Ethereum in its current state is using proof-of-work (PoW) to ensure consensus amongst the thousands of nodes in the network. While PoW is reliable and secure, it is also extremely energy intensive. To produce each block on the network participants are required to use powerful and energy-hungry GPUs to solve a complex mathematical problem.
Alternatively, proof-of-stake (PoS) guarantees the security of the network in a different way. In PoS, anyone with 32 ETH can deposit that ETH to become a validator, a node that participates in the network's consensus algorithm. Finalizing a block requires 2/3 of all active validators to sign off on it. Should a malicious actor try to tamper with the underlying protocol by using a large number of validators to revert a finalized block (the equivalent of a "51% attack" in PoW) their funds are slashed — meaning they lose a portion of their staked ETH. This makes attacks extremely expensive; it would be like a PoW system where if you use your mining hardware to attack the network then your hardware catches fire and is destroyed.
PoS does not require the same energy-intensive hardware as PoW. Any relatively recent consumer hardware should be capable of running the software required to operate a 32 ETH staking node. If you deposit more than 32 ETH, you will be assigned multiple "validator slots" by the protocol, but you will still be able to run them from a single computer, though hardware requirements go up the more you stake. Most estimates put the expected energy savings from the switch to PoS to be around 99%.
If you have any additional questions please let me know!
> required to use powerful and energy-hungry GPUs to solve a complex mathematical problem.
No mathematical problem is getting "solved".
It is much more akin to playing the lottery: Entirely random numbers are being tried out, by sending them through an energy-intensive algorithm (being energy-intensive is the algorithm's only purpose in proof-of-work), until what comes out is less than another number. That other number is chosen according to the desired "difficulty", it has no significance beyond that.
The algorithm is literally meant to spend energy, i.e. the outcome of the computation has no meaning by itself. This also means that proof-of-work cryptocurrencies actively counteract any advances to make the computation more efficient: The "difficulty" will just be adjusted up until the efficiency gain is canceled out. Proof-of-work cryptocurrencies are inefficient by design.
Eh, a mathematical puzzle is being solved via brute-force. My intent was to explain briefly that the problem/puzzle is by nature computationally-intensive to the extent that brute-force is the most efficient way to solve/complete it.
False. The problem is so complex we have to resort to guessing / brute force to solve it; if it's so easy, give me a closed-form solution so I can become rich.
While that is true, I think the point that other users are trying to make is that wording it as "a complex mathematical problem being solved" makes it look like that work is doing something useful when it really is not.
It's worse than that, they're aren't solving anything at all. They're taking part in a lottery, in which participants have to guess a number, and the winner gets to update the ledger. Nobody is solving complex mathematical problems.
Oh, get off it. He's not "pretending to disagree", merely providing further context for the anti-utility of the PoW algorithm. The point is that the colloquial understanding of "solving a problem" implies more utility than what is actually happening, which is equivalent to guessing a random number. The mere statement that a problem is being solved at all implies that useful work is being done, which is not the case and the parent comment is right to point that out.
> Oh, get off it. He's not "pretending to disagree", merely providing further context for the anti-utility of the PoW algorithm. The point is that the colloquial understanding of "solving a problem" implies more utility than what is actually happening, which is equivalent to guessing a random number. The mere statement that a problem is being solved at all implies that useful work is being done, which is not the case and the parent comment is right to point that out.
You're either trying to confuse others intentionally, or if I'm interpreting charitably, you are merely confused yourself. In neither case is this attitude warranted. You just re-explained that the crux of the issue is useful work vs non-useful work. This is exactly the same point that Josde explained. This point was contested by lottin. I don't understand why they would contest it, as they very clearly agree with that point (based on reading other messages they wrote in this thread). According to you, lottin is not "pretending to disagree", they are "merely providing further context". This is very obviously not true. Either you are lying on purpose or you are confused, maybe you didn't read their message properly. Here it is again for you to read:
> It's worse than that, they're aren't solving anything at all. They're taking part in a lottery, in which participants have to guess a number, and the winner gets to update the ledger. Nobody is solving complex mathematical problems.
Does that sound to you like "yes, I agree, and here is some further context"? Obviously not. That message is expressing strong disagreement, not further agreement.
> Obviously not. That message is expressing strong disagreement, not further agreement.
Not obvious to me. But sure, I'm confused all right. Confused at how lottin's comment could be interpreted as contesting Josde's, when it reads as a reinforcing restatement to me. Confused at your hostility and accusations of misinformation.
Perhaps you're confused about how online conversations work? Sometimes people reply with a restatement when they feel the original doesn't go quite far enough. I mean, lottin's comment was arguably ineloquent, but he wasn't "muddying the waters". Do you perhaps have some expectation that the act of replying implies disagreement? Is it the strongly negative tone that gave you that impression? It certainly isn't the content, since you correctly interpreted my own restatement of lottin's comment as agreement.
I'm not trying to confuse others, I'm trying to enlighten you, specifically, about what happened here so that you might reconsider next time before jumping on someone for something they didn't say.
Ok, you and one other person said that lottin's comment doesn't read as disagreement, so maybe you're right and I'm the one reading it incorrectly. I'll take your feedback. Seems like I might be in the wrong here.
But the whole usage of the math puzzle is that you have to solve it using brute force, If there was a better way it won't be useful. So yeah the whole point is just guessing numbers not solving the puzzle.
What you describe is just one particular (although by far the most common) Proof-of-Work algorithm called HashCash. There are several others, such as Cuckoo Cycle, in which one must find a fixed length cycle in a huge random graph, an obvious mathematical (graph theory) problem [1].
It's not nit-picking. A layman presented with this explanation might get the impression that a "problem" is being "solved", which implies there is some utility to the PoW algorithm, rather than energy being wasted for the sole purpose of proving that energy has been wasted. In fact, even the word "Work" in "Proof of Work" implies the same. Proof of Waste would be a much more apt description of what is actually happening.
This is a lot of words to say that PoW involves an inverse-hash problem being solved. Inverse-hash is a mathematical problem. Finding the nonce is solving it.
Imagine a page of a book, for each letter a-z, assign a number to it (a=1, b=2, .. , z=26). Compute the sum of all of the letters on the page but reset back to zero when 100 is reached (i.e. 97 + 5 = 2). The resulting number is a kind of signature for the page. Changing a letter would result in a different sum.
At this point, people usually understand the utility and irreversible nature of it but quickly realize that many pages could have the resulting signature. It is a fairly easy leap of faith for most people to accept that there could be much more sophisticated algorithms that 1) use a bigger number for the signature and 2) take position into account and 3) result in very different signatures with tiny changes in input. This is usually sufficient for anyone to understand what is meant by a hash.
Finally explain that the hash must have a certain pattern to it (like end in a zero for example). If the hash of our "page" does not have this pattern, add another small gibberish word to the end and try it again. Keep trying until a hash with the expected pattern is found (and there is your Bitcoin).
The suggestion that a mathematical problem is being solved (while not completely inaccurate) sounds a bit more elegant in my opinion than what is really going on. It is really more like guessing (not that it really matters).
I definitely think it matters. The metaphor of "some moron pulling a slot machine over and over and over" (which is what I use) is more accurate and I think better represents what's actually happening than something like "solving," which evokes the image of smart person (or machine) sitting down and using their brain to discover useful information. When you say "solve" it implies that the information that is produced by the process is inherently valuable.
I agree with this point for the same reason; what matters is how people interpret it. Of course if I'm talking to a CS type I can go right into the details. The analolgy I use with laymen is solving a large rubiks cube by randomly moving pieces instead of using any other sophisticated methods. Somebody please correct my if I'm wrong as I haven't been in the cryptocurrency space for a minute, but I believe most of the 'solving' is just a nonce increment that is then hashed with the previous block header, current block, and maybe a couple other things.
I've noticed that whenever I assert that a 'complex mathematical problem' is being solved people tend to think of an ever-growing algebraic equation.
Yes, I agree. In real life I emphasize the bit I said about "randomly moving pieces", and explain that it is a feature built into the protocol. Of course there is a lot of mathematic handwavery, but people seem to get it after the fact. I've also learned that most people don't actually realize there are more optimal ways to solve rubiks cubes anyways.
Worse; if someone came up with an efficient means of solving this particular "Rubik's Cube", the cryptocurrency people would be in a rush to move away from that, and find an alternate lottery where only dumb luck helps.
A lot of textbook exercises begin with a prompt like "solve for x", where x has no existence outside the scope of each given exercise. The information that is produced has no inherent value, but I'd be surprised to hear many people object to this usage of "solve".
This is what I was trying to get to with "inherently." The information ITSELF that is yielded by the process is 100% arbitrary and not valuable, i.e. relays no additional useful information about the world (e.g. the boiling point of some new liquid or something), like many would think of when we think of people doing math to solve things.
I totally understood that you tried to define valuable in such a way to exclude cryptocurrency mining, as you can see below however it's not easy to create a definition like that. It also begs the question why that arbitrary definition of valuable is more correct than another arbitrary definition that excludes something else instead...
> valuable, i.e. relays no additional useful information about the world (e.g. the boiling point of some new liquid or something)
Theoretical mathematicians don't provide anything useful according to your definition.
Again, we're looking for a good definition for explaining it to laypeople, and I don't find it that difficult. "Pulling a slot machine" or the one from the "solving Sudokus" both work pretty well.
The theoretical mathematician definition isn't very good either because I think enough people get that the novelty has some kind of inherent value that doing something repetitive like the above does not?
Modulo summation is a good hash function to teach non-CS people what hash functions are in principle. But, judging by my experience in learning about how Bitcoin works, is not sufficient to see why it's a secure currency (and PoW explanations are only invoked in that context). I knew about hash functions long before I knew why bitcoin works.
I think the first thing people need to get over to understand de-centralized currencies like bitcoin is that money is just an illusion, a big fat shared delusion, or more accurately an inter-subjective fantasy, a way of keeping track of labor\value by agreeing on some scarce valuable thing and declaring that it represents every other scarce valuable thing if everybody agrees to trade any scarce valuable thing they have against it. I don't think most people truly relize this at the gut level (and this is not an insult to the intelligence of people, it was mind blowing and deeply enraging\upsetting to me when I worked through it to the end as well). Concept #1 : Money is any (possibly artificially) scarce thing that people with things you care about want to trade against.
Next, you observe that a currency doesn't actually has to be an actual thing you own, it just has to be an entry in a trusty and available record of all the favors you did\was done to you. Physical things are merely a convenient way to maintain a distributed record of favors in real life, but in principle all of our paper money could be replaced by a huge paper spreadsheet recorded by an infalliable angel who never lies or cheats, recording in each entry who did what favor to whom, and the amount of "favorism" that was done (so that it can be traded against other favors in the future). If everyone had an always-updated read-only access to that spreadsheet somehow, then this is a perfectly good and perfectly secure money system. You "pay" by invoking the earlier favors owed to you, "paid" to you by others, invoking favors "spends" them : turns them into the ownership of the entity you are paying. New favors are created by the infalliable angel whenever they deem necessary, they simply write in the spreadsheet "I now own 20 more favors than before, by the sheer force of my will". Concept #2 : Money doesn't actually have to be a scarce thing, it just needs to be a trusty record of transactions, scarce things approximate that fairly well in real life but are not the only way. Money is simply any promise backed by trust, scarce things are just one way of implementing that.
