Can someone explain to me how PoS is not centralized? The whole point of crypto and the blockchain is decentralization, no? I feel like crypto/blockchain will end up looking nothing like how it was intended, and be regulated to the point that it's just the next iteration of the traditional banking system, where the current power holders continue holding the power. Maybe I was naive to ever think it would be any different.
How is it more centralized than PoW? I see multiple factors that hamper decentralization:
- Fixed costs that act as barrier of entry
- Economies of scale that lead to centralization
- Geographic factors (operation costs being different in different parts of the world, regulation/taxation, supply chain...)
This is how I see each factor playing out in both scenarios:
- Fixed costs: PoS runs on consumer-grade hardware, while PoW requires specific HW (ASICs or high-grade GPUs). PoS requires a minimum amount of stake but there are pooling solutions, which effectively make this minimum non existent. All in all PoS is at advantage here, unless you want to insist on solo staking in which case PoW is at advantage.
Analogy: This would be equivalent to flat fees to open a savings account or a minimum amount balance required to open it.
- Economies of scale: In PoS they are almost non-existent. You don't stake more efficiently by having a more powerful machine. You just get to reuse the same HW for more nodes but since fixed costs are low this has a very small impact. In PoW there are economies of scale, though, better/more expensive ASICs can mine more efficiently than smaller/cheaper ones. Same with GPUs. Someone with more initial capital can get ahead faster in PoW, while in PoS earns at a same rate as everyone else.
Analogy: This would be equivalent to the interest rate you get in your savings account being dependent on how much money you have. In PoW, the richer you are the higher interest rate you get from your bank, in PoS everyone gets the same.
- Geographic factors: Cheap access to energy has a large impact on PoW as it dictates most of your OpEx. In PoS this is largely irrelevant (PoS is 99.95% more energy efficient than PoW). Taxation/regulation would need its own analysis but I imagine is equally spread across both alternatives. Supply chain is again in favor of PoS as it can run on general-purpose HW, while ASICs are heavily centralized around a single manufacturer.
Analogy: This would be equivalent to different geographic locations resulting in different conditions for maintaining open your bank account or taxing your accrued interest.
In practice exchanges end up holding most of the crypto, and they will decide how to use the crypto in PoS. With PoW it looks like miners/pools will quite rarely work as exchanges, so the powers tend to be separated. With PoS, it looks like exchanges will basically run Ethereum, and it look something like Blockstream Liquid, where group of exchanges basically mint the blocks.
This is exactly right. Too many folks assume PoW is more decentralized because it's not tied to money, but what's the difference if mining requires money? As you note, PoS lowers the barrier to entry and actually creates a more egalitarian system, despite with Bitcoin maximalists think.
PoS doesn't exactly lower the barrier to entry. Anyone with a GPU can mine (very unlikely to be profitable as a stand alone miner)...but staking 32ETH is a pretty high cost right now ($90Kish).
However both can be overcome by pooling money or hash power...but then again that doesn't lead to more decentralization.
Decentralized pools like Rocketpool do lead to more decentralization and are almost not affected by the economies of scale issue mentioned above (there is a small commission to pay to the operator).
While pooling hashpower doesn't solve the economies of scale mentioned above. If your hashrate per kW is bad you will get a very poor yield on your investment. There is also a commission to pay to the pool operator. Pooling in PoW serves only to receive a more consistent revenue stream.
Pooling in PoW still means the pool operators are the ones to vote on proposals through the block mining. That is the whole point of decentralization...if one or two large pools (Ethermine and Sparkpool) get too big then they can sway proposals almost single handedly (they have 45% of ETH hash rate now).
> That is the whole point of decentralization...if one or two large pools (Ethermine and Sparkpool) get too big then they can sway proposals almost single handedly…
If the pool operators don't actually own the mining hardware then their power is limited to what the participants in the pool, who do own the hardware, allow them to do. If as an individual miner you don't like what your pool operator is doing you can always switch to another pool and take your delegated influence with you. Most proposals require supporting votes in many blocks before they take effect, so you have time to choose a more representative operator.
Can't you just stake more coins in PoS and receive more income? I though this was how PoS coins worked. How else would you even have a notion of people requried to satisfy the condition "all people get the same amount"? Surely not photo ID?
Stakers in a PoS system are incentivized to do what's best for the network. It wouldn't make sense for them to stake large amounts of funds and do something that could make Ethereum less valuable. The current marketcap of Ethereum is $325B, so a 51% attack in a PoS system means the attacker would need $165B. Even if a really bad attack occurred, the majority of validators can decide to fork (eg DAO fork). The social layer of Ethereum is a hidden force and I believe the majority are honest actors that would support any Ethereum improvement proposals that make the network more fair and decentralized.
