Proof of stake (PoS) is a hot topic in the blockchain community. But will it work out as expected?
A short primer on consensus history
Why would we need Proof of Stake consensus algorithm, instead of Proof of Work? In short, the answer is two-fold : scalability and resource-efficiency.
For a more elaborate answer, let’s start with a quick look backward on distributed computing. Consensus is one of the most important goals to be achieved when many distributed computers share the same task and resources.
What’s a distributed system? You know you have one when the crash of a computer you’ve never heard of stops you from getting any work done — Leslie Lamport
Why is it so hard to achieve an efficient distributed system?
absence of shared clock: it is impossible to synchronize the clocks of different computers precisely due to uncertainty in communication delays between them. Things like timestamping a digital document are therefor quite complex behing the scenes.
absence of shared memory: one has to solve a problem in terms of processes that individually have only a partial knowledge of the parameters associated with the problem. Each of the processes cooperating cannot have instantatenous knowledge of the current state of the other processes.
absence of accurate failure detection: it is impossible to distinguish between a slow processor and a failed processor.
Step 1 : classical consensus (for permissioned networks)
The challenges are well-known in the computing litterature. Major authors Leslie Lamport and Barbara Liskov received a Turing award due to their work on the subject. I would recommend the book from Vijay K. Garg, Elements of Distributed Computing, as a primer of the subject. Classical consensus algorithms offer quick finality and a set of guarantees for transactions that typically work well for a permissionned environment, where you know all the participants (typically for the range 10–1000).
Step 2 : Satoshi (for public/open networks)
Then came the famous (yet still unknown) Satoshi in 2008 with the bitcoin:
We have proposed a system for electronic transactions without relying on trust — Satoshi
The protocol can scale to large number of nodes and unknown participants (a public network), using the so-called proof of work (PoW). This algorithm is using the mining power of computers to solve complex mathematical puzzles, in order to establish a difficult to forge timestamping scheme.
Remember that as part of a public blockchain, anyone is free to create their own node. Thus, each of these nodes is anonymous and must be considered as “untrusted” and not secure. The consensus mechanism must mitigate the possibility of DDoS (denial of service) or Sybil attack.
A Sybil attack consists in bypassing the reputation system of a peer-to-peer network by creating a large number of identities and using them to have a disproportionate influence.
To solve this issue, the idea is to make a replicated database with easy validity checks but difficult writes that require a sufficiently hard computing task (called mining) to be solved. Transactions get appended in blocks, chained together (the so-called blockchain). And so on, forever…
Later on, should an attacker wish to forge this history of transaction, it would have to redo the complete succession of expansive computing tasks, which is therefore prohibitive.
In practice, bitcoin has been designed as a crypto-currency, without requiring any permissioning of participants. Now you even have services like Cryptopay, Bitwala or Wirex to make payments in fiat or crypto. Nice job! Ethereum subsequently realized the value of the underlying technology and applied the same consensus algorithm and blockchain datastructure, as a kind of supercomputing device (providing the so-called smart contracts).
Beyond bitcoins, there are many benefits in having public blockchains. For instance, if you are making an open identity provider such as LifeId, it’s better to rely on an infrastructure that is not subject to any organisation’s goodwill. Snowden is probably the best explainer on this.
However these benefits came with hidden costs, in particular:
Bitcoin is slow, users have to wait about several minutes before they get confirmation that their transaction is stored on the chain.
Throughput is also very limited. Bitcoin can process about 7 transactions per second which is not much compared to VISA for instance.
The mining consumes an enormous amount of energy (currently 42TWh/y ~a few nuclear plants, according to https://digiconomist.net/bitcoin-energy-consumption), corresponding to 450KWh for each transaction (~approx equivalent to 1.5 years of what your fridge consumes…).
The size of the blockchain only grows, requiring more storage. Currently it takes around 120G.
The decentralized ethos is challenged by reality, since mining power is centralized in a few facilities.
People have been working on improvements to the protocol to solve some of those issues:
second layer payment channels such as https://lightning.network increase the throughput, allowing for cheaper and faster micropayments.
chainweb is implementing a new architecture for interconnected PoW networks that would be able to scale to 1000s of transactions per second. Likewise, sharding networks is a usual suspect in many other projects to improve scalability.
Yet, despite all the benefits, it all seems like fixes on a broken wheel, somehow. At least from an energy perspective.
POS to the rescue?
Alleluia, Proof of Stake (POS). The idea is to replace mining by an alternative, that scales more easily, provides quick finality and doesn’t need to mine and spend so much energy. Instead, let’s ask some validators to vote.
