Proof-of-Stake is the appropriate consensus for the financial revolution
Proof-of-Work (PoW) and Proof-of-Stake (PoS) are two different concepts performing the same task. Both approaches have their undeniable advantages and disadvantages. Unfortunately, arguments against PoS often stem from misunderstanding or overlooking the problems of PoW. Let's make the case for PoS in this article.
- Bitcoin’s decentralization is degrading. According to one study, about 50 large miners control a 50% hash rate.
- PoW mining is exclusive as participants must invest in hardware and energy. Larger players find it easier to negotiate discounts, so they have a competitive advantage.
- PoS networks can be more decentralized as everyone can easily participate in staking.
- Bitcoin’s Nakamoto coefficient is 4.
- Bitcoin’s critical infrastructure depends on 3 ISPs.
- PoS is criticized for people staking on exchanges. Bitcoin has the exact same problem as people are forced to mine through third parties.
- Cardano works similarly to Bitcoin and is built on the Nakamoto consensus. The only difference is that modern cryptography is used instead of energy consumption.
- The cost of a 51% attack is at least about 330x higher for Cardano ($6 billion) than for Bitcoin ($18 million).
- PoW networks may not be economically sustainable in the long run.
- The resilience of PoS networks to a 51% attack is based on coin distribution. As long as users are willing to protect the network, an attacker has no chance.
- PoS networks are much more resilient to various attacks due to their independence from electricity.
- When the value of BTC drops, miners are forced to sell coins. Stakers do not have to sell ADA coins, so network security does not decrease.
- The popular “rich get richer” argument applies more to PoW networks than to PoS networks.
- Bitcoin is similar to fiat currencies in that key decision-making takes place in a small exclusive group. In PoS networks, each individual has a vote. BTC holders trust PoW miners much like USD holders trust the Fed.
Satoshi Nakamoto started the financial revolution with the launch of Bitcoin in 2009. Bitcoin uses PoW consensus and it works very well throughout its existence and has proven its quality. However, no protocol lives in a vacuum, and due to the dynamic environment and internal settings of the protocol, individual characteristics change over time. Bitcoins are not mined on a large number of laptops as in the beginning. Miners have to buy expensive hardware and delegate the hash rate to a chosen pool. Through a process called halving, the security budget changes regularly. Some trends are not positive and it is fair to discuss them openly.
Around 2015, the IOG team started to build Cardano. The team considered whether it would be more beneficial to use PoW or PoS. The decision for PoS was made after careful research and many scientific studies. Cardano started using PoS in 2020 and the protocol works without any major problems or needs for restarting. Many scientific papers are peer-reviewed and have been presented at many conferences. The Ouroboros Praos Proof-of-Stake study has over 100 citations in other papers. It should be mentioned that all scientific studies and the source code are open. Anyone in the world can see how PoS is designed and how it works.
An interesting paper on PoW vs. PoS comes from Lyn Alden, who considers PoW a better solution. We will try to show that PoS offers an interesting alternative in many ways.
Lyn focused her work on Ethereum’s PoS. We will focus on Cardano’s PoS, as we know this consensus better. More importantly, Cardano’s PoS has been running for almost 2 years at the time of writing. There is no need to speculate on what might work in theory. Practice shows how PoS has been working in the last two years.
Important network features
The following characteristics are most important for public blockchain networks. That is why we devote the most space to them in this article.
- Decentralization: decentralization is a key feature that distinguishes all current financial solutions from blockchain networks. Decentralization is about distributing decision-making power among as many independent participants as possible.
- Security: due to the decentralized nature of blockchain networks, security is built on completely different principles than centralized solutions. The security of blockchain networks is based on game theory and is built on the strategy of people who independently want to maximize their own profit. The security of the networks depends on financial incentives that must motivate honest behavior and be in line with the interest of the network. The network will remain secure if honest participants are the majority.
