Security researcher Dahlia Malkhi criticized Ethereum’s proposed Casper Proof of Stake (PoS) system yesterday at a conference in Curacao. Malkhi said she’s excited about cryptocurrency but argued that not enough academic research has been done to guarantee the safety of protocols like Casper.
While Proof of Work mining is highly effective at securing a network, it’s also extremely wasteful. Miners must expend vast amounts of electricity as they race other miners around the world to solve cryptographic problems. Bitcoin mining will soon use as much electricity as the entire nation of Argentina, according to Fortune, which is 140 terawatt hours or 0.6 percent of the world’s total energy supply. Environmentalists, in particular, are up in arms over Bitcoin mining’s high energy usage and the effect they say it’s having on the environment.
Proof of Stake offers a solution to the vast amount of energy spent on mining. PoS secures the network by requiring participants to “stake” their coins, which proves to the network that the user does, in fact, own them. Once staked, each user has a chance to be selected to “forge” the next block, adding it to the Blockchain and collecting a reward. Those who have more coins staked have a greater chance of being selected to forge blocks.
This sounds quite simple, but PoS faces several different problems. The most serious of all is the “nothing at stake” problem. Suppose that somebody wants to execute an attack on the Bitcoin network. Unless he has enough mining equipment to produce 51 percent of the future blocks on Bitcoin’s network, he will fail. Even if he has brief success, in the long term, honest miners will succeed at creating a chain longer than the attacker’s, and no harm will be done.
Let’s say that same person attacked a Proof of Stake system, by staking a large number of coins and then forging blocks that were incorrect. Other forgers, who are presumably honest, would actually be incentivized to forge blocks on both Blockchains- the original Blockchain and the attacker’s Blockchain.
Since PoS requires virtually no computer resources or electricity expenditure, forging on both Blockchains is a very inexpensive form of insurance. That way, if the attacker does succeed at gaining control of the network, the stakers don’t lose any block rewards since they have produced blocks for both chains. Since honest stakers are forging blocks on both chains, the attacker doesn’t need to have nearly as many resources to succeed at an attack.
This is the essence of the “nothing at stake problem.” The rules of physics mean that miners can only direct their equipment to mine on one Blockchain at a time, so they must pick between the original Blockchain and the attacker’s. Since stakers face no such choice, it’s rational for them to forge on both chains, just in case.
Ethereum is attempting to fix this problem using a system they are calling “Casper.” Casper attempts to fix the “nothing at stake” problem by punishing stakers who forge blocks on more than one chain. In essence, Ethereum users must stake some of their Ether to validate transactions. If their network peers believe the staker is lying, then part of their staked coins are seized by the network. This means stakers may only forge blocks on one chain at a time, just as miners are required to do.
During her presentation, Malkhi commented:
"I think proof-of-stake is fundamentally vulnerable. You're giving authority to a group to call the shots [...] In my opinion, it's giving power to people who have lots of money.”
Indeed, she’s correct. Those with more money will have more control over the network. Yet, this is no different from Bitcoin or any other Proof of Work cryptocurrency. Those who have more money will buy and operate more mining equipment, giving them a greater say over what happens on the network.
This is also how the real world works. Somebody who owns one share of a company doesn’t have nearly as much voting power as somebody who owns a million shares. It would be completely illogical if they did. Granted, this tends to lead toward centralization, but it’s the only way to avoid a Sybil attack. If every user of the network had an equal amount of power, regardless of how many coins or how much mining equipment he owned, then one person could create thousands of different “identities” and give each of them a vote.
At least for the present, it makes sense that those with more skin in the game will have greater influence over the network. This is a good thing because those with more at stake have more to lose by making bad decisions or attempting to harm the network. Incentives are properly aligned, leading to better decisions over the long run.