CEO and Founder at Jax.Network http://jax.network
Recent years have sparked significant interest in blockchain networks. This has resulted in significant progress in the theory of such distributed networks. In particular, followers gathered more data about possible blockchain designs, their limitations, and their trade-offs. There's called The trade-off between security and coin creation
This post is devoted to one such trade-off, between security and the rate of coin creation. In particular, we will try to answer the question of whether it’s valid to say that designs based on Proof-of-Stake could provide a better version of this trade-off than a design based on Proof-of-Work.
Firstly, let’s discuss why the aforementioned trade-off even exists, and why it matters. In 2008, the Bitcoin blockchain introduced a way to address the “Byzantine generals” problem with Proof-of-Work.
In this design, a blockchain is maintained by miners who get rewarded for their work. High rewards attract more miners to join the network and incentivize them to bring in and employ more mining equipment. As a result, the network becomes more decentralized and secure.
A miner’s reward often consists of both transaction fees and a block reward. In some blockchain networks like Ripple, the reward for block producers consists only of the transaction fee. However, in this network, there is only a limited number of nodes that participate in the consensus. Researchers point out that sole transaction fees are insufficient to fuel the network sufficiently to attract thousands of independent miners. For instance, in Bitcoin, only approximately 1% of rewards correspond to transaction fees. Therefore, the block reward that consists of newly issued coins is an indispensable subsidy for miners. However, this steady coin creation could cause a reduction in coin value.
Let’s quantify the concept “coin creation rate” through the following formula:
CCR=annualized supply/total supply
It’s obvious that high values of CCR are beneficial for miners. In this case, they get more rewards for their work. On the other hand, low value of CCR is beneficial for casual users and coin holders. In this case, one could expect less inflation rate or even deflation. Often CCR is a compromise between miners, and network security on one hand, and coin holders and casual users on the other hand. Currently, Bitcoin and other major cryptocurrencies have CCR around 2%.
Sometimes, some practitioners claim that Proof-of-Stake could provide better blockchain economics than does Proof-of-Work, and could therefore become a backbone for scalable blockchain designs based on sharding. Let’s verify this hypothesis.
One may question: How can we even compare such different systems? First of all, there are many different PoS systems. They have different properties and trade-offs. Similarly to other researchers, we will exclude from our study those systems that set restrictions on who may join the set of validators. Such systems lose the property of being “permissionless” that was achieved in the design of PoW based Bitcoin.
Another important requirement is a fix for a nothing-at-stake attack. Without such a fix, the system can’t effectively resolve forks, and can’t be considered secure.
Thus, the perfect target for our study is Ethereum 2.0, which pretends to build a sharded blockchain based on Proof-of-Stake. This project pretends to solve all problems that occur, but it has detailed documentation, and its development process is often exposed in the media. Although there are other projects around, we won’t discuss them within this paper.
Let’s compare the economics in Ethereum 2.0 with some abstract blockchain system based on PoW that is similar to Bitcoin. In order to make an honest comparison, we have to assume that both networks have the same size.
The last clause requires a detailed explanation. It’s well-known that blockchain networks are vulnerable to double-spend attacks. During such an attack, the malicious actor convinces the reckless user that a certain transaction was included in the ledger. When the user fulfills his part of the deal, the attacker creates a fork and reverses the transaction. However, this type of attack is very costly in big networks like Bitcoin. Nevertheless, small networks based on PoW often become victims of such attacks.
Similar attacks are possible in the networks based on PoS. Even stake slashing doesn’t prevent such attacks. One can review our previous paper on this topic.
In order to conduct a successful attack, the malicious actor has to absorb some expenses. First, he has to acquire sufficient power in the network. In the case of PoS, the malicious actor must aggregate sufficient amounts of funds in stakes. In the case of PoW, the malicious actor must acquire sufficient amounts of mining hardware. Second, the attack may require that additional expenses be incurred based on the runtime.
In the case of PoW, there is a need to purchase electricity for mining hardware and data processing units. In the case of PoS, there is only a need to run data processing units. Also, some amount of the attacker’s funds could get slashed during the attack. So, expenses on the double-spend attack have a different structure. The question is: Which approach is better from the viewpoints of security, and economics?
The requirement to acquire a sufficient amount of mining hardware appears to be a harder task than acquiring sufficient amounts of stakes. In the case of PoS networks, the attacker can secretly purchase coins on the free market and aggregate them on multiple wallets.
