ETH2.0: The journey from PoW to PoS

PoW, PoS and Sybil Attacks

As the leading public chain in the current crypto ecosystem, ETH has the most prosperous ecosystem and the largest TVL. Therefore, the ETH2.0 upgrade plan has naturally become one of the most popular topics in the current crypto world. One of the core points of this upgrade plan is that the verification mechanism will be changed from PoW to PoS.

According to the most core and basic "anti-sybil attack strategy" in the blockchain consensus mechanism, the blockchain consensus mechanism can be divided into two mainstream branches: Proof of Work (PoW) and Proof of Stake (PoS).

Let's first briefly explain what a Sybil attack is: A Sybil attack is an attack that interferes with the network by forging multiple IDs. The name comes from the famous American novel "The Witch". The protagonist of the novel suffers from multiple personality disorder, and multiple personalities are compatible in one body.

Sybil attacks are very common on the Internet. The amount of likes and likes in Taobao products are all faked by hackers through forging a large number of IDs. The most common attack scenario of Sybil attacks is the data redundancy mechanism, that is, the mechanism of multiple backups of data in order to improve network security. Blockchain is a typical example of using multiple backups of data. Therefore, there is no shortage of Sybil attacks in the blockchain of distributed data storage.

To implement a Sybil attack, a large number of fake nodes need to be forged through a physical node and broadcast to the entire blockchain network. When other normal nodes query information through these fake nodes, the attacker can manipulate the fake nodes to interfere with the query, and then feedback false information to the queryer, or simply not feedback any results.

When the number of fake nodes in a blockchain exceeds that of real nodes, the attacker will use the advantage of leading votes to repel the real nodes. The attacker can also refuse to accept new blocks, return error messages, etc. to reject the addition of new nodes to achieve domination of the blockchain. In this case, the attacker has the decision-making power of the entire blockchain and can tamper with transaction records and change the transaction order, causing great harm to the blockchain.

The basic principle of blockchain is that users pack several transactions into blocks, connect the individual blocks into a chain through hash references, and thus obtain a shared ledger. However, it is difficult to guarantee the security of using a ledger directly in this way, because bad guys can also create a ledger and then put two ledgers in front of users at the same time. Which one is true and which one is false, and which one users should believe, becomes a complex trade-off.

If it is in a centralized environment, this problem will no longer be a problem. For example, if I have a bank account, the balance is completely determined by the bank's central system. If the actual amount of the account is inconsistent with the facts, I can resolve the problem by coordinating with the central system or through legal means.

But in the decentralized world, there is no such centralized organization that can make the final decision. Therefore, people need to reach consensus through other means to ensure the fairness of the ledger.

So the question is, how should consensus be reached in a decentralized environment?

The most classic way is voting. By everyone participating in the vote, you can select a trustworthy ledger and then use it together.

However, when it comes to voting, the issue of fairness and justice cannot be ignored. For example, how to distribute voting rights is an issue that must be considered.

If a certain individual has enough votes to influence the whole process in a voting activity, then it is difficult to call this activity a voting activity. This means that the result will be determined by what he wants to do, which is obviously unfair to other individuals, and this unfair method is doomed to fail to reach a consensus. Therefore, if we really want to reach a consensus, we must eliminate this unfairness. Therefore, the distribution of voting rights is regarded as one of the most core parts of the consensus protocol.

If it happens offline, the issue of voting rights distribution can actually be easily solved. Simply implement one person one vote. As for identity verification, it can be solved by registering with your ID card when voting.

But if it happens online, the issue of one person, one vote will be infinitely complicated.

First of all, in an online environment, especially in a decentralized environment, how to define "a person" is a big problem. Everyone exists anonymously online, and it is even impossible to tell whether the person on the other side of the network is a picky man or a dog. Therefore, we need a mechanism to resist witch attacks. But should we regard an account as a person, or an IP as a person, or use some other standard to determine it?

In blockchain, the two most commonly used solutions are Proof of Work (PoW) and Proof of Stake (PoS), the latter of which includes Proxy Proof of Stake (DPoS). Of course, there are other ways of proving, such as proving how much space is owned or how much currency is burned, but the most mainstream ones are PoW and PoS.

