PoS versus PoW (2/2)

In the first part of this post we examined how the properties of Bitcoin, which enabled it to bootstrap the cryptocurrency ecosystem in 2009, became a problem as it scaled to millions of users with a network value of billions of dollars. Primarily use of the Proof of Work (PoW) protocol which leads to:

  • Excessive use of energy
  • Extreme centralisation which places power over the network in the hands of a small number of individuals
  • Very high cost of entry for new miners
  • Slow innovation cycle

So why is Proof of Stake a better approach?

Let’s consider the issue that Elliot Hill addresses in the CF post, namely reaching consensus on a chain. The key problem is to incentivise participants to behave in a trustworthy manner, such that we can always choose the longest chain, and be confident that the majority of participants have not attempted to subvert the ledger (the Byzantine Fault or Generals problem).

Bitcoin achieves this by ensuring that the cost of cheating is higher than behaving in a trustworthy manner. Miners compete to solve a computational challenge with variable costs in order to extend the block chain.

If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.

Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, 2009

So how does Cardano attempt to solve this problem so that there are the same incentives to play honestly by the rules?

In the protocol used by Cardano, time is divided into 5 day epochs, and within an epoch slot leaders are elected to extend the chain (or mint the block) proportionally based on the stake they hold. Slots are allocated by a provably random function in the previous epoch, preventing an attacker from using repeated denial of service attacks against slot leaders. Stake Pools are only rewarded in the following epoch for slots they successfully led that sucessfully extended the chain, thus incentivising them to behave in a trustworthy manner.

Abstract. We present “Ouroboros Praos”, a proof-of-stake blockchain protocol that, for the first time, provides security against fully-adaptive corruption in the semi-synchronous setting: Specifically, the adversary can corrupt any participant of a dynamically evolving population of stakeholders at any moment as long the stakeholder distribution maintains an honest majority of stake; furthermore, the protocol tolerates an adversarially-controlled message delivery delay unknown to protocol participants.

Ouroboros Praos: An adaptively-secure, semi-synchronous proof-of-stake blockchain, Bernardo David, Peter Gazi, Aggelos Kiayias, and Alexander Russell

This leaves a few important issues the protocol Ouroboros Praos, used by Cardano in the Shelley era, also needs to address:

  • Sybil attacks- the attacker spins up a large number of pools which enables them to take overall control (majority) and falsely extend the chain
  • Convergence to a small number of pools leading to the same centralisation and control problem that Bitcoin has

The solution to these are covered in the academic paper Reward Sharing Scheme for Stake Pools which derives why Cardano is resistant to Sybil attacks and will converge to approximately 150 stake pools (with the current K parameter):

We introduce and study reward sharing schemes (RSS) that promote the fair formation of stake pools in collaborative projects that involve a large number of stakeholders such as the maintenance of a proof-of-stake (PoS) blockchain. Our mechanisms are parameterized by a target value for the desired number of pools. We show that by properly incentivizing participants, the desired number of stake pools is a Nash equilibrium arising from rational play. Our equilibria also exhibit an efficiency / security tradeoff via a parameter that calibrates between including pools with the smallest cost and providing protection against Sybil attacks, the setting where a single stakeholder creates a large number of pools in the hopes to dominate the collaborative project.

Lars Brünjes, Aggelos Kiayias, Elias Koutsoupias, Aikaterini-Panagiota Stouka. June, 2020

Hence we can show that the Ouroboros Praos PoS protocol used by Cardano in the Shelley Era, addresses the PoW issues that 1st and 2nd generation crypto currencies like BTC and ETH suffer:

  • Energy costs are low, typical pools using the reference architecture can operate with minimal power consumption for nodes and network equipment.
  • As pools become saturated the return to delegators reduces, incentivising them to move to less saturated pools thus preventing centralisation to a single ‘winner takes all’ stake pool
  • Costs are not prohibitive for new system entrants, any excessive centralisation incentivises new entrants to the ecosystem, and there is a linear cost to start new pools reducing the potential for Sybil attacks

The last issue; a slow innovation cycle requires us to consider governance which will be the subject of a future post…