“Proof of Stake” guide for bitcoiners

Generally speaking, Bitcoiners don’t pay too much attention to what’s happening in the altcoin space, but with Ethereum’s “The Merge” planned to launch within a month, the Twitter circles are quite noisy. Of course, the Bitcoin network will not be affected, but I think this “upgrade” is also worth watching. Once Ethereum separates itself from “dirty” and “wasted” PoW (Proof of Work), we can expect a narrative war to emerge, and Bitcoiners should be ready to fight back.

Learning how “Proof of Stake (PoS)” works is a good way to understand the difference and trade-offs between it and PoW. While I’ve seen many abstract statements about PoS – PoS has more access requirements, is more centralized, and becomes an oligarchy – I have to admit, without knowing the details of PoS, these claims may sound like It’s all a little ethereal. By delving into the PoS algorithm, we can slowly see that all these properties arise naturally from its principles. So, if you are also curious about how the PoS algorithm works and why it works causing it to have these properties, read on!

Solve the “double spend” problem

Let’s start with a quick recap of what exactly we’re trying to solve. Suppose we have a cryptocurrency network with many people participating and want to maintain a decentralized ledger. We will be faced with the question: how can our transactions be added to everyone’s ledger so that everyone can agree on whether a transaction is “correct”? PoW solves this problem very elegantly: transactions are grouped in blocks, and the production of each block (being the correct block that everyone agrees on) requires a lot of computational work. The amount of work required for block production is increased and decreased to ensure that blocks are produced at an average rate of one every 10 minutes; this allows each block to be produced for several minutes before the next block is produced. spread in the network. Any uncertainty in the ledger can be resolved by choosing the chain that condenses the most block production computations, thereby preventing double spending (on the same chain, no two transactions will cost the same amount of money, repeated Spent transactions will become invalid transactions, and blocks with invalid transactions are invalid blocks), because for repeated spending to be successful, more than 51% of the global block production computing power must be mastered (so that it is possible to start a Spend a certain amount of money on the chain, then spend that money again on the fork chain and let the fork chain eventually become the longer chain).

But suppose now we want to throw away the Satoshi Nakamoto insight (which made the above solution possible). After all, these nasty ASICs (hardware dedicated to block production calculations) are hateful and noisy, and they consume more energy than George Soros, Bill Gates, Hillary Clinton’s private jets combined need more. Is there a way we can unequivocally agree on which transactions are “true” just by talking?

Ethereum’s proof-of-stake mechanism uses two key elements to solve this problem. The first element is to make special “checkpoint blocks” from time to time, the purpose of which is to assure everyone in the network the “truth” of the system at different times. Creating a checkpoint requires a majority of 2/3 of the “stake” count, which guarantees that at that point in time, the vast majority of “validators” agree on a fact. The second element is penalizing users who add uncertainty to the network, known as “slashing”. For example, if a validator creates a fork, or votes for an older fork (similar to a 51% attack), then the TA deposit will be forfeited. Validators are also penalized for being inactive, but not as much.

(Translator’s Note: In my opinion, naming the participants of the PoS consensus mechanism as “validators” is an out-and-out language pollution. In the original concept, “block producers” refers to the consensus mechanism participants (such as miners), and “validators” refer to those who verify the consensus results (such as full nodes), but using “validators” to refer to “blockers of PoS consensus” completely confuses what was otherwise clear Classification method. All “validator” in this sense are translated as “witness” below.)

This leads us to the first principle behind PoS: PoS is a system based on negative incentives (penalties). This is the exact opposite of Bitcoin and PoW, because PoW is a system based on positive incentives (rewards). In Bitcoin, miners can try to break the rules—produce malformed blocks, pack invalid transactions, etc.—but those blocks are ignored. The worst effect is to waste a little energy. Miners are also free to generate blocks on older forked chains, but without accounting for 51% of the global block productivity, these older forked chains will never be able to catch up with the current longest chain, so Also just wasted effort. Any miner who participates in these activities, whether intentionally or not, will not worry about losing the bitcoins they have accumulated before, nor do they have to worry about losing their mining machines. So Bitcoin miners don’t live in fear, and in the process of taking action and taking risks, they can make mistakes.