But "control policies" require by definiton the market to already be cornered by whoever is trying to control it. Without being cornered the market will be cornered?
Is there a law of the internet describing the phenomenon whereby any comment criticising cryptocurrency will promptly elicit a response comment proffering a cryptocurrency that's somehow different and "not like those other cryptos"?
If not, you should name it yourself. The Ellie Kelly effect - whereby any mention of a flaw in a cryptocurrency is met with a rebuttal of the one true cryptocurrency, usually obscure and with little traction.
May I ask you to elaborate a bit? What is they are centralized around? Capital? Misbehaving capital can easily be destroyed in PoS by a fork. Please see Steem/Hive case.
I think the idea is that if piles of money grow proportionally to their size, the biggest pile of money will grow the fastest, effectively becoming the central point where power is concentrated.
With proof of work, the same effect exists, thought it involves a loop where hashrate is exchanged for money, which is converted into more efficient hashrate at a TSMC fab.
An actor that openly attacks the network will quickly be blacklisted in either system, but when you control a majority of the money there are other ways to influence the system that don't involve breaking a formal rule.
Disclaimer: I don't have the faintest clue what I'm talking about. I only have passing familiarity with cryptocurrencies, and I've read one or two of their whitepapers.
>…effectively becoming the central point where power is concentrated.
More ETH/= more power. In my understanding, an attacker would need to control half of all staked ETH to stage a 51% attack, which would require many billions of dollars. But actually exercising this control by attacking the network would undermine the network’s security/utility, potentially sending ETH to zero and obliterating the wealth of the attacker.
This is, supposedly, a strength of PoS: the more ETH you have, the less incentive you have to attack/destroy the system.
In addition, certain classes of attack will cause the attacker's stake to be automatically forfeit via slashing. So in that case not only is the wealth of the attacker obliterated, but their stake itself is destroyed and the network can continue onward as if their stake never existed.
In such a situation, the price effect of the negative news from the attack would be partially canceled out by the jarring reduction in ETH supply.
Right, though I think I address that in my comment.
Trying to cheat through the protocol is uninteresting. You don't destroy the system by breaking L1 rules, any such attack if successful would just get rolled back by hardfork (and nevermind the 'staked money is lost if cheating is detected' system, no one would willingly trigger it).
More ETH is automatically equal to more power, because that's exactly what money is defined to be. We trade it as power.
I don't believe they could - the protocol has some mitigations against this including an inactivity/censorship fee that applies equally to every staker.
I really wish the current global monetary system based on the US dollar would be this simple to change as just creating a fork. Wait, it's actually the US military (which is still the largest in the world) that's backing the whole monetary system? Ah, shucks.
- My money is secured by a private key and nobody can touch it ever unless they get my private key. I can simply be cautious about my private key and I know there is no other way anyone can ever get my money
- I can fill out a text box with the amount I want to send and press send
- I don't have to deal with some harebrained naming system. I can literally just send to someone's public key. This is literally how cryptography is inteded to work. It's up to _me_ how I obtain his public key.
- Monero etc exists (admittedly, not sure if it still works when someone has all the mining/stake power)
- Some guy is getting rich because he owns more miners or stake
Fiat:
- My password is 8 digits (this is not even an exaggeration, some of the biggest banks in my country do this)
- The bank might give all my money away if someone knows where I ate KFC last
- My money may be stolen for other reasons, because the bank wont tell me what data I need to keep private to avoid having someone transact as me
- The ID they use for authentication was also given to some 30 other e-commerce platforms and cannot be considered secure
- There is almost certainly a way to get into my account without the password
- I have to be paranoid and try to keep random trivia private such as how much I payed on an electricity bill
- I have to type codes from insecure SMS on a phone that I do not want in the first place, because the bank and all e-commerce platforms considers me an idiot and does not even give me an option to turn that shit off
- If I transfer from one country to another, my transaction may be blocked
- If I transfer some certain amount, my transfer may be blocked
- If I use a certain IP address, my transfer may be blocked
- If I transact at a certain time, my transfer may be blocked
- If I update Firefox too fast or too slow, my transfer may be blocked
- If I click buttons to fast or too slow, my transfer may be blocked
- Someone might hack my computer because it has a Big 4 web browser and the giant stack of software required to support that, instead of a hypothetical OS where people care about security and don't use C, at the cost of some microseconds.
