Why I dread the Merge, and why you should too

The fundamental value proposition of blockchain is that there is only one history. That means that it must sync to a single truth. This is an exercise that necessarily has physical limitations relative to massively parallel systems.

Just out of curiosity, what would need to happen for you to consider that your hypothesis is wrong?

I say it right in the article:

  1. You can show me a simple mechanism where the energy of defend something is lower than the energy required for the most efficient successful attack.
  2. You can show me a coordination mechanism between two parties that has a latency to decide that is lower than the time it takes for signal to travel one way across the distance between them.

What would it take for you to change your mind?

I was talking more in terms of real world events. For example, for me, if a large scale attack happens on Ethereum post-merge or even if smaller PoS chains start getting attacked (more than PoW chains with a comparable size), then I would reconsider my position.

About your two points, while it may very well be true that the Gasper consensus doesn’t meet those requirements, PoW also doesn’t.

  1. The most efficient attack on PoW requires very little energy. Just find the location of mining farms (quite easy, they spend a lot of electricity) and confiscate them by force. Or just capture the main mining equipment manufacturers (just Bitmain has well more than 50% of market share) and force them to include a backdoor in their equipment. Both attacks are quite energy-efficient for a government to do.
  2. PoW doesn’t reach consensus on a single block. It takes several blocks to have some certainty that a transaction is final. Furthermore, this doesn’t really depend on whether the chain is PoS or PoW, it depends on the specific consensus algorithm used. Both Bitcoin and Cardano have longest-chain consensus algorithms (also called Nakamoto consensus) and work similarly, there’s no “chatter” around the agreement, a few blocks are necessary for finality, etc. PoW and PoS are forms of validator selection, not so much of consensus. For example, there are several consensus algorithms that use PoW and aren’t longest-chain. Byzcoin and early Zilliqa used PoW to select validators but then ran a PBFT-like consensus on top. Bitcoin-NG is also interesting, a validator was selected with PoW but block production was centralized. All this to say that the latency of a blockchain doesn’t really depend on whether it is PoW or PoS but rather on the consensus algorithm itself.
2 Likes

This is outright wrong. You can find a few big PoW miners, but it’s evidently difficult to find the longer tail of small miners. 20% of Bitcoin hashrate is still in China despite the mining ban. There are economies of scale in Bitcoin mining but they are marginally decreasing. Good luck seizing 51% of the hash rate.

Or just capture the main mining equipment manufacturers (just Bitmain has well more than 50% of market share) and force them to include a backdoor in their equipment

This might be a bit easier. Or a government could force a miner equipment manufacturer to only make miners for them.

Here’s the most ironic protection mechanism of proof of work: The option to switch to proof of stake. Ultimately proof of work is a great distribution mechanism. Because of competition, miners must sell the majority of their block rewards to pay for energy and hardware. In the event of an obvious 51% attack on Bitcoin, the network can socially create a PoS fork, and will have a healthy distribution of initial validators. If this happens in a few years from now then Bitcoin will be able to leverage years of learnings from Ethereum PoS.

This might be a bit easier. Or a government could force a miner equipment manufacturer to only make miners for them.

PoW doesn’t just require possession/control of a facility, which is actually very hard to do. Who will pay the electricity bill? Who will tirelessly work on better mining tech, so the mining power stays relevant?

The whole point of PoW is that the amount of effort and resources required to dominate is very hard to amass, and even if one manages to confiscate it somehow (think of a government confiscating an auto factory. How will the local population handle it?), an external actor with the tech and power production can still overwhelm. It’s not enough to capture a majority of the miners.

PoW requires ongoing capture of every relevant facility within a distance that takes 10 minutes for light to travel…

While someone might think that just because they can imagine an evil empire pulling this off, the it doesn’t make it a practical control strategy. How good are governments at maintaining efficient operations?

True, it is not easy to find and capture 51% of the Bitcoin hashrate. But is it harder than capturing 51% of the stake on Ethereum? On the one hand, miners that have more than a few tens of GPUs have a very noticeable energy consumption. And if you buy mining equipment that can be traced to you. On the other hand, if you can get the equipment and produce your own energy then it’s extremely hard to trace you. Stakers only use commodity hardware and negligible amounts of electricity, but the on-chain movement of funds can be used to deanonimize you if you’re not careful.

Completely agree with you. But this is essentially what’s happenning to Ethereum now. We had 7 years of PoW which created a nice distribution of coins. And now we are moving to PoS. The only difference is that we are not waiting for a 51% attack. Coordinating a fork to PoS while you’re being attacked is extremely hard. And PoS has been researched and been in production in several other blockchains for many years now. It’s Ethereum’s turn now to make the switch, and hopefully Bitcoin in a few years, who knows.

1 Like

Governments can easily pay an electricity bill. In addition, an attacker would still get the block rewards. Note that a government wouldn’t necessarily want to halt the blockchain but maybe just control it, to decide which transactions are allowed or not.
If you capture a blockchain, no one will bother making better mining tech for that chain. If an attacker gets 51% of the hashrate, he can deny block rewards to the other 49%. Who would continue mining in that case? And if no one is mining, who would buy the new mining equipment that you’re manufacturing?