Witnesses living on the Ethereum mainland are completely different. They are not rewarded for working hard and adding security to the network, they do no actual work, they just have to be careful not to misbehave their nodes lest their savings go to waste. No matter what changes people propose to the network, the first reaction of witnesses is to follow the crowd or risk being confiscated. These witnesses are walking on thin ice every day.

img

By the way, according to Vitalik’s “PoS FAQ”, allowing block producers to live in a negative incentive system is one of the “benefits” of PoS , eh.

img

So, on a technical level, how exactly does the confiscation mechanism work? Do we have to build a list of all the witnesses before we can confiscate something? Yep, that’s it. To act as a witness in Ethereum’s PoS consensus mechanism, you first move ETH to a special “staking” address. This is not only for applying the slashing mechanism, but also for voting, since checkpoint blocks require a 2/3 majority.

Maintaining such a list of all witnesses 24/7 has some interesting implications. Is it difficult to join a team of Witnesses? Can I leave anytime? Can witnesses vote on the status of other witnesses? This brings us to the second principle behind PoS: PoS is an admission system.

The first step to becoming a witness is to deposit some ETH into a special staking address. How much ETH do you need? Minimum 32 ETH, about $50,000 at current prices. To add context, decent bitcoin mining rigs are generally a few thousand dollars apiece, and if you’re home mining, you can start with an S9 for a few hundred dollars apiece. To be fair, there is a technical justification for the high threshold of ETH PoS consensus, a higher threshold means fewer witnesses participating, which can reduce bandwidth requirements.

So, the entry barrier is very high, but, as long as anyone has 32 ETH, can they participate as long as they want? Not really. There is a security risk if a large number of witnesses leave or enter at the same time. For example, if the vast majority of witnesses in the network leave at the same time, they can re-spend funds on a fork (that they did not exit) without penalty on either side. To mitigate this risk, both entering and leaving PoS consensus have built-in queuing mechanisms (throuthput limit, literally translated as “throughput limit”). Currently, this limit is set to witnesses per “epoch” (approximately 6.4 minutes)  max(4, |V|/65536) , both entry and exit. In other words, the entire set of witnesses can be replaced every 10 months. In addition, although the witness can now issue an “exit” transaction and stop participating in the PoS consensus, the code to actually withdraw the funds has not yet been completed. Sounds a bit like a California hotel…

img

– You can move in anytime, but you can never leave –

The last point is the economic incentive to approve new witnesses to join. Suppose you are a shareholder of a large company with a stable business that pays you dividends every quarter. Would you be willing to issue additional shares for free? Of course not, because that would reduce the current dividend for all shareholders. A similar incentive structure also exists in PoS. Because every new witness joins will dilute the income of all current witnesses. In theory, witnesses can directly censor all transactions that add new witnesses, but I don’t think that in reality, such a blatant approach won’t work. This would be very obvious, and would destroy Ethereum’s “decentralized” image overnight (and possibly lead to a price crash). I think people will use smarter methods. For example, using “security” or “efficiency” as an excuse to slowly change the staking rules, the threshold for participating in PoS is getting higher and higher. Any policy that sacrifices new Witnesses in favor of existing Witnesses will be supported financially, whether it is exposed on the table or not. Now, we can see why PoS turned into an oligarchy.

img

Overview of Casper Algorithm

We already know the abstract principles behind PoS, so how exactly does Ethereum’s PoS algorithm work? The idea behind checkpointing and slashing was proposed in an algorithm called “Casper”, so let’s start with Casper. Casper itself doesn’t give a way to produce blocks, instead it gives a framework for how to add checkpoints/slashes to existing tree-like blockchain branches.

