There's some interesting recent back-and-forth on the bitcoin-dev mailing list about proof of stake. I'll add some links here as I come across them.

First, I love how simple Voskuil makes his anti-proof-of-stake-argument, albeit it's only one angle, it's kind of interesting:

This blog about attacks on proof of stake reminds people of the anti-DOS feature of PoW which is easy to forget:

-of-work -of-stake

· · Web · 3 · 5 · 11

This blog (not the only one by the author) critiquing PoS security in adversarial situations is interesting:

I deliberately didn't even mention the old proof of stake writings by Poelstra or Sztorc ("truthcoin"), I guess everyone already knows them and they're pretty old now.

It's also a good idea to read the Ethereum proof-of-stake FAQ if you find this interesting (they take an alternative view, of course!).

I agree pretty much down the line. Stake is obviously interesting because it should improve allocation of resources (i.e. less waste) but these risks are very real. Perhaps there is some algorithm which settles on a "peacetime" (delegation/stake) model, but if disturbed, will trigger a "revolutionary" model where PoW enters the story again. This might be an interesting area of research.

@cjd My intuition has always been more along the lines of proof of stake not being saving of waste (see Storzc's "nothing is cheaper than proof of work" argument; see also my counter to the concept that we are talking about waste in in particular section "So is all this waste bearable?"; I am a windbag).

Your mixed concept, yeah, perhaps, but I see that as similar to saying "we don't always need 100% decentralized/censor-resistant solutions", which is definitely true.

@waxwing thanks! Yes, I find Voskuil's book interesting and thought-provoking in the way it lays out frameworks on these topics

bought the paper book and am thankful to my Chaincode residency flatmate James Chiang (a very good person) for his work on it

@jon funny you mention it, i just saw it pop up on my amazon feed, I'll probably buy it too. Not many books about Bitcoin I would buy, so far I've only bought "The Blocksize War".

@waxwing any good?

re crypoeconomics, note that the many links in the online book are ofc inoperant in the paper version but are noted with underlining, so in this way it's less convenient but i still prefer reading and highlighting passages by hand in real books and getting away from the omnipresent screens

@jon right.

> any good?

Yes, for us. It's effectively a very detailed collation of Jonny's experiences during the whole process, and he was indeed somewhat of an insider. I think it's excellent as a historical document, not biased either. He offers thoughtful commentary on the events, but doesn't overdo the editorializing.

I actually enjoyed reading it, but it is not the typical style of writing that journalists and novelists use. Much more the style of a blog.

> Overcoming censorship is not possible in a PoS system, as the censor has acquired majority stake and cannot be unseated.

This is true in theory, but not in practice. If you keep staking while other people want your coins, this is costly to you. The prices rises and your opportunity costs are rising with it. Sooner or later, hodling becomes too expensive.
@methyltheobromine @waxwing it doesn't matter how wealthy you are, to make money you have to get a return on your investment. staking isn't 'free'.

@lain @methyltheobromine @waxwing isn't the validator still selected at random no matter which node(s) are largest?

@JackMeinoff @methyltheobromine @waxwing yes, you can not really control the system unless you really have 100%, but at least it makes it much more likely for you to be chosen

@lain @methyltheobromine @waxwing putting more bets on a roulette board means i increase my chances of winning but i also put more at risk and return less on my investment and ultimately - may not be selected

@lain @waxwing while the price for either you or me to pay might be equal, it's likely out of scope for me but basically free for you, considering you're one of the wealthy.
@methyltheobromine @waxwing but you still need to make money with it. it's not like rich people try to manipulate a blockchain because it's fun to blow millions on slightly slowing down transactions.
@lain @waxwing why? I've seen people throw coins on roof tops for fun.
For rich people blowing up a blockchain for fun seems equally painless
@methyltheobromine @waxwing so why do these rich people not buy server farms for pow now to fuck up bitcoin?


