Vitalik Buterin
image description"Why Proof of Stake? (Nov 2020)"Original link:
Original link:https://vitalik.ca/general/2020/11/06/pos2020.html
secondary title
Why choose Proof of Stake (PoS)?
Compared with the PoW (Proof of Work) consensus mechanism, PoS is a better blockchain security mechanism for three main reasons:
1. PoS is more secure at the same cost
The easiest way to compare is to put the two side by side and see how much it costs to attack a network per $1 block reward per day.
PoW based on GPU mining
Renting GPUs is cheap, so the cost of attacking the network is only the cost of renting enough GPUs to overtake existing miners. For every $1 block reward, existing miners should spend about $1 in cost (if the cost is too much, the miner will quit because it is unprofitable; if the cost is less, new miners can join in and get high profits). Therefore, attacking the network only needs to temporarily cost more than $1 per day, and only for a few hours.
Total attack cost: about $0.26 (assuming the attack time is 6 hours), it may drop to zero as the attacker gets block rewards.
PoW based on ASIC chip mining
The ASIC chip is a capital cost and can be expected to last about 2 years before it wears out, or becomes obsolete with better hardware. If a chain is attacked by 51%, the community is likely to respond by changing the PoW algorithm, so that the ASIC chip will lose its value. On average, mining is about 1/3 the ongoing cost and 2/3 the capital cost. Therefore, for every $1 block reward per day, the miner will spend about $0.33 in electricity + maintenance fees, and about $0.67 in ASIC costs. Assuming that the lifetime of an ASIC chip is about 2 years, the miner needs to spend $486.67 on that amount of ASIC hardware.
Total attack cost: $486.67 (ASIC) + $0.08 (electricity + maintenance) = $486.75
Not only does the attack cost in PoW mining with ASIC chips become higher, but the prevention of such high-cost attacks also makes the entire network tend to be centralized, because the threshold for miners to join has also become higher.
Proof of Stake PoS
Almost all of the proof of stake is the cost of funds (deposited coins), and the only operational cost is the cost of running nodes. Now, how much capital are you willing to lock up to get $1 a day in rewards? Unlike using ASICs, the deposited coins will not be depreciated. After the pledge is completed, the pledged coins can be retrieved after a short waiting period. Therefore, participants should be willing to pay a higher capital cost for the same amount of rewards.
We hypothesize that a return of ~15% is enough to incentivize people to bet (this is the expected return for Ethereum 2.0). A $1 bonus per day would then attract a deposit return of 6.667 years, or $2433. The hardware and electricity costs of a node are very low, and the cost of a thousand-yuan computer can support the pledge of hundreds of thousands of dollars. The electricity and network fees of about $100 per month are enough to meet such needs. But conservatively speaking, these ongoing costs account for about 10% of the total cost of staking, so there are only about $0.9 rewards per day, which ultimately corresponds to the capital cost, so the above data needs to be reduced by about 10%.
Total attack cost: $0.9 per day * 6.667 years = $2189
In the long run, this cost is expected to be higher as the collateralization rate increases. I personally expect this number to eventually rise to around $10000.
The only "cost" of maintaining this security system is that the assets being staked are illiquid. It may even be the case that public knowledge that these assets are all locked up will cause the price of the currency to rise, so the total amount of funds floating in the community ready to invest remains the same! And in PoW, the "cost" of maintaining consensus It consumes a lot of power.
More security or lower cost?
There are two ways to achieve 5-20 times safety gain at low cost. One is to keep the block reward unchanged and benefit from increased security; the other is to reduce the block reward on a large scale (thereby reducing the "waste" of the consensus mechanism) and keep the security level unchanged.
Either way works. I personally prefer the latter, as we will see below that even successful attacks in Proof-of-Stake are much less harmful and much easier to recover from than Proof-of-Work attacks!
2. Under the PoS consensus mechanism, it is easier to recover from attacks"In a PoW network, if your chain is attacked by 51% of the chain, what can you do? So far, the only countermeasure in practice is"Wait until the attacker actively withdraws the attack
. But this ignores the possibility of a more dangerous attack called the Pawn Camping Attack, where the attacker performs the attack again and again with the explicit purpose of bringing down the entire chain.
In a GPU-based system, without any defenses, a persistent attacker can easily disable the entire chain permanently (or switch to PoS or PoA). In fact, after a few days of carrying out the attack, the cost to the attacker can drop to very low, as honest miners cannot get block rewards in the attacked chain and thus exit.
In an ASIC-based system, the community can deal with the first attack, but then becomes helpless again. First, the community will respond to the first attack by changing the PoW algorithm through a hard fork, thus "locking" all ASICs (the attacker's and the honest miner's). But if the attacker is willing to bear this initial cost, after that the situation will revert to the same as the GPU situation (since there is not enough time to build and distribute new algorithms for ASICs), so the attacker can continue to spawn camps cheaply attack, it is inevitable."Inactivity Leak Mechanism"Completed). no explicit"Hard Fork Currency Elimination"Hard Fork Currency Elimination
, except for the coordination and selection of a few blocks on UASF, the others are all automatic, and only need to be executed according to the protocol rules.
Therefore, attacking the chain for the first time will cost the attacker millions of dollars, and the community will return to normal within a few days. A second attack would still cost the attacker millions of dollars as they would need to buy new coins to replace old ones that were destroyed, and a third would cost even more. This game is asymmetric and very unfavorable to attackers.
3. PoS is more decentralized than ASIC"The PoW based on GPU mining is reasonably decentralized, and it is not difficult to get a GPU. But GPU-based mining in the above mentioned"safety
Standards are basically unqualified. ASIC-based mining, on the other hand, requires millions of dollars to get into (if you buy an ASIC from someone else, most of the time, the mining company makes more money)."it's also common"Proof of Stake Means the Rich Get Richer
Plus, PoS is more censorship resistant. Both GPU and ASIC mining are very easy to spot: they require massive power consumption, expensive hardware purchases, and large warehouses. PoS, on the other hand, can be done on a humble laptop, even over a VPN.
secondary title
Advantages of PoW
1. PoS is more like a"closed system"closed system
, wealth concentration takes a long time.
In PoS, if you have some coins, you can stake them to get more rewards. In PoW, you can keep earning more rewards, but you need more external resources. Therefore, we can say that in the long run, the distribution of coins in PoS has the potential to become more and more centralized.
2. PoS needs"weak subjectivity", PoW does not need it.
about"about"weak subjectivity
The concept of (please see the original introduction of V God). Essentially, when a node comes online for the first time, or any node comes online after being offline for an extended period of time (i.e. many months), the node has to find some third-party source to determine the correct chain-head. This could be their friends, exchanges, block search sites, client developers, etc. But PoW does not have this requirement.
It can be said that this requirement is easy to implement, and users need to trust the content provided by the client developer or the community to some extent. At the very least, users need to trust someone (usually a client developer) to tell them what the protocol is, and any updates to it. This is unavoidable in any software application. Therefore, the marginal additional trust requirement brought by PoS is still quite low.