Ultimately, this conversation isn’t about how pratical it is to attack the Bitcoin network (which I agree is quite hard). But rather if PoW is more secure than PoS in general. Is it harder to capture miners or stakers? How do both types of chains recover from attacks? Etc.

As you can imagine, many hundreds of researchers spent the better part of a decade researching the properties of PoW and PoS algorithms, and we couldn’t reach a definite conclusion over which one is more secure. It is very arrogant for you to state that you found a solution and that, if no one convinces you otherwise, it means you’re right. In science it is exactly the opposite, you need to prove your position and convince other people that you’re right. A little intellectual humility would only benefit you.

If you can be bothered, Vitalik has a very nice explanation of some of the advantages that PoS has over PoW. Why Proof of Stake (Nov 2020)

Governments can easily pay an electricity bill. In addition, an attacker would still get the block rewards. Note that a government wouldn’t necessarily want to halt the blockchain but maybe just control it, to decide which transactions are allowed or not.
There will be an energy shortage in Europe this winter. What reality are you basing your point on? Are Governments magicians? Are they always competent against macro threats?

In the end it boils down to which kinds of miners are more resilient to state threat? Is it the ones that sit on piles of cash and want to challenge the government? Or is it ones who control resources? Think Khodorkhovsky vs Putin. Khodorkhovsky had his plants on Putin’s turf. Who won?

Am I saying it would be easy for PoW miners to stand up? NO.

Are stakers in their apartments with their Raspberry Pis up to that kind challenge? What future are they building by freeriding on the work of a foundation and (feeble) grants? Are they the types that stand up to a physical challenge, or are they the types that run and hide?

PoS is premised on greed. Free money for no effort other than being an OG (yes, most stakers got their eth for a few dollars at most). Is that a good foundation for the decentralised future?

As for who spent years thinking about it? I have spent the better part of a year to do just that while getting paid for it. Have you read the articles I quote? Could you please refute my claims based on merit and not presumption?

Honestly, it seems like you are romanticizing this matter. Miners, like stakers, are not altruistic individuals (for the most part). In fact, the majority of hashpower is contributed by commercial operations. Miners will not mine if it’s not profitable to do so.
Regading stakers, it’s not free money. Stakers place their funds at risk to secure the network and are paid for that.

Not to bring you down, I’m happy that you found work in this area, but less than a year is not a long time. I myself have been working full-time on consensus algorithms for the past 4 years. Many on this forum have been working for far longer than that. I have read your first medium post on security.

I have been. I asked you what real world event would need to occur to invalidate your hypothesis, you didn’t respond. I wrote a point about your statement that PoW is the fastest consensus algorithm, no answer. To my point about an attacker capturing 51% of the hashpower and denying block rewards to the other 49%, you’ve also not answered. You’ve been selectively ignoring arguments in this thread and then complain that people are not refuting your claims on merit.

You finished your first post with “Feel free to challenge the propositions on their merits. Many have tried.”. Clearly you came here with the opinion that this would be an adversarial situation, that other people will try to prove you wrong and they’ll fail because no one has sucedeed before.
That is absolutely the wrong mindset for this forum. People come here to collaborate and to learn. They subject their work to criticism for their own betterment. The others posters on this forum gain nothing from convincing you that you are right or wrong, and it’s not their job to do so. If anything it’s you that should try to convince us that your research has merit.

Look, if you argue with people like this you’ll continue being sure that you’re right but you’ll also fail to convince anyone else that you’re right. If you try to actually argue your point and are open to criticism you might learn something yourself and/or teach something to other people.

Not to bring you down, I’m happy that you found work in this area, but less than a year is not a long time. I myself have been working full-time on consensus algorithms for the past 4 years. Many on this forum have been working for far longer than that. I have read your first medium post on security.

I was fired for coming to my conclusions. It’s hard to work for longer if you don’t toe the line and certainly after what I came to, a year is more than enough. Feel free to challenge on merit. In the articles I set out how you can decisively prove me wrong. Have you tried to answer the challenge? If you haven’t. Why not?

From your article:

[solo stakers] will be penalized for disagreeing with a majority

This is incorrect. If you are a staker that follows the protocol rules and every other staker fails to follow the protocol rules, then you will be rewarded while everyone else will be severely punished. This is because under Proof of Stake we can punish individual bad actors after the fact for disobeying protocol rules. This cannot be done under Proof of Work. If you haven’t look into social slashing via UASF/UAHF.

Many people seem to have the mistaken impression that the benefit of PoS is the “reduced energy usage”, but that is merely a side effect. The reason PoS is more secure is explicitly because of the ability to punish bad actors after the fact for things that the protocol cannot automatically punish for. Under Bitcoin, miners have to behave within a certain set of constraints, but there exists ways they can deviate from the protocol that the protocol cannot automatically detect. These attacks are given a defense under PoS, while under PoW it requires an honest miner majority assumption.


