In this post, we’ll dive into:
- Detailed description of Ethereum’s PoS consensus model
- How Ethereum PoS Recovers From Malicious Attacks
- Refuting common anti-PoS arguments
- Discuss the utility of liquid staking or running your own node
The current state of the beacon chain. Scheduled to generate blocks every 12 seconds. Live data can be viewed at https://beaconcha.in
Consensus mechanism: PoS, PoW, PoA
The consensus mechanism defines how a distributed network of nodes determines the current state of the network, which blocks are on the chain, and in what order. Block production is a general term describing who scans the mempool to pick up pending transactions, sort them into blocks, and append new blocks to the existing blockchain. Three common types of consensus mechanisms are Proof of Stake, Proof of Work, and Proof of Authorization.
- PoW (Bitcoin) places block production rights in the hands of those who use the most computing power. The protocol defines a one-way computationally expensive hash function such as SHA-256, where miners then compete to find an input that is hashed into an output with many leading zeros.
- PoA (Binance Smart Chain) is a whitelisting mechanism that gives block production rights to several whitelisted nodes. This is your typical permissioned blockchain, nothing more.
- PoS (Ethereum, soon™) places block production in the hands of those who lock up their native tokens, proportional to the amount of their stake.
Ethereum’s PoS implementation has been ridiculed by the public for more than half a year, but with the beacon chain running for 18 consecutive months and a successful live merge on the testnet, the implementation looks to be basically set. Rather than getting lost in the implementation details of the merger, I will focus on the specifics of how the PoS chain operates in its stable state.
Another famous trade-off triangle. Pick two, or find yourself somewhere in the middle.
There are about 400,000 validators on the Beacon Chain, and you can track real-time stats and blocks here. A validator refers to 32 ethics-specific deposits in the mainnet’s beacon chain deposit contract; a user can run multiple validators. Unfreeze withdrawals are not enabled today, and will not be enabled at the time of the merge, but will be enabled in a later Shanghai hard fork update. A period occurs every 12 seconds, during which a validator is randomly selected to submit a block. An epoch consists of 32 epochs (or 6.4 minutes). If a validator is offline and does not propose a block within its epoch, the epoch is left blank. Therefore, the block time of Ethereum will be from a Poisson distribution with an average block time of 13 seconds (Poisson distribution, a discrete probability distribution commonly seen in statistics and probability, developed by French mathematician Simon Denis · Poisson Siméon-Denis Poisson published in 1838), which turns into an occasional slot of exactly 12 seconds. The first block within each epochs is considered a checkpoint block.
If only one validator proposes a block per epoch, what do the rest of the validators do while waiting for their turn? They create proofs, which are signed votes describing what they think the current head of the chain is, and a link to the parent checkpoint block. Since proofs are cryptographically signed by specific validators, validators can be held accountable if they are vague, or vote for two blocks at the same height. The communication and storage overhead of 400,000 proofs is prohibitively high, so within each epochs, each validator is assigned only one slot to validate. Validators for each slot are assigned to committees, which are further groupings with a minimum size of 128. The aggregator then combines the signatures from multiple validators using BLS aggregation and then stores only the digest data into the block.
A technical overview of how validator proofs are aggregated and eventually included in a block.
Epochs are groups of 32 slots that go through three stages: Proposal, Demonstration, and Finalization. Once the supermajority, or two-thirds of the current validators, has proven an epoch, it can move forward. Proofs are tied to pairs of checkpoint blocks, one from the previous epochs and one from the current epochs. We represent this with a pair of source and target blocks. A block is proposed by a validator, and it is considered reasonable when the proof of the supermajority marks it as the head. When a supermajority of validators marks a reasonable epoch as pre-epochs, it is considered final. Therefore, an epoch is usually finalized (or 6 minutes) after one epoch.
A transaction is finalized when it cannot be re-aggregated without consuming a lot of ETH. Since two-thirds of the validators have already proven the final block, in order to create a different final epochs at the same height, two-thirds of the validators also need to prove a separate block of the same height. As a result, at least one-third of validators will prove to be vague. The penalty for an equivalent swap is to slash the validator’s entire stake, so the attacker must commit to destroying at least one-third of all staked ETH. Even at today’s depressed prices, the cost of reorganizing a final block is billions of dollars.
Malicious actors can also prevent the final outcome by withholding proofs so that a supermajority can never be reached. Inactive validators are penalized for inactivity leaks when on-chain 4 epochs or more fail to finalize. This will slowly burn the balances of offline validators until online validators have a supermajority again and can regain validity. Proof rewards are suspended until people on-chain start hammering them out again to make censorship and DoS attacks more expensive.
