Proof of Stake: How I Learned to Love Weak Subjectivity

The Proof of Stake Revolution: Understanding Weak Subjectivity

The world of blockchain and cryptocurrency has long been dominated by the proof of work (PoW) consensus algorithm, but a new challenger has emerged: proof of stake (PoS). While PoS has many undeniable benefits, including efficiency and a larger security margin, it also has a major drawback: the "nothing at stake" problem. However, recent research has shown that this problem can be solved with a fundamental change in the security model: weak subjectivity.

Economic Sets and Nothing at Stake

To understand the concept of weak subjectivity, we need to delve into the world of economic sets and consensus algorithms. An economic set is a group of users that can collectively perform state transitions according to a specific protocol. There are three securely decentralized economic sets: owners of computing power (PoW), stakeholders (PoS), and a user's social network (Ripple/Stellar-style consensus).

PoW has a nice property that makes it simpler to design effective algorithms: participation in the economic set requires the consumption of a resource external to the system. This means that miners must make the choice of which fork to contribute to, and the different options are mutually exclusive. Double-voting is unprofitable, and the dominant strategy is always to put mining power exclusively on the fork that is most likely to win.

In contrast, PoS has a different situation. Although inclusion into the economic set may be costly, voting is free. This means that "naive" PoS algorithms, which simply try to copy PoW by making every coin a "simulated mining rig," have a fatal flaw: if there are multiple forks, the optimal strategy is to vote on all forks at once. This is the core of the "nothing at stake" problem.

Short and Long Range

To solve the nothing at stake problem, we need to focus on short-range forks, which last less than a certain number of blocks. One solution is to use security deposits, which require users to put down a deposit to be eligible to receive a reward for voting on a block. If a user is caught voting on multiple forks, the deposit can be taken away.

Another set of strategies, called "Slasher 2.0," involves simply penalizing voters that vote on the wrong fork, not voters that double-vote. This makes analysis simpler, but it has the cost that users may be unwilling to sign anything if there are two alternatives of a block at a given height.

Weak Subjectivity

However, the nothing at stake problem is not just a short-range issue. Long-range attacks, which start far back in time, are also a problem. To solve this, we need to change the security model from objective to weakly subjective. A weakly subjective system allows nodes to come to different conclusions, but with a stable state that is known to be valid.

Under this model, we can clearly see how PoS works perfectly fine: we simply forbid nodes from reverting more than N blocks, and set N to be the security deposit length. This rule is weakly subjective, and it solves the long-range problems with PoS.

Consequences

A world powered by weakly subjective consensus would have new nodes joining the network and nodes that appear online after a long time would not have the consensus algorithm reliably protecting them. However, the solution is simple: the first time they sign up, and every time they stay offline for a long time, they need only get a recent block hash from a friend, a blockchain explorer, or simply their software provider, and paste it into their blockchain client as a "checkpoint." They will then be able to securely update their view of the current state from there.

Marginal Cost: The Other Objection

One objection to long-term deposits is that it incentivizes users to keep their capital locked up, which is inefficient. However, there are four counterpoints to this. First, marginal cost is not total cost, and the ratio of total cost divided by marginal cost is much less for PoS than PoW. Second, locking up capital is a private cost, but also a public good. The presence of locked up capital means that there is less money supply available for transactional purposes, and so the value of the currency will increase, redistributing the capital to everyone else, creating a social benefit.

Third, security deposits are a very safe store of value, so they substitute the use of money as a personal crisis insurance tool, and many users will be able to take out loans in the same currency collateralized by the security deposit. Finally, because PoS can actually take away deposits for misbehaving, and not just rewards, it is capable of achieving a level of security much higher than the level of rewards, whereas in the case of PoW the level of security can only equal the level of rewards.

Conclusion

In conclusion, the nothing at stake problem is a major drawback of PoS, but it can be solved with a fundamental change in the security model: weak subjectivity. This change allows nodes to come to different conclusions, but with a stable state that is known to be valid. A world powered by weakly subjective consensus would have new nodes joining the network and nodes that appear online after a long time would not have the consensus algorithm reliably protecting them, but the solution is simple: get a recent block hash from a friend, a blockchain explorer, or simply their software provider, and paste it into their blockchain client as a "checkpoint."

The marginal cost of long-term deposits is not as high as it seems, and it has many benefits, including a safe store of value and a public good. In the end, PoS is a more efficient consensus mechanism than PoW, and it has the potential to revolutionize the world of blockchain and cryptocurrency.

Source: https://blog.ethereum.org/en/2014/11/25/proof-stake-learned-love-weak-subjectivity