Vitalik: Why PoS

On September 15, a date that was recorded in the history of encryption, Ethereum merged from POW to POS mechanism, which seemed to declare the end of an era.

Is it a question to choose POW or POS?

On a special day, Shenzhen Tide TechFlow took you to review three classic articles, namely, The Beauty of Computing, written by Wu Sihan, the founder of Bitter Mainland, and Why Choose PoS, written by Vitalik, the founder of Ethereum (Why Proof of Stake?), And Jan, chief architect of Nervos, "PoW and PoS Debate: Who Has Real Openness? Who Can Stay Away from the End of Thermodynamics?".

Why Proof of Stack (PoS)?

Compared with PoW (workload proof) consensus mechanism, PoS is a better blockchain security mechanism for three main reasons:

1. PoS is safer at the same cost

The simplest way to compare is to juxtapose the two, and see how much it costs to attack a network under every $1 block reward every day.

  • PoW based on GPU mining;

It is very cheap to rent GPUs, so the cost of attacking the network is only to rent enough GPUs to exceed the cost of existing miners. For every $1 bonus, existing miners should spend about $1 (if they spend more, they will quit because they are unprofitable; if they spend less, new miners can join in and earn high profits). Therefore, attacking the network only temporarily costs more than $1 a day, and only takes a few hours.

Total attack cost: about $0.26 (assuming that the attack time is 6 hours). As the attacker gains the reward of block, it may drop to zero.

  • PoW based on ASIC chip mining

ASIC chip is a kind of capital cost. It can be expected that it can be used for about 2 years before it is worn out or eliminated by better hardware. If a chain is attacked by 51%, the community is likely to respond by changing the PoW algorithm, so the ASIC chip will lose value. On average, about 1/3 of the continuous cost of mining and 2/3 of the capital cost. Therefore, every day every $ 1, the miner will spend about$ 0.33+maintenance fee, and about$ 0.67 ASIC cost. Assuming that the life of an ASIC chip is about 2 years, the miners need to spend $486.67 on this amount of ASIC hardware.

Total attack cost: $486.67 (ASIC)+ $ 0.08 (electricity cost+maintenance cost)= $ four hundred and eighty-six point seven five

Not only is the attack cost of PoW mining with ASIC chips higher, but also the whole network tends to be centralized while providing such high cost attack prevention, because the threshold for miners to join is also higher.

  • Proof of Equity  PoS

Almost all of the equity certificates are capital costs (deposited currency), and the only operating cost is the cost of operating nodes. Now, how much capital are you willing to lock in to get a reward of $1 a day? Unlike ASIC, the deposited currency will not be depreciated. After the pledge is completed, the pledged currency can be retrieved after a short waiting period. Therefore, participants should be willing to pay higher capital costs for the same number of incentives.

We assume that the return rate of about 15% is enough to encourage people to bet (this is the expected return rate of Ethereum 2.0). Then, every day$ The reward of 1 will attract the return of 6.667 years of deposit, namely $ 2433。 The cost of hardware and electricity for a node is very small, while the cost of a 1000 yuan computer can support the pledge of several hundred thousand dollars, which is about $ The electricity and network charges of 100 yuan are enough to meet this demand. But to be conservative, these continuous costs account for about 10% of the total pledge costs, so only about$ The reward of 0.9 finally corresponds to the capital cost, so the above data needs to be reduced by about 10%.

Total attack cost: $0.9 per day * 6.667 years$ two thousand one hundred and eighty-nine

In the long run, with the increase of the pledge rate, this cost is expected to be higher. I personally predict that this number will eventually rise to about $10000.

The only "cost" of maintaining such a security system is that the assets in the bet are illiquid. It may even happen that the public knows that these assets are locked up, which will lead to a rise in the currency price, so the total amount of funds floating in the community ready for investment remains unchanged! In PoW, the "cost" of maintaining consensus is to consume a large amount of power.

  • Higher security or lower cost?

There are two ways to achieve 5-20 times of safety gain at low cost. One is to keep the block out reward unchanged and benefit from improving security; The other is to reduce the reward for block out on a large scale (thus reducing the "waste" of the consensus mechanism) and keep the security level unchanged.

Both methods are OK. Personally, I prefer the latter, because we will see below that in the proof of rights and interests, even a successful attack is much less harmful than the attack in the proof of workload, and it is much easier to recover!

