Proof of Work vs Proof of Stake

--

Note: This is an old article I created almost 5 years ago (Slightly edited/rewritten to be more readable). Because this article was made such a long time ago, it might or might not be outdated when it comes to explaining the downsides of PoS. Ever since I wrote the original (It was published it on a different website), my views on blockchains and cryptocurrency have changed a lot, and I don’t necessarily share the opinions expressed in the text below. Regardless, I still think it gives a good explanation for PoW vs PoS work and which consensus mechanism is better for blockchains. Either way, I hope you enjoy the read :)

Press enter or click to view image in full size

It’s been a while since I’ve gotten into any serious discussion about decentralized and robust consensus mechanisms in crypto. So far, I’ve been looking at the current trends, and it seems like ‘Proof of Stake’ (PoS) is starting to get hyped up as the new “solution” to the problems of Proof of Work (PoW) with its own issues either being overlooked or outright ignored. A million DeFi coins are coming into the market that are PoS instead of PoW, claiming to be the “next best thing”.

I didn’t do much commenting on the issue earlier of whether or not PoS is superior to PoW because I felt like I did not know enough about either one of them to have an educated opinion. I often saw people on r/btc dismiss PoS as a “ponzi scheme” or “economically unsustainable/flawed”. At first, I thought it was merely an opinion held by some r/btc users because they would obviously be in favour of PoW (given that all the known versions of Bitcoin use PoW as their consensus system). In fact, I remember looking at people like u/ShadowOfHarbringer’s (possibly one of the biggest PoS critics from what I’ve seen, but correct me if I’m wrong) comments and thinking that he has only dismissed PoS because it’s not PoW, and Bitcoin (Cash), one of r/btc’s favourite coins uses PoW.

After doing the research for myself, and thinking about it critically for a long time, I came to the same conclusion that Proof of Stake is fundamentally AND economically broken, and I can no longer take it seriously. It’s surprising to me that many people who are knowledgeable in fields relevant to Bitcoin are still considering PoS despite this. It seems that rather than actually addressing any criticisms of PoS, PoS proponents just dismiss most concerns by saying that PoW has those same problems without elaborating any further, and then ending the discussion there. I’m here to discuss why Proof of Stake is fundamentally flawed, and why Proof of Work is the only consensus mechanism that works (at least so far). If you want to skip to certain sections in this article, I’ll provide a ‘table of contents’ section, which you can navigate through using the links in the “Contents” section.

Contents

1. Why is Decentralization Important?
2. What is Needed For a Decentralized Network and Consensus Mechanism
3. Proof of Work vs Proof of Stake Incentives
4. Single Points of Failure
5. Trade-offs
6. Conclusion

Why is Decentralization Important?

More often than not, the word “decentralization” gets thrown around in the crypto space as a value proposition of cryptocurrency (especially Bitcoin). At this point, so many people have just been convinced that more decentralization = better/important without ever questioning why it is important.

Despite what most people tend to think, I think it’s worth clearing up this idea. Decentralization is NOT the value proposition, nor is it the purpose of the blockchain, Bitcoin, and cryptocurrency in general. This is a fundamental misunderstanding that many people (myself included) have had when it comes to this topic. Decentralization is merely a means by which the true value proposition of cryptocurrency is acheived, which are censorship resistance, trustlessness, and robustness (no single points of failure). Satoshi also talks about this in the introduction of the Bitcoin whitepaper:

Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model. Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for nonreversible services. With the possibility of reversal, the need for trust spreads.

If there was a means by which we could have a centralized database that was as censorship resistant as the blockchain today, had no single points of failure, while being trustless in nature, it would be hard to argue for using a blockchain, as decentralization wouldn’t bring any additional value. In fact, a blockchain would be a slow and wasteful solution for trying to have a monetary system/cryptocurrency. In fact, if censorship resistance, robustness, and trust weren’t issues, for a fraction of the cost, and significantly better scalability (and security), you could have a few parties run a database with cheap computers that would likely be able to process millions of transactions per second.

To add, this is why I have had a hard time trying to empathize with any argument for keeping blocks small. Simply put, if fees are high, the nature of the network itself maybe trustless, but it fundamentally fails at being censorship resistant, which makes it self-defeating, but that’s a topic for another time.

What is Needed For a Decentralized Network and Consensus Mechanism

As discussed previously, the reason decentralization itself is important and valuable is because it allows for censorship resistance, trustlessness, and robustness, but how exactly do we achieve these through decentralization?

I think this is a question/idea worth exploring. The inherent limitation of any centralized system or database trying to be a currency/money is that the centralized entities that have control over reading, writing, updating, and deleting information within that database will always be able to control what gets added to it, which means (as we currently understand it) censorship resistance and trustlessness will never be acheived through centralized means (at least for the foreseeable future).

Ok, so we know that censorship resistance can only really be acheived through decentralization, but then that brings up the question of how do we use decentralization to create a digital currency?