- Long-term sustainability: blockchain networks are like businesses that operate on a budget and have revenues and expenses. The network pays consensus participants for security and decentralization. Revenues consist of monetary expansion, which may have limits, and the collection of transaction fees. Bitcoin and Cardano have a capped number of coins, so over time, the revenue will increasingly be dependent mostly on transaction fees.
Decentralization and security are parameters that must grow over time with higher network adoption. The more people depend on the blockchain protocol, the higher security is required. It means that the cost of an attack must grow to prevent attackers from attempting to commit one. At the same time, decentralization must grow, as attempts by politicians and corporations to control the network will grow.
The network budget directly determines how long can be maintained these key features at a sufficiently high level. As the budget decreases, the quality of security and decentralization can theoretically decrease as well, which can lead to a successful attack attempt.
It is important to note that nowhere is it defined what is a sufficient level of security and a sufficient level of decentralization. Teams should strive to have these characteristics as high as possible and to scale with adoption. This task can be very complex, provided the basic rules of protocol are not broken.
Distribution of power
It is not technologically possible for all actors in a public network to have equal status. In the case of both Cardano and Bitcoin, the pool operators have the greatest responsibility as they produce the blocks. Thus, they can decide, for example, what transactions to include in a block, or which block to build on in the case of a fork. If regulators want to force censorship of transactions, they need only focus on the pool operators. The larger the number of pools from different countries that exist in the network, the more resistant the network will be to regulatory pressures.
The next group is made up of entities that delegate power to pool operators. In the case of PoW networks like Bitcoin, miners delegate the hash rate to the chosen pool. Similarly, in the case of PoS networks like Cardano, stakers delegate coins to the chosen pool. In principle, this is the same process. Delegators trust that the chosen pool operator will behave honestly. If not, they delegate power to another pool. It is healthy if there are multiple pool operators in the network and it is economically feasible to start a new pool.
Pool operators may have their own share of decision-making power (their own hash rate or coins), but mostly they depend on delegators. In the event of an attack, it is the delegators who can avert the attack or enforce the desired behavior of the pool operators through delegation of power. For example, if regulators forced a major pool to censor transactions, delegators would start supporting another pool. Again, the more power is distributed among the delegators, the more resilient the network will be to attacks. As the distribution of power grows, so does democratic decision-making.
Bitcoin didn’t have pools in the beginning. Anyone could mine a block on their laptop and get a reward. The decentralization of Bitcoin was at a maximum level, as users had roughly equal status. This changed with the advent of ASIC miners and the emergence of pools. Users had to acquire expensive hardware to make it worthwhile to mine BTC coins. With the advent of pools, there was a small group of entities that could produce a block. Network security improved significantly, but decentralization began to decline significantly.
Block production today is dominated by approximately 9 major pools. One of the major players is the Binance exchange. Note that if Foundry USA Pool, Binance, and AntPool were to agree to work together, they have a combined hash rate of over 51%. Delegators could delegate the hash rate elsewhere if it would be convenient for the network. The question is how quickly they would respond to a potential problem.
Bitcoin mining has become a business. Entrepreneurs are buying up tens of thousands of ASIC miners and putting them in big mining halls. Big players can negotiate significant discounts with hardware and power suppliers. They can even negotiate better terms with pool operators. Energy is differently expensive in different parts of the world, so mining will always be geographically concentrated in places where conditions are better. For a long time, China has dominated mining. If there were significantly better conditions for mining in a given region, there would be a concentration again. Domestic hobby miners have no chance to compete. Especially in areas where energy is expensive or scarce. Mining bitcoins is an exclusive affair available only to the rich and only in certain parts of the world.
The current state of Bitcoin decentralization and security is described in a scientific study made by Cambridge experts in 2021. Let us quote one paragraph.
We show that the Bitcoin mining capacity is highly concentrated and has been for the last five years. The top 10% of miners control 90% and just 0.1% (about 50 miners) control close to 50% of mining capacity. Furthermore, this concentration of mining capacity is counter cyclical and varies with the Bitcoin price. It decreases following sharp increases in the Bitcoin price and increases in periods when the price drops or. Thus, the risk of a 51% attack increases in times when the Bitcoin price drops precipitously or following the halving events.