- If I change my email address (which I don't want associated to banking in the first place) for some reason, my transfer may be blocked
- When I call the bank, I have to be polite and try to avoid saying anything suspicious (in their own mind) that will make them hold my money yet longer. I will have to supply them will all kinds of nonsense like where I ate KFC last, more ID, and a "phone password"
- My transactions may be permanently blocked and there's nothing I can do about it because the bank reps just talk to a black box "risk analysis" machine and at some point there's no way to override its decisions
- Money I receive can be "reversed" for all kinds of bogus, emotional, and/or "risk analysis" reasons
- The bank can just take my money and claim I was hacked. They have N pieces of my photo ID, address, phone number, email, and much more, and so they can choose a few people they don't like and do this to only them
- I have to interact with my bank through web pages that crash every 3 button clicks, and PDF files that may or may not render correctly (or snail mail, which is equally full of bad security)
- Some guy is getting rich because he's positioned a certain way with the bank
TL;DR even if the top cryptocurrencies were effectively centralized by one entity controlling all miner/staking power, I would still want to use them at least for transacting, just so I can have a sane interface to money.
The key distinction is that PoW is permissionless, whereas PoS is permissioned.
Bitcoin is secured by hashpower, which is produced by physical capital outside the network. Nobody needs to ask for permission to start hashing and trade kilowatts for sats.
PoS networks are secured by on-chain assets. This means you can't "mine" it without first buying tokens from someone who already owns them. You need permission from an existing player in order to start participating.
Another aspect of this is 51% attacks are recoverable for PoW, but are a permanent takeover condition for PoS networks. If a single entity ever accumulates more than half the tokens on a PoS network, they are unassailable.
> You need permission from an existing player in order to start participating.
This is an incorrect explanation of what a permissioned blockchain is. A permissioned blockchain is one in which the ability to add blocks is limited to a certain collection of entities whose public keys are hard coded into the blockchain's consensus mechanism. We don't say that needing to buy tokens constitutes needing "permission" any more than you need permission from a chip manufacturer to buy ASICs to mine a PoW cryptocurrency.
Manufacturing ASICs from scratch requires a lot of capital, but it is fundamentally possible. There is no way to acquire a permanent, unassailable monopoly over ASIC hardware in general.
It is possible to acquire an unassailable monopoly over PoS tokens. You might be able to buy scraps from random traders, but will the >51% whale be willing to sell their core holdings when they can simply live off their staking yield?
>A permissioned blockchain is one in which the ability to add blocks is limited to a certain collection of entities
I agree. Ripple is an example of a chain which explicitly follows that model. PoS regresses to something like this because a 51% majority attacker can control consensus.
> There is no way to acquire a permanent, unassailable monopoly over ASIC hardware in general.
Is ASIC hardware made of silicon? In that case, an entity who owns the entire supply of silicon has a "permanent, unassailable monopoly over ASIC hardware in general".
OP's argument is that PoS is a problem because the supply of tokens is finite, and that PoW doesn't have the same problem because it relies on physical capital instead.
What are the advantages of a permissioned blockchain over the same collection of entities without the blockchain? If you have a set of trusted entitites that sign and publish the data, why do they need the blockchain part?
One entity can sign and publish the data, but that doesn’t mean everyone agrees with it. If everyone agrees, they yes they could all sign the data as well. And if the ordering of the data is important, might as well put in a pointer to the previous data. And now we have a blockchain!
I also generally understood permissionless to mean sybil attack resistant without closed membership which is the unique property of pow and pos systems.
>Another aspect of this is 51% attacks are recoverable for PoW, but are a permanent takeover condition for PoS networks. If a single entity ever accumulates more than half the tokens on a PoS network, they are unassailable.
This is not true. PoS has many design flavours and the one Ethereum is planning on implementing includes random selection of validators and the amount staked has no influence on the inclusion or the vote "weight".
Also with PoS an attacker will always incur economic losses similar to having your mining rig burning down if you were to try to foce a bad block through. In PoW networks attackers can keep on mixing attacks with producing normal blocks and remain profitable
If amount staked has no influence on inclusion or vote weight then what’s to stop a large ETH holder from splitting their wallet into several smaller wallets with the minimum staking balance and just gaining vote weight that way?
IIRC they have written blog posts in the past saying just as much.
Without losing their stake to slashing penalties, though, the worst kind of attack 66% (not 51% iirc) can do anyways is a censorship or denial of service attack. Which is bad, but at least they can't revert transactions or double-spend like in a PoW model.
> Another aspect of this is 51% attacks are recoverable for PoW
You can switch the protocol once. Making ASICs useless. But you can't do it twice.
> but are a permanent takeover condition for PoS networks.
