Vitalik: Proof-of-Stake Benefits

PoS is a better blockchain security mechanism than PoW for three reasons.

PoS offers more security at the same cost

GPU-based proof of work

You can rent GPUs cheaply, so the cost of attacking the network is simply renting enough GPUs to exceed the cost of existing miners.

For every $1 block reward, existing miners should spend nearly $1 in cost (if they spend more, miners exit as unprofitable, if they spend less, new miners can join and high profits).

Therefore, attacking the network only costs more than $1 per day, and it only takes a few hours.

Total attack cost: ~$0.26 (assuming a 6 hour attack time), which may drop to zero when the attacker receives the block reward.

ASIC-based Proof of Work

An ASIC is a capital cost: an ASIC purchased once, we can expect to use for 2 years before it wears out or gets updated hardware.

If a chain is 51% attacked, the community is likely to change the PoW algorithm and the ASIC will lose its value. On average, the ongoing cost of mining is about 1/3 and the capital cost is about 2/3.

So for a reward of $1 per day, miners will spend $0.33 per day on electricity + maintenance and $0.67 per day on ASICs. Assuming an ASIC lasts for 2 years, a miner would need to spend $486.67 on this amount of ASIC hardware.

Total attack cost: $486.67 (ASIC) + $0.08 (electricity + maintenance) = $486.75

That said, ASICs provide this higher level of security at the high cost of centralization because the barriers to entry become very high.

Proof of Stake

Proof of stake is almost entirely the cost of capital (coins invested); the only running cost is the cost of running a node. So how much capital are people willing to lock up to get a return of $1 a day?

Unlike ASIC, the deposited tokens will not depreciate, and when you complete the pledge, you can get your coins back in a short period of time. Therefore, participants should be willing to pay a higher cost of capital for the same amount of rewards.

Let’s assume about a 15% rate of return is enough to incentivize people to stake (this is the expected rate of return for eth2). A return of $1 per day would then attract a return of 6.667 years on deposits, or $2433.

Node hardware and electricity costs are small; a $1,000 computer can stake hundreds of thousands of dollars, while electricity and network fees of around $100 per month are enough.

But conservatively speaking, these ongoing costs are about 10% of the total investment cost, so we only have a return of $0.90 per day that corresponds to the cost of capital, so we do need to cut that number by 10%.

Total attack cost: $0.90/day * 6.667 years = $2189

In the long run, as staking becomes more efficient, people will also adapt to lower rates of return, and this cost is expected to be higher. I personally think that number will eventually rise to around $10,000.

The only “cost” of getting this high level of security is simply not being able to move coins around while staking.

There may even be a situation where the public knows that all of these coins are locked, which causes the value of the coins to rise, so the total number of coins that are flowing in the community and ready for productive investment remains the same.

In PoW, however, the “cost” of maintaining consensus is a large amount of real electricity consumed.

Greater security or lower cost?

There are two ways to use this 5-20x safety gain. One is to keep the block reward the same, but benefit from enhanced security.

The other is to drastically reduce the block reward (thus reducing the “waste” of the consensus mechanism) and keep the security level the same.

Either way is fine. I personally prefer the latter because, as we’ll see below, in Pos, even a successful attack is much less harmful than a proof-of-work attack, and it’s easier to recover from an attack!

In PoS, the attack is easier to recover

In a proof-of-work system, what would you do if your chain was 51% attacked? So far, the only response in practice is “wait until the attacker gets bored”.

But this ignores a more dangerous type of attack, the spawn camping attack, where the attacker repeatedly strikes the chain with the goal of rendering it useless.

In GPU-based systems, without defenses, a persistent attacker can easily render the chain permanently useless.

In fact, after the first few days, the cost to the attacker can become very low, as honest miners will drop out because they cannot earn rewards during the attack.

In an ASIC-based system, the community can respond to the first attack, but re-attacks since then are trivial.

The community will encounter the first attack to “break” all ASICs (both attackers and honest miners!) by hard forking to change the PoW algorithm

But if the attacker is willing to pay the initial price, after that the situation goes back to the case of the GPU (since there isn’t enough time to build and distribute an ASIC for the new algorithm), so the attacker can continue to swipe from there at a very low cost camp.

However, in the case of PoS, the situation is much better.

For certain types of 51% attacks (in particular, restoring a finalized block), there is a built-in “slash” mechanism in the proof-of-stake consensus by which a large portion of the attacker’s stake can be automatically destroyed.

For other, more difficult-to-detect attacks, the community can coordinate a small user-activated soft fork (UASF), where the attacker’s funds are again massively destroyed (in Ethereum, this is done through an “inactivity leak mechanism”).

There is no need for an explicit “hard fork to remove coins”; except for the requirement to coordinate the selection of a few blocks on the UASF, everything else is automated and just follows the rules of the protocol.

So the first attack chain will cost the attacker millions and the community will be back to normal within a few days.

A second attack on the chain would still cost the attacker millions of dollars because they would need to buy new coins to replace the burned old coins. The third time…and it costs millions more.

The game is asymmetric, which is not good for the attacker.

Proof of Stake is more decentralized than ASIC

GPU-based work is justified and decentralized; getting a GPU is not difficult. But GPU-based mining largely fails on the “security defense attack” criteria we mentioned earlier.

On the other hand, ASIC-based mining requires millions of dollars in capital.

This is also the correct answer to the common “Proof of Stake means the rich get richer” argument: ASIC mining also means the rich get richer, and the game is even more skewed towards the rich.

At least in PoS, the minimum stake required is quite low.

Additionally, Proof of Stake is more censorship resistant.

Both GPU mining and ASIC mining are easy to detect: they require a lot of power consumption, expensive hardware and large warehouses.

PoS, on the other hand, can be done on a humble laptop.

Possible Advantages of Proof of Work

I think PoW has two main real advantages, although I think these are fairly limited.

Proof-of-stake is more of a “closed system” that leads to higher wealth concentration in the long run.

In Proof of Stake, if you have some coin, you can also stake that coin and get more of that coin. In Proof of Work, you can always earn more coins, but you need some external resources to do so.

As such, one could argue that over the long term, the distribution risk of proof-of-stake tokens is becoming more and more concentrated.

The main response I’ve seen is that in PoS, the rewards (and thus validator returns) will be very low; in eth2, we expect validator rewards to be equal to 0.5-2% of the total ETH supply per year.

The more validators stake, the lower the interest rate. Therefore, it may take more than a century for the degree of concentration to double, and on such timescales other pressures may predominate.

Proof of Stake requires “weak subjectivity” while Proof of Work does not

Essentially, the first time a node comes online, and a node comes online again after being offline for a long time, the node has to find some third-party source to determine the correct head of the chain.

This could be their friends, it could be exchanges and block explorer sites, the client developers themselves, or many other players. PoW does not have this requirement.

However, arguably this is a very weak requirement: in fact, users already need to trust the client-side developers and/or the “community”.

At the very least, users need to trust someone (usually a client-side developer) to tell them what the protocol is, and what updates to the protocol are.

This is inevitable in any software application. Therefore, the marginal additional trust requirement imposed by PoS remains low.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-05-12 09:27
Next 2022-05-12 09:29

Related articles