2. Under the PoS consensus mechanism, it is easier to recover from attacks.

In the PoW network, if your chain is attacked by 51% of the chain, what can you do? So far, the only response in practice is to "wait until the attacker takes the initiative to revoke the attack". However, this ignores the possibility of a more dangerous attack, which is called the Pawn Camping Attack. The attacker attacks again and again with a clear purpose of paralyzing the whole chain.

In a GPU based system, without any defense measures, a persistent attacker can easily permanently disable the entire chain (or switch to PoS or PoA). In fact, after a few days of the attack, the cost of the attacker may be reduced to a very low level, because honest miners cannot get a reward in the attacked chain to exit.

In the ASIC based system, the community can deal with the first attack, but then become helpless. First, the community will change the PoW algorithm through hard bifurcation to deal with the first attack, thus "locking" all ASICs (attackers' and honest miners'). However, if the attacker is willing to bear the initial cost, after that, the situation will revert to the same as that of the GPU (because there is not enough time to build and distribute new algorithms to the ASIC), so the attacker can continue the spawning camp attack cheaply, which is inevitable.

Of course, it will be much better in the case of PoS. For some types of 51% attacks (especially rollback of the finally determined block), there is a built-in "Slashing" mechanism in the proof of interest. Through this mechanism, most of the attacker's equity (not including others') will be automatically destroyed.

For other attacks that are more difficult to find (51% of coalition reviews - A 51% coalition centring everyone else), the community can coordinate on the soft fork (UASF) activated by a few users, and most of the attacker's funds are destroyed again (in Ethereum, this is done through "Inactivity Leak Mechanism"). There is no need for a clear "hard fork currency elimination". In addition to the requirement to coordinate the selection of a few blocks on the UASF, the rest are automatic and only need to be implemented according to the protocol rules.

Therefore, the first attack on the chain will cost the attacker millions of dollars, and the community will return to normal in a few days. The second attack will still cost the attacker millions of dollars because they need to buy new coins to replace the destroyed old coins, while the third attack will cost more. This game is asymmetric and very detrimental to attackers.

3. PoS is more decentralized than ASIC.

The PoW based on GPU mining is reasonably decentralized, so it is not difficult to obtain a GPU. However, mining based on GPU is basically not up to the "safety" standard we mentioned above. Mining based on ASIC requires millions of dollars to enter (if you buy ASIC from others, most of the time, mining machine manufacturing companies will make more profits).

This is also the correct answer to the common "proof of equity means that the rich are richer" argument. ASIC's mining also means that the rich are richer, and this game is limited to the rich. At least in PoS, the minimum amount required for pledge is quite low, and many ordinary people can afford it.

In addition, PoS is more resistant to scrutiny. GPU and ASIC mining are very easy to find: they need a lot of power consumption, expensive hardware procurement and large warehouses. PoS can be completed on an inconspicuous laptop or even through VPN.

Advantages of PoW

I think PoW has two real advantages, although I think these advantages are very weak.

1. PoS is more like a "closed system", which takes a long time to concentrate wealth.

In PoS, if you have some coins, you can pledge them for more rewards. In PoW, you can earn more rewards, but you need more external resources. Therefore, we can say that in the long run, PoS  The distribution of Chinese currency is likely to become more and more centralized.

The general reward (verifier's income) in PoS is very low; In Ethereum 2.0, we estimate that the annual verifier award is equivalent to  ETH  The total supply of about 0.5-2%, and the more verifiers, the lower the interest. Therefore, centralization may take more than a century to double, and on such a time scale, other pressures (people want to spend money, distribute money among charities or children, etc.) are likely to dominate.

2.  PoS needs "weak subjectivity", while PoW does not

About the concept of "weak subjectivity" (see the original introduction of V God). Essentially, when a node is online for the first time, or when any node is online after being offline for a long period of time (that is, several months), the node must find some third-party sources to determine the correct chain head. This may be their friends, exchanges, block search websites, client developers, etc. But PoW does not have this requirement.

It can be said that this requirement is easy to implement. Users need to trust the content provided by the client developer or community to some extent. At a minimum, users need to trust someone (usually a client developer) to tell them what the protocol is and any updates to the protocol. This is inevitable in any software application. Therefore, the marginal additional trust requirements brought by PoS are quite low.

Even though there may be some risks, I still believe that the PoS network has far more advantages than PoW  Network efficiency and resilience.

By Vitalik Buterin

Original link: Why Proof of Stack (Nov 2020)

Compiled by: Tyronepan Bifrost Finance,

Source: Chain Catcher