Overall, Peercoin has accumulated just a few million transactions; that’s one thousandth of what Bitcoin and Ethereum have done. Meanwhile, Ethereum has spent over five years working through a few different proof-of-stake mechanisms. Partway through that time, in 2016, Vitalik Buterin said: “After years of research, one thing has become clear: proof of stake is non-trivial — so non-trivial that some even consider it impossible.”
It’s possible that at some time in the future, someone will come up with a well-tested, well-reviewed proof-of-stake protocol that also answers the problems that proof-of-stake mechanisms currently have in regard to consolidation of power. But the time is not now.
None of this should suggest that proof of work is without challenges, because there are many. We’re aware that energy usage has often been a complaint, but it’s not one we find particularly credible; just as we think that people should have autonomy in the blockchain world, we think they should have that control in the real-world too, and that means not censoring or controlling their energy usage. This sort of autonomy has been a general rule in any free society: for example, we are aware of the environmental costs of cars and their dangers to occupants, other drivers, and pedestrians; but for the most part we don’t try and control car usage by limiting it, we simply work to make it more efficient and safer. Similarly, we can work to make energy production cleaner and more reusable, but as a free society we shouldn’t place limitations on how people use their power.
But, there are other challenges to proof of work: the idea of a 51% attack, that’s something that keeps us up at night. Further, as a company working on a proof-of-work blockchain, we have to ask whether there is room for a third major proof-of-work network, following Bitcoin and Ethereum. Or, would a proliferation of proof-of-work networks dilute the miner base of each, making them more susceptible to an association of miners who could jump from blockchain to blockchain to engage in 51% attacks?
For the moment, we prefer the better known and better tested solution, but we should be aware of the dangers of any method for controlling Sybils in a permissionless system.
On balance, Bitmark feels that the advantages of proof of work currently remain greater than those of proof of stake. But we find the philosophical issues even more important: we would need to see a proof-of-stake mechanism that was aligned more closely with the blockchain’s original ideals before we were willing to adopt it, even if it was well-tested and offered clear improvements over current proof-of-work systems.
Certainly, we understand that other groups might balance the advantages and disadvantages of these two Sybil defense mechanisms in different ways.
But ultimately, we believe it comes down to that philosophical question: like the founders of blockchain, are you interested in empowering the people? Or, does your personal philosophy lie elsewhere?
We think philosophies are important, and we expect to continue to address the topic in future articles about choices in blockchain design. Future topics we’re considering include hidden centralizations, the inclusion of tokens and scripting languages, the publication of information, and whether you should just use the Bitcoin blockchain (or no blockchain at all).
Beyer, Stefan. April 2019. “Proof-of-Work is not a Consensus Protocol: Understanding the Basics of Blockchain Consensus”. Medium. https://medium.com/cryptronics/proof-of-work-is-not-a-consensus-protocol-understanding-the-basics-of-blockchain-consensus-30aac7e845c8.
Bitmark. Retrieved June 2018. “Bitmark Blockchain: Technical Overview”. Bitmark. https://bitmark.com/en/property-blockchain/bitmark-blockchain
Buterin, Vitalik. October 2014. “Slasher Ghost and Other Development in Proof of Stake”. Ethereum Blog. https://blog.ethereum.org/2014/10/03/slasher-ghost-developments-proof-stake/
Castro, Miguel and Barbara Liskov. February 1999. “Practical Byzantine Fault Tolerance.” Proceedings of the Third Symposium on Operating Systems Design and Implementation. http://pmg.csail.mit.edu/papers/osdi99.pdf.
Daily Bit. April 2018. “9 Types of Consensus Mechanisms that You Don’t Know About”. Medium. https://medium.com/the-daily-bit/9-types-of-consensus-mechanisms-that-you-didnt-know-about-49ec365179da
Ethereum. March 2019 Update. “Proof of Stake FAQ”. Github. https://github.com/ethereum/wiki/wiki/Proof-of-Stake-FAQ.
Hall, Christopher, Casey Alt, Lê Quý Quốc Cường, and Sean Moss-Pultz. November 2017. “Bitmark The Property System for the Digital Environment.” Bitmark. https://bitmark.com/assets/bitmark_technical-white-paper.pdf
Hammerschmidt, Chris. January 2017. “Consensus in Blockchain Systems. In Short.” Medium. https://medium.com/@chrshmmmr/consensus-in-blockchain-systems-in-short-691fc7d1fefe
Jenks, Tyler. March 2018. “Pros and Cons of Different Blockchain Consensus Protocols. Very. https://www.verypossible.com/blog/pros-and-cons-of-different-blockchain-consensus-protocols
Nakamoto, Satoshi. October 2008. “Bitcoin: A Peer-to-Peer Electronic Cash System”. https://bitcoin.org/bitcoin.pdf.
Torpey, Kyle. April 2018. “What Are the Philosophical Underpinnings of Bitcoin?” Bitcoin Market Journal. https://www.bitcoinmarketjournal.com/cypherpunk-bitcoin/
Vaidya, Kiran. November 2016. “The Byzantine Generals’ Problem”. Medium. https://medium.com/all-things-ledger/the-byzantine-generals-problem-168553f31480