Author: Billy Tetrud 2021-05-23 19:28:43
Published on: 2021-05-23T19:28:43+00:00
In an email conversation, Billy Tetrud and Lloyd Fournier discussed the advantages and disadvantages of proof-of-stake (PoS) for a Bitcoin-like system. Fournier believes PoS is not fit for purpose for a global settlement layer in a pure digital asset like Bitcoin, while Teturd thinks there is a lot of misinformation and bias against PoS. They also discussed how to mitigate certain problems with PoS such as delegation and offline coins.Fournier points out that large unsophisticated coin holders can put their coins in cold storage without worrying about the health of the underlying ledger in Bitcoin. In contrast, PoS systems do not have this clean separation of responsibilities. He argues that PoS makes everything too exciting for Bitcoin, which should optimize for simplicity and avoid extraneous responsibilities for the holder of the coin.Fournier discussed two types of PoS protocols: proof-of-squarespace (Cardano, Polkdadot) and "pure" proof of stake (Algorand). The former has many crucial differences from mining pools, including that the person making the decision to join a pool is forced into it just because they own the currency, and every UTXO must indicate which staking account this UTXO belongs to so the appropriate share of block rewards can be transferred there. On the other hand, the latter only allows online stake to participate in the protocol and offers participation keys that expire after a certain amount of time to create blocks on your coin holding key's behalf.Teturd suggests that delegation could be mitigated partially if delegation didn't require any kind of blockchain transaction, and users could simply send a signed message saying "this other key can mint blocks with my coins," and then minting a block using those coins would require presenting the delegation signature. He also mentions that Algorand does something similar to this. In general, Teturd believes that there is a lot of misinformation and bias against PoS, and he thinks that options C and D combined would be an ideal approach in a Bitcoin-like system.The arguments against Proof of Stake (PoS) appear to be out of date or reliant on unproven assumptions or extrapolation from the analysis of a particular PoS system. While experimenting with Bitcoin by switching to PoS may not be a good idea, it seems highly likely that there is a proof-of-stake consensus protocol that can be built with substantially higher security and far less resource consumption without compromising any of the critical security properties that Bitcoin relies on.The disagreements around hardcoded checkpoints are critical in solving attacks that could be levied on a PoS chain, and it should be considered how this affects the security model. Capital required for a 51% attack on PoS can be made significantly greater than on a PoW chain. There is no centralization pressure in any proof of stake mechanism, as compared to the clear centralization pressure in proof of work, which has more barriers to entry than any PoS system does.Bitcoin's energy usage at the moment is quite warranted, but if we can do substantially better, we probably should eventually. There is no mention of PoS having a failure threshold of 1/3 in the pos.pdf linked to, and there are PoS designs that should exceed that up to nearly 50%. Proof of work is not resilient up to the 1/2 threshold in the way one would think, and its security is reduced by a factor of about 83%. Proof of Stake requires other trade-offs that are incompatible with Bitcoin's objective of being a trustless digital cash, specifically the famous "security vs. liveness" guarantee.However, requiring the "permission" of one of millions of people in the market cannot be reasonably considered a "permissioned currency." Both PoW and PoS could mine/mint blocks twice as fast if everyone agreed to double their clock speeds. A burned coin + VDF system might be more secure in the long run, and if the entire space agreed that such an endeavor was worthwhile, a test net could be spun up, and a hard-fork could be initiated. Permission to gain tokens is not a practical constraint in mining, just like in mining, some nodes may reject you, but there will likely be more that will accept you.
Updated on: 2023-06-14T21:15:09.430811+00:00