Ethereum’s Casper: Ghostbusting Proof of Stake Problems
Every complex society has many cases where a big number of players need to reach consensus. The main advantage of such a society is that people can agree and act together on different issues, and can solve more and bigger problems than individuals can do alone.
Society is based on consensus. Trade, diplomacy, finances — they all have this prerequisite of consensus. This has created a need for different mechanisms of governance to reach consensus. And with it, often, comes a lot of abuse, manipulations and rogue players.
To prevent different manipulations, we’ve had centralized institutions that gave us efficiency in reaching consensus and making decisions. The necessary tradeoff between democracy and efficiency is well known among the students of different modes of government.
While different levels and models of centralized decision-making have lead us to sophisticated, functioning society, it has also lead to accumulation of power and resources in the hands of the few. In modern days, things like the Internet and cryptography have given us power to explore new models of reaching consensus.
Blockchain is one of the modern inventions that’s supposed to enable us to reach consensus without centralization and trusted parties. It is, in its many incarnations, still in its baby stages, but we can safely say that if it delivers on just a part of its promises, it will help us have a more efficient society without the tradeoffs.
Byzantine Fault Tolerance
When we start designing (or imagining) decentralized institutions, decentralized organizations, we can reduce (in programmers’ terms) all the related logic and data structures down to voting and a ledger of decisions/votes.
The ideal of decentralization involves applications that are robust and have no single point of failure. No central authority, and yet, we should be able to guarantee the integrity of the ledger. For example, we need to know that our bank accounts, or vote results, or some online text, or the content of some online conversation, or some digital identity have not been tampered with.
Without central, trusted players, this can be hard.
In a decentralized, untrusted environment, we need to provide for cases of rogue players, who will try to manipulate the consensus. To simplify: everyone needs to have a vote, but no one should be able to cheat the system using their voting right.
When a decentralized system — which consists of untrusted parties — is able to function when there are treacherous parties in its midst, we say it has Byzantine fault tolerance.
In cases of creating a decentralized financial system, or critical decision-making systems, incentives for cheating the system are huge, so these systems need to be bulletproof.
In blockchain applications – and more narrowly, cryptocurrencies — different consensus mechanisms are, really, ways to solve the “rogue players” problem of trustless systems we outlined above — the Byzantine generals problem. These algorithms are different ways to deter the players from cheating the system. These players are usually known as nodes — computer systems with instances of the blockchain, or which validate new transactions and mine new blocks.
Consensus mechanisms are devised to make it non-lucrative, or not worth the effort, to cheat the system.
Read more about these mechanisms in this post.
Ethereum Consensus Algorithms
Perhaps the most mainstream consensus algorithm used today is PoW (Proof of Work). This algorithm stakes the integrity of the network on the difficulty required to solve hashing puzzles. The most basic explanation of BTC Proof of work is that a mining node takes transactions and tries to hash them together with a number — a nonce — so that the resulting hash begins with a predetermined number of zeros. The higher the number of beginning zeros, the higher the difficulty. Mining nodes try by brute force to find the smallest possible nonce that, hashed together with transactions in the block, satisfies a given condition.
Ethereum developers have made decentralization and democratization its goals — and therefore, in contrast to Bitcoin, ASIC resistance. This has resulted in using ETHASH, an algorithm which emphasizes the speed of manipulating memory, instead of raw computing power, and this gives some advantage to using graphic cards and reduces incentive of developing ASICS (application specific integrated circuits) — dedicated, specialized hardware developed specifically for the purpose of solving PoW problems in particular blockchains.
The other feature of Ethereum’s PoW is the Ghost Protocol, which is implemented to combat centralization by distributing rewards for orphaned blocks — blocks mined by miners who lost the race to create the next block first, but still mined a valid block.
“Ghost” is short for Greedy Heaviest Observed Subtree and is a rather complex way of addressing the issues we mentioned.
Proof of Work has many flaws. For the system to function, ideally, every node has to be able to verify the entirety of the blockchain transactions — meaning, it has to store and validate the entire blockchain history. As Ethereum’s Wiki says, Ethereum, like Bitcoin,
suffers from the flaw that every transaction needs to be processed by every node in the network.