Regarding “energy for defense” vs “energy for attack”, something to keep in mind that people can be clever here and use energy sources that were stored previously. For example, we can drill for oil that was created millions of years ago and use that energy to do things, rather than having to turn solar power today into energy. This relates to decentralization because humans already have spread out far and wide across the planet and laid cabling, deployed satellites, etc. for communication across the globe. We can leverage that already spent energy in defense against an attacker that exists in a single location by forcing that attacker to have to travel to thousands of different locations all around the world, locate individuals, and then wrench them each individually. Similarly, we can leverage the animosity between state actors (e.g., US/Russia) to help our defense, by having some participants living in each region which makes it very expensive for either one of those attackers to go after all of the participants.

This is essentially the “clever solution” your article alludes to, where we are leveraging existing infrastructure and geopolitical tensions to bolster our defenses. Essentially, let someone else pay for the defense so we don’t have to.

By whom? What are the “correct” rules? How is the decision made?
Imagine that the network is attacked (either through upstream code change and/or exploit) so that every client resolves an operation differently, resulting in a HF into as many splinters as there are clients, and even within specific clients, as has already happened in April due to an exploited bug.

What if such a vulnerability is intentionally introduced?

There is no definition of “honest” under PoW. The users either accept the mined blocks, or they don’t, based on the heaviest chain. One way to look at this is that there is no objective concept of “honesty” in executing a computer program.

While I agree that energy stored all over the earth is a significant property of the system, this is actually a feature of PoW, which constrains mining power by access to resources, which makes dominance a very difficult game. My point about tricks is that under PoW you can’t trick someone who has dominant access to resources for mining with a clever hack. The winning hash has a simple mathematical definition that is simple enough to specify mathematically that implementation considerations do not matter.

I would propose that in a PoW world miners will be forced to amass physical control of technology and resources that is hard to dislodge and this is the foundation of the chain’s defence. Otoh, PoS does assume freeriding on commodity data centres that must rent security from the states in which they operate. IoW, a founding assumption of PoS is that minimal capital will be deployed to fortify operations while massive capital will be locked up unproductively. How does this make sense?

1 Like

By users. Ultimately, users operating clients are the final decisions makers on what the ruleset they want to follow is. Developers certainly have a lot of influence, but the final decision maker is the user who is running the client they use to interact with the network. Hard forks over disagreement about what the rules should be are perfectly acceptable.

The colloquial definition of “honest” in the “honest majority” statement used by most people in the space is “follow the protocol rules”. See above for “who defines the protocol rules”.

The wrench attack applies here. Alice can spend billions of dollars amassing technology/resources to mine PoW and someone can show up with a a few hundred dollars in weapons and take over the entire operation just as easily as someone can wrench an individual for their keys.

1 Like

Sorry to hear that, it’s always though getting fired. But from my interaction with you, it’s fair to say that you’re not a “people person”. And in the end, jobs are about team work and providing value to other people.

Wish you all the best. Hope you can get a job soon.

Thanks for the sympathy. The conclusions are from 2018. I’m doing better now with wonderful teams of smart and driven people. In your estimation, does not being a “people person” make me wrong? Furthermore, would it be ok to be wrong on an issue such as this?

I’m glad to hear.

Not, it doesn’t make you wrong. But it does impede you from effectively communicating your ideas.

The conversation seems to be moving away from the purpose of this forum, and I don’t want to bother the other posters with off-topic conversation. You can contact me by direct message if you wish.

Are users (especially in aggregate) capable of making anything but the simplest binary decisions, or do they follow the client developer 99% of the time? If they do follow the developer, what power do they have? What if the developer is also the developer of the staking/validating/proposer? I can ask the same about the stakers themselves. Where is the power? Is it decentralised?

I agree that the $5 wrench attack applies as well, but this is where our opinions diverge. PoW miners must necessarily build resource intensive facilities and harness the highest tech. Hashrate per watt is an unmitigated direct measure of technological prowess. Am I using hyperbole here?
They also must secure their facilities and that requires capital. When I spoke with miners regarding building mining facilities in 2017 one of the first criteria they list is that you must own your facility. They plan so there cannot be a landlord who can hold them hostage. They know they must invest in security and they do it. How will a $5 wrench fare against that kind of bunch (high tech, lots of resources, “my turf” mindset)?

Contrast this with the assumptions behind PoS. Low security expenditure. Maximum unproductive tie-up of capital. Low tech. Low resources. Did I miss anything?

I feel like you are ignoring the realities of the world which include things like governments with extreme amounts of power and a willingness to use violence to get what they want, and these governments often aren’t playing the same game as everyone else, so spending $1M in resources to shutdown a Bitcoin mining farm that is worth $100k may be worth it to them for political reasons.

While one could try to raise the cost of attack by building a bunker and taking on the state in direct combat, history has shown that it is far more effective to decentralize instead, and lean on the fact that it costs a lot more resources to attack a million geographically separated small targets than to kill one large target. This is leveraging sunk costs of distribution of humans around the planet to our advantage, while the state generally starts out fairly centralized (their forces aren’t everywhere all at once).

TL;DR: If your security model depends on being able to defend against the state in a direct war on a single front then you almost certainly will lose.

1 Like