Staking requires active effort
Many people have a distorted impression of staking as the term is widely used in DeFi and NFTs. In many of these protocols, “staking” means depositing tokens into an escrow contract, thereby reducing seller liquidity, while tokens sit passively there. No downside risk, no active participation, just bribes to people with low time preference.
To be absolutely clear, these games are not what we’re talking about. True protocol-level staking means entering into an ups and downs of commitments that require ongoing active participation in proposing new blocks and proving blocks created by others. This means you can be rewarded for honestly participating in high uptime, or you can lose money by going offline or supporting malicious forks. These rules are not arbitrarily applied by a centralized party; they are clearly defined in advance and deeply built into the decentralized protocol itself.
There are two key equivalence exchange rules that validators must follow, taken from Gasper’s paper:
- Double voting: No validator makes two different proofs for the same target block.
- Bracketed Vote: No validator can do a bracketed or bracketed validation of a previous validation.
Slashing conditions taken directly from Gasper’s paper
Honest consensus layer clients are programmed to explicitly never do this, so a normal honest user should not worry about these mechanisms kicking in. However, they provide important protection against malicious validators and elegantly solve the risk-free problem.
While haggling only applies to behavioral errors, there is also a smaller penalty for inaction errors, called inactivity leaks. Honest users should pay particular attention to the uptime of their validators, as an offline validator is worse than nothing. If more than 1/3 of the validators are offline, then the block cannot be finalized, and it is also believable that these offline nodes are actually establishing their own shadow forks by pretending the existence of network partitions. Downtime penalties are very important to avoid this.
Ethereum has self-healing capabilities for disruptive minorities
The combination of equivalent deletions, inactivity leaks, and user-activated soft forks packs a powerful punch. Equivalent deletion handles security errors, inactivity leaks handle validity errors, and UASFs even allow the honest minority to recover from a malicious supermajority.
Divide is when validators validate two different blocks at the same height, which may result in parallel forks and eventual re-segments. This is a key element of the “no-stake” problem, i.e. building on all possible forks, because it doesn’t do them any good. By collecting signed proofs, network supervisors can prove that this happened and slash the stake of the equivalent exchanger.
An inactive leak is when a validator fails to provide proof. This cannot be shown to be malicious, as validators may accidentally drop out, but it is detrimental to the network.
A user-activated soft fork is when a subset of validators believe that the mainline ignores them and their transactions, so they join forces to form their own block production fork.
Let’s walk through a few theoretical scenarios where a subset of malicious validators wants to censor transactions, such as those from FATF blacklisted countries. How will it develop under different ownership thresholds?
Lazy Censorship for the Few
A whale with 10% collateral wants to censor the transaction. He refuses to include blacklisted transactions in his proposed block. These transactions are included in the other 90% of blocks. The whale makes slightly less money because he bypasses certain high-paying mempool transactions.
Positive Censorship for the Minority
The whale, with 10% stake, refuses to include the blacklisted transactions in his block proposal, and refuses to attest to other blocks that include those transactions. Blocks continue to be finalized because the proof of supermajority supports honest blocks. Whales lose money on both lower transaction bribes and missed proof rewards.
Lazy Censorship for the Few
A whale with 40% of the total stake wants to censor transactions but certify honest blocks proposed by others. This is the same situation as in the case of minority lazy censorship.
Minority Active Censorship
A group of whales with a total stake of 40% wants to censor transactions and refuse to certify honest blocks. Blocks stop being finalized because there is no longer an honest supermajority. The chain will fork into two sub-chains as if there is a clean network partition. Honest validators will see both forks, but will build on the honest fork because it has more weight in the LMD-GHOST fork choice rule. Censorship validators also see both forks, but manually override the LMD-GHOST fork choice rule and choose to continue on the censorship chain, pretending they don’t know the honest chain.
On an honest chain, an inactivity leak kicks in as soon as blocks stop being finalized. This means that all censoring validators appear offline because they refuse to attest to honest blocks. The stake of reviewing validators is slowly burned until their effective balance drops low enough that they are removed from the validator set. At this point, honest validators now have a supermajority and blocks start to finalize again.
Note that this does not require a hard fork. Existing price cuts and inactivity leaks gradually remove malicious or offline validators from the ensemble, and the remaining validators can regain a supermajority without any on-chain downtime.