This is false in both theory and practice. It is true that PoS does not offer in-protocol solution for the problem. But there is a historical precedent of people forking away money of Justin Sun in Steem project, creating Hive. Community has followed the fork, basically destroying Justin's Sun funds.
The incredibly illuminating thing about cryptocurrency hard forks, is that it reveals that money is just a numeric measure of the social relationships people have towards each other, and as a result the ledger and its rules can be dynamically changed according to the needs and desires of the people (in constrast to what many naive metallists say that money is and should be a fixed store of value such as gold). I think crypto people have been generally focusing too much about the ideal, technical aspects of absolute distributed, immutable ledgers, and focused less about the social, political aspects of their work.
It is this aspect that I view the current Ethereum hard fork as one of the most important test the crypto scene had in a while - it's more of a political test than a technical one. I'm assuming that there will be quite some friction between the miners and the owners - and I'm interested in how it would turn out. Those two groups are dependent of each other for their existence, and the rift between them would potentially be the demise of the project. Will the project succeed in establishing a governance structure that would address both the needs and desires of both groups? Or will the project go into tyranny with one group dominating over the other (which would eventually lead to everyone's downfall)? In other words, this will be more of a test of governance than about technology. I don't have high hopes for the miners though, since there's just too much investor pressure from all the crypto craze that hasn't really been stopped since the coronavirus, and the miners doesn't seem to have a strong enough coordinated willpower to land an effective strike.
It seems like this argument proves too much for your purposes, in the sense that it can be used to show that neither algorithm is any good as far as distributed governance is concerned.
While it’s true that you can’t buy Bitcoin (for example) unless someone else is selling, most people aren’t concerned about market liquidity for buyers due to whales being unwilling to sell. The permission to buy doesn’t seem hard to get?
Also, for the most part, people are happy when the price goes up, which is what happens when there are more buyers than sellers.
I guess in theory, money drops could distribute ownership more widely and that would be more equitable, but this sort of inequality (some people have a lot more Bitcoin than others) isn’t normally considered too much of a problem.
But if you’re going to take distributed governance seriously, neither proof-of-work nor proof-of-stake give ordinary people much of a say in how things go. In this way it’s similar to the stock market, where we’re told our votes are meaningful but in practice they aren’t unless you have a huge amount of shares. Participating in governance is usually an illusion and it’s not normally why you invest, unless you’re a corporate raider or something.
It's not about distributed governance; it's about abusing a dominant role in consensus. PoS is easier to capture, allowing the dominant party to censor and manipulate the settlement chain.
As for governance, with Bitcoin everyone is equally powerless to dictate how things should go. If you appreciate the fixed ruleset, you can choose to participate.
Ethereum is far more nebulous, being piloted by a foundation which hardforks the protocol at will.
>>PoS networks are secured by on-chain assets. This means you can't "mine" it without first buying tokens from someone who already owns them. You need permission from an existing player in order to start participating.
Only in the most pedantic sense of 'permission'. There will always be thousands of disparate parties, across numerous markets, with offers to sell their ETH. It will never be harder to procure ETH than to procure hash-generation hardware.
Computing power is just a proxy for capital/resources. Why not be more efficient and use the capital directly and save power in the meanwhile.
Current market cap of ETH is ~$324B, thus getting 50.1% of ETH would require $162.3B in capital. However, as soon as you start acquiring ETH the price will increase, especially at those large volumes.
It would be insanely hard to come up with enough resources to buy enough ETH in a POS world to take over the network. Never mind the fact that as soon as it's become evident you've taken over the network the value of the network is essentially worthless and you've just destroyed billions of dollars worth of capital in the process.
I wonder if a state actor could pull it off more cheaply. Start buying large amounts while letting it leak that you're going to take over the network. See if enough people will panic-sell on the leak to drop the price of your takeover.
It's kinda like taking over a condo building on a much larger scale: the people you buy out first can charge a premium; by the end, you set the terms.
Why would people sell rather than fork to a version of the network where those ETH did not exist? One of the benefits of POS is that when you fork away from a malicious actor, they have to start over from the beginning while in POW, they can just point their hardware to your new chain unless you change the mining algorithm and screw over all the other miners.
This is exactly what happened with Ethereum in the early days when a bad actor was able to exploit a third-party contract to the tune of 5% of all ETH.
The Ethereum everyone talks about today is the fork, due to the Ethereum Foundation which owns the trademark leading the fork.
The Ethereum blockchain with the unaltered history is called Ethereum Classic
Note that the way this fork was pulled off was very ad-hoc.
Ethereum devs were unable to create a legitimate transaction reverting the DAO funds because they do not have access to the hackers' private key. The reversion was done with a "surgical state change" hardcoded into the client itself.