The final push is actually the hardest. You can't understand bitcoin without understanding even the tiniest bit of distributed systems. The fundamental difficulty of distributing a soft record and yet still preserving it's append-only nature while the machines the record is stored on can tick at 4 billion times a second must be appreciated and truly understood in all its impossiblity. Distributed blockchains' delightfully bizarre solution must be appreciated in all its counter-intuitevity. I was stuck at this stage for a long long time, knowing hashing and crypto (public API wise) but finding it difficult to understand why can't I just make-up money as I please, who's going to stop me ? who's going to know ? How can bitcoin stop me or even detect me without a central authority ? Distributed Systems are simply magic, and crypto-currencies get most of their magic and brilliance from that component. But eventually you get there if you're motivated enough and manage to dodge\discard all the trash pop-sci false explanations. Concept #3 : Bitcoin utilized super-smart magic from several apparently-unrelated fields of CS to make the fantastical spreadsheet from concept #2 come to reality.
Anyway, all of that long rant was just to say I don't think hyper-focusing on the intricacies of hashing and public-private cryptography is actually helpful for people to understand the 'why' of decentralized currencies. I don't mean they're not important building blocks, they are invaluable of course, I just mean the vast majority of work in decntralized currencies is done by the decentralized blockchain they are running on, and those work because PoW is a piece of magic and also distributed systems and also NP-hardness.
>The suggestion that a mathematical problem is being solved (while not completely inaccurate) sounds a bit more elegant in my opinion than what is really going on.
That's a very human centric way of putting it, but I agree. If a computer is searching through the library of babel to find a treatment for cancer, the computer is still 'solving' cancer, it just doesn't do it by studying medicine. "Elegance" is a human value, and my personal philsophical belief about intelligence is that its all really Search, Neural Networks and Reinforcement Learning Agents and Evolutionary Computing and Human Brain Heuristics and Knowledge are all really more efficient way of searching spaces and trees. Medicine is just there to tell what branches not to search. So the library of babel computer is just doing intelligence a bit more naively and expensively than its more efficient artifical or natural cousins, but its still "solving" a problem, like all intelligences do.
> Concept #3 : Bitcoin utilized super-smart magic from several apparently-unrelated fields of CS to make the fantastical spreadsheet from concept
Not really. Bitcoin (i.e. the original satoshi version) is hashcash, data structure merging and some game theory. Its an ingenious system, no doubt, but its ingenious because it put together some really well known building blocks in a smart way. It definitely did not use super advanced stuff from any field of CS, let alone multiple.
And that's not a dig at it either. In many ways that makes it more impressive.
Bitcoin effectively invented, completely from scratch with no precedents I'm aware of, a probabilistic Atomic Total-Order Broadcast algorithm, that's a pretty damn advanced Distributed Systems problem to me, and a solution that was never investigated in Distributed Systems orthodox literature before it as far as I know. So, in no way "really well known".
And public-private crypto & hash pointer data structures are both fairly advanced CS from multiple fields. Public Key Crypto was discovered in the late 1970s and only further explored in the 1980s, hash data structures only in the 1980s and 1990s. That's fairly young, most vanilla CS ideas date from the 1960s or before. Just because the public APIs of those things can be explained in an afternoon doesn't mean at all that they aren't advanced concepts: I can explain what a hydrogen bomb does to a 10 year old, but that wouldn't imply the Hbomb isn't advanced nuclear physics.
> Bitcoin effectively invented, completely from scratch with no precedents I'm aware of, a probabilistic Atomic Total-Order Broadcast algorithm,
Yes, the new thing bitcoin invented was novel and quite interesting. I'm not sure that is the words i would use to name it, but the result still stands.
> Just because the public APIs of those things can be explained in an afternoon doesn't mean at all that they aren't advanced concepts
Of course not. They are advanced concepts because they are some of the most basic concepts in the field and used throughout the industry. Hash functions are so prevalent that we literally have special x86 instructions just to speed up calculating sha256.
Compare for example to things like ZK-SNARKs, or homomorphic encryption which are actually cutting edge cryptography.
I think many people already know that fiat currencies depreciate and something like gold without the digging might be useful. I find people want to know more about the how than the why. If they understand a little more about how it works, they can build a bit of an intuition and can formulate their own opinions regarding whether they trust it or not (vs simply trusting another person that has an opinion on the topic one way or the other).
Of course, the hashing/nonce part is only one part of the mechanism and probably not even the most important part. However, it is where the bulk of the energy is used - most people have heard that Bitcoin uses a lot of energy and would like to understand that a bit better. I have other "parables" for explaining public/private key encryption, etc., but I was primarily responding to the parent comment.
>> That's a very human centric way of putting it
Humans are the ones assigning the value to this and they may be more likely to assign a higher value if it appeals to their sense of aesthetic. Solving beautiful equations sounds better than trial and error to many. That being said, I do think there is beauty in crypto - just maybe not in the nonce guessing bit.
> Physical cash or coin, exchanged between parties, is trusted by both parties yet leaves no transaction record.
The cash/coins are the record in this case: that was the point the GP was trying to make. But, they are not required for the transaction to take place: a trusted ledger also works.
> A finalized and appended bitcoin block needs no further trust. It is settled.
Of course it needs trust: you have to trust that Bitcoin is doing what it promises. Every time you sell something in exchange for bitcoin, you have to trust that:
- the network is working as advertised
- your client is working as advertised, it's not infected with some Malware to report the wrong info to you
- there is possibility of a 51% attack
Also, the latest finalized and appended block often changes. You actually have to wait until there are several other blocks appended after the one that contains your transaction until you can be sure the transaction won't be reverted.
It’s not the layman’s explanation because the average person doesn’t encounter mathematical problems being solved by a brute force lottery.
In high school math, problems are solved by choosing the right formula and plugging in the right variables. Throwing the dice trillions of times isn’t what people imagine when they hear “solving a complex mathematical problem.” That framing is designed to make PoW more acceptable to laypersons, as it sounds like the computation is useful or at least clever rather than intentionally designed to waste energy.
The average person doesn’t encounter mathematical problems -- full stop. They have no reference point between one algorithm and the next.
Heck, I understand well how POW works, and even I think of it as solving a "complex mathematical problem"... the inherently difficult problem of prime factorization.
> Heck, I understand well how POW works, and even I think of it as solving a "complex mathematical problem"... the inherently difficult problem of prime factorization.
???
Factoring is not a common problem for proof of work. In fact im not sure how you could even make that work in a way that ensures participants arent cheating.
All cryptography exploits the inherent difficulty of factoring integers. POW requires brute force precisely because the underlying hashing algorithms are built around large primes.
This is, actually, how I layperson-explain cryptography: there’s no fast or easy way to take any huge number and know what two numbers mutiplied to make it, and this mathematical property is what makes (good) passwords hard to crack.
That is simply not how cryptographic hashes work. They have nothing to do with primes, and having a quick way to factor large numbers would do nothing to impact the security of the PoW part of Bitcoin (I believe it may affect the security of your wallet, though, but that is an entirely different attack).
Note that even being able to quickly reverse the hash function for Bitcoin wouldn't do anything to the PoW security.
The only thing that matters for PoW as implemented in Bitcoin is that there is no way to predict the value of the hash of a block + nonce faster than computing the hash. This doesn't rely on integer factorization difficulty in any way, it simply relies on a construction that uses many one-way functions.
Only RSA is built around factoring. I suppose if you consider discrete log to also be factoring related, some other public key & key agreement algs are also.
Hash functions and symmetric algorithms are not based around factoring.
Any person who thinks that a computer is going through symbolic formulas and selecting which one to substitute in to find a hash function nonce doesn't know a whole lot about what a blockchain fundamentally is and how computers make it possible. That's either the fault of the explanation they read\are reading (if it was falsely advertised) or the fault of the person (if they're biting on explanations beyond their level) or nobody's fault really because somewhat-hard concepts are somewhat-hard.
Any explanation of PoW worth its salt no matter how basic should - and does in my experience - repeatedly drive home the idea that PoW is inefficient, it's literally right there in the name, Proof of Work, jumping through hoops as an algorithm. If somebody doesn't understand that PoW is extraordinarily inefficient, they don't understand blockchains and why they are cryptographically secure modulo implementations and social engineering.
Nothing new is added or said by emphasising how inefficient PoW is, that's the entire point, that's why it's secure. The comment that started this chain basically said that in very simple terms, and the comment I replied to expressed disapproval about a very minor issue with the terms then re-said what its parent already said in more words that don't add any clarity.
Will people see 'mathematical' and assume the computer is integrating dy/dx by parts to get the next nonce ? You can assume that the average HN reader knows that when we say a computer is 'solving math' it's meant that it's crunching an aweful lot of binary strings. That's why we call classic AI "classic" or "symbolic". Everything a computer do is crunching numbers brute-force style except when said otherwise.
Why are we explaining in layman's terms on hacker news? Maybe i'm being pretensious, but surely we all know what sha256 is. Its used pretty constantly everywhere, long before bitcoin was a thing.
Thanks for the explanation! I have a few questions:
- how does the punishment work ? Do all nodes see that a malicious actor changed the chain and write the bad ideas in some ledger meaning "these nodes just lost X ETH" ?
- But if the malicious actor owns 2/3 of validators, what does he care what other nodes do ? They effectively control what block is accepted
- is there an advantage to run more than one validator, if you have the money (EDIT: and you don't want to attack the network)? Basically, does having more money gives you more (power, control, anything) ?
1. Punishment mechanisms here are kind of complicated, but in short, you're punished for mainly 2 reasons: being an offline validator, or for an attestation violating.
Slashers are entities that enforce the two above rules. If a slasher determines that you're node is down, or that you're committing an attestation violation (i.e. that you're signing more than one attestation in a given epoch mainly). The slasher actually does not get rewarded here. The block proposer who takes the broadcasted slashing and and adds a proof of it to their block proposition, and get what's called a whistleblower reward. Slashing is not meant to profitable, and the whistleblower reward is quite small. We don't need a million slashers, in fact, we could operate with just one... expect the Eth Foundation to run them, among other large players who can spare the resources.
2. Owning 2/3 of nodes economically is kind of silly. You essentially just 51% the network, and everyone else leaves. You're then stuck with a worthless personal currency. Have fun!
3. More than one validator means more validator rewards, and a bit more "power" in that you're a larger component of the general validation network.
What are the checking mechanisms that 2/3 of the nodes are not colluding together? In other words how do you prove someone owning 51% or 2/3 of the network?
