Critique of Buterin’s “A Proof of Stake Design Philosophy”

In this article, I take issue with several of the claims made by Vitalik Buterin in his Dec 2016 article “A Proof of Stake Design Philosophy”. My hope is that it sparks debate about proof-of-stake’s high level design and about the proposed future of the Ethereum protocol.

1. “Cost of attack should exceed cost of defense” is illogical

This is a core building block for the argument that proof-of-stake (PoS) is ‘more efficient’ than proof-of-work (PoW), so important to review carefully.

2. No, humans are not “quite good at consensus”

Vitalik asserts that a 51% attacker who reverted the transaction ledger in his favor would have a very hard time convincing the community that his chain is legitimate. The crowd would unmask him and quickly reach consensus to restore justice. He continues: “these social considerations are what ultimately protect any blockchain in the long term”, and cites the stone money on the island of Yap as an example.

The fable of “belling the cat” is about a group of mice who debate plans to nullify the threat of a marauding cat. Putting a bell around the cat’s neck seems like an obviously good solution, until one mouse asks who will volunteer… The story illustrates how ‘social consensus’ can seem easy in theory, but is often hard in practice.

3. Unsubstantiated claim that PoS is more resilient than PoW

Buterin states the following: “if desired, the cost of a single 51% attack on proof of stake can certainly be set to be as high as the cost of a permanent [sic] 51% attack on proof of work, and the sheer cost and ineffectiveness of an attack should ensure that it is almost never attempted in practice.”

  • A PoW 51% attacker can significantly slow down the network, but even a single attempt to revert historical transactions requires a huge and long-running expense. In other words, the production of ledger history is extremely expensive and its disruption arguably even more so.
  • Contrary to a PoW-chain absent a +51% cartel, it’s mathematically proven that it is impossible to determine the “true” transaction history in a PoS blockchain without an additional source of trust. If a source of trust is always needed, a potential pandora’s box of attack and centralization scenarios is opened. This is a seed of truth behind the joke that Ethereum plans to use “proof of Vitalik”.
  • In a naive PoS environment, an attacker can easily create many alternative histories of the ledger, making it cheap to try different strategies. This is known as as the “nothing at stake problem”. Ethereum plans to solve this by destroying the bonded security deposit of malicious validators. SolidX’s Bob McElrath makes the point that the strategy of ‘economic punishment’ of attackers is moot if the punishment itself can be forked away. Another criticism of bonded PoS, as recently voiced by BitTorrent creator Bram Cohen, is the question how one prevents honest stakers from being tricked into interacting with the network in a way that triggers the punishment that is supposed to protect them. (Think of it as the crypto equivalent of large scale swatting.) An alternative attack scenario, suggested by Galois Capital’s Kevin Zhou, is one where the attacker tricks enough honest people onto his network, so that it becomes these honest peoples interest to support the attacking chain as the true chain.

Conclusion

While it is commendable that Buterin works to build his cryptocurrency design proposals from first principles, I believe his write up contains several flaws. He is confused about cost-defense trade-offs and makes unsubstantiated claims about work- versus stake-based security. He fails to provide convincing logical or historical proof of the efficacy of social consensus. And he claims proof-of-stake is more resilient without providing proof or arguments, and without acknowledging the numerous objections that have been raised by people of substantial pedigree. Buterin’s article does not convince me that proof-of-stake has a sound philosophical foundation, nor that it’s a viable stand-alone mechanism for securing public blockchains.

Economist & investor. Mainly Bitcoin.