Think of it this way, if another company announces they're planning to buy a publicly traded company, what happens to the value of the shares?
The price goes up, you've just made it more expensive for yourself to take over the network.
If you were to attempt to take over you'd be better to do so in silence. However, it would be hard to hide that kind of control and wealth when every information on the network is publicly available.
In a public company, though, having been taken over doesn't defeat the purpose of the company.
If you're intentionally trying to take things down, sellers have a huge incentive to not be left in the 49% who hold something that's now lost its value - as you say, "as it's become evident you've taken over the network the value of the network is essentially worthless." I think you could get the value to go to worthless well before actually hitting 51% on intent alone, if you're a big enough power.
Why assume a state actor? Given the sorry state of DeFi contract security, it's far more likely that an enterprising hacker can gain a dominant staking position by pillaging and then staking ETH from buggy contracts.
There's an interesting academic paper that I can't find anymore where the authors analyze the game theoretic edges of PoS systems. Basically: since the thing you need to mine is the same thing that gets mined the optimal strategy for anyone holding a majority of a PoS coin is to never spend more than half of your mining reward so that even someone who manages to buy all the coins that become available on the market can never catch up to you.
Of course, this does omit some real-life considerations like people needing money for other reasons (to pay taxes, when they die, to buy a house, etc) but the basic principle stands: any initial whale in a PoS coin will basically never be dislodged if they play the optimal strategy.
If somebody does a 51% attack his tokens would be worth nothing the next day. Might be plausible if you target smart contracts that are worth a lot more than the coin itself.
Can you explain how this does not benefit people who have the capital to set up massive CPU farms, with all the advantages of scale that that implies? After all, you can get discounts on both power and CPUs if you buy in bulk so anyone who starts off with enough capital will only get further ahead.
If by "a few months ago" you mean prior to November 2019, then sure.
Since then the PoW is RandomX which heavily favors CPUs. I'm 99% sure there is no GPU in existence that can profitably mine Monero since then, assuming your electricity isn't free.
Monero's PoW algorithm is RandomX [1], which is optimized for CPU mining. While it is possible to mine with GPUs, it is significantly slower and unprofitable.
The first stocks ever sold to the public were claims on land in a new world, an escape from servitude to kings. Turns out they were just being swindled by a bankrupt crown to keep their own oppressors in power. But there was a new world, and people did escape.
Very melodramatic, but inaccurate. The American portion of the New World offered significantly higher hourly wages for unskilled labor than the industrial heartland of Europe, by the late 1800s.
And these wages grew at record rates all through the latter decades of the 1800s, in the midst of the largest influx of penniless workers in US history (causing the foreign born portion of the US population to reach 15% by 1890).
That wages grew as fast as they did, with such a massive increase in the supply side of the supply and demand equation for labor, is testament to the opportunities that the principal nation of the New World was generating.
Both you're points and the gp's are good, but yours aren't refuting his, only pointing out that the master grew more generous.
What's worth refuting in gp's post is the notion that humanity is "plundering" nature. Humanity is nature, that's what there's no escaping, unless you believe in the supernature.
I really don't think PoS or PoW are going to change what you guys are talking about.
How many stakers actually have enough to win blocks though.
What is the impact of shorting on PoS - what happens when I borrow enough ETH to win blocks, deliberately mis-verify TXs, and screw up consensus.
I know Ethereum has planned recovery for situations like this, but PoS introduces risks that will never be as present in PoW bc the latter has built-in latency to how easy it is to aggregate resources which increase market power and centralize around certain miners (ie buy asics and build a data center takes time, so you just have to watch mining pools for liquid malicious hash rates for equivalent risks in PoW).
> How many stakers actually have enough to win blocks though.
Just as in PoW miners make blocks in proportion to their hashpower, PoS stakers win blocks in proportion to their stake
> What is the impact of shorting on PoS - what happens when I borrow enough ETH to win blocks, deliberately mis-verify TXs, and screw up consensus.
Well, you can't "mis-verify TXs", everyone can check your work to see that all of the transactions you put in your block verify. If you reached 1/3 of the total stake on the network, you would be able to screw up consensus and make conflicting blocks both appear to be finalized, just as a 51% attack on a PoW currency can revert a block that it treated as final by client software.
The ETH2 block explorer https://beaconscan.com/ tells me that there is about 6.5 million ether staked, which would be worth about 16 Billion USD, so you would need to borrow around 5 billion USD in order to make this attack work.