There are many teams currently experimenting variants of this scheme (the list is not exhaustive and neither do I intend to compare them here, but it’s just to give an idea on this very active space):
Ethereum 2.0 and RChain – Casper proof of stake (POS)
Zilliqa – hybrid POW/POS
Thunder – POS with POW fallback
Cosmos – based on Tendermint’s delegated proof of stake (DPOS)
Polkadot – provides a framework called substrate to build blockchains, including POS variants (tendermint like or proof of authority)
Tezos – liquid proof of stake (a variant of DPOS)
EOS – a DPOS variant
Dfinity – threshold relay + probabilistic slot consensus
Algorand – byzantine agreement with leader election
Their common feature is to require some actors to stake funds in order to validate transactions.
So problem solved? Not quite I believe.
One issue is more philosophical. How can staking, which means giving power to the rich (or as per Tezos’ quote of Proudhon, “Laissez faire les propriétaires”), be compatible with decentralized networks? I will probably come back to this in a future post, but it seems rather antinomic with the very goals of having a blockchain in the first place.
But there is a much stronger practical argument. One interesting insight comes from the ChainWeb whitepaper (it’s interesting to remember that the team has a past at the SEC):
A potentially graver problem with PoS is the risk to the continued legal functioning of cryptocurrencies as predicated on the probabilistic censorship-resistance of the original PoW design, a feature that PoS designs fundamentally sacrifice by requiring distinct actors to stake funds in order to validate transactions. The exemption of money-transmitter (MTA) regulation to PoW miners (at least in the United States) stems directly from the probabilistic nature of confirmation and the lack of distinct rights for a given miner in the system: no single miner can be seen as confirming any transaction, since blocks must accumulate toward some indefinite confirmation depth, and no unique miner has the ability to influence the acceptance of a given transaction over any other. MTA regulations will easily apply to any staking design that designates distinct parties who participate in the deterministic confirmation of a given transaction. A possible solution creates a PoS safe harbor like those found elsewhere [like DCMA safe habors] but would damage the egalitarian blockchain ethos by requiring a central authority to ”erase” transactions. We maintain that staking designs put validators at risk of being subject to money transmitter regulation and enforcement as their unique identity and funds are essential to the effectuation of transfers in the system.
I believe that’s a fair statement, and limitations would most probably apply elsewhere in the world too. We should remember that, beyond technological issues, there are also an external environment in which projects live, both for network governance and for business models. Regulation is a known issue for blockchain networks.
So unless those networks such as Ethereum are ready for deep regulator’s scrutiny, POS might be more complex to deploy than initially thought.
Back to step 2? There may be an alternative.
As we’ve seen, consensus algorithms are a very active research topic. But I do think there’s a real and recent breakthrough.
Step 3: Avalanche (for public/open networks)
Avalanche is a new algorithm that might just change the status quo. According to the paper from Team Rocket published in may 2018, it provides:
Low latency: tests in the paper where carried out with a 2 seconds quick finality.
Higher throughput: 1000–10,000 transactions per second depending on the adversarial scenario.
More sustainable than POW: it doesn’t require miners.
With an equalitarian role: more importantly, all participants are equal. There is no need for a leader or miners.
As per FlatOutCrypto’s review on the avalanche consensus algorithm:
“The adversary model in this paper is incredibly strong. The adversary gets to see everyone that I communicated with, what they told me, and then gets to adjust his response accordingly. Real adversaries will not be this strong. The statement that an adversary cannot interfere with communications allows the protocol to avoid having to make standard cryptographic assumptions for the consensus protocol. There’s no PKI. No reliance on crypto. This protocol is quantum-safe from the start.” (citing Gün Sirer)
So there are probably remaining issues or potential improvements and a more formal academic review would be welcome, but it is very promising. At least, that’s where I start.
I hope you’ll agree, even if consensus is notoriously hard to reach ;-)
S. Haber, W. S. Stornetta, How to time-stamp a digital document, Journal of Cryptology, January 1991, Vol. 3, Issue 2, pp 99–111, https://www.anf.es/pdf/Haber_Stornetta.pdf
Masashi Une, The security evaluation of time stamping schemes : the present situation and studies, IMES, Bank of Japan, 2001, http://www.imes.boj.or.jp/english/publication/edps/fedps2001_index.html
V.K. Garg, Elements of Distributed Computing, Wiley, 2002
W. Martino, M. Quaintance, S. Popejoy, Chainweb: A Proof-of-Work Parallel-Chain Architecture for Massive Throughput, Draft v15, accessedon 20/12/2018, http://kadena.io/docs/chainweb-v15.pdf
Team Rocket, Snowflake to Avalanche: A Novel Metastable Consensus Protocol Family for Cryptocurrencies, 2018, https://ipfs.io/ipfs/QmUy4jh5mGNZvLkjies1RWM4YuvJh5o2FYopNPVYwrRVGV
Disclaimer: the post is a personal view and cannot be taken as investment advice in any projects.