Vulnerability: Proof of Work vs. Proof of Stake
With all the talk about the future Proof of Stake version of Ethereum and the ever-splitting nature of Bitcoin due to developer community disagreements, a lot of us are left with many questions.
Primarily — why is proof of stake “better” than proof of work? Why are blockchain network and protocol decisions so contentious amongst developer teams? Why can’t someone break this down into readable english?
The former questions will always be up for debate, but I can help you with the latter. When it comes to vulnerabilities in any Blockchain system, you need to confront that system with a set of Consensus Protocol Conditions — simply put how incentivized and secure the guidelines of the blockchain system are. Here are the standard Consensus Protocol Conditions:
- A user who discovered a block should be encouraged to broadcast it over the network immediately and not hold it for himself
- A user should be discouraged from discovering blocks on top of intermediate chains. More precisely, if there is a known block B′ referencing the block B, the user should have no reason to build on B.
- Consensus rules should be constructed in a way that results in resolving blockchain forks, i.e. one of the competing branches should take over all other branches in a reasonable amount of time.
Based on these, and a few other comparative categories, let’s break down the advantages and disadvantages of PoS (Proof of Stake) and PoW (Proof of Work).
Note: These notes have been taken and simplified from Bitfury Group’s “Proof of Stake versus Proof of Work” White paper. They did an excellent job.
Cost of Execution/Attack
- PoS has a lower barrier to entry for block generation rewards given that it’s system avoids of expensive computations. This makes it more environmentally friendly than PoW
- Cost to attack a mature PoW system higher than the cost to attack a mature PoS system. In PoW, an attacker would need to acquire 50%+ of the computational power in the network, but in PoS, an attacker would need to acquire 50%+ of the currency within that system
- The majority of problems with PoS protocols arise from the fact that a protocol is not aware of anything except for its blockchain. In a proof of work system, there is an external factor, namely the amount of computational work involved to find a solution to. With proof of stake, there is nothing physical “anchoring” the blockchain in reality; thus, one can intuitively see PoS consensus as more prone to attacks.
- PoW protocol is fair in the sense that a miner with p fraction of the total computational power can win the reward and create a block with the probability p.
- PoS protocol is fair given that an individual stakeholder who has p fraction of the total number of coins in circulation creates a new block with p probability.
- PoS — In a proof of stake system, there is always a concern that the initial holders of coins will not have an incentive to release their coins to third parties, as the coin balance directly contributes to their wealth.
- PoW — The process of solving a computational challenge imposed by a proof of work protocol is called (block) mining.
- PoS — The process of solving a computational challenge imposed by a proof of stake protocol is called (block) minting.
- PoW — Has objective consensus protocol, where a new node can independently arrive to the same current state as the rest of the network based solely on protocol rules.
- PoS — Is not an objective protocol. It is weakly subjective, given that a node needs a recent state in addition to protocol rules and messages propagated across the system to independently determine the current state of the system.
- DoS Attacks — A DoS attack is aimed to disrupt the normal operation of the cryptocurrency network by flooding the nodes (PoW more vulnerable)
- Sybil Attacks — In a Sybil attack, the attacker disrupts the network by creating a number of misbehaving nodes. (PoW more vulnerable)
- Selfish Mining Attack — In selfish mining, an attacker selectively reveals mined blocks in order to waste computational resources of honest miners.
- Bribe Attack — (1) The attacker performs a spending transaction he wants to reverse later. (2) Immediately after the transaction, the attacker starts to build an alternative chain based on the block prior to the one containing the transaction. The attacker builds on the alternative chain in secret. (3) After the transaction gains the necessary number of confirmations (e.g., 6) and the attacker’s chain is longer than the valid chain, the attacker publishes it whole. The attacker’s chain is accepted as the new valid blockchain, and the transaction is reversed. PoS Bribe Attack cost 50x lower than PoW Bribe attack.
And that’s pretty much it! (As an overview at least). Regardless, many considerations need to be made when you develop ANY blockchain system!