He may use proxy servers to hide the fact that these funds are controlled by one entity. The attacker can hide his malicious intention till the last moment. Moreover, in the PoS network, only a part of funds are locked in stakes and ensure network security.
If only 3 percent of the coin supply is locked in stakes by honest validators then as little as 6 percent of coin supply is sufficient to conduct a double-spend attack. In contrast, in the PoW network, the attacker often has to control the majority of available mining resources.
There are only a few big ASIC producers on the market, such as Bitmain, Bitfury, Canaan and etc. They do know to whom they are selling mining rigs. So they have the opportunity to prevent the concentration of the mining hardware by a single party, as it is a threat to their business.
One may question whether there is an option to rent the hardware. It’s possible in the case of a small network with a weak hash rate. We exclude from our study the case of a small network. Owners of large mining farms are not interested in renting their hardware to suspicious entities.
After a successful double-spend attack, the prices of coins, and of mining hardware, often fall significantly. So, lenders could lose much more than they could earn from the hardware lending, unless they have another readily available option to use the hardware.
In the world of PoW blockchains, a dozen different hashing algorithms, such as SHA256, Scrypt, and Keccak, are used. Every blockchain attempts to have its own specified hash to use when signing block headers. Often mining hardware producers design a specific series of ASICs for computation of each particular hash.
Such ASICs are very powerful and very power-efficient in executing their primary job. They could have a thousand times superiority over general processing counterparts. However, these ASICs are almost useless for the execution of common computations. So they are nearly useless for other purposes. In contrast, in the PoS network, borrowed funds could be used to perform attacks. The recent story in the Steem network revealed that borrowed funds could be used to change the network governance.
Let’s compare the attacker’s expenses during the runtime. In the PoW, they consist mostly of electricity bills. They require access to huge sources of cheap electricity.
There is a need to maintain sophisticated hardware to manage high voltage lines. This setting makes attacks rather difficult, expensive, and noticeable to third parties. High electricity bills prevent long-range attacks. In contrast, in the PoS network, there is no need to waste electricity for mining.
Often this fact is represented as a big advantage of PoS over PoW. However, it simplifies double-spend attacks in the network. One may argue that the malicious actor has to lock his funds in stakes for the long time interval. However, in the case of the Steem network, one of the parties used its stake to modify the governance and unlock funds in stakes. In this perspective, the need to “lock” your funds in expensive mining hardware appears to be more binding and compelling.
Flaws in staking economics
We concluded that the administratively specified “settings” of PoW networks could provide more solid security guarantees. The question is: What is then going on with network economics and coin issuance?
Let’s compare two networks based in our model: one based on PoS and the second is based on PoW.
So — both networks will have the same coin supply in circulation. In order to perform a double-spend attack, the malicious actor has to bring around 4 billion worth of mining hardware to the second network. In contrast, in the first network, he has to control ⅔ of stakes. That is the same 4 billion dollars as in the first case.
Advocates of PoS systems claim that PoS may have less inflation rate than the one based on PoW. They have the following argument. Let’s pick a staking reward calculator and plug-in data from our model. We set 9.1% of the eligible token supply to be staked. We set to zero the income from transaction fees and the expenses on running the full node. Then the annualized reward rate from staking is 5.22%.
In this scenario, coin supply grows by 0.47% per year. So — after an annual adjustment, the reward for the staking is reduced to 4.75%. These numbers look attractive since, on the one hand, staking rewards set a good incentive for stakeholders, and, on the other hand, the coin creation rate is modest and sets little downward pressure on coin market value.
However, critiques of PoS economics highlight that other scenarios with repulsive numbers are possible. They have the following argument. Staking may appear as a simple and sure way to get revenue. Nowadays, many users try to earn money on the growth of certain coins. These coins do not change owners for many years. An option to get extra cash from staking is very interesting for such investors.
As a result, the interest in staking may cause staking of 30%, 50%, or even 90% percent of the coin supply. According to the staking calculator, in these scenarios rewards for staking involve coin creation rate to be 0.86%, 1.11%, and 1.5% respectively. However, since a significant amount of coins are locked in stakes, there is a need for an adjustment that takes into consideration the real volume of coins in circulation. So, after the adjustment, the rate of the flow of new coins with respect to the total volume of coins in the circulation could be estimated as 1.23%, 2.22%, and 15% respectively. Thus, the coin issuance may put downward pressure on the coin market price.
