A Bitcoiner’s Guide To Proof-Of-Stake

A technical and in-depth analysis of the trade-offs that Ethereum’s consensus mechanism makes in its switch to proof-of-stake and how proof-of-work differs.

This is an opinion editorial by Scott Sullivan.

Normally Bitcoiners don’t care too much about what goes on in Shitcoin-land, but now that Ethereum has merged to proof-of-stake (PoS), there’s been quite the buzz on Bitcoin Twitter. Of course, the Bitcoin network itself will remain unaffected, but I think this “upgrade” is still worth paying some attention to. Now that Ethereum has cleansed itself of the “dirty” and “wasteful” externalities associated with proof-of-work (PoW), we can expect the gloves to come off in the narrative war, and I think Bitcoiners should be ready to punch back.

Learning how PoS works is a really good way to internalize the differences and trade-offs between PoW and PoS. Even though I had seen all the high-level arguments against PoS before — that PoS is more permissioned, centralizing, and oligarchical — I’ll admit that without looking into the details, it all felt kind of hand-wavy. By actually diving into the PoS algorithm, we can begin to see how all these properties naturally emerge from first principles. So if you’re curious about how the PoS algorithm works, and why it leads to these kinds of properties, then read on!

Solving The Double-Spend Problem

Let’s start with a quick recap of the problem we’re trying to solve. Suppose we have a large group of participants in a cryptocurrency network trying to maintain a decentralized ledger. Here’s the problem: How can new transactions be added to everyone’s ledger, such that everyone agrees on which new transactions are “correct”? PoW solves this problem quite elegantly: Transactions are grouped together in blocks, whereby each block takes a large amount of computational work to produce. The amount of work required can move up or down to ensure blocks are produced every ten minutes on average, giving each new block plenty of time to propagate throughout the network before the next one is created. Any ambiguity is resolved by selecting the chain with the most work, and double-spending is prevented due to requiring at least 51% of the global hashpower for a double-spend block to catch up.

But suppose now we want to throw away Satoshi Nakamoto’s key insight that made all of this possible in the first place. After all, those pesky ASICs are loud and annoying, and they consume more energy than all of George Soros, Bill Gates and Hillary Clinton’s private jets combined. Is there some way we can unambiguously agree on which transactions are true just by talking it out?

Ethereum’s proof-of-stake proposes to solve this problem using two key ingredients. The first is to make special “checkpoint blocks” every now and then, whose purpose is to give assurance to everyone in the network about the “truth” of the system at various points in time. Creating a checkpoint requires a two-thirds majority vote by stake, so there is some assurance that the majority of validators agreed on what the truth actually was at that point in time. The second ingredient is to punish users for adding ambiguity to the network, a process known as “slashing.” For example, if a validator were to create a fork, or vote on an older sidechain (similar to a 51% attack), then their stake would get slashed. Validators can also be slashed for inactivity, but not as much.

This leads us to our first principle behind PoS, which is that PoS is based on a negative (penalty-based) incentive system.

This contrasts heavily with Bitcoin and proof-of-work, which is a positive (reward-based) incentive system. In Bitcoin, miners can attempt to break the rules — badly formatted blocks, invalid transactions, and so on — but these blocks will just get ignored by full nodes. The worst-case scenario is a bit of wasted energy. Miners are also free to build on older blocks, but without 51% of the hashpower, these chains will never catch up, again just wasting energy. Any miner who participates in these actions, whether intentionally or not, need not worry about losing their accumulated bitcoin or mining machines, but they won’t get new rewards. Rather than live in fear, bitcoin miners can err on the side of taking action and risk.

The world is a very different place for validators living in Ethereum-land. Instead of working hard and being rewarded for adding security to the network, validators do no actual work, but must be careful that their node never misbehaves, lest they watch their savings go up in flames. If any proposed changes were made to the network, a validator’s first instinct would be to comply with whatever everyone else was doing, or else risk getting slashed. To be a validator is like walking on eggshells everyday.

(Source)

By the way, living under a negative incentive system is one of the, ahem, “benefits” of proof-of-stake, according to the Ethereum network’s co-founder Vitalik Buterin’s FAQ:

(Source)

So how would slashing actually work on a technical level? Wouldn’t we need to first create a list of all the validators, in order to have something to slash in the first place? The answer is yes. To become a validator in Ethereum, one must first move ETH into a special “staking” address. Not only is this list needed for slashing, but also for voting since a two-thirds majority vote is needed for checkpoint blocks.

There are some interesting implications to maintaining a list of all validators at all times. How hard is it to join? How hard is it to leave? Do validators get to vote on the status of other validators?

This brings us to our second principle behind PoS, which is that PoS is a permissioned system.

The first step in becoming a validator is to deposit some ETH into a special staking address. How much ETH? The minimum required is 32 ETH, or about $50,000 at the time of this writing. For context, a decent bitcoin mining rig typically runs in the single-digit thousands of dollars, and a home miner can start with a single S9 for a few hundred bucks. To be fair, ETH’s high entry fee has a technical justification, since a higher stake means fewer validators, which lowers bandwidth.

So the deposit fee is high, but at least anyone who owns 32 ETH is free to join or leave at any time, right? Not quite. There are security risks if large coalitions of validators were to all enter or exit at the same time. For example, if a majority of the network all left at once, then they could double-spend a finalized block by replaying a fork in which they never left, without getting slashed on either chain. To mitigate this risk, the on- and off-ramps have a built-in throughput limit. Currently this limit is set to max(4,V

Leave a Reply

Your email address will not be published. Required fields are marked *