Their actions would most likely be visible on the network because it is transparent. The community can then decide whether to activate a fork and punish the colluding nodes.
I still don't understand how consensus works off the chain. If 51% of the stackers just decide to run their own software and do their own thing. How does something off chain change that? How does something off chain penalize a majority of staked ETH?
If the 51% is a single staker or small group of colluding stakers attacking the chain, the rest of the users will probably not want to continue using that chain. The users can activate a soft fork, just by changing the rules of the code to burn the attacker’s funds, and running the updated client software. The remaining honest stakers can then continue to follow the head of the non-attacked chain, and the attacker would be the only one left on their chain.
Most crypto including Bitcoin is governed off-chain. People come to consensus on a set of rules that allows them to create a public and permissionless BFT ledger. Attacking the ledger then costs millions or billions of dollars. If one dishonest node or a group of colluding actors decide to spend this much to amass majority control of the network, the rest of the network can decide to fork the protocol to burn their staked capital.
The main goal of crypto - the base token and protocol rewards from PoW or PoS - is to secure this network and keep it permissionless and decentralized.
> 1. Punishment mechanisms here are kind of complicated, but in short, you're punished for mainly 2 reasons: being an offline validator, or for an attestation violating.
A malicious actor can cause the network to slash a validator's funds by inhibiting the validator's connection. Slashing funds seems completely disproportionate for a validator being offline.
You actually lose a relatively small part of your stake for being offline, so it happens gradually. I believe the amount lost corresponds roughly to what you would have gained in rewards over the same time period.
1. So if I get it correctly, there is an actor in charge of surveiling the network. There is no financial incentive to do that which means only a few actors will be running a slasher, and thus completely remove all decentralization.
Once a fraud has been detected, the proof of fraud is to be spread by nodes with a financial incentive, meaning they might spread whatever the slasher says like gospel, giving even more power to slashers.
This is a very large step away from decentralization. The network depends not just on a few coders, but also on an institution checking whether nodes behave correctly or not. The whole point of blockchain was that everyone would assume everyone was out to cheat, and came up with a way to make it useful.
2. As I said in another reply, I don't expect the most rationality and long-term thinking from economic actors anymore, especially in the world of cryptocurrencies. I could very well see a single actor owning that many nodes but still being trusted because "they're the good guys" and people remain.
You would also have to be sure they are in fact colliding.
3. So, as I feared, this is capitalism in its crudest form. At least PoW made it indirect by putting requirements on the hardware, but here it's just plain naked for all to see.
I know I sound very negative but I was really curious to see how PoS really changed the dynamics compared to PoW, and now I know. Thanks again for your explanations.
> This is a very large step away from decentralization. The network depends not just on a few coders, but also on an institution checking whether nodes behave correctly or not. The whole point of blockchain was that everyone would assume everyone was out to cheat, and came up with a way to make it useful.
Exactly. This is usually the tradeoff glossed over by PoS marketing, that decentralization is essentially lost and it's no different than government controlled currencies. Instead of the "elected officials", it's the crypto messiah's that control this currency. You can pay into it, just as you can try to pay into your local city, county, state, (assuming in the USA) etc...
There is no actor in charge of surveilling the network. Every validator is. And every validator is incentivized to do so because you get a reward coming from the slash penalty. So everyone is checking on everyone else.
When a validator adds a block to the ledger it can include evidence of slashable offenses. Including evidence of a slashable offense gets rewarded so every validator is incentivized to include them.
There is no separate notion of a slasher, everyone gets to provide slashing evidence when they build a block. I don't understand why you build such a weak straw-man and the push it forward as if it was the truth without even checking how the system operates.
Having >2/3rds of validators (or >50% of power in PoW) let's you rewrite the chain back in history, censor txs, etc. You control what transactions go in blocks, and to a certain extent also recent history.
HOWEVER, this does not give you the power to steal or rewrite state as you please. You cannot convince the rest of the network that you now own someone else's ETH just because you have supermajority validator power. To take away ETH or change the cabin state in any other way, you need to include a valid and correctly signed transaction.
If you include an invalid state change (not caused by a successful and correct transaction) then all other nodes will reject that block, no matter how much validator power or hashing work went into it.
Well this is the same as any blockchain: you can't forge a block with a transaction giving yourself money, but you can double spend the same amount to multiple other accounts. Unless something is different with ETH which I don't know enough
If you own a large amount of a currency, you want to ensure that the currency in question is trusted, or otherwise that currency would end up losing its value. It is your greed that is guiding you, not your benevolence.
Eh, I think it’s naive to believe that greed is sufficient protection. Owning a bunch of ETH so you can set ETH on fire would be a waste of money, only so long as the person setting the fire didn’t value the mischief more than the ETH. I don’t see why nation states wouldn’t attack each other by burning down the crypto assets of citizens, either.
One problem with this - speculative assets are at least partially valuable because of their volatility - their ability to appreciate quickly. Even if eth is untrusted for long term value, so long as it has the potential to make money for someone in the short term it's going to continue to get transactions.
And, as always, sometimes folks just want to watch the world burn. It's a relatively low investment (~$50k) to become a validator, and the fine's only about $7k (.5 eth).
Imagine the damage someone with a few million (say, some baby-boomer who just sold their California duplex) could do if they wanted to.
thanks, I work at a financial institution, so I "Googled" it a few times, short selling is based on borrowing the underlying securities - not owning them - or alternatively owning a(n often bespoke) derivative, related to those securities, which behaves as a short.
Not really, you can be long in one market, and short in the derivatives market, and your net position be short. You'd be holding eth, but you'd be short.
> If you own a large amount of a currency, you want to ensure that the currency in question is trusted, or otherwise that currency would end up losing its value.
is fundamentally flawed. You can own a large amount of a currency and profit from it losing its value.
OK, now I see what you mean, yes I agree with you then. But I think you are trying to generalise my comment - it wasn't an absolute statement, I was just trying to tell parent that in my opinion they misunderstood the grandparent's point.
Call me a pessimist, but I have stopped assuming rationality of all actors acting to secure a long-term future, especially in the world of cryptocurrencies
This was the whole point of blockchains. No one trusts anyone, everyone is in it for themselves only. The Adam Smith model. And it works, if you don't loom at the disastrous environmental impact.
Fund can be borrowed. As attested in last the couple months, billions of funds were borrowed to bet on the market one way or the other. Borrowing a billion dollars to subvert the network for a short duration sounds like a feasible strategy.
You can’t borrow enough money and immediately take over the network. Those funds need to be staked first in validators with 32 ETH each and you need to control enough validators to control consensus. It’s more difficult than PoW in a way since you can’t just start validating, there is an entry/exit queue.
If you have 2/3 of the validators, there is no way that you can be punished. You will effectively be able to produce the blocks and tell the network that they are valid.
If you don't have that, the most that you can do is to attack the network by proposing bad blocks to slow down block production. Anytime that a (selected) validator proposes a bad block, the other validators that catch your mistake will snitch on you (through attestations) and the validator will get their stake funds slashed. The more your funds are slashed, the less of a chance you will have to be proposing new blocks in the future.
How is Ethereum going to comply with looming regulations in the cryptocurrency industry with proof-of-stake when regulators and enforcement agencies such as the OFAC could instruct validators to not mine or process transactions that have come from Ethereum mixers like Tornado.cash or sanctioned addresses and stay as a permissionless network at the same time?
If they do comply and enough validators start censoring these transactions, then it no longer is a permissionless network and just censors transactions like any other permissioned network does. If not enough validators censor or comply with these regulations, the funds in those validators will be slashed and may cause a cascade of lost funds and will also allow the processing of transactions from sanctioned addresses. i.e non-compliance and angering the regulators.
The energy problem is most definitely solved. But from a regulatory point of view, it appears that the Merge will introduce another can of worms and will make Ethereum eventually a more permissioned network with proof-of-stake.
Validator can only decide transactions for its own block. This is the same as a miner currently.
- Some US based miners are already not including Tornado Cash transactions in their block
- These transactions are included in the blocks mined by the other miners
- Base layer censorship is not likely, because there have sanctioned Bitcoin and Ethereum addresses since 2018
- Getting the required 2/3 validators on the board might be difficult, becaused there is a huge backslash from the community against this and this could lead to another TheDAO hard fork like event and just having your validators slashed by the users / DoS etc.
The base layer neutrality make senses. Web browsers don’t censor the DNS addresses you can access either.
It's only controversial in the minds of purists/"maximalists" who are too invested in BTC. Their arguments would be something like:
- PoS is not "decentralized" nor "democratic", because it means that only those with capital can participate in the network consensus building. This is "technically correct", but (a) it ignores that existing PoW also require massive amounts of capital to deploy mining facilities and (b) it is not democratic because only those with access to cheap electricity will profit from being a miner.
- PoS implies that those staking their crypto are "investing" with their tokens, which would make the token a "security" and not a "currency". This distinction could make it easy for the SEC and governments to intervene and create regulation that would require stakers to only participate if they implement changes at the protocol level. E.g, it could happen that a staker would reject to validate any block containing transactions to smart contracts that got sanctioned. This is a more real concern, if you think about all the big players (read, centralized exchanges) who are staking ETH on behalf of their customers and therefore will have non-negligible control over the network. In this case, the community expectation is that (a) users of staked ETH pull out of the exchanges and run their own validators and (b) the exchanges realize that they will be shooting themselves in the foot, and therefore go on to fight whatever legislation that pushes on that type of control/censorship at the protocol level.
In PoS the rich can become validator as long as they have money. The limit is money.
In PoW, they can’t buy gpu as long as they have money, because there is another limit that money can’t always buy, energy, resources, needs (gpu for gamers, researchers, etc)
> In PoS the rich can become validator as long as they have money. The limit is money.
> In PoW, they can’t buy gpu as long as they have money, because there is another limit that money can’t always buy, energy, resources, needs (gpu for gamers, researchers, etc)
Just to elaborate, the implications of this are that PoW has an extra layer of centralization that threatens the network as ASICs/GPUs are only produced by less than a dozen companies and they can pick and choose who gets what kind of hardware and when (including keeping the best for themselves). This ensures that mining cannot be a level playing field and economies of scale will take over long term. This is even ignoring the massive corruption in the energy markets.
On the other hand PoS only requires one resource which nobody has a monopoly on so anyone can stake with nearly zero overhead. It's a level playing field regardless of size or political connections which allows for a much greater distribution of actors.
You think that, given the choice between these two options, "the rich get richer" is preferable to "the ones that can get cheap energy get richer"? Alright. I don't.
In the first case, you perpetuate the status quo. With the second, miner's greed indirectly helps humanity find cheaper and more available sources of energy, benefiting all. Because Bitcoin or not, as humanity gets more and more advanced, it will need more and more energy. So energy generation is the bottleneck that needs optimisation.
I don't see how creating the world's first trillionaire is positive in any way.
PoS is less proven than PoW and has some edges cases that give many concerns. To say this up front, I own ETH, have worked on dapps on it, and completely supprt the move to PoS.