Indeed, this is true. I was also assuming you would be buying the ETH from other stakers (if not, you would need $8B in ETH at spot price) and that you as an attacker have the ability to make the network desynchronous (if not, you would actually need 1/2 the total stake rather than 1/3). These are just generous assumptions that give us a lower bound on how much money it would actually take to attack the network.
> If you reached 1/3 of the total stake on the network, you would be able to screw up consensus and make conflicting blocks both appear to be finalized, just as a 51% attack on a PoW currency
And if you did that then all your stake would be automatically destroyed. It's as if a 51% attack on PoW caused your mining rig to burn down.
Semantics on "mis-verify," maliciously verify same-nonce transactions if you prefer.
Using the below language to discuss a threat model vs. implications of my tinfoil hat existing or not...
5B USD for an attack isn't a major barrier though to an actor looking to attack ETH, though. Are you implying that it is?
For reference, some of the crypto-lenders have around 15B USD-equiv under deposit, and they're fairly small stakes wrt capitalization of possible attackers of ETH.
The issue I point out and don't hear discussion on except stuff like you've posted is that it's significantly easier to acquire 5B USD to DoS a PoS network, than it is to acquire enough hash rate and lag time due to physical data center constraints to do something equivalent POW. PoS might be secure-enough, but it's not just a clean, environmentally better but security equivalent swap out for PoW.
The assumptions seem to be that the attacker would want to do it to take over and their coins will be deleted when caught, that there are protocols in place to recover consensus if this happens based on community involvement, and lastly that an acquisition of that much ETH would be noticed before an attack. Take these together, and security risks of PoS are controlled.
But that's fairly narrow minded wrt adequate risk controls and actually considering the threat model
- Cost to do it: 5B to DoS ETH into a consensus-rebuild isn't a high barrier to entry.
- Goals of an attack: There are plenty of attackers that would be happy just DoS'ing it vs. winning consensus on their chain version for DSs or what have you.
- Has this been done: there's more than enough precedent out there of acquiring 5B covertly, especially with a derivatives market in place. Easy example is across multiple crypto lenders aggregate enough ETH derivatives that can be converted to the underlying, convert in unison, and 5B of ETH suddenly lands. This is already sort of how it's done in normal corporate finance.
- Community involvement in a recovery: I'm really skeptical of the community-driven recovery mechanism. Tezos/EOS and similar already had a lot of trouble making this approach to consensus fixes work because of basic voter participation challenges. It sounds more like a few key nodes will drive a fix like in the DAO, and then this starts to look fairly centralized. Not a bad thing as it will fix chain problems, but again not a clean 1:1 swap for PoW security guarantees.
Final point - "well there must be someone thinking of the risk modeling here in PoS and accounting for it, Ethereum has smart people working on it" The reality is that protocol-level security research beyond the 51% consensus research and strong cryptography is really, really lightly done. This was a main topic of MIT Bitcoin Expo's Keynote this year, actually. PoW took 30 years of research and some luck during BTC's early days to identify that it could actually secure a chain. PoS does not have that history yet.
The edit - when I ref 5B USD, I'm implying the ability to convert it into equiv ETH. This is still doable as the market isn't that illiquid, and if you spread out the balance over a N-nodes until you aggregate for the attack, attributing that to a single attacker is very hard to do.
> 5B USD for an attack isn't a major barrier though to an actor looking to attack ETH, though. Are you implying that it is?
Well 5B USD may not be an impossible sum for some corporations and nations, but for some actors this is a barrier, yes.
I'm not necessarily trying to say such an attack is out of the question, I'm just trying to elucidate the question of the difference between PoS security and PoW security. I'm not convinced that your argument about the possibility of a covert accumulation of staking power does anything to distinguish PoS from PoW. You could just as easily invest that 5 Billion to build a chip fabrication plant, use that plant to covertly build ASICs, and surprise the Bitcoin network with a 51% attack.
> ...what happens when I borrow enough ETH to win blocks, deliberately mis-verify TX...
Ethereum already "slashes" the staked ETHs of those who try to game the system (Ethereum already has one chain on PoS): the coins of stakes who try to cheat the system are not even confiscated, they're destroyed (making every other holder a little bit richer).
I don't know if this shall work or not, but that's their plan to keep bad actors from trying to attack the system.
But that's not peer to peer. And people compare bitcoin/ ethereum to gold, but you can't really exchange ethereum without a centralised authority when you use POS. If these people refuse to process your payment, there is not much you can do about it.
What does it matter what the technology supports if it incentivizes the community to consolidate? Penalties for being offline and slashing (for misconfigured nodes) are a massive incentive for nodes to centralize
On the contrary, penalties are higher the more nodes go out at the same time. If you centralize you expose yourself to higher penalties if something goes awry. The incentives of the system are designed to prevent centralization.