First, any Changshu C is selected as the “checkpoint interval”, which determines how many blocks are separated between two checkpoints. For example, if C = 100, it means that checkpoints will be made at block heights 0, 100, 200… . Then, all nodes also vote for the next “justified” checkpoint. Instead of voting for one block at a time, witnesses vote for a pair of checkpoints  (s, t) , where s represents a previously rationalized checkpoint, called the “source”; t represents the checkpoint that the witness wants it to rationalize, called “Target”.  t becomes a new rationalized checkpoint once a pair of checkpoints  obtains a 2/3 majority vote in terms of deposit. (s, t)The figure below shows an example checkpoint tree.

img

In this diagram, the  h(b) function represents the “checkpoint height”, such as a hundredth of a block. You may notice that not every 100th block occurrence necessarily results in a rationalized checkpoint, as voting may not result in a majority. As an example, suppose at block height 200, both checkpoints have 50% of the votes. Because voting twice in the same period is slashed, the system is “stuck” here unless some witnesses are willing to be slashed. The solution is for everyone to “skip” this checkpoint at block height 200 and “try again” at block height 300.

Just because a checkpoint is rationalized doesn’t mean it’s “finalized”. In order for a checkpoint to be finalized, the checkpoint immediately following the checkpoint must be rationalized. For example, if checkpoints 0, 200, 400, 500, 700 are in the same line and are all rationalized, then only checkpoint 400 will be considered finalized, because only its next checkpoint is rationalized .

Because the terminology here is very precise, let’s summarize the three categories. A “checkpoint” refers to any block that occurs at a block height  C * n , so if C = 100, blocks at block heights 0, 100, 200, 300, etc. are checkpoints. Even if two blocks appear at block height 200, they are both checkpoints. A checkpoint is “rationalized” if it is a genesis block with a height of 0, or if 2/3 of the witnesses vote to establish a link between a previous rationalized checkpoint and this checkpoint. Then, if this rationalized checkpoint (as a source) is linked to the next checkpoint and the latter is rationalized, the checkpoint is “finalized”. Not every checkpoint will be rationalized, and not every rationalized checkpoint will be finalized, even on a chain that is ultimately recognized.

Casper Forfeiture Rules

Capser’s slashing rules are designed so that there cannot be a finalized checkpoint on each of the two forks, unless at least 1/3 of the witnesses violate the slashing rules. In other words, only finalized checkpoints should be considered undisputed “truth”. It is even possible to have a rationalized checkpoint on each of the two forked chains, but each will not produce a finalized checkpoint (unless someone is slashed). There’s no guarantee when or where a finalized checkpoint will occur; it’s just that when a chain fork occurs, you should sit back and wait for a finalized block to appear, and when it does, you’ll know That’s the “real” chain.

Casper implements this feature using two slashing rules:

img

The first rule prohibits anyone from successively voting two different blocks at the same height as the target checkpoint (i.e. double voting). Therefore, suppose a witness, when voting twice successively, uses two different blocks with a height of 200 as the target checkpoint, and the TA will be slashed. The goal of this rule is to prevent the chain from splitting into two different rationalization checkpoints at the same height, as this would require 2/3 + 2/3 = 4/3 of the total votes, meaning at least 1/3 of Witnesses break the forfeiture rule. However, as we saw earlier, rationalization checkpoints can skip certain heights. So, how to prevent a chain from splitting into two different target checkpoints? For example, can checkpoint 200 be split into two chains to form rationalized checkpoints at heights 300 and 400, without anyone being confiscated?

This is where the second rule comes into play, which is intended to prevent one vote from “wrapping” another vote. For example, if a witness votes for (300, 500) and (200, 700), the TA will be slashed. In the case of a chain split, once a fork forms a finalized checkpoint, other forks cannot have finalized checkpoints unless 1/3 of the witnesses break this second rule. Suppose now that the blockchain forks two rationalized checkpoints (500, 800) and (500, 900). Later, people saw a finalized checkpoint (1700, 1800) on the first forked chain. Since 1700 and 1800 can only be rationalized on the first fork chain (assuming no one breaks the first rule), the only possibility that a rationalization checkpoint after 1800 can be seen on the second fork chain is if some people put the low Checkpoints above 1700 are the source and checkpoints above 1800 are the target. But since this wraps the (1700, 1800) vote, and rationalization requires 2/3 of the vote (and (1700, 1800) already got 2/3 of the vote), then there are at least 1/3 of the witnesses Breaks the second rule. The Casper paper gives a nice graph:

img

That’s it, as long as you follow Capser’s rules, you’re a good guy!

