ETH2.0 Consensus Bet: PoS

Glaze

Jul 11, 2022

Authors: Glaze, Fundamental Labs

Preface

Understand a new Consensus Mechanism in 10 mins

PoW(Proof of Work) Overview

PoS(Proof of Stake) Deep Dive

History of PoS

PoS 1.0
Attack Vector
PoS 2.0
BFT
Ouroboros

Future

Reference

Preface

Ethereum is turning from PoW to PoS. However, the PoS launch time is postponed over three times.

Ethereum uses difficulty bomb to switch the network to PoS. After the difficulty bomb takes effect, mining on the PoW network will be exponentially difficult. Because it is hard to calculate the new block, the block time increases dramatically. After nobody can mint new blocks on the PoW network, all participants can only switch to PoS network. The following graph shows the average block time.

Source: Etherscan

Every wave stands for the impact of the difficulty bomb. The block time increases a lot. The wave disappears because the difficulty bomb is postponed during network upgrades.

The launch of PoS is essential for Ethereum. Users have complained about the high fees and the congested network for a long time. PoS may solve all these problems for Ethereum. In this article, we will explain the history of PoS and why it is so hard for Ethereum to switch to PoS.

Understand a new Consensus Mechanism in 10 mins

In a blockchain network, there are lots of nodes. How to coordinate these nodes is a big problem. The consensus mechanism is used to reach an agreement on new blocks between different nodes.

Consensus mechanisms are often complex. To quickly understand a new consensus mechanism, we only need to answer the following two questions:

Who has the right to propose new blocks

If there is a fork, which will be the canonical chain

PoW Overview

With the framework in the last section, we can analyze PoW. The node which first gets the answer to the computation puzzle right can propose the new block. If there is a fork, the longest fork will become the canonical chain. If anyone would like to manipulate the chain, the attacker needs at least 51% computation power. Compared to PoS, PoW is relatively simple. PoW does not tap into problems like random numbers. PoS needs to use a random number to randomly select the block proposer.

PoW networks are protected by the cost of the work. In the long term, nodes will get rewards proportional to their computation power. PoW network has high hardware requirements for the node.

PoS Deep Dive

Let’s answer the question at the beginning, why it is so hard for Ethereum to switch to PoS. Part of the reason is that Ethereum is pushing decentralization and encourages more nodes to join the network. This requires a more complex protocol to support the P2P communication of thousands of nodes.

PoS means proof of stake. Nodes stake native tokens on the network. More staked tokens will give the node a higher possibility to become a block producer. PoS does not require high-end hardware but require capital. If the node cheats, the network will immediately slash its staking. Because nodes no longer need to solve computation problems, the PoS network has sustainability, higher TPS, and fast finality. Most networks employ PoS because of sustainability, security, higher TPS, and fast finality.

History of PoS

PoS comes through two-phase development. PoS 1.0 is blockchain-based PoS consensus. PoS 2.0 is based on BFT(Byzantine Fault Tolerance).

Examples of PoS 1.0 are PeerCoin, NextCoin, BlackCoin, and Ethereum Serenity.

PoS 2.0 is based on BFT and is widely adopted by projects like Ethereum 2.0, Tendermint, and Cosmos.

PoS 1.0

During phase 1.0, most PoS look like this:

Nodes stake tokens

Randomly select one node to produce new blocks. The probability is proportional to the number of staked tokens

The biggest problem of this workflow is the generation of random numbers. If the random number generation is based on timestamp and block hash, the block proposer would generate the new block in a way that increases the probability of being elected as the block proposer again.

Attack Vector

Common attack vectors are listed below:

Staking grinding: The block proposer tries to influence the random number generator to get more chances to produce blocks

Nothing at stake: In PoS networks, producing new blocks does not cost lots of computation resources. When there is a fork, nodes will produce new blocks on every fork. In this way, nodes can maximize their yields. However, this is harmful to the network stability

Long-range attack: Early validators can roll back the state in the future. This will easily cause forks

You can find more attack vectors on page 58 of this paper.

PoS 2.0

PoS 2.0 employs BFT. The goal of BFT is to reach a consensus between different nodes.