That said, the fact that PoW has been running the longest and Bitcoin uses it to secure the most value of any chain and it has had 100% uptime for the last 9.5 years, means people naturally trust it more.
PoS also in theory incentivizes centralization of staking over time. It's already started to play out this way way with the top two stakers controlling 46% of the staked ETH on the Beacon Chain. With Bitcoin, because you constantly have to buy new hardware and find cheap energy every single block, there's been a constant rise and fall of large miners.
A related issue is that it's more fragile to government censorship as the Tornado Cash OFAC sanctions show. Bitcoin has had mixers sanctioned and it didn't affect the core chain at all. With Tornado Cash, it's possible that Coinbase and other US-based stakers will have to not validate certain transactions, which doesn’t work in PoS, so they've said they will stop staking if the US gov't decides OFAC applies to stakers (which there's a legal argument it does). It's a bit in the weeds, but basically Bitcoin/PoW works in a fundamentally different way, so miners can filter out transactions they legally aren't allow to process and all that happens is those transactions get validated in a future block by other miners.
One other is that PoS has no deterministic way to recover from a complete outage. If a huge EMP brought down every computer network on Earth, when they come back online, PoW has a clear rule for determining which chain is the real one. PoS does not, so it's unclear what would happen. This may seem like a small edge case, and it is, but trust and security are so important when $500B and growing is at stake that tiny edge cases matter.
While correct, that conveniently omits the downtime in 2010 and 2013. Why be shady?
Edit: three nines is considerably different than infinite nines.
Around 2018 there was an inflation bug which was kept quiet until it was patched.
It's human to have an occasional bug. Setting the bar too high may be a dis-service if/when there is an exploit.
> so miners can filter out transactions they legally aren't allow to process and all that happens is those transactions get validated in a future block by other miners.
You could fairly easily argue that building on a chain that includes sanctioned transactions is also "processing" them. Therefore miners would need to fork the chain to remain in the clear legally or just stop mining altogether.
That doesn't make sense legally and regulators have given their blessing to the approach for Bitcoin I mentioned.
I personally think even going after stakers is a bridge too far, but in that case the staker is profiting off of the illegal transaction and they're also directly participating in processing it.
It takes power away from miners and give it to exchanges because people wont bother running nodes and just use the staking platform on coinbase, binance or wathever. Now you have it: the same entity that controls in and out ramps now controls validation.
You mentioned only the rewrite of history, but there is at least one other attack on a network - a coordinated refusal of blocks with transaction(s) attacker deem ungood. This way, some person(s) will be denied the right to transact.
A direct way to do that is to vote NO for such blocks. Does PoS protocol of yours require the NO vote to have reasons for that decision? It can be analyzed and having wrong NO reasons may be a reason to punish validator.
An indirect way to do that attack is to timeout on unwanted blocks. E.g., if a malicious validator sees a block it does not want, it will stop sending any messages at all until it sees next block or has an opportunity to be a proposer. How PoS protocol of yours handle such attack?
Going by that description (I'm otherwise a n00b), my guess is that only a fraction of validator slots would be active, which means the network could be easily hijacked by a well-funded party who just wants to see the network burn (e.g. central bank of a superpower).
Another possible weakness could occur if staking is mostly outsourced (i.e. staking as a service) and one provider overwhelmingly dominates the market. That provider would be in a position to hijack the network without having much of a stake in it. Proof of stake doesn't really live up to its name if the validation nodes aren't run by validation slot owners.
The threat of a 51% attack still exists on proof-of-stake as it does on proof-of-work, but it's even riskier for the attackers. A attacker would need 51% of the staked ETH (about $15,000,000,000 USD). They could then use their own attestations to ensure their preferred fork was the one with the most accumulated attestations. The 'weight' of accumulated attestations is what consensus clients use to determine the correct chain, so this attacker would be able to make their fork the canonical one. However, a strength of proof-of-stake over proof-of-work is that the community has flexibility in mounting a counter-attack. For example, the honest validators could decide to keep building on the minority chain and ignore the attacker's fork while encouraging apps, exchanges, and pools to do the same. They could also decide to forcibly remove the attacker from the network and destroy their staked ether. These are strong economic defenses against a 51% attack.
Staking-as-a-service will operate as a market of diverse options. The network could decide to fork from an outsized dishonest market participant. It would be controversial, but the validity of the network is generally a common incentive for most involved.
> If you deposit more than 32 ETH, you will be assigned multiple "validator slots" by the protocol, but you will still be able to run them from a single computer, though hardware requirements go up the more you stake.
Is there a good place to read more about this hardware requirements as a function of validator slots? A concern in my mind with PoS is what is the incentive to expand the physical hardware footprint of the network. I understand this implies more energy usage, however it is a requirement for a decentralized, distributed, and resilient system, otherwise it can very easily be physically attacked if the footprint becomes overly concentrated with a few very powerful nodes.
Unless the hardware requirements are a convex function of total staked then if me and you both want to stake we will see the hardware and network/bandwidth costs as something we could share, which if everyone calculates the same, the network will physically shrink.
The validators have staked 32 ETH to the network. If they stay up, they get rewards. If they go down, they get hit with penalties. This incentivizes building a reliable system.
> Should a malicious actor try to tamper with the underlying protocol by using a large number of validators to revert a finalized block (the equivalent of a "51% attack" in PoW) their funds are slashed
But can't the malicious actor estimate very well whether their attack will succeed beforehand?
Can someone clarify the point about expected price action changes for ETH/USD and other pairs?
Presumably the author believes a smaller proportion of Ether will be regularly traded than on the PoW system, but will the total staked (i.e. held) amount be sufficient to impact prices significantly? Also, why would we expect stakers to not take their profits on a regular basis? (Note: another commenter pointed out unstaking won’t be possible for the time being. That does answer the question for the short-term).
What’s the meaning (and reasoning behind) the following statement:
> Ethereum will move from a system that has roughly $20mm a day of structural outflows to a system that has roughly a half a million dollars a day of structural inflows.
Today there is $20mm a day of ETH being printed and given to miners, most of which is sold immediately to pay their operating costs. After the merge there will be only $0.5mm a day being printed and given to stakers. Plus the money printed will go to people who are ETH holders, and are therefore less likely to sell.
That makes sense, but why are they labelled as “structural outflows and inflows”, respectively, if both amounts are referring to, as you put it, “ETH being printed and given to” miners/validators?
Perhaps it’s referring to the ratio of Ether being supplied on a daily basis compared to its total supply?
So in summary:
With PoW, each day fresh $20M is created and sold, which increases the ratio of traded Ether compared to its total amount (“outflow” from held ratio).
With PoS, each day fresh $0.5M is created and held, which decreases the ratio of traded Ether compared to its total amount (“inflow”).
Do I have this right? That does still leave the question of whether this daily ratio change will be sufficient to impact prices significantly.
They already are. The Merge refers to the fact that the PoS chain has been running parallel to the main chain for one year now. It has been thoroughly tested live and so now will be merged back into the main chain like a branch of a git repo.
How can two chains be merged if one is a fork of the other without having instances of double spending? With source code in Git you can manually pick which version of each line you want in the merged result, but here it's not possible to do that if services or merch have been exchanged with coins. Except if you're fine with having to deal forever with coins and merged-from-the-fork coins on the eth blockchain?
As far as I understand it both forks have the same ledger, its only the transaction validation method thats changing. The PoS fork is mirroring all of the PoW transactions so no double spending or extra coins.
Transactions and state are only on the PoW chain. The PoS chain only runs the staking protocol.
When the merge happens, the PoW software (the "execution client") will keep running transactions, but instead of choosing blocks by looking at miner hashes, it will look to the beacon chain to choose them. So stakers will run both the PoS client, and the execution client with the mining function turned off.
PoW software that does no work? More likely Ethereum is about to fork and big question will be does the market value of ETHpow really go to zero quickly.
I'm willing to bet it does. Well, probably never to 0, but close enough.
There's just too many escape valves. If you're a miner, you don't care about what network you're mining, you care about getting the most profit out of your hardware. There are several EVM PoW chains that are established, have been around and are listed and traded somewhere already, and have functioning contracts in them, and beyond that there are other non EVM PoW chains to direct your hardware at if you're running GPUs. It just doesn't make sense for a miner to take the risk of backing a new chain over moving their hash power over to an existing one.
I have been using Stakewise.io that is 1) somewhat decentralised 2) gives liquididy for your stake and ability to sell it (instead of waiting for the exit / pause which is not yet supported by the protocol)
They are, and there seems to be a drive by legitimate actors to build them up. For example, Coinbase is building theirs by offering up to $50 ($10 every $100 worth) in exchange for initial staking of Eth.
What happens in the case of a network partition? I assume the conflict resolution algorithm is longest chain but would all the validators from the shorter chain partition get punished for being offline?
I wouldn’t call proof of work secure btw. Malicious Reorgs have happened in many chains, including ethereum, whereas I’m not aware of any malicious reorgs in PoS chains.
The network would still create new blocks but wouldn't finalize them. Finalizing means they can't be undone without destroying a large percentage of the stake. Without finalization, you still reach a point where it's very unlikely that the block will be undone.
The non-responsive stakers would gradually lose their stake. The penalty for going offline is normally small, but if most validators go offline at once it's considerably larger. Their stake will shrink, until they don't hold most of the stake anymore and the network can start finalizing again.
You're not an idiot. It's extremely obtuse and only makes sense to insiders. It's orders of magnitude more obscure than how fractional reserve banking works and understood by far fewer people.
It takes time to learn but it isn’t obtuse. It’s extensively documented, with multiple open source clients being built in tandem. Besides, it is not the only PoS system running today.
All fields of engineering are complex to those that have an not studied them.
The mechanics aren't extremely complicated but they also make no sense. Proof of work or proof of stake are both solving an abstract and meaningless problem. Crypto makes more sense if you study psychology than engineering.
Yeah I veiled a lot of complexity for sure, but honestly that's for the best. If we talked too in-depth about the implementation of most protocols, I'm sure we'd find something to scoff about XD.
I think its for the worst that most people would rather gloss over the fundamental flaws in Bitcoin, Ethereum and most other chains. They are significant and important.
If crypto wasn't contributing causing a crash in the GPU market and contributing even more to climate change, I don't think it would have nearly as much hate as it does. Sure it's largely used for scams and money laundering, but at least it's used for scams and money laundering in a way I can ignore.
Right now Bitcoin and Etherium, the leading cryptocoins, are absurdly slow and expensive, on top of causing all sorts of issues. Maybe blockchain is the technology of the future, maybe there are smaller coins, but right not whenever I hear "crypto" it's always something bad. Actually carrying this out and switching to a system which doesn't lead to absurd amounts of wasted computation is a great start to actual crypto usefulness.
> at least it's used for scams and money laundering in a way I can ignore.
I thought this, and then my mom got scammed. She realized one day later, and the bank was able to recover the portion sent via bank transfer. But they also tricked her into sending money via bitcoin ATMs, and that portion was not recovered.