So if a large state like Texas loses power for days/weeks all validators inside it suffers more? Why shouldn't I give my keys to a business that can operate multi-location operations? Would save me huge headaches in terms of keeping my node maintained...
The stakers of even an entire state like Texas represent a rather small percentage of all ETH stakers. So the extra punishment is rather small. It will likely be much bigger if you use Coinbase/Kraken/... or any other centralized staking service and it goes down (including any possible failovers that they have set in place). I don't have the specific numbers in front of me but you should think of the extra penalties for centralization to scale with the risk of the network not being able to function properly, so of the order of 30-40% validators going down for them to kick in hard.
Also, staking redundancy/failover is hard to do. You never want to have two nodes validating with the same keys, the punishment in case there are two validators with the same keys at the same time are very harsh. While not being up, is barely above the cost of opportunity of the reward that you could have gotten.
Roughly speaking:
Your node goes down: roughly cost of opportunity (you don't get what you could have gotten if online)
You and your neighbors, city, state going down: Roughly above of cost of opportunity
Centralized service validating for a large percentage of the network going down: Above cost of opportunity penalties.
Capital is capital, be it in the form of money or hardware. Putting the onus on capital in a form of hardware is just making it harder for smaller guys. I can throw 32 ETH into staking. It's way beyond my capability to mine - wrong geography, electricity prices, accommodation situation etc.
PoS is decentralized as soon as you have a big number of stakers. The hard thing being “how do you know that there are in fact a big number of people and not just a bunch of guys hidden behind a huge number of aliases” (the Sybil attack problem) and this is for this exact problem that proof of work helps (contrary to popular belief, Proof of work has nothing to do with double spending).
For this reason you cannot build a trust-less distributed network with proof of stake alone: you'll need some kind of proof of waste to bootstrap it.
PoS should be less centralized than PoW as I understand it. At least in Ethereum if you stake your 32 ETH then you get transactions to validate assigned to you randomly. You don't need a purpose-built rig with a ton of hash power to compete so smaller players are incentivized to participate, leading to a far greater incentive to run a node.
Because anyone in the world can participate in validation. It may be costly to do so, or whatever other hoops, but there's no "central" authority managing participation.
This is not a rant for or against Bitcoin or Etherium. It's more to point out the persuasive and idealistic rhetoric of crypto gets confused with what may happen in the real world as people work on use cases.
for proofs of "whatever", where whatever is something that can be accrued with money, then it's proof of money, and money is centralized, or at least reallllllly spikily concentrated, so, yeah
Note that execution shards are not really on the roadmap anymore as sharding is planned to be data only and serve as a scaling factor for L2 rollups.
In just a few years the only usage of the L1 will be security and data availability for rollups and a settlement layer for international organizations and state level actors with the vast majority of normal activity happening on various L2s.
Whats the incentive for miners to continue to mine? They now just rely on tips? Won't they all just bail if they're not receiving enough tips to be profitable?
If it goes to nobody, is it really "gone forever"? Did it even exist in the first place?
The confusions arise from thinking cryptocurrency tokens as material things (like gold). Money is just a numeric representation of the social relationship people have with each other, and the rules of the monetary system is just an technical agreement on how we should have relationships with others. This is a change of rules for the relationship between miners and owners: nothing is "lost" or "burned". Whether you agree upon that change of contract is up to yours, but the actual "disappearing" of money isn't an issue in the slightest here.
It goes from the wallet of people issuing transactions to no one. So it was actual value that people could spend, and that value is removed from circulation, reducing inflation
> If it goes to nobody, is it really "gone forever"? Did it even exist in the first place?
Yes? Isn't "going to nobody" the very definition of "gone forever"? Previously miners received the ETH spent on fees, and either kept it, or traded it for cash. Since they will be receiving less, they will have less that they can sell, which should result in less selling pressure.
If Ethereum can hard fork like this, it stands to reason as well that the 21 Million Bitcoin limit is a lot more changeable than Bitcoin proponents would say.
Or the opposite is true - and Ethereum is under heavily centralized control.
Ethereum is so enthusiastic about hard forks (or in ETH speak, upgrades) that they have the difficulty bomb which works like the debt ceiling. It's necessary to do a hard fork/upgrade every so often.
Meanwhile bitcoin is so against hard forks/upgrades that they can basically only do soft forks and currently do that by a 90% voting agreement by miners.
Bitcoin can not even increase the blocksize, the sure as hell aren't going to change the emission. Some day far down the line the block subsidy might be low enough that lots of miners go dark. At that point they'll need to choose between 21 million bitcoins and network security.