As a starting point, we need 2 important properties: ownership of funds, finite supply (coins can’t just be printed out of thin air), and “memory” (Once coins are spent in a transaction, they can’t be spent elsewhere. That is, no double spending). Intuitively, the first way we might think of creating our digital currency is by having a coin just be a piece of data like a file or number. The problem with this is that nothing really stops someone from just copying these files and sending them over the network, so money can just be created out of thin air.

Given that this doesn’t work, the only reasonable way that exists to solve this problem is to create a database of transactions. In this case, coins themselves don’t literally exist, but transactions sending and receiving them do, so the coins themselves can’t just be copied. Transactions have to be generated to introduce them into the “supply”. As a consequence, this also makes it verifiable when it comes to which coins have been introduced into circulation legitimately. If someone creates a transaction where they spend more coins than the ledger has determined that their balance should be, there will be a contradiction, and the user won’t be able to just “send” the funds. If this ledger is public, even if created by centralized and trusted entities, any node or peer on the network can check the legitimacy of transaction activity on the network for themselves with all the data.

Ok, so now we’ve established a system in which coins do have ownership, can’t be printed out of thin air, and these coins can’t be doublespent on their own. We know that this ledger we’re going to make is decentralized in nature, which means that many entities/nodes/people will have a copy of it. Given this, how do we decide which is the correct copy of the ledger and which isn’t, since it’s entirely possible for two alternate versions of the ledger to exist, which means someone could just present one copy of the ledger to the recipient and the rest of the network, and once the transaction has gone through, present an alternate copy in which the transaction has been reversed without any cost, effectively making it trivial to just re-spend coins.

To solve this issue, some sort of voting/consensus mechanism had to be implemented so the network can come to an agreement on the legitimate version of the ledger itself. This had to be done in such a fashion that nobody would have to trust anyone (votes cannot be faked), and such a decision can be made quickly. Ideally, we would have 1 user = 1 vote, or anything as democratic as possible (given that it is the fastest decision-making mechanism which doesn’t put power in the hands of a single entity), but it’s impossible to define ‘1 user’ in a network that is permissionless, where any accounts and wallets can belong to anyone. On top of this, voting would have to be time sensitive because a decision needs to be made. We can summarize our consensus/voting mechanism requirements in a few points:

• Does not trust or assume others will act in good faith
• Is decentralized
• Impossible (or infeasible) to fake
• Makes decisions in a timely manner
• Results in a unanimous vote

Proof of Work vs Proof of Stake Incentives

As a re-cap, these are the requirements that we came up with for a decentralized consensus and/or voting mechanism:

• Does not trust or assume others will act in good faith
• Is decentralized
• Impossible (or infeasible) to fake
• Makes decisions in a timely manner
• Results in a unanimous vote

Intuitively, someone who isn’t experienced with cryptocurrencies might suggest that we could make 1 wallet = 1 user = 1 vote, but that wouldn’t work because any attacker on the network could just make a script to generate multiple wallets and use their voting power to either attack the network or stall it, ensuring that the network couldn’t reach an agreement, effectively killing it. This means that this mechanism doesn’t follow any of our criteria. In a trustless network, we absolutely have to assume there will be attackers and that we cannot assume everyone has good or altruistic intentions. Given this information, there does exist a possible solution to this problem…

Since coins cannot be printed out of thin air, and they cannot be counterfeited, copied, or spent by another user (as established previously), it might be tempting for one to say to say that we should make 1 coin = 1 vote, and it might seem at first glance that it would work, but we run into other problems, such as:

How do we make voting impossible/hard to fake?

If we are basing our mechanism on 1 coin = 1 vote, we need to make sure every coin that is voting is unique. After all, what stops someone from just sending coins to multiple wallets and just re-voting with the same coins? We can easily solve this by making a single vote equal to the quantity of coins multiplied by their age in days, and that will solve our issue of votes being easy to fake. Another question might be

Where do the coins come from, and how do users vote with them?

The ONLY solution to this would be a single central party being given all of the coins ahead of time, and then distributing them to users so they can vote with them. In terms of the requirements for our voting mechanism, it is impossible to fake, meaning that votes are at the very least unique. This would essentially be ‘Proof of Stake’. We can also hypothetically reward voters by giving them more coins by acting honestly, but more on that later…

If we were to use this as a voting mechanism, it would meet our requirement of being impossible/difficult to fake, but it would not be suitable for voting as outlined because it is an inherently centralized mechanism, on top of one that assumes others will act in good faith, and can result in a vote not being unanimous (and potentially tied votes). What do I mean by this? Well, to elaborate on this point-by-point…

It is an inherently centralized mechanism

When a central party is the one distributing coins, they have all of the voting power in the beginning. They are the absolute gatekeepers of the network, and can choose who and who not to assign votes to. This is equivalent to a dictator owning a nation, and saying that they’re switching to democracy, but they get to choose who can vote.

