Oh boy. What a week it’s been. My previous post meant to give a brief overview of Proof of Stake for non technical readers seemed to strike a nerve.
To start, I think people misunderstood the motive of the post. I was simply giving a brief technical explanation of proof of stake for non technical readers, and some readers seemed to interpret this as support for proof of stake. I’m a software developer. I don’t care about the moral or ethical implications of power consumption or immutability. I’m purely interested in the mechanisms, and I’ve yet to find someone who doesn’t agree that the casper protocol isn’t at least interesting, which is why I blogged about it.
As some of my readers know, one of the main reasons I post is to partake in the discussion that ensues afterwards, and there was a lot of it. My previous post was on the frontpage of /r/blockchain for two days as well as /r/ethermining for a day and a half, which is great because these were my target audience in writing the post. However, I also posted on a whim to /r/btc and /r/ethereum where it stayed on the front page of controversial for an entire day, which in my opinion is also great. I wasn’t expecting the feedback I received, however this is exactly my motivation for writing. I would like to thank everyone who took the time to read and provide feedback. In this post I’ll spell out some of the criticisms of Proof of Stake that I left out of the previous post (again, it was intended for a less technical reader), as well as some new ones that I’d never considered until now, thanks to my readership.
It seemed the major criticism people levied against proof of stake was that the staking was internal to the system rather than external. /u/jps_ makes the point concisely:
“Proof of Work has something physical at stake, namely the electricity necessary to probably solve the puzzle. In essence, the bits in the network are secured by activity outside the network: someone has to generate that electricity. This results in a stable equilibrium, because in order to compromise the bits in the network, one must expend considerable external energy. The laws of thermodynamics make it very difficult to profit by consuming energy”
I don’t buy that external staking makes proof of work superior. If we assume a free market economy, I should be able to exchange my money for electricity or cryptocurrency. Obviously markets aren’t rational and the price of a cryptocurrency or the price of electricity isn’t what it should at the particular time that I make this trade of cryptocurrency to electricity, but that’s a discussion for a different day. The point I’m making is, technically, the $300 of cryptocurrency I bought is of equal staking value to the $300 of electricity I “staked” to mine the cryptocurrency at the moment I did both. We can discuss the volatility of electricity prices vs cryptocurrency prices, and decide one is a more stable form of staking than the other, but the fact remains that $300 of electricity is equivalent to $300 in cryptocurrency at the time of mining, and it would therefore take an extra $300 more to perform a 51% attack in both cases.*
One argument you could make is that the ethereum casper roll out is premature. If the market cap of the ether being used to stake is less than the cost of electricity miners are putting forth to mine ether, then you could make a case that this is raising the probability of a 51% attack.
Another argument is that once the electricity is used, it’s on the blockchain forever, while the staked cryptocurrency can easily be converted back into fiat. As we saw with the casper smart contract from the previous post, the funds are locked for a certain number of blocks. This may not be completely irreversible as in the proof of work case, but this number can be altered to suit the needs of the blockchain (which, depending on your opinion may or may not be a good thing, see below), to include irreversibility if need be.
Nothing to Stake
I introduced this briefly in the previous post, but didn’t go into much detail, as I didn’t want to confuse non blockchain readers. Since it’s already been introduced, I’ll assume everyone is familiar with the problem and why it exists. I mention that casper purports to solve this problem by use of an arbiter smart contract which penalizes malicious validators. One argument that kept coming up was concern that a malicious chain could be built and hidden from the rest of the validators and then shown at an opportune time. Casper handles this by locking the validator funds inside the smart contract and receiving “tattle-tell” transactions from validators in the event that evidence for malicious behaviour is found in previous blocks. One of these malicious behaviours is not betting on a chain, another is betting on the “wrong” chain. These are both actions that would be necessary to build this “hidden” chain, and since they’re penalized, you’d run out of ether far before you could pull the attack off.
Rather than discussing this particular case (many others were brought up, and many more will follow I’m sure**), the point is, this smart contract can be altered to ward off any sort of malicious proof of stake behaviour that may arise in the future.
This leads us to perhaps the most damning criticism of casper: the fact that casper’s proof of stake involves a smart contract that acts as the arbiter of the validators. There is no clear analogue to this in the proof of work context, it simply doesn’t exist. It’s obviously a single point of failure, as well as an attack vector, and, depending on your perspective of the blockchain, a terrible case of centralization. One point continually driven home in my discussions with /u/Erumara was his/her reluctance to support something so complex compared to proof of work. And I have to admit, I do agree that proof of work is much simpler than every proof of stake solution I’ve seen proposed.
However, as /u/naterush1997 points out:
In both cases, there is “centralizing” code – in that it is code that everyone relies on. However, the Casper contract being public means that we have the benefit of seeing if there is some fatal flaw and/or bug. In the case of the attack on PoW described above, this would be impossible, as the attack described is indistinguishable from someone having a ton of computing power.
And even if it is overly centralized, I don’t think the technology shouldn’t still be explored. Obviously there is a large difference in opinion between the bitcoin and ethereum community in this regard, and I intend on exploring these differences in a future post. For now, let’s just say the ethereum developers are more willing to take concrete risks with their software even if it ends badly. and in fact, I agree with this strategy. It’s one thing to pursue an idea simply for the sake of it (as in the case of pure research), it’s entirely different to have millions of dollars at stake in the pursuit of an idea. This is part of what got me into cryptocurrency. This mixture of direct financial skin in the game of all parties involved (investors, users, developers) and interesting technology can’t be found anywhere else in the world.
One of the best outcomes from the post was this Andreas video /u/dietrolldietroll passed me. He makes the External/Internal staking argument, but at the end of the video (at around 42:56) when pressed by a question, he says that both proof of stake and proof of work can coexist in the market due to their different use cases. I’d say that sums up my opinion of the matter fairly well. As I said before, tech needs to crash and burn to move forward. I’m not saying proof of stake will be a catastrophic failure for ethereum, but even if it is, it will be a success for the blockchain movement at large.
I received a bunch of criticism (bunch of haters man) in /r/ethermining for an off hand conjecture I made about proof of stake privacy coins, so I intend to fully rectify this in my next post. Until then!
*After considering this idea during my writing I came upon a new idea. If it’s true that bitcoin is defended directly by the cost of electricity used to mine coins, could the sum of all electricity used up to block A be considered the true “value” of bitcoin at that block?
**For example, what if a validator never checked in to the smart contract, and is therefore never penalized, then finally showed up, having rewritten the entire blockchain to look much more attractive to the rest of the validators. They’d need 51% of the currency to pull off this attack, but I believe using the casper smart contract, even this might be possible to defend against.
EDIT: /u/jps_ in response to my argument against external staking:
If you buy $300 worth of Electricity and use it to secure a PoW network, it buys a finite time/amount of security. After the expenditure, the electricity is consumed and there is no more security. The only residual value you hold is the rewards earned along the way. These rewards cost you an extrinsic $300 that is not returned to you. This creates an objectively extrinsic value of the reward generated in return for security: basically, the reward is worth the expenditure in electricity generated to consume it.
If you take $300 and buy ETH and stake it, you can stake that $300 for as long as you want. Whenever you cease participating in securing the network, your $300 in ETH is returned to you, in addition to your rewards from staking.
Therefore, when you started staking you had $300 you exchanged for ETH. You finish staking and you hold ETH you can sell for $300. Plus rewards. Your net extrinsic expenditure is zero, and your net gain is the staking rewards.
So PoS is a value tautology. It creates something at no external cost, which has a putative external value greater than zero.