User-Activated Soft Forks From Malicious Supermajorities
We have seen that even if honest validators do not have a supermajority, by proposing honest blocks and censoring validators rejecting the proof, censoring validators will be forced to leave the validator set. What happens if honest validators have a secondary majority and censorship validators have a supermajority?
Interestingly, the mechanics are nearly identical. One key difference is that honest validators must explicitly join forces to acknowledge each other’s proofs and override the fork-choice rule, but otherwise they can form their own subchains , the malicious supermajority will slowly drain from the validator set until the honest submajority gains a supermajority again.
Also, it’s worth noting that there are no explicit protocol-level changes to explicitly hard fork tokens from specific users, as we saw in The DAO’s 2016 leak. Instead, it is a combination of equivalent slashing and inactivity leakage, meaning that validators not established on the same chain gradually lose their stake. This is a fairly elegant mechanism that allows an honest minority to recover from a malicious majority.
Possible improvements in Ethereum
Of course, there are several aspects of Ethereum PoS that need further improvement. For example:
- Single-slot determinism means reducing deterministic time from 2 epochs (64 blocks) to 1 block
- Reducing the minimum amount required for staking will make home staking more feasible for users without 32 eth
- When the address of the block proposer is known in advance, a single secret leader election will minimize potential DoS attacks against the block proposer
- When building blocks, proposers and builders are separated, which will make it easy for a single family stakeholder to achieve the same top yield as a large operation.
PoS = On-chain governance
Ethereum has no on-chain governance (even though a subset of the PoS protocol does). Just as Bitcoin full nodes allow miners to honestly produce valid blocks that conform to state transition functions, Ethereum full nodes allow validators to honestly produce valid blocks that conform to state transition functions. Even a supermajority of malicious validators cannot fool an honest full node.
Consensus mechanisms are a way of adding new transactions to the chain, rather than arbitrarily coercing the power of the blockchain state. State transition rules are encoded into the protocol itself and are inviolable unless mandated by the social layer. One of Bitcoin’s state transition invariants is that the sum of UTXO outputs must equal the inputs; one of Ethereum’s state transition invariants is that an account can only move its own ETH. As long as non-validators run their own nodes on the network to verify honest state transitions, neither miners nor minters can break these rules, even with the support of a supermajority.
PoS = Central Bank
It’s not clear what people mean by that. My best guess refers to the manipulation of macroeconomic factors such as money supply and interest rates by central planning. As mentioned above, validators do not have the ability to change the state transition function, and Ethereum’s mechanism changes are heavily discussed in public months, if not years, in advance. Governance is off-chain at the social layer, not on-chain. Validators have no power here.
PoS = extension of cheap gas
This is fake. The gas fee reflects the supply and demand of block space. Changing the consensus mechanism does not increase the supply of block space, but sharding can. Partitioning was originally an important part of the Ethereum roadmap, but has been de-prioritized and will not happen until quite some time after the merger. See the proto-danksharding instructions to track the current state of the data availability sharding plan.
PoS = the rich get richer, PoW = egalitarianism
There is an egalitarian elegance to the idea of CPUs, GPUs, and ASICs churning in a math race to find hash pre-maps the fastest. Sovereign individuals, i.e. individuals running home gaming computers, can compete with nation states for the right to 6.25 newly minted BTC.
Unfortunately, the ASIC supply chain is easily controlled by import and export regulations, not to mention the dangerous dependence on Taiwan. The need for cheap, abundant energy is another weakness that prohibits individuals from running discreet mining setups. And since we’re not in the post-scarcity utopia yet, you’ll need to pay upfront to buy mining machines. To make matters worse, technological advances mean that miners need to constantly upgrade their equipment to remain competitive, which means that reliance on the supply chain is an ongoing weak point if conditions worsen.
PoW can be thought of as a concrete instance of PoS, where users buy miners with stakes and then compete for block proposal rights. The principal of your bet can be withdrawn at any time, but its value follows a decay curve corresponding to the current market value of your computer chips. In PoW and PoS, the need for upfront capital is the same, with the key difference being that in PoW capital is forced through the computer chip supply chain, while in PoS it can be pure collateral.
PoS = get nothing
PoS solves the nothing-for-nothing problem by increasing the penalty for validators who build on both parent blocks at the same time.
PoS = no compulsive seller
Many have pointed to the meager profits of PoW miners and compared them to the lucrative earnings generated by minters. However, markets are efficient and there is no free lunch. What appears to be free money is actually a huge opportunity cost of capital for speculators who choose to put their money in ETH over thousands of other investment opportunities with a real risk of devaluing their principal. The market dynamics that led to the meager profits of BTC mining relative to other investment opportunities also apply to the meager profits of ETH fixed investment relative to other investment opportunities.