It assumes others will act in good faith

We have already established that a central party starts with all of the voting power, so the next question one might ask is if coins are distributed fairly by the central entity, then shouldn’t the voting mechanism meet all the requirements as stated previously? In theory, this would make sense, but in practice, it completely ignores the issue in the first place… How do we verify that the coins have been distributed fairly when nobody knows who is behind what wallet?

Anyone can generate wallets as they please, and just shuffle their coins to make it look like the distribution is fair when in reality, all of the shuffled coins belong to the same entity. There is no way of verifying whether or not coins are distributed fairly, which means that you are relying on the central stakeholder acting in good faith to keep the network working and secure.

It is not good at making unanimous decisions and reaching consensus

Often times, the consensus rules can and do get changed. In such a case, the network is also faced with a voting decision in which there are two different ledgers of coins. The coins themselves are also separate, but what is important to realize is that there needs to be some way of making a decision on which ledger to keep, and which to abandon. If votes are cast using coins, the incentive of stakeholders is not to stake only one chain, but both. They are rewarded for stalling the actual network itself, and making it harder to reach consensus. Incentives cannot be forced in the same way since staking is done on two separate forks. It’s not a good set of incentives, and presents a fundamental flaw.

…So what is the solution?

Knowing all of this, there does seem to be one last solution to the governance system of our mentioned decentralized ledger, and that is using computing power to enforce rules. This consensus system is what is called Proof of Work, and to this day is the only consensus mechanism that actually checks off all the boxes, or at the very least, more than any other proposed “solution”. If we iterate over all of our requirements, and compare:

Does not trust or assume others will act in good faith

Proof of Work doesn’t have to trust that others will act in good faith, because mathematically speaking, everyone, good and bad, has no choice but to do so. If someone is transacting with you, and the computational power that has gone into embedding your transaction into the blockchain is more than the cost of the transaction itself, you can know with almost complete certainty that your transaction will not be reversed by an attacker. Furthermore, there is no central party that starts with all the voting power and can choose to keep it for the rest of eternity. For any one party to maintain power over the network, it requires constant reinvestment into securing the network itself. If more capital comes into the network, the entity’s voting power automatically goes down, making it harder for them to have any control over the network.

Is decentralized

This one is somewhat debatable, but so far, PoW has much stronger decentralization when compared to PoS and other consensus mechanisms. In PoS, if one entity controls most of the coins, they have that power for the rest of eternity. Nothing can be done to prevent or change that. It is permanent as long as they choose not to sell their coins. In PoW, just because someone has a majority of the hashrate, it doesn’t mean it is set in stone. If hashrate grows, then said entity has lesser voting power, and the network can eventually return to state where it is once again decentralized.

Impossible (or at the very least, extremely difficult) to fake

There is no way of faking votes in PoW at all. Every vote is done with computation, which can only be done by actually voting with computing power. This is what allows SPV in Bitcoin to work. Users don’t need to see anyone else’s transactions but their own (cryptographically, and irrefutably proven) to know that they are on the correct chain, and that their transaction has been backed with computing power.

Makes decisions in a timely manner

Any time the network has to reach an agreement, and the consensus rules change, resulting in two different ledgers, there is no incentive to try and divide hashrate between two chains, like there is to have equal staking in Proof of Stake. If a miner tries to divide hashrate, they will lose money doing so, as one chain becomes less and less profitable to mine. The incentives are directly to make a decision with their voting power.

The end result is a unanimous vote

This one is self-explanatory, but basically, the incentive of profit and the expenses incurred for actually attacking the network directly enforces decision making to be one-side only.

Single Points of Failure

One of the biggest differences between PoW and PoS, apart from the incentives laid out is how easy it is for the entire network to fail. In PoS, if one entity has majority stake in the network, the entire network has effectively failed, and permanently (even if it hasn’t, it creates an inescapable inequality/centralization pressure). Voting power for the majority staker remains the majority without any way out. With PoW, a miner with the majority of the hashrate has to constantly reinvest if they want to maintain their power over it, but them maintaining that power even after reinvesting capital is not a guarantee.

Trade-offs

So this might beg the question… Why even bother with PoS, and what does it do better than PoW? A lot of the answers revolve around vague words like “better scalability” and “much greener”, but the truth is, I have yet to see an actual argument as to why PoS is more scalable. Hardware for seeing, keeping, and accepting transactions stays the same, so I don’t see why there would be any magical capacity increase. As for the only good argument, PoS is less energy intensive. The question is whether or not that is worth it for the trade-off of inherently being much less decentralized, having poor incentives, or even being worse overall for decision-making.

Conclusion

While PoS has become more popular among crypto enthusiasts, and is being seen as an alternative to PoW, in my opinion, it is nothing more than a false promise. Intuitively, it would make sense to think about using coins for voting, as they’re scarce, and can’t be faked, and it seems like such a simple solution, which is why I personally believe Satoshi knew this well before actually releasing the Bitcoin whitepaper back in 2008. I don’t think PoS is a radically new and unique idea that it only came around well after Bitcoin’s conception. But I’m no fortune teller, so time will tell…