img

Sounds easy, right? We can guarantee that the slashing mechanism is only the ultimate means for PoS to maintain consensus, not an extortion mechanism that forces witnesses to behave in a certain way, right?

img

– “Ask the Ethereum community. What would you do if the vast majority of witnesses chose A (compromise and censorship at the protocol layer) below? X) see censorship as an attack on Ethereum, burn through social consensus drop their deposit; Y) tolerate censorship” “I would choose X” –

This brings us to the third principle behind PoS: PoS has no rules. What most people say, the “rules” are.

img

Every day, your nodes (technically) strictly follow the Casper commandments, but the next day your savings risk being forfeited because you did something that other people didn’t like. Have you packaged a red team deal? The majority of the blue team will fine you. Or, you do the opposite and turn a blind eye to the red team’s trade, and tomorrow the red team will say you’re censoring and confiscate you. The force of confiscation goes far beyond the limits of the review power of OFAC (the U.S. Department of the Treasury’s Office of Foreign Assets Control). PoS is like a never-ending battle royale in Mexico, with the threat of confiscation at any time.

img

I have absolutely no doubts – in a controversial hard fork, both sides would hard-code validation rules against each other to punish anyone who wants to join the “evil” side. Of course, it’s a nuke button, and like a nuclear war, both sides may just choose tit-for-tat rather than strike first. I also suspect that the vast majority of individual witnesses, who are “neutral”, are more concerned with financial self-preservation than political self-sacrifice, but if they realize that “taking sides” is an avoidance An effective way to get confiscated, and they probably will too.

Where did you say it?

Now that we know the basics of checkpointing and slashing, we can move on to the “Gasper” algorithm that Ethereum actually uses. This is a combination of Casper and GHOST. Casper, which we covered earlier, and GHOST is a strategy used to select the “best” chain between checkpoints.

The first thing you need to know to understand Gasper is that it treats time as a major independent variable. Real-world time is divided into 12-second “slots”, each of which can only contain at most 1 block. A number of time slots make up an “epoch”, and each epoch has a checkpoint. A period contains 32 time slots, so the duration of each period is 6.4 minutes. It is worth pointing out that this paradigm reverses the relationship between time and block generation in PoW. In PoW, blocks are generated because a valid hash is found, not because how long has passed. But in Gasper, blocks are generated because the real world has passed long enough that it’s time for the next time slot. What intractable timing problems such a system would encounter, I can only imagine, but dare not enumerate; in particular, this is not a program running on one computer, it is running on tens of thousands of computers around the world trying to synchronize system. I hope that developers of Ethereum are familiar with “Programmers’ Misconceptions about Computer Time”.

Now, let’s say you want to set up a witness node and you want to sync the blockchain for the first time. You can only see specific blocks with specific timestamps, how do you know those blocks were actually generated at that time? Since block production does not require work, can a malicious group of witnesses forge a fake chain starting from the genesis block? And, if you see two competing blockchains, how do you know which is the real one?

From this, we derive the fourth principle behind PoS: PoS relies on subjective understanding. Because there is no objective way to choose the real one from two competing chains, and any new node joining the network must trust some existing node as a source of truth and resolve uncertainty. This is completely different from Bitcoin, where the chain that aggregates the most work is the “real” chain. It is useless for thousands of nodes to tell you that the X chain is real. As long as one node releases the Y chain, and the Y chain contains more workload, Y will become the real chain. The header of a block tells you its value, so it completely removes the need for trust.

img

– These 0s indicate that it takes work to find such a hash value –

Because it relies on subjective understanding, PoS reintroduces the need for trust. Now, I’ll admit, I may be a little biased from here. If you want to know the opinion of the other side, Vitalik wrote an article with his views. I admit that in reality, chain splits are unlikely to happen because of Casper rules, but anyway, the peace of mind I get from Bitcoin, is not possible here.