Proof of Work

The basic idea of ​​proof of work (PoW) is to determine the right to produce a block through computing power. If you can solve a PoW computing problem, you can get the right to produce a block. We can even roughly understand it as one CPU, one GPU, or one mining machine one vote. The advantages of this model are:

1. The entire system is permissionless. Participants do not need permission from anyone, as long as they have a machine and computing power, they can participate. In theory, you don’t even need a machine. If you can manually calculate the hash of a block and upload the result in time, others will still recognize it as a legitimate block.

2. The cost of PoW voting itself is relatively high. Whether using CPU, GPU or mining machine, the cost of the machine and electricity are real money. This means that if you want to carry out a witch attack in a PoW environment, you will have to pay a very high cost, which often makes the attacker lose more than the gain.

3. The votes cast in PoW and the voting rights remain bound. According to the general logic of proof of work, when voting, you need to package a block first, and then do proof of work on this block. If the proof is made, it is equivalent to casting a vote, but at this time the packaged block can no longer be modified. On the other hand, if you want to roll back your own block, you must pay the same computing power as when rolling back other people's blocks. This means that once the vote is successful, even the voter himself cannot modify the content of the vote, and the credibility of the vote is guaranteed.

Of course, the consensus algorithm based on the PoW mechanism also has some unavoidable shortcomings.

1. The latency of PoW is very high, because after the transaction is packaged into the block, the block does not immediately become a valid candidate block. At least one proof of work must be completed before the block can be called a candidate block.

Therefore, during the period from when the block is packaged to when the proof of work is completed, the transaction cannot be confirmed by anyone. So even if Bitcoin does not wait for six blocks to be confirmed, but confirms once a block is seen, it still takes an average of ten minutes to confirm a transaction.

2. Another shortcoming of the PoW mechanism that has been criticized is that it consumes a lot of energy and is not environmentally friendly. As for whether the energy consumption of proof of work is necessary, I think it is a matter of opinion and you can reserve your opinion. Although it does have some waste problems, the cost for attackers is also raised to an unbearable level. From this perspective, it does not seem to be a bad thing.

Proof of Stake

The basic idea of ​​Proof of Stake (PoS) is that when you hold a token (stake), you have the right to record and vote. Your voting rights are proportional to the amount of tokens you hold. In short, the more tokens you hold, the greater your voting rights.

The basic framework of the PoS protocol is to allocate packaging rights and voting rights according to the amount of coins held by all participants. This means that the information of the participants is known. As for the significance of this, we will not discuss it for now and will discuss it later.

Back to the packaging rights and voting rights, in the PoS system, packaging and voting are separate (these two are not separate in the PoW system). After the packaging rights are allocated, the person who gets the packaging rights is eligible to produce a candidate block. This block contains the transactions to be processed and the signature of the packaging rights holder himself.

However, the candidate block does not mean that it will be included in the consensus. After the candidate block is broadcast, those with voting rights need to vote (the form of voting is to make a signature on the voted block). Only after the vote is supported by a relative majority of votes, the candidate block will finally be included in the consensus and become a valid block. Of course, the voting process can be executed in many ways, and the most common one is to use a consensus algorithm where the minority obeys the majority.

This is very different from PoW, because in the PoW system, people have no idea how much computing power the entire network has, and can only rely on estimates, which are generally inaccurate. Therefore, it is almost impossible to use a certain threshold to determine what is the majority in the PoW system.

In the PoS system, if it is detected that some participants have violated the PoS consensus protocol, they can be punished. For example, some people cast their votes for many blocks, or have votes but do not vote. These behaviors that affect the security of the system can be punished.

Next, let’s look at the advantages of proof of stake:

1. The motivations of miners and coin holders are consistent.

PoS miners must hold coins, which means that in the PoS ecosystem, there will be fewer people who do not hold coins but rely on machines to mine. In the PoW community, the interests of the rich, developers, and miners are often not completely consistent, and then disputes will arise, so that many things will be difficult to progress in the end. In PoS, at least the interests of miners and capitalists will be more consistent, which will reduce conflicts and disagreements to a certain extent.