The significant influx of new users and funds into the system may reduce inflation and, probably, cause deflation. However, once the network plateaus, the staking rewards cause pure inflation. Moreover, this inflation may be higher than rewards for staking. Let’s assume that the network is stagnant and then compute staking rewards adjusted to inflation. Numbers are as follows: 1.65%, 0% and -13.34%, respectively. That is not the profit that one might expect. Stakeholders may try to sell their stakes whenever it’s possible. This issue may cause volatility in the market price of the coin.
The stress test
Let’s study the behavior of the PoS network in the stress scenario. Assume that the network used to grow for a long time.
As new users have continuously joined the network, the price of the coin has grown, and more funds were staked, and everybody was happy. Assume that 30% of the coin supply was committed to stakes. Then, suddenly, a recession occurred. The stock market’s value declined by 10% and some users started to sell their coins to cover their unexpected losses.
Let’s assume that nobody expects that the market will recover in the near term. Assume that the activity in the network declined, and the price of the coins in circulation is expected to fall by at least 10% in the nearest months. Then, stakeholders have a reason to sell their stakes, since staking is no longer profitable: they lose more money than they can expect to gain from staking. Funds that were at stake are withdrawn, and enter into circulation, and trigger a currency crash. The market next has to find a new equilibrium.
The question is where this should be? Certainly, staking should become profitable. So staking rewards should address the ongoing currency crash. However, this is possible only if the percent of staked funds fall below 5%. So 25% percent of funds locked in stakes should get released into circulation. Let’s make a rough estimate for the subsequent price correction. So the price of the coin after the honest correction should drop by around 1–0.9*0.7/0.95=34%. Price correction may take a few months, or it could happen almost immediately. In either case, coin holders will lose lots of money.
Apparently, the system could withstand this stress test only if a significant number of users believe that it still has a bright future, and remain ready to buy and stake coins.
Another big issue is security. In such a stress test, the percent of coin supply in stakes could drop below 5% or even 2%. Then getting control over shard committees becomes cheaper. Malicious actors may use this opportunity to perform double-spend attacks.
In our particular stress test, if the market cap of the coin drops from 66 billion dollars to 44 billion dollars, and only 2% percent of coins remain in stakes, a malicious actor has to invest only around 0.6 billion dollars in order to launch an attack, which means that a double-spend attack is much cheaper to conduct on a PoS network than it is on a PoW network.
In contrast, the latter has more strength to withstand such a stress test. Coins from former stakes do not have a long-term effect on the price of the coin.
Usually, all risks are taken by miners. If the price of the coin declines, and mining becomes less profitable, then they turn off their old inefficient mining rigs.
In the case of Bitcoin, the hash rate could fall by up to 10%. However, these mining rigs are not part of the coin supply. They are external entities that can’t inflow into the coin supply. PoW network has a clear delimitation between the processing throughput capacity of mining hardware and the coin supply. In the case of the stress test, this is a big advantage.
PoW and PoS systems each have their benefits and drawbacks. When we compare them based on security, PoW appears to be a more solid fundamental process. Another thing to consider is economics. Consensus-based on PoS is an attractive solution as it eliminates the dependence upon mining hardware producers.
However, separation of coin supply from funds invested in mining facilities could be a significant advantage for a PoW network. In the case of market decline, the coin price in the PoS network could fall deeper than the coin price in the PoW network.
As we have seen, there can exist multiple equilibrium pathways leading to either a stable or unstable exchange rate in a PoS network, with some of these equilibrium pathways leading to substantial loss of value, and other detrimental effects. We’ve only touched upon this topic with a few examples, but these effects can be more systemic in cases where no stable value can be ever found with such underlying incentives at play unless the network continuously attracts new users.
However, this hypothesis is clearly too restrictive, and more work on the indeterminacy of exchange rates equilibrium (e.g. Kareken and Wallace, 1981) applied to a PoS network should be a topic area for researchers to delve into.
Article in collaboration with Iurii Shyshatskyi, Chief Scientific Officer at JAX.Network
(Disclaimer: The author is the Founder and CEO at Jax)
Create your free account to unlock your custom reading experience.