PoS = Central Bank will buy all tokens
This tends to come from people who have never tried moving order books at scale. Of course, you can’t buy all the supply at the current spot price any more than you can buy all the ASICs at the current spot price. As demand increases, the price rises in a highly convex manner.
PoS = Trust a centralized server for Canonical chain
I recommend reading Vitalik’s article on “weak subjectivity” and EF’s description. When a node first comes online, it must have some frame of reference to know how to bootstrap itself. This is not a problem specific to PoS; even a Bitcoin full node needs to know which client software is valid, which IP can bootstrap its history, etc. PoS adds only a small amount of additional trust assumptions here.
PoS = no real resource consumption
Between those who see “real-world” connections as the only attribute that can give legitimacy to digital assets and those who see “real-world” connections as dangerous dependencies to avoid when building self-sufficient systems, There is a fascinating psychological divide.
PoS = bad complexity
Today’s implementations are of course quite risky to understand, with new vocabulary and prerequisites for distributed systems to explore. However, after delving into all the moving parts, nothing feels superfluous, and an active effort is being made to simplify it as much as possible. Modern society is built on a series of increasingly complex abstractions; if these abstractions are discarded because of initial uncontrollability, large-scale innovation is discarded.
Liquid (and illiquid) staking custodian Cartels
While Ethereum does not delegate PoS at the protocol layer, alternatives at the application layer have emerged. Lido leads the staking share, followed by a handful of centralized exchanges. Instead of running their own validators, users send ETH to these markrs and receive tokenized mark-to-mark derivatives such as stETH. These staking providers then typically have full control over how validators operate. Custodians with huge voting control are the most likely route to being caught by regulators. At least lately they’ve all been laundering their gambling clients’ funds into leveraged games, so at the end the only money left is those who practice self-custody.
Source of Beacon Chain Deposits
Real-world asset tokenization makes forks hard
When an asset holds its peg not because of the on-chain mechanism, but because of the 1:1 redeemability off-chain, in a centralized issuer, the issuer chooses a standardized chain to honor redemption and creation . The best examples today are stablecoins like USDC or USDT, but there will definitely be more tokenized RWAs in the coming years. MakerDAO is leading a lot of exploratory work.
Any resource proof is centralized
Without occasional redistribution or revolution, money and resources tend to accumulate in the hands of a few. The power-law dynamics are experientially exacerbated by the tacit personal influence created by an incredible technological base. So, while PoS is a clearer abstraction than PoW, both consensus mechanisms will prevent much of the world from participating. In its current state of blinders, it’s hard to imagine what alternative consensus mechanisms might emerge with fairer participation, but don’t rule it out.
What does this mean to you?
The last section is about practical matters. If you are interested in staking your own ETH, the annual rate of return is estimated to be between 5-15%, depending on how many people join and how bribed the MEV is. An interesting “hold-to-maturity” trade can now be made, with many liquid collateralized derivatives trading below their eventual redeemable 1ETH value. Why does this happen? A lot of people are doing leveraged stETH/ETH trades hoping to improve their yields, but since withdrawals won’t be enabled until the merged Shanghai hard fork, liquidity needs come and there aren’t enough buyers. You should know that liquid collateralized derivatives are by no means “pegged” to the value of ETH, it’s just that they should be redeemable 1:1 at maturity. However, brave buyers willing to take risks for unknown durations have the opportunity to earn healthy returns.
stETH/ETH price volatility over the past three months
This is strange advice, since the entire article has been pounding on the ability to avoid malicious collusion, and now we describe how to direct funds to custodial derivatives. But it would be dereliction of duty to let people go into lock-up at a 1:1 ratio, not knowing that they can get paid by taking the risk of duration + governance + smart contracts and digging cheap tokens from over-leveraged funds .
If you’re interested in running your own validator node, here’s a good walkthrough guide for solo staking (https://ethereum.org/en/staking/solo/).
Many PoS protocols already exist, but Ethereum is establishing a new quality standard. The focus is on supporting a broad set of validators, explicit price cuts, a clear trade-off between effectiveness and security, and the painful up-front work of maintaining multiple software clients. This system isn’t perfect, but it’s one of the most elegant innovations we’ve had. Hopefully this explanation helps you understand how all the moving parts fit together.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/in-depth-analysis-of-the-consensus-mechanism-of-the-merge-in-the-post-ethereum-era/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.