Ethereum’s development community wants to move the crypto-currency’s consensus mechanism from “proof of work” to “proof of stake”.
There are a variety of “proof of” procedures to incentivize miners of crypto-currencies and validate their blocks. Each relies on a mix of math and capitalist drivers to allow consensus on what is real and what isn’t.
Bitcoin is based on proof of work, while other coins, including Ripple, NEO and EOS rely on other variants, which we won’t address here. The big change in the space is the Ethereum protocol. The ethereum classic coin (the result of a fork that is run by some purists) has moved to proof of stake, while mainstream ethereum’s developer community is moving more cautiously to a hybrid model.
This could set the pace for tokenization, as it would diminish the influence of miners in favor of the biggest owners of a given crypto-currency. But it’s meant to be a longer-term safeguard of decentralized ledgers against bad guys.
Proof of Work: elegant but inefficient
Proof of work (PoW) is the only consensus mechanism proven to work at scale: it’s what has powered bitcoin for a decade. It relies on miners spending resources (electricity) on the mining process. They must solve a mathematical problem built into the bitcoin software in order to bid for the next block of coins to be recognized by the network. PoW makes people pay to play, in the form of electricity bills and computing power, to create a piece of data that is easy for everyone else in a public network to verify.
PoW is elegant but inefficient because of the vast amount of electricity required. PoW can’t scale: imagine the electricity required if mass adoption or, say, an e-RMB relied on this mechanism. It’s also slow, with bitcoin requiring 10 minutes to produce the next block; getting enough confirmations can take over an hour.
There is also the matter of just how decentralized the Bitcoin system is when most of its mining ends up in the hands of two or three giant companies, as is the case today: there’s nothing really stopping them from colluding to corrupt the network. (They’re also all Chinese, potentially susceptible to strong-arming by Beijing.)
Proof of Stake: efficient, but crude
Proof of Stake (PoS) is therefore meant to address how minted blocks are verified, the power of oligopolistic miners, and scalability issues. (Ethereum’s hybrid version, as it currently stands, would keep PoW for mining but use PoS elsewhere in the transaction chain to weaken miners’ influence.) In contrast to PoW’s clean math, PoS probably works in practice but on paper it’s messy.
The scalability issues are technical, but Ethereum developers are working on various ideas such as splitting up consensus among different nodes, rather than relying on the entire network to validate every transaction (a process called sharding); another idea is the use of subchains, in which settlement occurs on the main chain but errors and disputes are handled elsewhere. Ethereum’s developers have a project called Casper in which they are incorporating such techniques into a PoS framework to achieve much faster processing.
Beyond these technical matters, PoS aims to achieve Byzantine Fault Tolerance. Byzantine Fault Tolerance is the notion that any two nodes on a blockchain can communicate knowing their ledgers will show the same information. This is the holy grail of blockchain developers.
To get there, developers are trying to solve an old game-theory puzzle called the Byzantine General’s Problem. Imagine several armies need to coordinate troop movements in order to collectively conquer a city. How to avoid defeat in the event that a traitor or a fool sends malicious information?
How secure is secure?
Aparna Krishnan, a developer at Blockchain at Berkeley, gave a talk in Hong Kong addressing this issue. She says PoS is meant to keep a network robust even if one-third of the actors – a third of the armies besieging a city – are malicious.
Blockchain often gets praised for its security as a decentralized, encrypted and immutable shared ledger. But what constitutes a blockchain? It’s a chain of hashes. Hashes are unique, one-time algorithms that provide immutable records. Attempts to change any previous block of data will fail to correlate with how the hashes show up on other nodes.
But this does not make the entire system secure. “A system is neither secure nor insecure,” Krishna said. “Security is more like a scale. A system is secure up to a certain amount of money.”
Developers rely on gaming theory to create incentive structures to make attacks against the network too expensive. Attackers can spend resources on trying to get others to change their behavior, or to upset prediction markets by offering false incentives. They could undermine Bitcoin or Ethereum, but today it would cost them so much money that it’s just not worth the effort. That’s today; what about tomorrow?
Centers of influence
In PoW, like for making bitcoins, voting power is proportional to computing power. Miners, who maintain the network, have a lot of votes in terms of which newly minted blocks are deemed bitcoins. Their incentive to keep the network going is the economic reward of creating new coins.
But anyone who can marshal 51% of the network can basically attack it and send the coin’s value into a tailspin (and today, any two of the top three mining companies could in theory collude to reach 51%). And the more the biggest miners invest in computing power, they greater their power becomes, undermining the principle of decentralization that is meant to sustain blockchain.
In PoS, voting power is proportionate to your economic size in the system. Power switches from miners to anyone with enough coins in their pocket. Miners still get paid for minting blocks, but wealthy insiders – the ones with the most to lose – have more of a say over what gets accepted as a coin.
Aparna says there are two types of PoS mechanisms. One is “chain-based”, and its advantage is it allows PoW without the electricity bills. It works like a round robin: one node is selected at random to create a block of data that gets added to the blockchain as coins. Then the creation process moves to another node.
A second version of this goes back to the notion of Byzantine Fault Tolerance. A randomly selected miner creates a block, but it needs two-thirds of the network to validate it.
The effect is to shift the ability to corrupt the network from influencing 51% of the nodes to 67%. And given that PoS gives influence to the biggest coin holders, they have no incentive to devalue their own portfolios. Moreover, there is no need for specific hardware (e.g., ASIC chips) to operate a PoS protocol.
The drawback to PoS is that the rich get richer. Although an oligopoly of big coin holders could manipulate the system, their motivation would be to increase the coin’s value. The rest of the community, if they didn’t like the direction the whales were swimming, would have no option to but to create a fork and do their own thing, which would be risky.
The other problem with relying on ever-bigger whales is liquidity. “If you’re locking up funds, who’s spending them?” Aparna said. “Who’s making transactions? Low participation can lead to centralization.”
And whereas in PoW if a big miner wanted to exit, it could stop activity or sell its ASICs without affecting the network. But in PoS, an early adopter loaded with coins would find it hard to liquidate their stake.
Aparna says there are many scenarios in which malicious players could attack a PoS network. They can try to disrupt who gets to mine the next block, or sow false histories, or censor someone’s ability to create blocks, or use incentives to lure players into attempting a fork (change the rules of the protocol).
Whatever the danger, the best defense is one that relies on Byzantine Fault Tolerance, requiring two-thirds of the network to validate new blocks. This is safe but demanding, as it requires enough nodes to be active all the time.
Alternatives may require an external regulator (such as the one played by Monetary Authority of Singapore in the various blockchain developments under its Project Ubin). Which means we’re back again to questions of just how decentralized a blockchain can ever really be.