Comparing Proof-of-Work and Proof-of-Stake
On May 21, Nervos Researcher Ren Zhang gave a presentation at the San Francisco Blockchain Center, discussing the tradeoffs between Proof of Work and Proof of Stake. The event was well attended and the presentation facilitated a great dialogue about different frameworks for blockchains and the arguments for each.
Ren opened by discussing the relationship between security assumptions and security properties. Fundamentally:
(ideal properties — actual properties) + security assumptions = vulnerabilities
So when building a new (and hopefully better) blockchain, a key goal should be to reduce overall vulnerabilities. Compared with previous designs, either the newly-introduced assumptions are “less” than the new security properties, or the removed assumptions are “more” than the unachieved properties. This should intrinsically correlate to a more robust architecture.
Unfortunately, there are many projects that advertise themselves as Blockchain X.0 with greatly enhanced security properties, when in fact the bulk of this improvement comprises assumptions and therefore serves to increase the vulnerabilities of their respective networks.
Nakamoto Consensus
Nervos is a proponent of the Nakamoto Consensus. He explained consensus networks before and after the creation of Bitcoin. In short, pre-Bitcoin, in a consensus network all participants knew one another, messages were sent via secure connections or with digital signatures, and timing assumptions were asynchronous. Bitcoin introduced the concept of a permissionless network with late spawning, in which newcomers could enter at any time and know the authentic history. Participants in the network no longer know the total number of other participants in the network and messages do not need to be signed by trusted entities.
So, is it possible to operate such a network without PoW? Or to move from PoW to PoS? The answer must be no in a truly permissionless blockchain. In order for latecomers to always have the ability to determine the authentic history, PoW must continue forever. Further, the network delay must always be known, making an asynchronous protocol impossible. And an honest majority is always required.
So where does PoS fit into all this? Like PoW, it requires a scarce resource as a basis in order to function. However, unlike the former, it is impossible to achieve late spawning in a PoS system that does not have trusted entities. This means that at some point, a PoS system will be vulnerable to several attacks that will render newcomers to the network unable to identify the authentic history. In order to mitigate this, PoS systems must implement checkpoints signed by some trusted entities with public identities. This sacrifices one of the core tenets of decentralized computing and permissionless blockchains.
In some cases, PoS achieves stronger security properties than PoW. Because the total value in the system is known, the problem of not knowing the total number of participants can be bypassed. If the majority value agrees, the number of participants is rendered irrelevant. In order to know if they agree, everyone must be ALWAYS online (strong security assumption), and every block must be signed by thousands of nodes (negative performance implication). Ultimately, this does not compensate for PoS’s overall weaknesses relative to PoW.
Ren’s presentation continued exploring additional dilemmas and ideal architectures for distributed networks. View the entire presentation for insight into the properties and decisions driving our decision making in building Nervos.
Join our community of miners, developers and crypto enthusiasts — connect with us on Nervos Talk, Github, Twitter, and Reddit, and sign up to receive community updates.
For discussions or questions join one of our community Telegram channels: English, Korean, Russian, Japanese, Spanish, Vietnamese and Chinese. We also have dedicated Mining and Dev channels.