Use a bank. That the bank uses bank deposits, or crypto, or central reserves, shouldn’t matter to the user. As long as the bank can provide fraud insurance.
The energy part of crypto is a pretty small part of why I hate on it. More of a cherry on top. I'll stop hating on crypto when it becomes useful for anything other than committing crimes.
It is by far the cheapest and fastest option to send money internationally, fees from using SWIFT are ridiculous and the banks always use terrible exchange rates, I used to lose about ~4% of the money I sent to my family in another country
International money transfers cost money because complying with international financial regulations costs money. Crypto transfers are cheaper and faster because they evade these regulations, which is just a downstream effect of committing crimes being the only real use case for crypto.
To be clear, I don't think it's bad for you to use crypto for this purpose. I would do the same. I just think systems that allow anyone to evade laws are a net negative for society.
This reminds me of the nerve-biting period up to the James Webb launch. The devs put off this transition for so many years trying to plan for every contingency, but we still can't be certain they didn't miss a crucial flaw.
In a system where the only thing holding back malicious actors is technical constraints, it only takes one bug or one misaligned incentive for a vicious cycle to take down the entire Ethereum ecosystem. An exploitable detail in the PRNG used to select the validators, for instance.
And like a space telescope, there is no opportunity to realistically experiment with the change beforehand, nor an easy way to make adjustments after launch.
Especially given Ethereum's decision power being entirely centralized in the hands of the developers (unlike bitcoin for instance) who has shown willingness to hard-fork when they consider it necessary.
In fact, the move from PoW to PoS illustrate this concentration of power: the miners lose a lot but they had no say in the decision.
Miners knew from day one that PoS was eventual. As a very large ETH miner, I'm not that concerned about that part of things. Why? The business model for my company was built around a larger idea than just mining. Mining was just a great way for us to bootstrap the business.
Let's also not forget that there are other coins out there to mine. There is a huge potential for something to take ETH's place... whether that happens or not is up in the air and really depends on someone to step up and take it. Easier said than done, but the possibility is there.
It keep getting repeated over and over as if it was an argument, but if someone warns that they will harm you, then do it, and eventually gets away with it, it is actually a proof that they have unchecked power over you, and clearly not an argument against the existence of such a power imbalance…
That is an interesting view on things. Where is the 'harm' here? ETH miners had a choice to mine, or not. If you didn't like the rules that were set out LONG in advance, then don't play the game.
Similar to how people say not to depend on an API from a single company because that company could shut you down. Except in this case, the company told people, in advance, that some day in the future, they were absolutely going to shut you down.
Except the whole point of crypto is not to be reliant on a third party company who has the power to pull the carpet from under your feet!
If you don't care about that last point, why not use VISA for transactions or Robinhood for financial stuff? (after all, they always act in compliance with their “long in advance” accepted ToS …).
If you admit that Ethereum is not a decentralized system but a company that can change things on their own terms, then we in fact agree.
> Except the whole point of crypto is not to be reliant on a third party company who has the power to pull the carpet from under your feet!
The view is that ETH1 bootstrapped with PoW, with the intention of always moving away from it. This isn't pulling the carpet, this is executing on a plan to become as you say, less reliant on any third parties. You are trying to vilify execution on a published plan?
> If you don't care about that last point, why not use VISA for transactions or Robinhood for financial stuff? (after all, they always act in compliance with their “long in advance” accepted ToS …).
I do use those services for certain needs. There is room in the world for both types of services.
> If you admit that Ethereum is not a decentralized system but a company that can change things on their own terms, then we in fact agree.
I admit that ETH PoW was an incremental step and that it isn't perfect. I think anyone can admit that. In the software development land, we call this iterating on a MVP. Whether PoS is the correct future or not is to be seen, but I don't blame them for trying. At least someone is trying.
I think you have this completely wrong. Bitcoin avoids hard forks by all means, they implement soft forks.
Ethereum uses hard forks often an liberally. This new change is a hard fork. In a hard fork those that want to stick with the old rules of the game are not coerced to follow the new ones, they can just follow their way.
In fact, there has been talk of creating an ETHPoW which would continue the PoW chain. We will see how that pans out but is likely to be a mayor flop because support for it is negligible.
My main issue with PoS is that people wont run nodes. Contrary to bitcoin there isn’t a self hosting culture on Ethereum. Its all about trading and tokenomics. They will stake through exchanges, which already control the fiat ramps and are easily controlled by regulatory pressure. Since those guys are now validating on chain transaction censorship might become a thing.
And then there is the biggest irony on the fact that PoS basically recreates the legacy financial system where banks and central banks being the stewards of the network.
Proof of Stake and Proof of Work only impact the consensus model of the network (i.e. how new blocks are added), but for network participants that do not participate on consensus there is no difference. Just like in Bitcoin or in Ethereum now, you can run a node without participating in mining or staking.
If you run an Ethereum node now, it will still be the same after the Merge, and not somehow less valid. It will still check the correctness of all the transactions, as it does now.
I think a large cause of this confusion is the "validator" terminology; calling nodes that produce blocks through staking validators makes people think that normal nodes don't validate or check anything, but this is not correct.
You do not need to wait for the merge to see the effects. Staking pools are already heavily centralizing power in the network on centralized exchanges and """"decentralized"""" contract pools like Lido which can be manipulated and changed with the keys of a small group of people.
Vitalik is already preparing to organize social enforcement and democratic slashing for when these pools have their arms twisted to censor transactions by state actors.
Before the merge has even happened, you have a central network leader preparing to use his influence to secure the network through what amounts to outside or meta-intervention (we're forking the chain because we see something is wrong) to prevent the technically possible "attack" (in Buterin's own words in agreement with most reasonable blockchain folk) from people already consolidating power for the post merge network.
This is no longer a trustless and open system. Bitcoin does not scale, but it's proof of work distributed block ordering mechanism is not killing the planet or reliant on high demand energy - it is actually most profitable to mine Bitcoin with otherwise wasted, low demand energy. Even the premise for moving to PoS (at least as a foil to Bitcoin) is wrong.
Miners don't rule the Bitcoin network. Every single Bitcoin client has a vote, in that the most followed branch of the bitcoin network is the one that matters. The more clients, the more resistant the network is.
Your Bitcoin client has the same voting power as the guy running an ASIC farm. That's the point of proof-of-work.
You got it completely backwards: in Bitcoin the only thing that matters is the computing power of miners, not the number of nodes. That is precisely the problem that Satoshi Nakamoto intended to solve, preventing Sybil attacks [0]. In few words, you don't want the consensus of the network to change just because you spawn more nodes voting the way you want to, they need to expend a resource that cannot be duplicated, in Bitcoin's case computing power/electricity.
The Bitcoin Whitepaper also explains this in Section 4, "Proof of Work" [4]:
> The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.
> Bitcoin the only thing that matters is the computing power of miners
> That is precisely the problem that Satoshi Nakamoto intended to solve, preventing Sybil attacks
"The problem" Satoshi wanted to solve is building a trustless ledger that can store real value, even if the only value is the ability to publish data uncensored and universally. Sybil attacks are an aspect of that and proof of work had already existed before Bitcoin to solve, you guessed it, Sybil attacks.
You're view of Satoshi's intentions are therefore myopic.
This is demonstrated when you conflate your quoted passage about chain reorganization with power over the network as a whole. Satoshi was sensitive to block size, so were and are all Bitcoiners. There is a reason the block size was not massive out of the gate, and in the main forks remains small: Satoshi understood that node participation was important and should not be gatekept.
In a way, that's all irrelevant. We do not need the authority of the founder to draw our own conclusions about Bitcoin or blockchain - in fact one intention of Satoshi which is plainly obvious is this fact.
Volunteer nodes absolutely contribute to decentralization of resources and power. Mining nodes have an interest in maximizing profits, while volunteer nodes have an interest in keeping the network tied to its ideology, which means not significantly changing, which is valuable for a store of value. It certainly is not a scalable model (neither is Ethereum, it just makes other trade offs), but the nodes do in fact keep check on each other.
> Vitalik is already preparing to organize social enforcement and democratic slashing for when these pools have their arms twisted to censor transactions by state actors.
I don’t see anything in the linked article that talks about Vitalik preparing to organize anything. He just replied to a tweet.
As far as I can tell, you’re misunderstanding the discussion around censorship and making some pretty big assumptions.
We could see a very unexpected outcome of an ETHpow chain living on and PoS falling on it’s face, effectively validating PoW as the important innovation that is is. How does it fail you ask? Probably something along the lines of the outages seen with Solana, some unexpected sequence of events that causes a cascading failure of validators which needs a “restart”. PoW doesn’t ever need a restart condition, it’s build into the foundation. I don’t know what will happen, perhaps PoS will work fine, the Merge takes place and all the miners shutdown or move to ETC or whatever. Or does The Merge and some failure around it mark the eventual slow death of PoS and a resurgence of Bitcoin dominance?
> As we approach The Merge of Ethereum Mainnet, you should be on high alert for scams trying to take advantage of users during this transition. Do not send your ETH anywhere in an attempt to "upgrade to ETH2." There is no "ETH2" token, and there is nothing more you need to do for your funds to remain safe.
Yeah... this is going to be a shitshow. Who wants to set the over/under on $millions that get stolen? Which exchange or fund will lose a vast chunk of its holdings?
I don't get proof of stake. What's stopping anyone from presenting a new chain made up of thousands of fake transactions? And why wouldn't such chain be accepted by the network? Is it just "checkpoints" hardcoded in the software that don't allow this?
All the nodes that have been online long enough will know that the fake chain is fake. Because it doesn't match the state that they have been observing all along.
So as long as you have no extended downtime, your nodes know what the right chain has to look like. Ethereum dynamically adds checkpoints so that block reorgs can't reach too far into the past but that is mostly a convenience function as it alone couldn't solve this issue.
Now, there is a problem if you are a new participant. Then you can't decide which chain is the right one. You could observe for a while and choose the one that has more validators but in theory, there's the possibility that there's a contentious hard fork going on.
In this case you need to get the information which chain is the right one from outside sources. E.g. like your preferred exchange or the official subreddit.
This is the most glaring difference between POS and POW. With POW, you don't need any outside information as you can just verify which chain needed more work to be created and this is by definition the correct one.
POW leverages physics to be completely self contained for the price of energy consumption.
This problem is overstated IMO. Choosing the one with the most validators is closely analogous to choosing the chain with the most work i.e. the one with the most hash power.
And with algorithmic difficulty adjustment in PoW, you don't pick the chain with the headers with the most 0s preceding, you pick the longest chain. A longer chain with a sudden difficulty adjustment is an obvious invalid chain, but I digress
The bigger problems for me are the nothing st stake problem. Why pick one chain when you're new? Just pick both, it costs virtually nothing, and when you figure out which one is more profitable to you, just let the stake in the other one get slashed. Validators can help an attack on the network just in case it becomes profitable, and if it doesn't they lose nothing, because they incur no ongoing costs in the real world to do so.
