Cointelegraph is following the development of an entirely new blockchain from inception to mainnet and beyond through its series Inside the Blockchain Developer’s Mind. In previous parts, Andrew Levine of Koinos Group discussed some of the challenges the team has faced since identifying the key issues they intend to solve and outlined three of the “crises” that are holding back blockchain adoption: upgradeability, scalability and governance. This series is focused on the consensus algorithm: Part 1 is about proof-of-work, Part 2 is about proof-of-stake and Part 3 is about proof-of-burn.
This article is the second in my series about consensus algorithms, in which I leverage my unique perspective to help the reader gain a deeper understanding of this often misunderstood concept. In the first article in the series, I explored proof-of-work (the OG consensus algorithm) and, in this article, I’ll be exploring proof-of-stake.
As I explained in the last article, from a game theoretical perspective, blockchains are a game in which players compete to validate transactions by grouping them into blocks that match the blocks of transactions being created by other players. Cryptography is used to hide the data that would allow these people to cheat, and then a random process is used to distribute digital tokens to people who play by the rules and produce blocks that match the blocks submitted by other people. These blocks are then chained together to create a verifiable record of all the transactions that were ever performed on the network.
When people produce new blocks with different transactions in them, we call this a “fork,” because the chain is now forking off into two different directions, and what ensures that everyone updates their database to match one another is how they are punished when they do not.
The real innovation in Bitcoin (BTC) was the creation of an elegant system for combining cryptography with economics to leverage electronic coins (now called “cryptocurrencies”) to use incentives to solve problems that algorithms alone cannot solve. People were forced to perform meaningless work to mine blocks, but the security stems not from the performance of work, but the knowledge that this work could not have been achieved without the sacrifice of capital. Were this not the case, then there would be no economic component to the system.
The work is a verifiable proxy for sacrificed capital. Because the network has no means of “understanding” money that is external to it, a system needed to be implemented that converted the external incentive (fiat currency) into something the network can understand — hashes. The more hashes an account creates, the more capital it must have sacrificed, and the more incentivized it is to produce blocks on the correct fork.
Since these people have already spent their money to acquire hardware and run it to produce blocks, their incentivizing punishment is easy because they’ve already been punished! They spent their money, so if they want to continue producing blocks on the wrong chain, that’s fine. They won’t earn any rewards and they won’t make their money back. They will have sacrificed that money for nothing. Their blocks won’t get accepted by the network and they won’t earn any tokens.
This proof-of-work system ensures that the only way someone who does not want to play by the rules (a.k.a. a malicious actor) is to acquire and run more hardware than everyone else combined (i.e., mounting a 51% attack). This is the elegance behind proof-of-work. The system can’t not work without sacrificing ever increasing amounts of capital. Proof-of-stake, however, operates in a fundamentally different way that has important game theoretical consequences.
Related: Proof-of-stake vs. proof-of-work: Differences explained
Proof-of-stake (PoS) was first proposed in 2011 by Bitcointalk forum member QuantumMechanic as a less costly (for the miner) alternative to proof-of-work:
“I'm wondering if as bitcoins become more widely distributed, whether a transition from a proof of work based system to a proof of stake one might happen. What I mean by proof of stake is that instead of your ‘vote’ on the accepted transaction history being weighted by the share of computing resources you bring to the network, it's weighted by the number of bitcoins you can prove you own, using your private keys.”
Instead of forcing block producers to sacrifice capital to acquire and run hardware in order to gain the ability to earn block rewards, in proof-of-stake, the token holders need only sacrifice the liquidity of their capital in order to earn block rewards. People who already hold the token of a network are able to earn even more of that token if they give up the right to transfer those tokens for some period of time.
This is an attractive offer to people who are used to sacrificing money to purchase and run hardware in order to earn block rewards. Proof-of-work is great for the bootstrapping of a cryptocurrency bu, once that phase is over, the holders of this valuable currency find themselves having to exchange the fruits of their labor — that valuable currency — for an external currency (frequently, the fiat currency they are ostensibly competing with) to purchase capital equipment and energy just to maintain their system.
Related: Proof-of-stake vs. proof-of-work: Which one is 'fairer'?
Proof-of-stake is great for enabling these people to increase their profit margins while allowing them to maintain control of the network. The problem is that it decreases network security because the malicious actor no longer needs to sacrifice their money on a large amount of hardware and run it to mount an attack. The attacker need only acquire 51% of the base currency of the platform and stake it to take control of the network.
To thwart this attack, PoS systems must implement additional systems to “slash” the block rewards of a validator who is found to have produced irreversible blocks on a “losing” chain (“slashing conditions”). The idea being that, if someone acquires 49% of the token supply and uses that stake to produce blocks on a losing fork, they will lose their staked tokens on the main chain.
These are complicated systems designed to “claw back” block rewards from user accounts, which adds to the computational overhead of the network while raising legitimate ethical concerns (“Is it my money if it can be slashed?”). They also only work if the attacker fails to acquire 51% of the token supply. This is especially problematic in a world with centralized exchanges that feature custodial staking. This means it is entirely possible for an exchange to find itself in control of over 51% of a given token supply without having incurred any risk, making the cost of an attack de minimis. In fact, this has already happened in recent history on one of the most used blockchains in the world, at one time valued at nearly $2 billion: Steem.
An excellent history of that event can be found here. The important details for our purposes, according to that account, are that the funds held by three exchanges were successfully used to acquire 51% control of a major blockchain. Taking the most charitable perspective of all participants, it simply “cost” all of these entities very little to take control of the chain because they had acquired large stakes at very low cost. In fact, centralized exchanges are literally paid to accumulate large stakes because their purpose is to function as centralized custodians of tokens.
Related: How the Steem saga exposes the dangers of staking pools
Implementing these slashing conditions is by no means trivial, which is why so many proof-of-stake projects like Solana have, by their own admission, launched with centralized solutions in place and why so many other projects (like ETH 2.0) are taking so long to implement PoS. The typical solution is to give a foundation a large enough stake so that it alone has the power to determine who is a malicious actor and slash their rewards.
To sum up, proof-of-work is good for bootstrapping decentralization, but it is inefficient. Proof-of-stake is good for lowering the operating costs of a decentralized network relative to proof-of-work, but it further entrenches miners, requires complex and ethically questionable slashing conditions, and fails to prevent “exchange attacks.”
What I will discuss in my next article is the hypothetical question of whether there is a “best of both worlds” solution that delivers the decentralization and security of proof-of-work with the efficiency of proof-of-stake. So, stay tuned!
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.