In PoS, the overall reward (and verifier’s income) will be very low; in eth2, we expect the verifier’s annual reward to be equal to ~0.5-2% of the total ETH supply. The more coins pledged by validators in the network, the lower the rate of return. Therefore, it may take more than a century before the currency concentration doubles, and on this time scale, other pressures (such as people want to spend money, or allocate money to charities or To your own children, etc.) may be dominant.
Original title: “Why Proof of Stake (Nov 2020)”
Written by: Vitalik Buterin
Compile: Unitimes_David
Compared with PoW, PoS is a superior blockchain security mechanism for three key reasons.
01. PoS provides higher security at the same cost
The easiest way is to compare PoS and PoW in this respect, that is, for every dollar of block reward per day, what is the cost of attacking the network.
GPU-based PoW
You can rent GPUs cheaply, so the cost of attacking the network is just renting enough GPU computing power to catch up with the cost of existing miners. For every $1 in block rewards, existing miners should spend close to $1 in cost (if their costs are higher, miners will withdraw because they are unprofitable, and if their costs are lower, new mines Unions join and get high returns). Therefore, for every $1 in block rewards, the attacker only needs to spend more than $1 in a short period of time and only a few hours when attacking the network.
The total cost of the attack: ~$0.26 (assuming the attack duration is 6 hours). Since the attacker can obtain block rewards, the attack cost can be reduced to zero.
ASIC-based PoW
ASIC equipment is a capital cost: once you buy an ASIC device, you can expect it to be useful in about 2 years until it wears out and/or is obsolete by newer and better hardware. If a blockchain is 51% attacked, the community may respond by changing the PoW algorithm, and your ASIC will lose its value.
On average, mining costs include about 1/3 of ongoing costs and about 2/3 of capital costs (see here for information sources). Therefore, for every dollar of block reward per day, miners will spend about $0.33 per day on power and maintenance, and the daily cost of ASIC is about $0.67. Assuming that an ASIC device can be used for about 2 years, the miner will need to spend $486.67 on an ASIC hardware.
The total cost of the attack: US$486.67 (ASIC) + US$0.08 (power + maintenance) = US$486.75
Having said that, it is worth noting that although ASIC provides this higher level of security, the price paid is high mining centralization because the barriers to entry will become very high.
Proof of equity
Proof of Stake (PoS) is almost entirely the cost of capital (collateral pledged), and the only operating cost is the cost of running the node. So, how much money are people willing to pledge in order to get a reward of $1 per day? Unlike ASIC devices, the pledged coins will not depreciate. When you want to end the pledge, you can retrieve the coins after a short delay in withdrawal of funds. Therefore, PoS participants should be willing to pay higher capital costs for the same amount of rewards.
We assume that a rate of return of about 15% is sufficient to motivate people to participate in PoS staking (this is the expected rate of return of eth2), then the value of the staking funds attracted by the reward of 1 USD/day will be equivalent to 6.667 years of staking income, which is 2433 Dollar.
The hardware and power costs of a PoS node are very small; a computer worth a thousand dollars can be used to pledge hundreds of thousands of dollars in deposits, and a monthly electricity bill of about $100 and the Internet are sufficient. But conservatively speaking, we can say that these ongoing costs are about 10% of the total cost of participating in the pledge, so we only have a reward of $0.90 per day to deal with the cost of capital, so we do need to reduce the above number by 10%.
The total cost of the attack: 0.90 USD/day * 6.667 years = 2189 USD
In the long run, as staking becomes more efficient and people are gradually satisfied with a lower rate of return, the cost of attack is expected to be higher. I personally expect this figure (total cost of the attack) to eventually rise to around $10,000.
Please note that the only “cost” of obtaining this high level of security is just a little inconvenience, that is, you cannot move your pledged coins at will when you participate in staking. It may even be the case that the public knows that all these coins are locked, which will push the value of the coins to rise, and the total amount (ie the total amount of pledged coins) in the community that is ready to be used for productive investment and other purposes is maintained constant! In PoW, the “cost” of maintaining consensus is the massive consumption of real power.
Higher security or lower cost?
It is worth noting that there are two ways to take advantage of this 5-20 times advantage in terms of security costs. One is to keep the block rewards unchanged and benefit from increased security; the other is to significantly reduce the block rewards (thus reducing the “waste” of the consensus mechanism) and keep the security level unchanged.
Either way. I personally prefer the latter because, as we will describe below, even a successful cyber attack in PoS will cause much less damage than in PoW, and it is easier to recover from the attack. !