I’m not sure about Ethereum PoW, but in Bitcoin you absolutely pick the chain with the most work not the longest chain that’s a consensus rule. This is how bitcoin/PoW avoids weak subjectivity, the problem described by the parent comment.
The two are equivalent if each hash is valid. The only way for a longer chain to have less work is if there's a sudden, protocol violating drop in the difficulty in a block header. If this happens then you know that chain is not the valid chain.
Thanks, this answers my main concerns. I guess that same level of validation applies also for the wallet software we download: we need to make sure the app comes from a source that people have agreed upon, and that usually means applying some sort of general intuition on where to find stuff (googling, forums, reddit etc.). And as you mention, the same trust-game is applied to finding the right chain.
But then, I wonder, if we're all anyway looking for the trustworthy data ourselves (based on general human intuition), why use blockchain at all? Why not just apply the same level of trust towards, say, a regular database?
My thinking is that PoS makes it easier to trust because we'd only have to trust the beginning of the chain, and the rest is verified via the PoS math. Whereas with a normal database we'd have no real way of verifying it hasn't been tampered with?
It does seem a bit scary though that so much money is going into a system where "you have to find the trustworthy data yourself based on your own social network".
> But then, I wonder, if we're all anyway looking for the trustworthy data ourselves (based on general human intuition), why use blockchain at all? Why not just apply the same level of trust towards, say, a regular database?
You don't have the same level of transparency with a regular database. You can't look into the databases of Google or Facebook or of your bank and see what's going on. You have to trust them to some degree.
From a high level view, any blockchain solution is less efficient than a centralized one. If you don't care about trust and transparency, a centralized solution will always be better.
> It does seem a bit scary though that so much money is going into a system where "you have to find the trustworthy data yourself based on your own social network".
The whole cryptocurrency thing is about reducing trusting third parties. But that adds burden on your part. With Bitcoin's POW you have to do less work for getting to the trust level you are comfortable with because we are pretty certain that no human can change physics. With POS, you need to compensate for the loss of the physical part.
Could POS and POW be combined? Say you have a POS chain that functions as your main cryptocurrency ledger, and a POW chain that runs at a much slower rate that serves as a ledger to periodically record history of the POS chain?
Nothing. But nothing moves forward without consensus. So you'd need 51% of the network to agree with your made up chain, which would mean controlling about $100 billion in Eth. And then you've managed to destroy a network that you have $100 billion wrapped up in, so... good job? And if you try with less than 51% and the rest of the network slaps you down, you lose your stake (or some portion of it).
> So you'd need 51% of the network to agree with your made up chain, which would mean controlling about $100 billion in Eth.
Does that sum assume that every coin will be staked? As I understand it, coins staked for validation are held in escrow and can’t be used for transactions until the validator node unstakes the coins. Surely only a small percentage of coins will be staked at any given time.
Any node that did this would have their stake slashed by the rest of the network, because it would be easy to prove that the chain was invalid. The network finalizes the blocks that are added to the chain, there are no deep chain reorgs like in bitcoin - so any significant alternate history is easily identified.
I’m scouring through the comment chain but I’m not really finding such a definitive response. I’m assuming you’re referring to the first chain of comments, but that seems to boil down to “the attack exists but it’s fine because to successfully attack the network would destroy the network, and with it any profit you’ve made in the attack; thus you cannot profit” — but this is directly addressed by the “nothing at stake” section of the article; if I can attack the successfully attack the network, and liquidate my position before the network implodes, I win (which PoW mitigates by making the 51% attack itself prohibitively expensive). Which hardly seems unreasonable, because the network imploding is a feature of humans losing trust in the network and abandoning it — in compute-land, an eternity.
In my skimming, I can’t find anything that addresses this — and especially not anything that merits describing TFA as a strawman.
The writer of the article supposes that it's a critical vulnerability that a validator can come up with an "equally valid" alternate history for Ethereum that stems from a fork several months prior, after the validator has already withdrawn their stake from the canonical chain to prevent slashing.
In reality, everyone just ignores the attacker's chain, because it attempts to rewrite not seconds, minutes, or days of canonical history (periods of time short enough that the identity of the canonical chain might be in question), but many months of history that the entire world has already agreed on and that node software refuses to reorganize the chain past.
This post by Vitalik in 2014, shortly before the launch of Ethereum, explains why this "weak subjectivity" property of PoS is not nearly as problematic as PoW proponents make it out to be.
To execute that attack, you would need validators to sign blocks on your forked chain. Presumably they’ve already signed blocks on the main chain, so they’d be double-signing, which instantly costs them a very large amount of money on both chains (when you double sign, people can submit proofs of that on either chain, causing you to get your stake slashed.) That’s what makes the attack you’re imagining prohibitively expensive.
If you’re still worried about that happening to some ETH you received, wait for the blocks to finalize. Once they have, they will never be reverted without a change to the protocol.
Well, they're not custodians exactly. The way they work is not really cleanly analogous to the system OFAC is designed to interact with.
1 is true, but reframed: tools people use de facto decide what infrastructure they run on, and therefore what infrastructure those people use their tools on. it's not as controversial when framed in an unbiased way. We are just describing network effects.
As far as the twitter thread goes, there's a 3rx option: the big validators can no longer validate. Remember, validators aren't the only ones that validate blocks, all nodes do, validators validate transactions and finalize epochs. If they refuse to validate a valid block proposed by another validator that the rest of the network sees is valid, they basically have to fork themselves off onto their own, valueless chain. If most validators start refusing to finalize blocks, their stake gets slashed and they no longer validate. They have no choice but to violate OFAC if it is deemed that finalizing a block which contains transactions they didn't and wouldn't include is a violation, so in that scenario they'd have no choice but to stop validating. The other side of this hill to me looks like a lot of decentralized, anonymous validators, and I'm happy with that.
Bitcoin is never going to change from PoW... That's the point of the system, Bitcoin is unchangable, unlike Ethereum.
But you are free to create your own PoS cryptocurrency. If some PoS system offers the same security features as Bitcoin, people will just switch from Bitcoin to that.
Security is not the main reason for Bitcoin's success within the cryptocurrency scene, it's that it's the first and most recognizable name. But because its creator is AWOL it's incredibly difficult to push for any fundamental change to the protocol without creating huge divisions and probably a very controversial fork (of which there already have been a few). Unless Satoshi themselves decides to make a comeback, I don't think it'll ever happen.
People are not using Bitcoin because it's the most advanced or secure cryptocurrency, they use bitcoin because it was the first and will probably be the last to go whenever that whole flaming garbage bag of a "technology" hits the bin.
There are only a handful of cryptocurrencies that have the same properties as Bitcoin. While being first sure is a factor, that's at least not how Bitcoin maxis argue.
- Permissionless chain. Anyone can join by just downloading software and start mining. Tbf it has moved beyond this quite a bit with ASICs but you can still validate.
- Fair launch (just filtering all cryptocurrencies on this criteria will result in ~10 or so)
- Devs, anyone can make a PR or write BIPs.
- No foundation/community/devs that extract a fee from the operation of the chain. Communities and companies operate outside of the Bitcoin network.
- Hard cap on 21m coins.
Most others compromise on some of these to use less energy, be faster, enrich themselves, or all.
Wrong. Bitcoin has the most security because it has network effect. Most people hop onto the most secure chain, which is Bitcoin, which increases its security. That's what network effect in this context means.
Yes, other way to put it is that the incentives for the software are designed in a way which makes certain changes extremely unlikely. However some changes are happening all the time (features added via a soft fork)
A huge chunk of the miners fought tooth-and-nail to not increase the maximum block size. The chance of them agreeing to something like this seems very low indeed.
Doesn't actually need the miner's consent, only needs the market to agree. Problem is there isn't really any entity with sufficient authority for the market to follow, so it will tent to bias towards the status quo, and miners tend to have a lot of money and so influence in the market (both hard and soft).
I believe that after the block size wars that resulted in Bitcoin cash and bitcoin (the chain that chose the path of no change) the bitcoin community ossified into a community that is actively resistant towards changes, and bitcoin cash is much smaller and suffered from many subsequent forks.
Without significant outside force bitcoin will not change to proof of stake, they are currently framing proof of stake as useless and insecure, IMO because of motivated reasoning from the stance that bitcoin is perfect, therefore any deviation from what bitcoin has is a mistake.
That's something Bitcoin needs ... or even better get rid of it altogether.
As the price keeps falling, presumably so will energy consumption. The energy consumption problem fixes itself as the bubble bursts and people lose interest and mining becomes unprofitable, without the need for regulation.
The hardware to perform PoW already exists. All someone needs to do for a 51% attack is buy up the old mining hardware that is being sold for so cheap.
Every "bust" period for BTC comes with the risk of a 51% attack / centralization.
If the difficulty falls by 90% because 90% of miners were shut off, you only need to buy 5.6% of those thrown-away miners to cause a 51% attack on BTC.
It doesn't matter if they buy it or not. If they're waiting for profitability, they won't turn those machines on. Or do you think people will spend $100 on electricity to mine $10 of BTC just to keep the security of the token high?
A hypothetical 51% attacker isn't doing it for profits, they're doing it for some other reason. Whatever that reason is, the 51% attack gets cheaper-and-cheaper each time these "bust" cycles happen.
Let us know when you figure out that "some other reason." The primary defense against 51% attacks is waiting the amount of block confirmations that make the cost of attacking the block your transaction is in more than the possible rewards. If we all have to worry about people randomly burning money to 51% attack blockchains then the whole premise is bunko anyways.
Here's a hint, randomly attacking the network in a way that loses you money eventually removes you from the playing field. The network is stronger than a motivated attacker, in principle.
I don't need to identify a reason. I simply need to point out that BSV, BTG, and ETC have all suffered 51% attacks already. So someone out there is motivated to perform these attacks.
Yes, if the price goes sufficiently low, the problem with solve itself, though probably somewhat abruptly once really bad positive feedback effects kick in, especially if there's a sufficiently fast and large drop. But bitcoin hasn't really hit anything big enough yet: it would take something like a 90% drop from the current price to see much of this start to kick in: bitcoin mining is still very profitable.
I just wonder how much longer we must damage the environment before it happens. Bitcoin has showed us just how much precedence greed has over environmental concerns, and this time it wasn't just big corporations showing their true nature.
By moving to PoS, they are also moving from a permissionless blockchain (anybody can participate) to a pay-to-play one (if you want to be in, you need to pay the insiders), this obviously benefits the current holders.
Proof of work is the only way to get acceptable security properties for a monetary system. Proof of stake suffers from the "nothing at stake" problem, leading to grinding attacks etc.
PoS people always add more epicycles and claim it solves the problem. On closer inspection, it never has. At this point, I'm tired of wasting my time by humoring them.
