Proof-of-Work versus Proof-of-Stake redux
The difference between PoW and PoS becomes starkly clear once you understand these 2 things:
* PoS is a modified, weaker form of PoW
* Energy efficiency and conservation of energy
A thread. 1/
The difference between PoW and PoS becomes starkly clear once you understand these 2 things:
* PoS is a modified, weaker form of PoW
* Energy efficiency and conservation of energy
A thread. 1/
Abstract: The only way PoS-aka-modified-PoW could be seen as an improvement over pure-PoW is _if and only if_ SHA256 hashing, which is what actually happens when you mine Bitcoin, is inefficient when it comes to protecting the Bitcoin ledger. 2/
It doesn’t matter what you call it, PoS is still “work”.
What do I mean by this? 4/
What do I mean by this? 4/
PoS manifests as work in how you must go about in setting up your staking operation: taking out a loan, running a staking server, protecting your server from getting hacked, etc.
Every system known to man needs “work” to be put in for it to become useful. No exception. 5/
Every system known to man needs “work” to be put in for it to become useful. No exception. 5/
PoS is also PoW, just a modified form. That means one can evaluate PoS within the PoW framework. This is important.
Now comes the second, less intuitive part. Energy efficiency and conservation of energy. 6/
Now comes the second, less intuitive part. Energy efficiency and conservation of energy. 6/
In the old days, it used to take many weeks of work and effort to send a message across large distances.
But since the radio (and later the Internet) was invented, it now merely takes us fractions of a second with very little energy to communicate with one another. 7/
But since the radio (and later the Internet) was invented, it now merely takes us fractions of a second with very little energy to communicate with one another. 7/
The old ways of delivering a message was simply too energy-inefficient. So better methods could be discovered to improve the communication process. 8/
Similarly, the combustion engine only has ~20-40% energy efficiency. Much of the energy generated through combustion is lost.
That means we could keep coming up with more efficient ways to generate torque, including non-combustion techniques. 9/
That means we could keep coming up with more efficient ways to generate torque, including non-combustion techniques. 9/
Back to PoW and PoS.
Because PoS gets rid entirely of the PoW mining process, the only way it could prove that it can achieve roughly the same security is by proving PoW mining is very inefficient in the first place.
Conservation of energy. 10/
Because PoS gets rid entirely of the PoW mining process, the only way it could prove that it can achieve roughly the same security is by proving PoW mining is very inefficient in the first place.
Conservation of energy. 10/
However, SHA256 hashing is in fact perfectly efficient in protecting the Bitcoin blockchain.
To understand this you must understand the difference between a physical process, like combustion, with a software operation like hashing, which is backed by math. 11/
To understand this you must understand the difference between a physical process, like combustion, with a software operation like hashing, which is backed by math. 11/
Physical processes like combustion wastes energy. Our own body motions waste energy.
Almost everything physical wastes energy. 12/
Almost everything physical wastes energy. 12/
SHA256 is different. It is backed by something called a one-way math function.
A one-way function is a function that is easy to compute on every input, but hard to invert given the output. 13/
A one-way function is a function that is easy to compute on every input, but hard to invert given the output. 13/
An example is multiplication and factoring.
61x71 = 4,331 is easy.
But if you get 4,331 and need to guess which numbers when multiplied will give you 4,331, it’s a lot harder. 14/
61x71 = 4,331 is easy.
But if you get 4,331 and need to guess which numbers when multiplied will give you 4,331, it’s a lot harder. 14/
In reality, the existence of one-way functions still cannot be proven yet. Proving that they exist formally would mean proving P != NP, the most important problem in Computer Science. 15/
en.wikipedia.org/wiki/P_versus_…
en.wikipedia.org/wiki/P_versus_…
But in practice, we can roughly take P!=NP as truth.
Not only because intuitively we can “sense” that it’s true, like in the above factoring problem and other problems, but also because much of our modern world has been built on P != NP. 16/
Not only because intuitively we can “sense” that it’s true, like in the above factoring problem and other problems, but also because much of our modern world has been built on P != NP. 16/
Our entire digital infrastructure - the Internet, banking, secure communication, etc. - is based on a P != NP foundation.
If someone manages to prove P = NP, which is highly unlikely IMO, we wouldn’t exactly revert back to the Stone Age, but close to it. 17/
If someone manages to prove P = NP, which is highly unlikely IMO, we wouldn’t exactly revert back to the Stone Age, but close to it. 17/
What we get with this one-way hashing in PoW mining is that for an attacker to undo changes to the Bitcoin blockchain, he would need to perform a roughly equivalent amount of hash operations.
One hash in, one hash out. 18/
One hash in, one hash out. 18/
If it took a trillion hash operations to produce the last 2 blocks, it would take roughly a trillion hash operations to undo or revert those 2 blocks. 19/
This is close to 100% efficiency.
In reality, it is not _quite_ 100% because it depends on SHA256 being perfectly random. But SHA256’s track record is pretty good. 20/
In reality, it is not _quite_ 100% because it depends on SHA256 being perfectly random. But SHA256’s track record is pretty good. 20/
To recap:
PoW mining = 1 hash in, 1 hash out.
~100% efficiency in protecting the Bitcoin ledger.
You’ll be hard-pressed to find anything being this efficient in the physical world. As a matter of fact, there isn’t one! 21/
PoW mining = 1 hash in, 1 hash out.
~100% efficiency in protecting the Bitcoin ledger.
You’ll be hard-pressed to find anything being this efficient in the physical world. As a matter of fact, there isn’t one! 21/
SHA256 hashing might be the only thing in the world that dedicates its entire existence to one goal and one goal only: protecting the Bitcoin ledger. Totally and completely.