Proof of Work is, further, extremely energy-inefficient, and with the enormous energy demands required just for the network to function, it becomes a big liability, and the network becomes fragile. Proof of Work also (even with ETHASH) still struggles with centralization trends, with miners pooling in their resources, and with network relying on these mining pools, and other infrastructure problems.
Ethereum’s upcoming Serenity release plans to transition the Ethereum blockchain to the PoS (Proof of Stake) consensus protocol. This protocol is called Casper, because it implements or adapts many principles of Ghost PoW we mentioned. Currently, both Vitalik Buterin and Vlad Zamfir are working on this release, and many final details still haven’t been finally decided.
The essence of Casper is staking and betting. Validating nodes will stake a certain amount of cryptocurrency — let’s say 1000 ETH, or more — which will enable them to partake in validation of transactions and production of blocks. By eliminating the search for a solution to cryptographic puzzles, we can expect much bigger scalability of the network.
Validating nodes will produce blocks and bet on validity of transactions. These transactions/blocks will then be verified by other nodes. If validating nodes place their bet on promoting some invalid transactions as valid — in other words, if the validating nodes try to cheat — they will forfeit their stake, along with their place in the validation process.
This approach of betting, and possibly losing the stake, is Ethereum’s way of addressing the Nothing at Stake Problem, which occurs when the best strategy for a validator is to support every possible version of blockchain history (of transactions) without risking anything. In other words, to demotivate miners to back fraudulent transactions.
Without this solution, if the miners only have prospects of getting rewards for backing any version of blockchain history — as the Ethereum’s PoS FAQ puts it —
if all actors are narrowly economically rational, then even if there are no attackers, a blockchain may never reach consensus. If there is an attacker, then the attacker need only overpower altruistic nodes (who would exclusively stake on the original chain), and not rational nodes (who would stake on both the original chain and the attacker’s chain), in contrast to proof of work, where the attacker must overpower both altruists and rational nodes
So this is a way to ensure the integrity of the blockchain ledger and its transactions.
When nodes have staked an amount like 1000+ ETH, their incentive is primarily to keep their stake. Having in mind that validating nodes are chosen randomly, so rogue players cannot be sure they will be able to overtake the validation process, this makes it very costly to even try to cheat the system.
In the future, the required stake may decrease, to allow for greater decentralization of the network. The Ethereum founders mentioned the possibility of it coming down to as low as 10 Ether with time.
Advantages of Proof Of Stake
It’s energy efficient.
Smaller incentives are needed to keep the network going, due to smaller costs of mining new blocks (both energy-wise and hardware-wise).
Reduced need for incentives solves, or reduces, a whole range of problems that need to be solved in PoW system, like difficulty adjustments, and generally reduces complexity of mechanisms needed to regulate the network.
Compared to 51% attacks in PoW system, where the attackers don’t lose their main weapons of attack, their hardware, attackers who try to overtake the Ethereum network stand to lose the main source of their power — their stakes.
Problems with PoS
One of the main problems that people point out regarding PoS is, again, a certain level of centralization, or “the rich get richer” problem. Rewards from the network will go only to those who already have a high amount of capital.
During a recent conference in Curacao, VMware’s prominent distributed system’s expert Dahlia Malkhi pointed out these problems, emphasizing that it’s “giving power to people who have lots of money”.
But those with their eyes on the crypto industry for the last couple of years have seen their fair share of “whale games” and market manipulations even in those cryptocurrencies which boast by their different decentralization mechanisms. It’s hard to claim any mechanism will inherently secure fairness and efficiency and security and fault tolerance.
So perhaps being perfectionist here is unrealistic, and speculations about consequences of different design decisions aren’t always reliable. Besides, the rich get richer in PoW, too. In fact, it’s only possible to become an effective miner if you’re rich. In Ethereum, everyone will be able to be a “miner” in time.
We still don’t know the final shape this Ethereum upgrade will take, and even its core developers don’t seem to be always on the same page about it. There are two versions that are being juggled around, but Serenity is coming, and with it both Casper and other improvements of the protocol that improve its scalability and efficiency. If it is rolled out with the “Constantinople” update — as is speculated — we could see Casper published by the end of 2018.