Critique of Buterin’s “A Proof of Stake Design Philosophy”

1. “Cost of attack should exceed cost of defense” is illogical

This is a core building block for the argument that proof-of-stake (PoS) is ‘more efficient’ than proof-of-work (PoW), so important to review carefully.

2. No, humans are not “quite good at consensus”

Vitalik asserts that a 51% attacker who reverted the transaction ledger in his favor would have a very hard time convincing the community that his chain is legitimate. The crowd would unmask him and quickly reach consensus to restore justice. He continues: “these social considerations are what ultimately protect any blockchain in the long term”, and cites the stone money on the island of Yap as an example.

The fable of “belling the cat” is about a group of mice who debate plans to nullify the threat of a marauding cat. Putting a bell around the cat’s neck seems like an obviously good solution, until one mouse asks who will volunteer… The story illustrates how ‘social consensus’ can seem easy in theory, but is often hard in practice.

3. Unsubstantiated claim that PoS is more resilient than PoW

Buterin states the following: “if desired, the cost of a single 51% attack on proof of stake can certainly be set to be as high as the cost of a permanent [sic] 51% attack on proof of work, and the sheer cost and ineffectiveness of an attack should ensure that it is almost never attempted in practice.”

  • Cryptocurrency mining designs are solutions to the problem of trust in systems with imperfect knowledge and unknown adversaries. Proof-of-work has applications in early modern money and in nature, where the handicap principle evolutionarily evolved to let animals prove the “honesty” or reliability of their signal. To my knowledge, proof-of-stake has no equivalent applications in either human history or biology.
  • A PoW 51% attacker can significantly slow down the network, but even a single attempt to revert historical transactions requires a huge and long-running expense. In other words, the production of ledger history is extremely expensive and its disruption arguably even more so.
  • Contrary to a PoW-chain absent a +51% cartel, it’s mathematically proven that it is impossible to determine the “true” transaction history in a PoS blockchain without an additional source of trust. If a source of trust is always needed, a potential pandora’s box of attack and centralization scenarios is opened. This is a seed of truth behind the joke that Ethereum plans to use “proof of Vitalik”.
  • In a naive PoS environment, an attacker can easily create many alternative histories of the ledger, making it cheap to try different strategies. This is known as as the “nothing at stake problem”. Ethereum plans to solve this by destroying the bonded security deposit of malicious validators. SolidX’s Bob McElrath makes the point that the strategy of ‘economic punishment’ of attackers is moot if the punishment itself can be forked away. Another criticism of bonded PoS, as recently voiced by BitTorrent creator Bram Cohen, is the question how one prevents honest stakers from being tricked into interacting with the network in a way that triggers the punishment that is supposed to protect them. (Think of it as the crypto equivalent of large scale swatting.) An alternative attack scenario, suggested by Galois Capital’s Kevin Zhou, is one where the attacker tricks enough honest people onto his network, so that it becomes these honest peoples interest to support the attacking chain as the true chain.

Conclusion

While it is commendable that Buterin works to build his cryptocurrency design proposals from first principles, I believe his write up contains several flaws. He is confused about cost-defense trade-offs and makes unsubstantiated claims about work- versus stake-based security. He fails to provide convincing logical or historical proof of the efficacy of social consensus. And he claims proof-of-stake is more resilient without providing proof or arguments, and without acknowledging the numerous objections that have been raised by people of substantial pedigree. Buterin’s article does not convince me that proof-of-stake has a sound philosophical foundation, nor that it’s a viable stand-alone mechanism for securing public blockchains.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tuur Demeester

Tuur Demeester

Economist & investor. Mainly Bitcoin.