Block production and voting

Now that we are familiar with time slots and periods, how are individual blocks produced and how are they voted? Before the start of each period, all witnesses are “randomly” divided into 32 groups, each of which is responsible for a time slot. In each time slot, a “randomly” chosen witness becomes the block producer, while the others are voters (or “attestors”). I put “random” in quotes because the process has to be deterministic, as everyone has to unbiasedly agree on which validators are responsible for which slot. However, this process must also be non-exploitable, as block producers have the advantage that they can earn additional value now known as “Miner Extractable Value” (now reclaimed). Named “Maximun Extractable Value”). There is a good article on how this value works: “Ethereum is a Dark Forest”.

So, after a block is produced, how do other witnesses vote (or “witness”)? Block proposals are assumed to occur in the first half of the slot (the first 6 seconds), and voting occurs in the second half, so in theory, witnesses should have enough time to vote for blocks in their slot. . But what if the block proposer goes offline, fails to communicate, or constructs an invalid block? In fact, the task of the witness is not to vote for the block, but to point out the block that “looks the best” from the current self. Under normal circumstances, this best block is the block in their slot, but it could also be an older block. But what does “the best block” technically mean? This is where the GHOST algorithm comes in.

GHOST is the “Greediest Heaviest Observed SubTree” and is a greedy recursive algorithm for finding the blocks with the most “latest activity”. Basically, this algorithm treats all recent blocks as a tree, it traverses the entire tree and greedily selects the branch with the most accumulated witnesses. For each witness, only the latest witness message will be counted, and the final algorithm will come up with a leaf block as the “best block”.

img

The witness message of the witness not only contains the vote for the current best block, but also contains the latest checkpoint leading to this block. It should be pointed out that in Gasper, checkpoints are based on epochs rather than block heights. Each epoch points to a specific checkpoint block, either the block in the first slot of the epoch, or (if there are no blocks produced in the slot) the latest block before the slot. In theory, the same block can be the checkpoint of two different epochs (there is no block in each slot of the previous epoch), so the checkpoint is represented by (epoch, block) pair. In the figure below, “EBB” is the abbreviation of “Epoch Boundary Block”, which means a checkpoint of an epoch; while “LEBB” is the abbreviation of “Latest Epoch Boundary Block”, which means the latest overall a checkpoint.

img

Similar to Casper, a checkpoint is rationalized after more than 2/3 of the witnesses; and if its next epoch’s checkpoint is also rationalized, the checkpoint is finalized. An example of the workflow of the voting mechanism is shown below.

img

Gasper also has two slashing conditions, similar to Casper’s slashing rules:

1) Voting cannot be repeated in the same period.

2) The checkpoint interval contained in one vote cannot be “enclosed” within the checkpoint interval of another vote.

Although Gasper abolishes block heights based on time periods, Casper’s rules still ensure that both forked chains cannot have finalized checkpoints unless 1/3 of the witnesses are slashed.

It is also worth mentioning that witness messages are included in blocks. Similar to how a block in PoW defends itself with its own hash, a finalized checkpoint in PoS also defends itself with all of its past witness messages. When someone violates the slashing rules, these bad witness messages will also be included in the block, proving that it is deviated. Block producers also have a small economic incentive to package these deviance-proof messages, which is to provide incentives for people to punish those who break the rules.

fork

It’s interesting to imagine what happens when a fork occurs. To recap quickly, forks refer to changes in consensus rules, and can be divided into two types: hard forks and soft forks. In a hard fork, the new rules are not backward compatible and may result in two competing blockchains (if neither chain wants to switch). In soft forks, the new rules are stricter than the old ones, so they are backward compatible. Once more than 50% of miners or witnesses start enforcing new rules, the consensus mechanism will switch without splitting. Soft forks are usually associated with upgrades and new types of transactions, but technically it also includes any type of censorship performed by a 51% majority. PoS also has a “fork” that PoW does not have: a chain split that is not caused by a change in consensus rules. But because we have said it before, only hard forks and soft forks are discussed here.

