Issues with proof that PoS consensus doesn't work
Closed this issue · 3 comments
I am in the midst of attempting a formalization of soft fork bribery attacks for a paper and I am re-reading your paper about why PoS consensus fails more carefully.
First, in the second on how censorship can be good, there's a line about how in PoW, the network will always follow the chain with the most work done. However, we know that this isn't true. Simply consider the different fork types i.e. hard forks, soft forks and velvet forks. In each of them, miners don't simply follow the chain with the most work but follow the chain that corresponds to the validity rules their client software is using to validate blocks.
Second, when you talk about a majority coalition in PoS taking over and punishing other validators for following a different set of rules, you fail to take into account the honest majority assumption implicit in PoS protocols. If there is a malicious majority coalition as you describe then it's all moot. So, this shouldn't happen. However, it is important to note that in PoS, a minority coalition can coordinate a soft fork to slash the majority coalition's deposits. Finally, there has been recent research published about coercion resistance, name this and this
yeah, that line doesn't make sense. regardless of whether it is true or not, it doesn't relate to what the rest of the section is talking about. So I deleted it. thanks for pointing it out.
honest majority assumption.
right. this assumption is false. So proving that PoS can't work is easy.
I wanted to go further than that, and come up with a system to derive attacks for any given PoS blockchain.
When I can explain a specific attack for a given PoS mechanism, it leads our conversations in more productive directions. The specific examples bring context to help more people understand the game theory.
Because of tragedy of the commons, it is cheap to bribe voters, and as the stake is divided among larger groups of voters, the cost of the bribes goes down.
minority coalition soft forks.
If the minority soft fork rolls back history, it is enabling double-spending.
If it doesn't roll back history, then that means the attacker succeeded in changing the consensus protocol for a period of time. And now that there is less stake, it is cheaper to repeat the attack.
If you redistribute burned stake to the honest stakers, then you are creating a vulnerability where a dishonest majority can generate fake evidence to frame a minority for a crime they did not commit, in order to steal their stake.
right. this assumption is false. So proving that PoS can't work is easy.
When proving a particular consensus protocol doesn't work/is not correct, you need to have some empirically or theoretical argument for why a particular assumption doesn't hold. Moreover, you still need to show that that particular consensus protocol fails even if the assumption is true.
Otherwise, I think I can see your point about the tragedy of the commons being a potential problem for PoS protocols.
you still need to show that that particular consensus protocol fails even if the assumption is true.
Yeah. This paper is not a "proof that PoS is impossible".
It is merely "evidence that all existing proofs of the validity of PoS are flawed, that we do not yet have the technology to build PoS blockchains."
But the first title is a lot easier to fit into a tweet, and it is a decent approximation of what the paper is about. I don't call it "a proof that PoS is impossible" on github, because I have more space to write so I can be more specific.