02. PoS is much easier to recover from an attack
In a PoW system, if the blockchain is 51% attacked, what can you do? So far, the only countermeasure in practice is to “wait until the attacker is bored.” But this misses the possibility of a more dangerous attack called a “spawn camping attack” in which the attacker attacks the blockchain over and over again, with the clear goal of making the chain useless .
In a GPU-based system, without defenses, a persistent attacker may easily make the blockchain permanently useless. In fact, after the first few days, as miners withdraw because the chain is attacked and cannot get rewards, the cost of attackers may become very low.
In an ASIC-based system, the community can respond to the first attack, but it will be easy to continue the attack afterwards. The community will respond to the first attack by changing the PoW algorithm through a fork, thereby “blocking” all ASICs (including attackers and honest miners!). However, if the attacker is willing to bear the initial cost, then the situation will return to the GPU situation after that (because there is not enough time to build and distribute ASIC equipment for the new algorithm), so it is inevitable that the attacker is now It will be possible to continue the attack cheaply.
But in the case of PoS, the situation is much better. For certain types of 51% attacks (especially revert has been finalized in the region), PoS consensus has a built-in “slashing” (penalty) mechanism, through this mechanism, most of the attacker’s deposit can be automatically destroyed ( Other non-attackers’ geological deposit will not be affected).
For other attacks that are difficult to detect, the community can coordinate a soft fork (UASF) activated by fewer users. In this fork, the attacker’s funds are once again destroyed (in Ethereum, this is done through The “inactivity leak mechanism” mechanism is completed). There is no need to “destruct coins through a hard fork”; except for the need to coordinate on the UASF to select a few blocks, all other operations are automated and can be performed only by following the protocol rules.
Therefore, the first attack on the PoS blockchain will cost the attacker millions of dollars, and the community will recover within a few days. The second attack on the blockchain will still cost the attacker millions of dollars because they will need to purchase new coins to replace the ones that have been destroyed. And the third time will… cost millions of dollars. This attack game (costs and benefits) is very asymmetric, so it is not favored by attackers.
03. PoS is more decentralized than ASIC
GPU-based PoW is more reasonable in terms of decentralization, because it is not difficult to obtain a GPU. However, GPU-based mining has largely failed to meet the “security against attacks” standard we mentioned above.
On the other hand, ASIC-based mining requires millions of dollars in funds to enter the market (if you buy ASICs from other people, most of the time, the profits of the ASIC manufacturing company will be much higher).
This is also the correct response to the common argument that “PoS means the rich get richer”: ASIC mining also means the rich get richer, and this game is more inclined to the rich. At least in PoS, the minimum investment required (the pledge threshold) is very low and is within the tolerance of many ordinary people.
In addition, PoS is more censorship resistant. Both GPU mining and ASIC mining are very easy to review: they require a lot of power consumption, purchase expensive hardware, and use large warehouses. On the other hand, PoS pledge operations can be done on humble laptops or even VPNs.
Possible advantages of PoW
I found that PoW has two main real advantages, although I think these advantages are quite limited.
01. PoS is more like a “closed system”, which will lead to higher concentration of wealth in the long run
In PoS, if you hold coins, you can pledge the coins to get more coins. In PoW, you can also earn more coins, but you need to use some external resources to achieve it. Therefore, it can be said that in the long run, the distribution of PoS coins may become more and more concentrated.
I think the main response to this view is that in PoS, the overall reward (and verifier’s income) will be very low; in eth2, we expect the verifier’s annual reward to be equal to ~0.5-2% of the total ETH supply. The more coins pledged by validators in the network, the lower the rate of return. Therefore, it may take more than a century before the currency concentration doubles, and on this time scale, other pressures (such as people want to spend money, or allocate money to charities or To your own children, etc.) may be dominant.
02. PoS requires “weak subjectivity”, but PoW does not
For an introduction to the concept of “weak subjectivity”, please see here . Essentially, if a node goes online for the first time, and after the node goes offline for a long period of time (such as several months), it goes online again at any subsequent time. The node must find a third-party resource to determine the correct blockchain chain head. This third party may be his friend, it may be an exchange or a blockchain browser website, or a client developer, or many other participants. PoW does not have this requirement.
However, it can be said that this is a very weak requirement. In fact, users already need to trust the client developer and/or “community” to this extent. At the very least, users need to trust someone (usually a client developer) to tell them what the protocol is and any updates to the protocol. In any software application, this is inevitable. Therefore, the marginal additional trust requirements imposed by PoS are still very low.
However, even if the above-mentioned PoS risks are indeed worth noting, in my opinion, compared to PoS systems with higher efficiency and better ability to deal with and recover from attacks, these risks are still very low.
See also my previous article on proof of equity.
Proof of Stake FAQ
A Proof of Stake Design Philosophy
Source link: vitalik.ca
