Criticisms of Proof of Stake

Oh boy.  What a week it’s been.  My previous post meant to give a brief overview of Proof of Stake for non technical readers seemed to strike a nerve.

To start, I think people misunderstood the motive of the post.  I was simply giving a brief technical explanation of proof of stake for non technical readers, and some readers seemed to interpret this as support for proof of stake.  I’m a software developer.  I don’t care about the moral or ethical implications of power consumption or immutability.  I’m purely interested in the mechanisms, and I’ve yet to find someone who doesn’t agree that the casper protocol isn’t at least interesting, which is why I blogged about it.

As some of my readers know, one of the main reasons I post is to partake in the discussion that ensues afterwards, and there was a lot of it.  My previous post was on the frontpage of /r/blockchain for two days as well as /r/ethermining for a day and a half, which is great because these were my target audience in writing the post.  However, I also posted on a whim to /r/btc and /r/ethereum where it stayed on the front page of controversial for an entire day, which in my opinion is also great.  I wasn’t expecting the feedback I received, however this is exactly my motivation for writing.  I would like to thank everyone who took the time to read and provide feedback.  In this post I’ll spell out some of the criticisms of Proof of Stake that I left out of the previous post (again, it was intended for a less technical reader), as well as some new ones that I’d never considered until now, thanks to my readership.

External/Internal Staking

It seemed the major criticism people levied against proof of stake was that the staking was internal to the system rather than external.  /u/jps_  makes the point concisely:

“Proof of Work has something physical at stake, namely the electricity necessary to probably solve the puzzle. In essence, the bits in the network are secured by activity outside the network: someone has to generate that electricity. This results in a stable equilibrium, because in order to compromise the bits in the network, one must expend considerable external energy. The laws of thermodynamics make it very difficult to profit by consuming energy”

I don’t buy that external staking makes proof of work superior.  If we assume a free market economy, I should be able to exchange my money for electricity or cryptocurrency.  Obviously markets aren’t rational and the price of a cryptocurrency or the price of electricity isn’t what it should at the particular time that I make this trade of cryptocurrency to electricity, but that’s a discussion for a different day.  The point I’m making is, technically, the $300 of cryptocurrency I bought is of equal staking value to the $300 of electricity I “staked” to mine the cryptocurrency at the moment I did both.  We can discuss the volatility of electricity prices vs cryptocurrency prices, and decide one is a more stable form of staking than the other, but the fact remains that $300 of electricity is equivalent to $300 in cryptocurrency at the time of mining, and it would therefore take an extra $300 more to perform a 51% attack in both cases.*

One argument you could make is that the ethereum casper roll out is premature.  If the market cap of the ether being used to stake is less than the cost of electricity miners are putting forth to mine ether, then you could make a case that this is raising the probability of a 51% attack.

Another argument is that once the electricity is used, it’s on the blockchain forever, while the staked cryptocurrency can easily be converted back into fiat.  As we saw with the casper smart contract from the previous post, the funds are locked for a certain number of blocks.  This may not be completely irreversible as in the proof of work case, but this number can be altered to suit the needs of the blockchain (which, depending on your opinion may or may not be a good thing, see below), to include irreversibility if need be.

Nothing to Stake

I introduced this briefly in the previous post, but didn’t go into much detail, as I didn’t want to confuse non blockchain readers.  Since it’s already been introduced, I’ll assume everyone is familiar with the problem and why it exists.  I mention that casper purports to solve this problem by use of an arbiter smart contract which penalizes malicious validators.  One argument that kept coming up was concern that a malicious chain could be built and hidden from the rest of the validators and then shown at an opportune time.  Casper handles this by locking the validator funds inside the smart contract and receiving “tattle-tell” transactions from validators in the event that evidence for malicious behaviour is found in previous blocks.  One of these malicious behaviours is not betting on a chain, another is betting on the “wrong” chain.  These are both actions that would be necessary to build this “hidden” chain, and since they’re penalized, you’d run out of ether far before you could pull the attack off.

Rather than discussing this particular case (many others were brought up, and many more will follow I’m sure**), the point is, this smart contract can be altered to ward off any sort of malicious proof of stake behaviour that may arise in the future.

Centralization

This leads us to perhaps the most damning criticism of casper: the fact that casper’s proof of stake involves a smart contract that acts as the arbiter of the validators.  There is no clear analogue to this in the proof of work context, it simply doesn’t exist.  It’s obviously a single point of failure, as well as an attack vector, and, depending on your perspective of the blockchain, a terrible case of centralization.  One point continually driven home in my discussions with /u/Erumara was his/her reluctance to support something so complex compared to proof of work.  And I have to admit, I do agree that proof of work is much simpler than every proof of stake solution I’ve seen proposed.

However, as /u/naterush1997 points out:

In both cases, there is “centralizing” code – in that it is code that everyone relies on. However, the Casper contract being public means that we have the benefit of seeing if there is some fatal flaw and/or bug. In the case of the attack on PoW described above, this would be impossible, as the attack described is indistinguishable from someone having a ton of computing power.

And even if it is overly centralized, I don’t think the technology shouldn’t still be explored.  Obviously there is a large difference in opinion between the bitcoin and ethereum community in this regard, and I intend on exploring these differences in a future post.  For now, let’s just say the ethereum developers are more willing to take concrete risks with their software even if it ends badly. and in fact, I agree with this strategy.  It’s one thing to pursue an idea simply for the sake of it (as in the case of pure research), it’s entirely different to have millions of dollars at stake in the pursuit of an idea.  This is part of what got me into cryptocurrency.  This mixture of direct financial skin in the game of all parties involved (investors, users, developers) and interesting technology can’t be found anywhere else in the world.