We start with the simplest case: a dedicated, contentious hard fork. “Controversial” means that a rule change makes people politically oriented. Bug fixes and minor technical changes are unlikely to be controversial, but some—like changing the witness reward—may be. If a hard fork is very controversial, a chain fork may occur, but it will eventually be resolved economically as users sell assets on one chain and buy assets on the other chain. Like the Bitcoin Cash fork in 2017, it seems that the game is won:

img

Now, suppose one day the Witnesses hold a convention, think they’re not being rewarded enough, and decide to change the rate of return from 5% per year to 10% per year. Obviously, this is sacrificing the interests of the non-witnesses to satisfy the appetites of the witnesses. If there is a chain split, which chain will win?

This leads to the fifth principle behind PoS: money is power. Now there are more than 120 million ETH in the world, and more than 10% have been pledged, as shown in the figure below.

img

Suppose a hard fork creates a dispute between witnesses and non-witnesses. Suppose all non-witnesses sell all their coins on the new chain and all witnesses sell all their coins on the old chain If it drops, then theoretically, the old chain will win because most of the ETH is still in the hands of non-witnesses (90% vs. 10%). But we still have some things to consider. First, after the fork, the witnesses still “control” both chains. If the witnesses have the ability to influence the old chain, they may have an incentive to let the chain fail. Secondly, the nuclear weapons mentioned above still exist, and the new chain may confiscate witnesses who are still producing blocks on the old chain to force them to join. Finally, some witnesses may have greater social and political influence than others in the network. If Vitalik, the Ethereum Foundation, and the exchange all form an alliance and decide to increase the witness reward, I have a hard time believing that ordinary Ethereum users and witnesses can keep the old chain running, and at the same time make the old chain by buying relatively more valuable.

As for soft forks, what if there were controversial soft forks, such as OFAC censorship? Witnesses are very centralized, as you can see from the picture below.

img

Unlike in PoW, where miners can switch mining pools with one click, witnesses on Ethereum are locked in a pledge address and can only leave after initiating an exit transaction. If Lido and the largest exchanges are going to censor some transactions, they could easily reach a 2/3 majority that decides the checkpoint. Earlier we saw how Vitalik and other ETH witnesses can use censorship-resistant hard forks to counter censorship soft forks (while slashing censors). Even if they succeed in creating a fork, a lot of value will be destroyed in the process, either through slashing or a breakdown of trust.

Epilogue

In this post, we explore how PoS uses the Gasper algorithm to solve the double spending problem. Gasper is a combination of Casper checkpointing/slashing rules and GHOST “best block” voting rules.

Gasper divides time into units called “slots”, each of which can only contain at most one block; multiple timeslots form periods, each of which points to a checkpoint. A checkpoint is rationalized if a 2/3 majority votes for it; and if two adjacent checkpoints are rationalized, the first of the two is finalized. Once a checkpoint is finalized, competing forks cannot be finalized unless more than 1/3 of the witnesses are slashed.

In the process, we discovered five principles of PoS:

1) PoS uses a negative (penalty-based) incentive structure.

2) PoS is a system with an admission mechanism.

3) PoS has no rules.

4) PoS relies on subjective understanding.

5) In PoS, money is power.

Each of these principles is the opposite of PoW:

1) PoW uses a positive (reward based) incentive structure.

2) PoW is an access-free system (anyone can start and end at any time).

3) In PoW, forks that do not follow the rules will be ignored.

4) PoW relies on objective facts.

5) In PoW, miners serve users and have limited power.

I believe that everyone should strive hard for the world they want to live in. If you’re like me, want to live in a world without access, want to control your property, want hard work to be rewarded, passive ownership becomes debt, want currency to store value all the time and not change on a whim , then, you should think carefully about the difference between PoW and PoS, and fight for your preferred principles.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/proof-of-stake-guide-for-bitcoiners/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-09-16 09:46
Next 2022-09-16 09:48

Related articles