Written by

Digging in the Wrong Place

When people talk about the “difficulty” of attacking proof-of-work and proof-of-stake networks they are really talking about cost. This is because both the proof-of-work and proof-of-stake consensus mechanisms have difficulty functions that depend on the availability of some resource in an external market.

Proof-of-work supporters have recently started calling attention to this, pointing out that it doesn’t matter if a blockchain is secured by mining or staking if both forms of investment crowd out economic activity elsewhere. This makes it only a matter of time until POW supporters also point out that POS is technically weaker than POW because the supply curve for hashpower is almost certainly less elastic than the supply curve for capital.

As people who focus on economics, it is nice to see industry figures digging down to the economic layer. It is also nice to see POS get some much-needed, thoughtful criticism. While most people realize that mining is incentivized by fees, our experience is that very few realize staking is as well: the amount of staking or mining provided in any network is limited by the opportunity cost of the capital used. Although almost no-one talks about this sort of thing, it makes the economics of POS networks odd: the more successful these networks are at creating valuable tokens the less people should treat these tokens as speculative assets, and the less willing that users will be to stake at next-to-zero interest. From an economic perspective, the security assumptions behind these networks get very problematic if the networks succeed at creating economic value, and especially if they succeed in creating investment opportunities that compete with the base-layer to attract staked tokens as forms of investment.

With that said, this post is about what should follow from the realization that both mining and staking have comparable (economic) difficulty functions.

The first problem worth mentioning is that as any network starts costing money to operate, fees must necessarily be allocated to pay for the network infrastructure. At scale this means that both POW and POS blockchains will only be secured by whatever fraction of network revenue (what users are prepared to pay) is not devoted to paying for infrastructure. So if 75 percent of fees end up being used to run the global network, the network will only be secured by the remaining 25 percent, and the cost of attacking the network will only be 12.5 percent of network revenue. This is an unavoidable problem in all POW and POS designs. Yet it has a solution: transform the consensus mechanism so that paying for the network IS the network security function.

A more subtle issue caused by relying on external markets to provide “difficulty” is that 50 percent attacks become theoretically unsolvable. It should be obvious that you can’t prevent fifty-percent attacks if you just change what people have to buy in order to produce blocks, but don’t expect this insight from the proof-of-stake community. The lack of attention to this problem is one reason that developers have made zero progress against economic attacks in the last ten years — they are “digging in the wrong place” — swapping one “difficulty” function for another with the same limitations. Instead of focusing on the fundamental problem and fixing it, all blockchains that claim improved economic security over proof-of-work have simply added “hidden volunteers” in their consensus system whose presence drives up the cost of attack yet who are not paid by the consensus mechanism.

In both situations, finding a solution requires digging in the right place. And this requires internalizing the difficulty function. Instead of asking an external market to impose a “cost” on producing blocks, we have to design our consensus mechanisms so that they can identify attackers and force them (and only them) to lose money. Digging in the right place requires changing the problem that our blockchain solves — from regulating difficulty-of-attack by leaning on an external cost function to directly regulating the cost-of-attack. This is the problem that Saito solves and the change in focus is one reason Saito can be difficult for non-economists to understand. The main point is that it is only by eliminating reliance on external markets for cost functions that the 50 percent attack can be completely solved.

It will take time for the understanding that blockchains are really economic systems rather than technical ones to be accepted. In the meantime, the real question facing those working on POW and POS networks is whether they will actually try to understand and fix their economic problems — like people on a sinking ship designing propellers — keep spinning in circles until the sea swallows the lot.

Written by