Once again, this seems to be the case. I can see at least one trivial attack against RANDAO, as is often the case with many-party interactive RNG: you just have to be willing to lose your pledge.
> I can see at least one trivial attack against RANDAO, as is often the case with many-party interactive RNG: you just have to be willing to lose your pledge.
What is the trivial attack, and why does it involve losing your pledge? To the best of my knowledge none of Ethereum's slashing conditions involve the RANDAO, so you've piqued my interest.
Unless by "losing pledge", you mean extra-protocol slashing by social consensus?
You would be doing me a big favor by explaining the vulnerability in this system that I generally consider to be secure.
Let's say you're gambling 10k ETH on the last bit of RANDAO output being 1. You pay 5k to enter, and get either 0 or 10k back.
Become a contributor to RANDAO. Put up your pledge (say 1k ETH). Set up the bet. Wait to be the last person to submit their pre-image to RANDAO. Calculate what the post-image will be. If it has a 1 at the end (and you would win 10k), continue as normal. If it would have a 0 (and you would win nothing), refuse to disclose your pre-image and lose your pledge. Now it's 50/50 you win.
50% win and keep pledge.
25% win and lose pledge.
25% lose and lose pledge.
EV (0.510k + 0.259k + 0.25*-1k)-5k = 2k.
You can submit more than 1 pledge to get your odds arbitrarily close to 100%.
> Let's say you're gambling 10k ETH on the last bit of RANDAO output being 1. You pay 5k to enter, and get either 0 or 10k back.
Ethereum does not let you make a gamble like that on the protocol level, so it sounds like your proposed attack is against a theoretical gambling platform that naively relies on RANDAO as its sole source of randomness for resolving bets, and that naively allows a user to resolve their bet based on a user-selected RANDAO round, correct? From your previous comment, I somehow got the idea that you were going to describe an attack against Ethereum's Proof of Stake.
This section of this article does a good mathematical analysis of RANDAO biasability in the context of leader selection in Ethereum's beacon chain, in my opinion:
The takeaway from the math is that while it's true the RANDAO is biasable in one-off circumstances through the last-actor pre-image withholding attack you describe, trying to use such an attack to influence network consensus is a no-go. The majority of honest actors ensure that any attempt to bias the RANDAO is ephemeral, where it's only useful for doing a bit flip attack at an unpredictable block height against improperly implemented casino software.
I have to say I am a bit disappointed. I thought you were going to describe an attack against PoS.
Fiat currency is not backed by military power. Note that there exist several countries without militaries, and none of those countries have worthless currencies. And there have existed countries that put significant investment into their military and still wound up with a worthless currency at the end.
The US economy is the world's largest economy in gross value, is the largest or one of the largest trade partners of much of the world, and has very limited policies on capital control or other monetary restrictions. This means that there is going to be more depth on trading pairs via USD and even small currencies than you would likely have with other countries, you would have very little counterparty risk holding USD, and much trade will end up being denominated in USD anyways. So you'd be a bloody fool not to hold USD.
Magically blinking away the US military would not change any of the above consideration one iota.
So let me flip the question around: why do you believe that the US military is essential to its role as a major reserve currency?
> why do you believe that the US military is essential to its role as a major reserve currency?
Because it's the final backstop that compels people to pay taxes, and taxes are essential to that role.
If you refuse to pay taxes, they send a policeman to arrest you. If you evade the policeman's arrest, they send more policemen. If you somehow evade all the policemen, they send the military.
If the US had no armed federal agents, then people wouldn't pay taxes and the government would shrivel up and die, because governments can't survive on zero revenue.
In this way, the US dollar's value is reliant on the threat of physical force - or in a broad sense, a military.
Answer: nothing. No country has been invaded by the US military, or any other military for that matter, after selling, or even attempting to sell, oil in non-USD. Not Russia, not Iran, not Venezuela, not Iraq, not Libya, none of them.
(And I include the last few because there's no evidence they even attempted to sell oil in non-US currencies.)
> No country has been invaded by the US military, or any other military for that matter, after selling, or even attempting to sell, oil in non-USD. Not Russia, not Iran, not Venezuela, not Iraq, not Libya, none of them.
Are you sure about that? Iraq was selling oil for euros and was then invaded in 2003.
> Almost all of Iraq's oil exports under the United Nations oil-for-food programme have been paid in euros since 2001. Around 26 billion euros (£17.4bn) has been paid for 3.3 billion barrels of oil into an escrow account in New York.
I agree with the point you are making here. I just think that Proof-of-Work is usually a better choice for a cryptocurrency than Proof-of-Stake.
Conventional currencies (notably the US Dollar) are also backed by signifigant military (and thus electrical) power. I would posit that Fiat currencies are nessisary in some sense, but not that they are more efficient to maintain than cryptocurrencies. Cryptocurrencies tend to piggyback on the infrastructure and economy that are built on fiat (e.g. The internet).
We wouldn't have to overthrow mid-east dictators every time they threaten to price oil in Euros -- but obviously this wouldn't help much because we'd still need to maintain superpower status or risk losing the world order.
Okay, back up a little. Crypto miners mine crypto in order to become rich. With national currencies, this is impossible. Citizens cannot create their own currency, and that's a good thing. If money could be easily forged, it would either be worthless, or a speculative instrument, like every crypto in existence. National governments are the source and the only legal creators of money.
Crypto mining also makes the blockchain secure. What this means is that a malicious individual cannot, say, transfer crypto from another person's wallet to his own, or alter the software algorithm that controls the creation of the cryptocurrency.
Proof of work cryptocurrencies require miners to expend an enormous quantity of energy in order to prevent problems that national currencies don't have in the first place. Cryptocurrencies have no advantage over national currencies except for anonymous online transactions.
> National governments are the source and the only legal creators of money.
And those closest to the money printer benefit. And hint, the average joe is furthest from the printer. The future of the average joe is stolen via currency debasement and inflation, but those closest to the printer get richer.
It's people who hold debt who are robbed by inflation, not people who are in debt. The entire political program of the people closest to the money printer is to reduce inflation (and to lower government debt without changing the balance of payments, which by necessity shifts that same debt to individuals.)
There's nothing about crypto that shows it wouldn't have exactly the same size of a financial sector in addition to proof of work, so the two aren't doing the same things.
Forget fiat. When money was gold in a vault, that's proof of stake, not proof of work. For proof of work, you'd have to disintegrate the gold. I wouldn't put my trust in a dollar backed by the absence of gold.
edit: I think maybe bitcoin enthusiasts think that value is a sort of spirit, and that if you kill something valuable, then through a huge mass ritual you can direct that spirit into another vessel. Proof that you once had money, and further proof that no one else has that money, should be enough for people to treat you as if you currently have money.
Your gold analogy makes no sense to me, so either I'm misunderstanding it or you don't understand what you're trying to explain.
> I think maybe bitcoin enthusiasts think that value is a sort of spirit...
Interestingly, that is actually kind of how it works. The money you use itself has no value, it's value is in the things you use it to trade. So if you start trading in other currencies, those currencies receive that value, which gets reflected in the purchasing power metric.
this is not how markes work. while trying to buy 2/3 by of a semi-stable (in that time frame) amount of ETH, you will skyrocket the price and have to pay more for each additional ETH. A huge amount of ETH is already staked aka out of the system since you can not unstake them at the moment. You can not liquidate your staked ETH regardless how much money you throw around. This is not a practical attack vector you would literaly >100x the ETH price.
This aspect also differs from the PoW approach where you take a source from outside of the system (Hardware) to participate. And since there is a 'infinite' number of Hardware/Hashpower you could accumulate over time attacks are easier (still hard for different reasons) to perform.
But lets assume you archive to controll 2/3rds of validators, you can not start staking the very next second. There is a queue (I think of some days) and people will recognize the attack before you will be able to perform it and people will simply blacklist you for their own sake.
I am very pro DeFi. But I think it’s a delicate thing. This is just my prediction. It won’t be immediate either. I’m sure ETH with chug along for awhile longer.
you said it yourself 'Code is not law, money is'. Money will always flow to the market with the highest 'capital efficiency', its like the laws of thermodynamics for economics/human greed lol. This is the whole point why people perform the ridiculous undertaking to build dedicated fiber-connections between stock markets on different continents.
we already know DeFi does outperform traditional markets in this regard in important topics. Its an engineering task to increase the % in this still very young discipline. But IMHO it is mostly a question of regulation to have a significant shift
Objects and ideas do not have intrinsic value. Value is a subjective judgement of individuals at a particular time and place. We will find out the new price after the merge.
> Should a malicious actor try to tamper with the underlying protocol by using a large number of validators to revert a finalized block (the equivalent of a "51% attack" in PoW) their funds are slashed — meaning they lose a portion of their staked ETH
It allows any nodes to validate the validator, they can call out anyone out by doing their own computation for the transaction. If they find a bad actor the stake that bad actor put is lost and goes towards the "whistle blower" node in their wallet.
It is based (on my reading of it) on the notion that there are many more good actors then bad. I wonder if you can get in a situation where someone spams bad actors and fudges all the transactions.
The validator that proposes the block with the slashing in it gets a small reward, while the rest is burnt. There are dedicated slashers on the network that observe attestations and block proposals for violations. They can either selfishly keep those observations until they can be included in a block, or broadcast them to the network so whoever is up next for proposal can slash the misbehaving validator. The whistleblowers themselves (altruistic slashers) get no reward, only the validator including it in a block does.
The current estimate for the upgrade can be found at [1]. It's not a regular upgrade that happens at a specific block height, hence the variance. Instead, the consensus is flipped over from PoW to PoS at a specific total difficulty, also known as mining difficulty. One of the reasons is to avoid miner attacks around the merge event.
It depends on a host of factors, so it's hard to predict exactly.
As an example: it depends on the rate at which existing Proof of Work miners move the chain forward. We can make an estimated guess based on the current hash rate, but miners may begin to drop off early and try to "beat the rush" to sell their used hardware before everyone else, so the hash rate could drop more than anticipated.
Is someone out there buying ETH because of the power that went in to mining it? It's more about supply and demand, I think. The supply of ETH does change after the merge, but from what I understand there will be less generated than before.
All the tokens and contracts that use Ethereum will still need to pay gas fees and now instead of miners earning ETH, stakers will.
I don't understand what you mean. Stakers get ETH "for free" and therefore they crash the price? But the demand for ETH will still be there just like it was for mining.
I don't really understand how Ethereum works very well. They are trying to tweak the ETH generation to make the merge work (see the ultra sound money memes). Just because stakers don't have to work hard doesn't mean ETH will crash.
The whole thing does kind of seem hand wavey and magicky (compared to proof of work, I mean) but I've had a hard time finding resources that explain how it works simply.
Ok, a real life comparison, lets say there are 1000s of real life mines around the world that currently mine gold for say $50 per gram, but suddenly a processing technique lowers that cost for all miners to $0.50 per gram. In any normal market the price of gold should trend down.