Your point seems absolutely valid that they incur opportunity cost, but I don't think it requires rising prices, does it?

Meanwhile, I think the dynamics are what distinguishes the cases: both have an initial upfront capital cost, but, over time, a censor in pow needs to overcome *all* other actors, meaning a greater and greater running cost; in pos, once 50% is reached (crude analysis, I know real algos are not simple), it's *over*. There is no more counterattack.

@lain So it's like, yes there is an opportunity cost in that initial outlay but it's calculable (just like buying some consumer good).

I know in the real world a bunch of dynamics come into play (and exact PoS algo can change it all kinds of ways), but I still think his core point is something to take very seriously. It's just one angle on why to my mind PoS is not an alternative to PoW.

@waxwing staking is exactly not like buying a consumer good, because it is productive: you get a return from staking. staking is like a capital good. Keeping money locked up in staking prevents you from investing it into other capital goods, and the more people stake, the smaller the staking rewards get, so at some point, it makes more sense to stop staking and invest in something else.

Thus, staking is getting more costly the more you stake (and you'd need to stake a lot to overpower the system). And what would you gain? double spends or denial of service (which are pretty much the same thing) until you are removed from the staking pool as an obvious bad actor. (via slashing or another mechanism). It's just incredibly expensive.

I think in the PoW vs PoS discussion there are a lot of half-truths going around. PoS people say it's obviously better because it's not as 'wasteful' as PoW, but you still need the exact same 'waste' as with PoS, it just doesn't look that way because the money is burned in opportunity cost and not electricity. (it might still be more efficient because of punishment mechanisms like slashing, but not many make that argument)

PoW people tend to come up with arguments against PoS that ignore financial incentives. In the end, PoW is also secured by financial incentives and not by electricity: If someone with a trillion dollars wanted to ruin bitcoin, they could just buy all mining farms and DoS the whole system. But they'd just burn money that way, and the same is true for PoS. Even worse, if you ruin the PoS chain, your asset (the staked coins) go down with it. With PoW mining farms you at least have some calculation hardware that you can use for other stuff.

I absolutely agree that PoW is more obviously secure than PoS. But that doesn't mean that PoS is obviously insecure.


> staking is exactly not like buying a consumer good, because it is productive: you get a return from staking.

Yes, good counterpoint, but (and this applies to most of your argument): you are assuming only an economic incentive "in-game".

An attacker's goal may not be to gain in terms of the "in-game" currency: it may be to kill the currency. For this attacker, it's more like a consumer good, because their goal is not the staking rewards.

That's why PoW's *external* cost matters.

@waxwing yes, but the attacker needs to get the in-game money somehow. and this money does have external value (for example, exchange rate to a PoW coin). I still think that the situation is the same as with PoW, if you have money to throw away, you can 'crash' both systems. If you want to kill PoS, you first have to invest to buy enough coins to stake 51%. This alone is probably prohibitively expensive. But then you need to burn your asset. How likely is it that you can do that and still come away with a profit from off-chain effects (let's say, reintroducing fiat currency)?

@lain i mean yeah, propping up a fiat; promoting an alternative crypto-ccy; geopolitcal gains; who knows?

But: At some point you can, very reasonably, argue, that that's academic: if they succeed in totally censoring PoW for 6 months, everyone who is honest might give up, so only theoretically is it "permanent energetic cost".

@lain @waxwing yep, have to buy 51% of the entire crypto market and then burn your own money

I could only imagine a state actor doing it and it could ruin that country's economy
@feld @lain @waxwing that would be a brute force attack. People usually stake in exchanges so it would be easier to focus the attack on them: hacked once, dead forever.
@pamaca @lain @waxwing you can't attack one exchange that's staking and get anywhere. You need control of 51% of all staked coins.

You do not need to stake through an exchange, so you can't just target exchanges.

You can stake at home on a Raspberry Pi
Sign in to participate in the conversation
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!