So the personal beliefs of users decide the technical future of the project. Personal beliefs and culture can change rapidly, or become overshadowed by new users.
It just means that Bitcoin is only unchangeable because of the current whims of current users - nothing fundamental.
Humans decide the technical future of every project. The difference is which specific humans, how many, how they are selected, how they are incentivized etc.
I disagree with this - bitcoin is advertised as mathematically unbreakable (which it currently practically is, on a technical level, due to the cryptography) - but this level of bulletproof security is promoted as extended to all properties of the blockchain - which isn't, on a technical level, true.
I disagree that's how it's promoted. You could make this argument about any piece of software (change the code to make it insecure, now look at the security hole!).
If someone were to do this with Bitcoin, users can decide whether to use the old chain or the new chain. Unlike a centralized service, no individual (or even group of people) can prevent you from using the version of the network you and your peers want to participate in.
> Bitcoin is only unchangeable because of the current whims of current users
Is this different than saying that the US laws that we admire are held up by the whims of the electorate?
But yes, I guess nothing fundamental because software is malleable, and even then there's still has to be the decision to treat it like it has value. A gold bar or dollar bill means nothing either if the whims of all humans were to change.
All blockchains are controlled by rough consensus. There's already like half a dozen Bitcoin forks in the wild (Bitcoin Cash, BSV, etc). When Bitcoin Cash forked off from the main chain in 2017, the community ultimately decided which chain was the "legitimate" one.
Of course Bitcoin could decide to increase the issuance. In doing so, however, it would inevitably lead to a fork (with the 21M holdouts in one camp and the inflationists in another) and the community would ultimately need to decide which one to support.
Imo the block size wars was the beginning of the end for Bitcoin. I chose the chain most hashed and it's only now that I realize that Bitcoin gave up on growing and improving at that point.
Bch is a joke, PoW just doesn't work unless you're the biggest game in town. BTC is shackled to staying incredibly conservative.
I agree with all of this - but the conclusion I reach is that proponents of Bitcoin are lying when they say it's unchangeable and certainly deflationary, or digital gold. It's changeable if people want it to change.
Anything is technically possible. In reality no one wants this to change the limit on the 21 million number and any proposal to modify this particular aspect of Bitcoin will get shot down immediately.
Lying would mean they know what they're saying isn't true. Practically speaking it's completely true.
No it doesn't. You're comparing something with no advantage to the people who are invested in Bitcoin to something which is meant to objectively improve Ethereum and a majority can agree upon.
I always heard it explained that it's full-node wallet users who tend to control the future direction of a blockchain, not just those invested or mining.
I would like the 21M limit to be increased so I can stand to make some profit mining! Currently that's impossible for me. I'd like it to change.
I asked this months ago and did not get any convincing answers.
Ethereum is currently decentralized because of the initial POW distribution. Won't there be centralized aggregators of eth so some point in the future a handful of POS nodes control a disproportionate amount of power? Is it so hard to imagine that coinbase or some other exchange accumulates enough eth to sway transaction validation?
>For certain kinds of 51% attacks (particularly, reverting finalized blocks), there is a built-in "slashing" mechanism in the proof of stake consensus by which a large portion of the attacker's stake (and no one else's stake) can get automatically destroyed.
To be honest, even without the actual 51% attacks happening, it would really suck to live in a world where just one entity had more than half ownership of a currency used by the people.
As I understand it a one way to disincentivise centralization is that when your node loses access to the network you lose more money if at the same time many other nodes/stake do not have access to the network. So it would be profitable to have an independent server and internet access.
> Ethereum is currently decentralized because of the initial POW distribution
Ethereum was launched with a 100% 'premine' of 72M coins, printed out of thin air and handed to the founders to keep or sell as they decided.
Since then another 44M have been mined, though it's not clear how much of that mining was also by insiders who influenced the work function's hardware compatibility or protected their hardware investment by controlling when/if the work function was changed or when mining was discontinued.
I don't think that threat ever really materalized. MEV happened and then there was a suggestion by VB of switching to the PoS chain in response to a miner lead fork: https://notes.ethereum.org/@vbuterin/B1mUf6DXO
I don't think there's anything miners really have to do differently because of this. The only big thing would be to make sure to upgrade your software to the version that has the code for the hard fork (though at this point the hard fork has already happened, so you would be a bit late). But regular users should upgrade their hardware too so that their clients track the correct chain, otherwise they might not see the right balance.
December 2021 is the optimistic estimate, Q1-Q2 2022 is the more realistic one, and the one I've been hearing lately from some people involved in the process.