How about this - X units of gold are produced each year. Then all of a sudden it's cheaper to mine gold, but magically still only X units of gold can be mined each year. What happens to the price of gold? What if less than X units are mined?
From what I understand, ETH issuance rate is going to go down after the merge.
In your hypothetical, demand stays the same. The supply stays the same, too - because the gold mines are still limited to the same amount of gold they get out of the ground.
So long as the amount of gold is mined unchanged, the fact that the processing is cheaper makes the mine more profitable but doesn’t change the price of gold.
You would be right if it continues to be proof of work. More miners would mine more ETH.
But this is not the case, the 'mined' ETH will come from proof of stake. Some people with more than 32 ETH and an online server will keep the engines rolling and get 5% in return for their service.
The less power is because the electricity is used for serving instead of mining.
The supply of ETH is only related to electricity when it's possible to mine it with electricity. Otherwise, what keeps the price of crypto up is people competing to get currency for uses like remittance. Since sending money to another country using a cryptocurrency ties up an amount of currency for a period of time, users have to compete for the available tokens in order to exchange with them.
That's my point though, after the merge the proof of stake nodes are earning a lot of ETH for a fraction of the previous cost, the only way price should stay stable is if everyone with a stake agrees not to undercut each other.
>earning a lot of ETH for a fraction of the previous cost
That will only be true if mining is a significant contributor to the availability of ETH. Instead, I think that most ETH comes from sellers of existing tokens rather than miners.
How do you know it's a "fraction of the previous costs?" You do need to buy ETH instead of hardware. I did some quick searches and got varying interest rates, so I'm not sure what the expected return is.
I would expect the opposite, actually. To pay for electricity, miners have to constantly sell some of the coins they earn. All else being equal, when there are more coins being sold, the tendency is for their price to decrease; once there are less coins being sold, because miners no long need to sell as much, the tendency becomes for the price to increase, or at least, decrease less.
Price is due to supply and demand, not due to energy cost.
The amount of new Ether being minted is projected to drop by 90% after the merge, so new supply will be much lower. If anything, this creates upward price pressure rather than downward price pressure.
In theory the price of any cryptocurrency is close to $0 as they are all fundamentally swappable, especially when used as a means of moving fiat between two parties.
This seems plausible as the prices historically for both eth and btc have followed the cost to mine. A significant portion of the crypto world is directly propped up by miners in an effort to drum up demand.
Things will change monumentally so it’ll be very interesting to see what does happen.
So what is the point of high fees under proof of stake? Before it was to reward the miners. Who exactly is being rewarded high fees once it changes and for what purpose?
If the costs to run a validator are too expensive or need too many resources then you just end up promoting a centralized solution.
The point of fees isn't primarily to reward the miners. That's what the block reward is for. Under PoS validators will still get a block reward, although a lower one (90% less).
The fees are to mitigate spam attacks. You can only fit that many transactions in a block. Fees are bids to be included in a block. The higher the fee, the earlier your transaction gets included. Fees on Ethereum are high, because a lot of people want to use it.
To add: in addition to fees being used to thwart spam, EIP-1559 introduced a mechanism where these fees (not the block reward of course) are burned. One way to think of it is almost like a "stock buyback" from the Ethereum network: by reducing the supply, your ETH is worth more.
Thus, between EIP-1559 (burns base fees) and The Merge's move to Proof of Stake (a dramatically reduced block reward), there's very little net-new ETH being introduced into the system.
> If the costs to run a validator are too expensive or need too many resources then you just end up promoting a centralized solution.
If I recall correctly, the current number (32) was picked somewhat arbitrarily because, at least at the time, it was "enough" without being "too much" (in terms of incentives, skin in the game, and penalties for bad behavior).
I'd have to use a Googly device to find the price of Ether at the time when this decision was made, but I'm pretty sure it was a lot less than it was now. And once it'd been put into effect, it's difficult (e.g. unfair) to change it.
Longer-term, it likely won't remain so high, especially as the price of ETH appreciates. I believe I recall seeing discussions of changing this number in the future, but it's not the nearest-term priority.
For now, there are decent options around staking pools. Lido is the elephant in the room, but more and more people have been moving to Rocket Pool because it better promotes decentralization.
gas fees will not get affected by the merge from a users point of perspective (there is a lot going on for validators etc). This was not part of the plan.
In this regard there was kind of a shift over the last years of how Ethereum is working and wants to work. The current vision of Ethereum is roughly: There is a protocol layer (1) and an application layer (2). User transactions should be dealed with on layer 2 with fees around 0.1$. Layer 1 is considered as the generalized security layer to make specialized layer 2 possible without downsides. User transactions can be that cheap because they are part of an accumulated so called rollup, there are different kind of rollups for more specialized use-cases.
But to come back to your initial question. There are also updates in the pipeline for ethereum to increase its performance in regard of gas fees and ts/s >100x in the coming ~5y. There will be several small updates, way way easier to implement than the merge. The first should hit mainnet 2023.. but time will tell ;)
Obviously you will keep running them for a bit to see what happens. That’s why for me it seems unavoidable there will exist an ETHpow or Ethereum Legacy, the only questions are does it’s value go to zero and if so, how quickly. If it does drop in value quickly then you will switch to ETC or some other PoW chain that your GPUs can mine and see if those are profitable.
GPU based mining of ETH will turn off, literally, in 15s (one block). But the thing is, it will just move to other coins, for now. Once those are not as profitable, things will rebalance as people shut off their GPUs.
Future, ETH will grow with power requirements too... just a lot more slowly... ASICs for zero knowledge are coming, which will create a bit of an energy race. Staking will always be increasing... which will require compute and power.
At the end of the day, overall, the existing power usage won't actually go away... it will just get moved to other things. Always remember that power companies are incentivized to sell their power to the highest bidder...
"Type 1 aims to replicate Ethereum exactly, and so it has no way of mitigating these inefficiencies. At present, proofs for Ethereum blocks take many hours to produce. This can be mitigated either by clever engineering to massively parallelize the prover or in the longer term by ZK-SNARK ASICs."
...
"Personally, my hope is that everything becomes Type 1 over time, through a combination of improvements in ZK-EVMs and improvements to Ethereum itself to make it more ZK-SNARK-friendly."
That doesn’t mean we need more power. It just means the requirements of ZK proofs may need specialized equipment to process them efficiently. Different problem.
It wasn't a comparison about the power requirements between PoW and zk proofs.
In other words:
Switching to PoS, removes power allocated to GPUs for ethash mining. Adding ASICs for zk creates a requirement that doesn't exist today, for using power.
I believe the zk provers will only be for L2s. The base layer will always be the way it is now. The base layer will be settlement for various shards, as it is now for Arbitrum and Optimism.
I’m saying there will be no requirement for ASICS in Ethereum. There may be L2s to scale Ethereum that require ASICS but that would be a voluntary decision by users who want to use said L2.
I’m confused why we are arguing about. I thought you were claiming Ethereum needed ASICS to run and therefore would use more energy. Which is not the case.
It’s like saying the internet needs more energy to run when a new application is developed. No, the internet is the same, it’s the application that now needs energy. So while the total energy the internet uses has increased, it did not increase the total required for the internet to exist itself.
At the expense of the “permissionless” nature of crypto, moving from “anybopdy can join with his GPU” to “you must pay the insiders to join the party”.
I also reveals how centralized ethereum really is in terms of who holds the power: a blockchain where the devs can screw the miners like this isn't really reassuring…
Bitcoin's carefully crafted balance of power (and the disapearance of Satoshi) lead to a technological deadlock where nothing can really change, while Ethereum's totalitarian governance model allows it to iterate on the technology, but lost the freedom ideal in the process …
You don't have to "pay insiders", you simply have to purchase an asset on a liquid market. You can pay me and a thousand other people, it doesn't have to be insiders.
The bigger problem with PoS is that there's no ongoing cost. Buy your stake, don't fuck up and you're making money. Not true with mining, and this changes the incentive landscape quite a bit.
Something I like about HN is that down-voted posts will often come back from the grave. For some reason voters have a lot of sympathy.
Back on reddit, people use votes as a way to signal to each other what to believe in: instinctively, you upvote popular comments and downvote unpopular comments. It's really the first few voters that decide what people see.
In the short-term, it's likely already priced in: folks have known this is coming for a while, and especially over the past 2-3 months where it became "real" versus "coming soon".
Longer term, there may be uses for GPUs when it comes to zero-knowledge proofs (think: expensive to produce, easy to verify), but we still have a ways to go in that department.
OK, so you stake 32ETH, buy a dedicated server for a validator, and you'd get up to 5% reward per year. How is that going to pay off your dedicated server? Moreover, you are risking losing those 32ETH in case your validator goes down. Your payment would be proportional to the number of attestations, so if only a few people use ETH for transactions, your reward will be low. Did anyone think about making staking actually attractive to infrastructure providers? Infrastructure folks' reward was going down ridiculously even with POW, the POS seems like way worse, and if the number of attestations goes wild, I am sure ETH folks will find ways to penalize infrastructure folks again. I won't be surprised if ETH collapsed just because nobody would want to run 24/7 infrastructure for it.
These criticisms seem to all be based on theory with no reference to the existing Ethereum ecosystem.
How is that going to pay off your dedicated server?
5% of 32 ETH is currently $2,500 which easily pays for a computer.
Moreover, you are risking losing those 32ETH in case your validator goes down.
You have to be down for months to lose your stake.
Your payment would be proportional to the number of attestations, so if only a few people use ETH for transactions, your reward will be low.
I'm pretty sure that validators produce blocks regardless of how many transactions there are. Ethereum's problem is too many transactions, not too few.
Did anyone think about making staking actually attractive to infrastructure providers?
Those providers exist and they're efficient enough that they can pass through most of the rewards.
You can stake on a Raspberry Pi and an external SSD, if you hate yourself enough. Most home stakers run on micro-PCs like Intel NUCs or Optiplex Micros.
Attestations occur for every validator once every epoch, i.e. once every 6.4 minutes. It is not related to network activity in any way.
Alternatively, proof-of-stake (PoS) guarantees the security of the network in a different way. In PoS, anyone with 32 ETH can deposit that ETH to become a validator, a node that participates in the network's consensus algorithm. Finalizing a block requires 2/3 of all active validators to sign off on it. Should a malicious actor try to tamper with the underlying protocol by using a large number of validators to revert a finalized block (the equivalent of a "51% attack" in PoW) their funds are slashed — meaning they lose a portion of their staked ETH. This makes attacks extremely expensive; it would be like a PoW system where if you use your mining hardware to attack the network then your hardware catches fire and is destroyed.
PoS does not require the same energy-intensive hardware as PoW. Any relatively recent consumer hardware should be capable of running the software required to operate a 32 ETH staking node. If you deposit more than 32 ETH, you will be assigned multiple "validator slots" by the protocol, but you will still be able to run them from a single computer, though hardware requirements go up the more you stake. Most estimates put the expected energy savings from the switch to PoS to be around 99%.
If you have any additional questions please let me know!