Why I Dislike Proof of Stake
Proof of stake is the leading contender to replace proof of work, but it has a long list of shortcomings. Surely we can do better.
Proof of stake significantly reduces the energy consumed by cryptocurrency mining, but at what cost? Consensus will still depend on huge datacenters, not on devices operated by everyday people. Photo by Kvistholt Photography on Unsplash
Polkadot, NEAR Protocol, Ethereum 2, and many other high profile, modern blockchain platforms are choosing Proof of Stake (PoS) over Proof of Work (PoW), the original consensus mechanism that powers Bitcoin and Ethereum. This is understandable as PoS is not without merits and addresses some existing blockchain frustrations and limitations.
For one thing, PoS is much less energy intensive than PoW. For another, it could hypothetically make attacks (such as 51% attacks) more expensive and therefore less likely, since a community can choose to simply delete an attacker’s stake, whereas the options for defending against attack under PoW are far more limited. It also facilitates scaling via that other popular technology, sharding, by making it easier to dynamically shuffle a set of validators among shards, thus preventing attacks against any particular shard.
Having said that, PoS also has some significant shortcomings, which tend to get less attention. I’ve said for some time that I dislike PoS for several reasons, so I thought it might be interesting to list and briefly analyze each of those reasons here.
- PoS cannot be used for initial distribution/endowment of tokens. PoW can, and it’s a permissionless, credibly neutral way to distribute tokens. By contrast, PoS requires that tokens be manually distributed to potential stakers ahead of time, which usually means they end up in the hands of friends and investors. This is less than ideal.
- PoS is not technically permissionless, since any potential staker must first convince someone to sell them tokens for staking. This makes onboarding harder: rather than earning their first few tokens using existing hardware (which used to be possible on Bitcoin and will again be possible on Spacemesh), any potential network participant probably has to set up an account with an exchange, complete a KYC/AML process, link a bank account, wait for it to be approved, etc., just to acquire their first tokens, before they can do anything interesting on the network.
- As a result, once any party, or any cartel of colluding parties, controls more than 50% of the stake of the network, that network has effectively been captured forever. What’s more, this may happen invisibly, since even a single party could divide their stake into many small accounts. This cannot happen in PoW because of its permissionless nature.
- The barrier to entry to participate in consensus as a validator is usually quite high. Validators often need a stake worth upwards of USD $1,000, as well as expertise and complex infrastructure. This excludes many classes of potential validators and increases centralization. In practice, the vast majority of validators are today run by a small number of companies.
- In addition to the technical challenge of running a validator, there’s a lot of ongoing social coordination required to support a network of validators. This includes documentation, education, and regular communication. In practice, an entire ecosystem with multiple organizations is required to support this coordination. In networks with delegation, validators need to campaign to attract a large stake and stakers need to stay abreast of validator reputation, downtime, upgrades, devops issues, etc., and may need to move their stake around in response to all of these. Most of this complexity can be avoided in a permissionless network.
- All of the data required to fully validate a PoW chain is contained in the chain itself: the canonical chain is always the chain with the greatest accumulated work. For instance, you don’t need any outside information to fully, independently, objectively validate the entire Bitcoin blockchain and all of the transactions it contains. This is not true of a PoS chain due to costless simulation which leads to weak subjectivity. There is no proof of work involved in simulating a new PoS chain all the way back to genesis, so unless you’ve been following the chain since genesis yourself, or trust the nodes that sent you data, you don’t know if you’re looking at the canonical chain. In particular, former validators that have withdrawn their stake could costlessly construct an alternative, valid chain at any time (or be bribed to do so).
- Security in PoS is circular: the overall security of the network depends upon the value of the token used for staking, which in turn depends upon the security of the network. It’s possible that a black swan event such as a sudden drop in market value of the token could cause the system to collapse.1
- Having a source of randomness is a very useful property in a blockchain. PoW naturally delivers a continual stream of entropy in the form of winning nonces and block hashes that can be used as a pseudorandom seed. In PoS, by contrast, randomness has to be constructed. Doing so in a secure, unbiasable, distributed fashion is difficult.
- Coordinating a fork in PoW is costly because the fork chain needs a sufficient amount of hash power to prevent attacks (this has actually happened). By contrast, it’s much easier in PoS because a fork chain can simply change its validator set at the time of a fork. This makes forks cheaper and easier in PoS networks.2
- Token holders often store their tokens on large exchanges. In PoS, this gives exchanges disproportionate power to participate in consensus and collect rewards, which are often not shared with users. As a result, a significant portion of large PoS networks will probably be controlled by exchanges.
- PoW has an elegant, natural ability to recover from attacks. Even if the network is partitioned, or if some miners go offline for some time, other miners will continue to produce blocks and it’s always clear which chain is the longest chain. This is much more complicated in PoS, where the network may stop producing blocks entirely if too many validators go offline, and it’s much more difficult to recover from consensus failures.3
In short, PoS feels too much like what came before blockchain: small sets of wealthy insiders control a disproportionate stake, and collect most of the rewards. That may be fine for blockchains that consciously choose that path, but it’s not why I work on blockchain.
Of course, PoW also has shortcomings. Most notably, it’s extremely energy intensive, and mining rewards have been completely captured by professional miners. This means that it’s no longer possible to profitably mine from home, and that there’s a great deal of centralization in PoW mining. One of the main reasons I chose to work on Spacemesh is its novel consensus mechanism, Proof of Spacetime (PoST), which addresses these shortcomings of PoW without most of the downsides of PoS. Its main downside is its complexity, but Spacemesh is nearly fully implemented and has had a testnet running successfully for months, proving that the mechanism works, at least in theory.
It’s still early days for blockchain technology in general. I don’t believe that either PoW or PoS represents the final or best possible consensus mechanism, and that we cannot do better. I remain excited about the prospects of PoST and many other experiments being run in this space.
Do you agree or disagree? What’s missing from this list? Which consensus mechanisms are you excited about? Leave a comment and let me know!
-
Of course, this is true of Bitcoin as well: a collapse in BTC value would cause some miners to stop mining BTC, which could in turn cause the value to collapse further, in a negative feedback loop. It’s probably also true of fiat currency. If people were to stop believing in “the full faith and credit” of the United States government, the USD might lose value relative to other currencies, which in turn might have political and economic consequences that would cause yet more people to lose faith in the USD, the same negative feedback loop. This is true for any commodity without intrinsic value. Still, PoS is newer and less proven. Time will tell how it acts in extreme market conditions. ↩
-
Whether this a feature or a bug depends upon how you feel about forks. I actually kind of like forks, so I’m inclined to regard this as a feature, but if you subscribe to the forks destroy value school of thought then you may disagree. I’m including it here as a shortcoming because this seems to be the general sentiment. ↩
-
The intuition here is that, while you can always immediately reestablish consensus around an objectively longest chain in the case of PoW, if a PoS network temporarily fails to achieve consensus on the correct set of validators, there is no easy mechanism to automatically re-establish consensus. (I’ve been unable to find published research on this topic, and would appreciate references.) Of course, PoS is not in and of itself a consensus mechanism, so the details depend upon the full construction as different consensus mechanisms handle this situation differently. ↩