2. The latency of PoS can be made very low and the confirmation can be very fast.

In the PoS system, a transaction can be packaged immediately after it is received, and it can be broadcast after packaging. There is no need to wait for this time, unlike PoW, which requires waiting for at least the time of doing a PoW problem. The delay of PoS consensus is mainly limited by the network and the number of people participating in the vote. Because the more people vote, the longer you have to wait.

3. PoS is more environmentally friendly because it does not require proof of work.

In Pos, voting is actually just making a signature and doing some simple calculations at most, which is much easier than solving the PoW problem, so the computing power and electricity consumed are naturally greatly reduced.

But it must be said that the disadvantages of PoS are also relative to its advantages. In addition, it also loses some advantages of the PoW system.

1. Compared with the permissionless PoW system, the PoS system is slightly worse in anonymity and permission. Because if a person wants to join a PoS system, he must first hold a token. This token cannot be obtained by other means. It can only be traded with people who hold tokens, and only after the transaction is successful can one join the system. Unlike PoW, as long as there is a machine connected to the system, tokens can be mined directly.

2. The cost of voting itself is very low, and a valid vote can be generated by just signing. This will lead to some security issues, such as the common disinterested attack problem in PoS systems.

In addition, voting rights can be reused and transferred, which is also quite dangerous. If a user sells his private key to someone else, then the votes he cast previously or the choices he made in each branch in history can be re-selected by anyone who gets his private key. This will cause some security problems.

3. We mentioned earlier that in the PoS mechanism, the information of the participants is known before the voting rights and packaging rights are allocated. Therefore, the voting rights are decided earlier than the candidate blocks are generated. This means that the strategy space that people can choose will be larger, and the entire game will become more complicated. Generally speaking, a large strategy space is quite unfavorable to the security of the system because it will leave more room for attackers to operate. As a result, there will be more attack methods in the PoS system, such as no-interest attacks, long-range attacks, etc.

4. In PoS, miners and capitalists are usually one person (a group), although this will reduce the gaming cost of the entire system. But it also means that the degree of centralization of the entire system will rise.

PoW and PoS

In blockchain, there is an impossible triangle, namely security, efficiency and decentralization. Usually, these three aspects cannot be achieved at the same time. PoW and PoS make different trade-offs in these three aspects.

PoW ensures the security and decentralization of the entire system by requiring no permission and requiring no computing power, but it inevitably suffers from shortcomings in terms of efficiency. In fact, it has long been plagued by problems such as high latency and low throughput.

PoS has chosen another path. It is no longer permissionless. Instead, miners become the actual participants in the ecosystem. This means that if miners make decisions that are not beneficial to the entire system, the bad guys will also pay a price (the token value will drop). However, its voting mechanism also reduces the security of the entire system. At the same time, the identity of miners and capital also makes the system have the risk of centralization.

Someone once made an analogy.

In a typical PoS consensus system, everyone obtains a ticket by staking their equity, and then the person who obtains the ticket sits in the conference room and makes decisions.

In the PoW consensus system represented by Bitcoin, a group of people sit in a dark wilderness. They don’t know the identities of others, how many people are in the wilderness, or when others will come and go. They can only communicate and reach a consensus by shouting out their own opinions and listening to the shouts of others.

I have to say that this analogy is quite vivid, and the characteristics of PoW and PoS are clearly shown. In fact, it is impossible to compare the advantages and disadvantages of the two, and their adoption can only reflect two different trade-offs.

ETH2.0's final decision to adopt PoS also means that the efficiency problem is already quite serious for the current ETH, so it may need to be exchanged for a certain degree of security and decentralization. This is understandable. After all, there is currently no solution that can take both into account.

If the advantages of PoW and PoS can be combined, it will be possible to create a system with high security, fast confirmation, high throughput and relatively reasonable energy consumption.

However, its technical difficulty is self-evident. Therefore, we can only wait and see, and hope that a better solution will emerge.