Conclusion

One of the best outcomes from the post was this Andreas video /u/dietrolldietroll passed me.  He makes the External/Internal staking argument, but at the end of the video (at around 42:56) when pressed by a question, he says that both proof of stake and proof of work can coexist in the market due to their different use cases.  I’d say that sums up my opinion of the matter fairly well.  As I said before, tech needs to crash and burn to move forward.  I’m not saying proof of stake will be a catastrophic failure for ethereum, but even if it is, it will be a success for the blockchain movement at large.

I received a bunch of criticism (bunch of haters man) in /r/ethermining for an off hand conjecture I made about proof of stake privacy coins, so I intend to fully rectify this in my next post.  Until then!

*After considering this idea during my writing I came upon a new idea.  If it’s true that bitcoin is defended directly by the cost of electricity used to mine coins, could the sum of all electricity used up to block A be considered the true “value” of bitcoin at that block?

**For example, what if a validator never checked in to the smart contract, and is therefore never penalized, then finally showed up, having rewritten the entire blockchain to look much more attractive to the rest of the validators.  They’d need 51% of the currency to pull off this attack, but I believe using the casper smart contract, even this might be possible to defend against.

 

EDIT: /u/jps_ in response to my argument against external staking:

If you buy $300 worth of Electricity and use it to secure a PoW network, it buys a finite time/amount of security. After the expenditure, the electricity is consumed and there is no more security. The only residual value you hold is the rewards earned along the way. These rewards cost you an extrinsic $300 that is not returned to you. This creates an objectively extrinsic value of the reward generated in return for security: basically, the reward is worth the expenditure in electricity generated to consume it.

If you take $300 and buy ETH and stake it, you can stake that $300 for as long as you want. Whenever you cease participating in securing the network, your $300 in ETH is returned to you, in addition to your rewards from staking.

Therefore, when you started staking you had $300 you exchanged for ETH. You finish staking and you hold ETH you can sell for $300. Plus rewards. Your net extrinsic expenditure is zero, and your net gain is the staking rewards.

So PoS is a value tautology. It creates something at no external cost, which has a putative external value greater than zero.

Advertisements

3 thoughts on “Criticisms of Proof of Stake

  1. I’m concerned about PoS for 2 other resone.

    One is not far from some of your cobcerns, is that for me the value of the currency is in what it buys/sells.
    Oil and many goods (raw material, planes…) gives the value of dollar as contract are libelled in dollar.

    I call that pegging a currency to value, to fiat currencies indirectly.

    the only things sold or bought by Ethereum is mining, and gas.
    the price of gas should be floating, and thus should not gives value to ETH. in fact it is not so flexible, and thus its gives value loosely… iprovement in gas prices settlement will unpeg ETH and reality.
    Mining is paid in ETH, and this it is pegging ETH with reality.
    in fact is is not so rigid as difficulty is increasing with hash power. mechanically as you say it should increase the value of ETH as more power is used to produce the same 5ETH. this may explain the deflationist behaviors of cryptocoins.
    This deflation happens because miners once they have bought a GPU, are tied with it more or less, and will produce whatever is the price, at least in a range .
    what peg the ETH price to electricity, beside the gas and what people accept to pay for transaction (too much in fact, and proportionate to ETH value), is when the miners refuse to sell mined earnings below their costs. it creates a bottom resistance on the market, as some sellers disapear below the threhold of miners nor making money.
    there is no other good labeled in ETH, and speculators are mostly unbiased, just panicking up or down, amplifying the only real signal of the miners, who sell and earn.

    PoS will pay miners as a rate, and it will unpeg ETH to any reality.

    another totally problem I see is centralisation a freedom of “vote”.

    initialy PoS and PoW are supposed to be implemented by a crowd of independent miners verifying transaction independently.
    in fact PoW is heavily pooled, and independent workers sell their hash power to big pools.
    if big pool want to fraud, they can , but the workers will mostly abandon the fraudsters for selfish and moral interest, in few days.
    Another point is that a small worker can propose their hashpower even f their computer is not reliable, their network dependable.

    For PoS I’ma afraid the business will be impossible for workers.
    If failing to answer to a a PoS because your wifi is down, make you lose your stake, mining will be reserved to corporate style of network , highly dependable, like huge datacenters, and highly replicated infrastructure.

    So there wiil be pooling. but you will only pool money, not computers.
    the result is that there will be huge trusts centralizing billions in value, replicating modern finance like BoA, JP Morgan or Goldman Sachs, with IBM or AmazonWS running their network.
    if one of those monsters decide to fraud, or is regulated by it’s mother state to fraud, they will take their cash as hostage, and on ethereum once you have given your money you have to trust (unlike there is a contract, but money for PoS is kept by the network as hostage). no worker anymore, just shareholder of a trust consortium, that cannot escape, thus cannot vote agains the bahavior of the “PoS” miner.

    I think this mean the end of ETH cryptocurrency.

    not only ETH will be unpegged to reality, as earning will be only interest, but it will be centralized, and definitively in case of crisis. A fraudster, or more probably a company hostage of a regulation, will be able to exploit shareholder money to fraud in the Ethereum way of mind.

    Only solution would be to allow really independent miners to mine, but this mean accepting low dependability network and hardware, and compensating the scaling advantages of big money actors, who can bet a billion with just a handful of servers while a small player will require the same level of dependability and power, but for a smaller stake, thus smaller earning.

    this will lead to concentration like we observed in banking.

    Physics of cooling and electricity, real estate, is limiting the capacity of concentration of hashpower, even if there is pooling.
    pooling is not long term concentration as you can leave in few seconds once informed of your pool behavior. (it is not so different to abandonning a mining software if it is buggy ).
    PoS is very different as i is only an interest rate, with anticoncurential regulation requiring highly dependable IT.

    PoW is not perfect, but PoS is just worst for concentration.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s