The node which can make a propsoal is the leader. Among all nodes, there are Byzantine nodes. Byzantine nodes are dishonest nodes. Byzantine nodes cheat in the following ways:

Failure to return a result

Respond with an incorrect result

Respond with a deliberately misleading result

Respond with a different result to different parts of the system

Except for Byzantine nodes, the rest of the nodes are all honest nodes. The most difficult scenario is that the leader node is Byzantine.

Besides these settings, there are some other limitations:

Nodes can only communicate peer to peer

Nodes keep the log of sent-out messages

P2P communication causes different nodes to have different views because nodes cannot have one global synced state. For example, node A finds 3 new blocks, but node B only sees 1 new block.

The main goal of BFT is that after the leader makes proposals, every node except Byzantine nodes can reach an agreement. The side goal is to find the Byzantine nodes.

BFT

Modern BFT algorithms employ multi-round votes to ensure every node knows that more than 2/3 of nodes approve the proposal. After the block is finalized, the honest node will never revert it.

Every round of communication has four steps:

The client sends requests to the leader

The leader pass request to all nodes

Nodes respond to the leader with execution results

After getting f+1 same results, the leader responds to the client (f is the number of Byzantine nodes)

The below diagrams show 5 stages during execution. C is the client, 0 is the leader and 3 is the Byzantine node.

Prepare and commit stages are used to ensure the synchronization between different nodes.

For Tendermint, it has several limitations:

P2P communications cannot support more than 100 nodes in the network

Complex P2P communications design

Execution delay. Nodes first decide the new blocks. Then nodes execute all transactions in the new block. Although individual transaction works fine, executing all transactions once may cause problems, like double-spending problem

If you would like to learn more about PBFT, check out this blog.

The current algorithm can achieve agreement in the following conditions:

Among 4 nodes, 1 is Byzantine node

Among 25 nodes, 8 are Byzantine nodes

Among 100 nodes, 33 are Byzantine nodes

Network operation status can be categorized in the following conditions. f is the number of Byzantine nodes. There is a total of 3k+1 nodes in the network and k is a random integer.

f ≤ k, the network is stable

k < f < 2k+1, some nodes may fail to reach consensus. The blockchain pauses

f ≥ 2k+1, there are security risks

The popular BFT algorithms are PBFT and Tendermint. Tendermint can keep the network stable in the condition that among 3k+1 nodes, there are k byzantine nodes.

Ouroboros

Compared to BFT algorithms, Ouroboros can support more and more nodes and it also supports nodes to come in and out at anytime. In this way, Ouroboros is more decentralized and flexible than BFT but has a longer finality time. Cardano and Mina uses Ouroboros.

Ouroboros divides time into epochs. Epochs can be divided into slots. Every slot uses VRF(verifiable random function) to generate random numbers and uses this random number to decide the block proposer who will generate the new block. Nodes staking more tokens are more possible to be a block proposer.

Ouroboros will choose the correct chain with predefined selection rules when there is a fork. For example, it may choose the most “dense” chain. In some consensus mechanisms, the dispute is solved through votes.

Future

Blockchains are balancing decentralization and performance. Switching from PoW to PoS shows that blockchains are chasing TPS, decentralization, tokenomics, and fast finality. We will see more innovations around these four characteristics.

Some blockchains use sampling techniques to lower the communication frequency between nodes. ZK can be applied to it. Byzantine nodes need to send proofs with their messages. This can prevent Byzantine nodes from cheating. Through verifying the proof, honest nodes can also find byzantine nodes.

The tokenomics innovations in GameFi and DeFi applications can be applied in consensus. The current staking mechanism is simple and outdated. For example, Ve token is commonly used in lots of DeFi projects to improve the staking ratio and lower the circulating supply. Users need to stake the project token for some time and get some VE token back. Staking more project tokens for a long time can get more Ve token. Only the Ve token can be used for governance. We can use Ve tokens to improve the staking ratio. Using dual token design may also be an exciting direction. Lots of popular projects use dual token design to reduce selling pressure. Separating the rewards and sharing tokens can catch more value.

Application iterates much faster than low-level protocol, like consensus. It is hard to apply innovations on applications to low-level protocols. Modular blockchains may solve this problem. However, it is still risky for blockchains to hot-swap essential modules.