(I don’t know about you, but IMO this is incredibly beautiful. Almost heroic.) 22/
(I don’t know about you, but IMO this is incredibly beautiful. Almost heroic.) 22/
One might ask, but mining hardware like ASICs do generate heat, isn’t that also waste and inefficiency?
Great question. But it’s important to separate the hardware from the software operation. 23/
Great question. But it’s important to separate the hardware from the software operation. 23/
Like all physical processes, mining hardware does have inefficiencies.
For example, the 7nm or 5nm chips are not the fastest computing chips humans can make. They also generate heat. 24/
For example, the 7nm or 5nm chips are not the fastest computing chips humans can make. They also generate heat. 24/
But the hardware can be inefficient, while the non-physical software operation can be perfectly efficient!
That is because again, hash function is not a physical process. 25/
That is because again, hash function is not a physical process. 25/
Going back to our earlier example:
61x71 is 4,331
The idea of factoring 4,331 into 61 and 71 requires a non-trivial amount of computations. You cannot cheat using shortcuts, but actually have to sit down and brute-force this math problem. 26/
61x71 is 4,331
The idea of factoring 4,331 into 61 and 71 requires a non-trivial amount of computations. You cannot cheat using shortcuts, but actually have to sit down and brute-force this math problem. 26/
These math problems and hash operations belong to the abstract world. Since they reside in the abstract world, they can achieve no efficiency loss.
If factoring requires some specific steps you must follow, then you cannot get around them. 27/
If factoring requires some specific steps you must follow, then you cannot get around them. 27/
Otoh, if you can prove that you can cheat without doing brute force calculations, not only for factoring 4,331, but for all other types of one-way functions such as discrete log in Elliptic curves, congrats, you just crack one of mankind’s most important problems. 28/
Here’s another way to put it: anyone who claims PoS can achieve equivalent security to PoW is essentially saying P = NP.
That is, they claim they have found a way to cheat around one-way functions, but still be able to get the same result. 29/
That is, they claim they have found a way to cheat around one-way functions, but still be able to get the same result. 29/
To conclude:
Every PoW hash operation contributes 100% of their existence to securing the Bitcoin ledger, based on one-way functions. PoS removes these perfectly-efficient operations, so it must sacrifice its own security. Conservation of energy.
It is really that simple. 30/
Every PoW hash operation contributes 100% of their existence to securing the Bitcoin ledger, based on one-way functions. PoS removes these perfectly-efficient operations, so it must sacrifice its own security. Conservation of energy.
It is really that simple. 30/
> why is energy required in the first place to protect the ledger?
This is the key question that underlines the understandable delusion with PoS.
Can we just get security without spending any energy? 31/
This is the key question that underlines the understandable delusion with PoS.
Can we just get security without spending any energy? 31/
https://twitter.com/big_fat_pat/status/1468661241048616961
To understand this, let’s borrow a little from the Laws of Relativity: how fast a train is going to you is different depending on whether you are standing still, or driving in a car.
But the speed of light is constant regardless of perspective. 32/
But the speed of light is constant regardless of perspective. 32/
Similarly, PoW security is constant and absolute (in terms of number of hashes). It doesn’t matter which perspective you are coming from if you want to attack Bitcoin.
There is no negotiating around the wall of energy and SHA256 hash operations. You must tackle it head-on. 33/
There is no negotiating around the wall of energy and SHA256 hash operations. You must tackle it head-on. 33/
On the other hand, just like observing a speeding train, what PoS gives you is relative security.
It is only secure depending on which perspective you look at the network. 34/
It is only secure depending on which perspective you look at the network. 34/
It’s like when you ask a friend to hold your money for you, it’s because you trust him/her.
In this case, the security comes from the relative strength of the bond between you and your friend. 35/
In this case, the security comes from the relative strength of the bond between you and your friend. 35/
PoS works the same way, except it’s not trusting your friend. It’s trusting the largest stakeholders of the PoS network. Trust that they behave nicely- and also that the network doesn’t get partitioned accidentally.
PoS “security” comes from this relative trust among humans. 36/
PoS “security” comes from this relative trust among humans. 36/
If say, a state actor gets ahold of the richest stakeholders in PoS, and manages to find their weaknesses, they can manipulate these stakeholders into doing what the state actor wants: censoring transactions, or re-orging the chain as they wish. 37/
An outsider can make PoS insecure by forcefully becoming one of the “good” insiders.
In PoW that’s not possible: even if a state actor manages to take over the largest mining operations, they still need to spend energy to attack Bitcoin, insider or not. 38/
In PoW that’s not possible: even if a state actor manages to take over the largest mining operations, they still need to spend energy to attack Bitcoin, insider or not. 38/
To sum things up:
PoW provides you absolute security, regardless of perspective.
By removing the energy associated with PoW mining, PoS falls back on the relative trust among humans - a false sense of security. 39/
PoW provides you absolute security, regardless of perspective.
By removing the energy associated with PoW mining, PoS falls back on the relative trust among humans - a false sense of security. 39/
One valid question, assuming you agree PoW is necessary for security, is how much PoW is enough?
That is trickier to answer. Like most things designed to protect, we only get to find out their true worth when shit hits the fan. Safer to lean on overpaying than underpaying. 40/
That is trickier to answer. Like most things designed to protect, we only get to find out their true worth when shit hits the fan. Safer to lean on overpaying than underpaying. 40/
• • •
Missing some Tweet in this thread? You can try to
force a refresh