As you can see, according to the study, the long-term trend is very negative in terms of decentralization. The study also looks at security, but we will come to that later. Let’s now take a look at how decentralized the Cardano PoS network is and why this is so.
Decentralization and security of PoS networks are growing along with the distribution of native coins. This is an advantage, as key parameters grow with higher adoption, i.e. with higher social and financial importance of the network. In the Cardano network, every ADA coin holder can be a delegator at the same time. Staking can be seen as a kind of analogy to bitcoin mining. In Bitcoin, BTC holders have no decision rights and cannot participate in the network consensus. With PoS networks, literally, any coin user can make decisions. Let us add that not only at the level of the network consensus but also in some form of decentralized governance.
Coin holders always have the greatest interest in network security and decentralization. This is the largest group that buys coins with their money. Due to the demand for coins, the value of coins increases, which affects security because coins also serve as a reward for pool operators and delegators. In PoW networks, delegators are only business people who do not need to hold the coins. They only care about profit. In PoS networks, the coin holders are also the decision-makers, which makes more sense.
From our point of view, it doesn’t make sense that those who have the biggest skin in the game, i.e. the coin owners, have no decision-making rights. BTC holders must trust the miners to act in their interest. But miners will always prefer their own economic interests. Let’s add that most coin holders won’t run a full node, so they have no influence on the consensus even in terms of client choice.
If you want to have decision-making power in a POS network, you just need to hold coins and have a lightweight wallet. You could say that the owners of the coins are also the owners of the network.
Staking is significantly more inclusive, as anyone in the world can buy coins for the same value. There is no need to purchase expensive hardware when users want to begin with staking. Staking is not a risky business, so more people are more likely to want to participate. Cardano has no minimum required amount of coins for staking. Users literally only need a few coins.
Economic and incentive model behind Cardano Proof-of-Stake
The economic and incentive model is often overlooked, which is a pity since it is probably the most important part of the public decentralized protocols. Let’s see why is the model so important and how Cardano Ouroboros Proof-of-Stake is designed from the point of view of users. Read more
For both PoW and PoS, everyone would like to provide a passive income. Staking, however, is significantly more accessible to everyday people. Selfish economic interests increase the decentralization and security of PoS networks. For PoW networks, only security increases at the expense of decentralization. To be more precise, anyone in the world can try to participate in PoW mining. Individual entrepreneurs compete with each other, however, their numbers are decreasing over time as only the best ones can succeed.
In other words, success in POW mining depends on many external factors, whereas in the case of PoS, the purchase of coins is sufficient to allow a holder of coins to participate in staking for a long period of time and receive rewards regularly.
If you look at the number of pools in the Cardano network, you will see a large number of smaller players. Of course, there are whales in the Cardano network as well. However, the advantage of PoS networks is that the protocol is aware of its own decentralization and can economically incentivize its growth. Theoretically, maximum rewards in an epoch can only be achieved if there are a certain desired number of saturated pools. Let’s add that there are more than 1.1 million delegators in the network and the number is on the rise.
The quality of decentralization is not only about network consensus, but also about the underlying infrastructure. Trail of Bits, commissioned by DARPA, has released a report evaluating the decentralization of Bitcoin and Ethereum. Let me quote one sentence from the report:
Bitcoin’s Nakamoto coefficient is four, because taking control of the four largest mining pools would provide a hashrate sufficient to execute a 51% attack.
This is essentially a very similar finding to the study cited above.
You will also learn from the report that Bitcoin protocol traffic is unencrypted and 60% of the network traffic traverses only three ISPs. This might poses a critical vulnerability because ISPs and hosting providers have the ability to arbitrarily degrade or deny service to any node.
Another finding is that Bitcoin’s mining pool protocol Stratum is unencrypted and essentially unauthenticated. Malicious attacks can be made to estimate the hash rate and payouts of a miner in the pool and manipulate Stratum messages to steal CPU cycles and payouts from mining pool participants.
People sometimes focus too much on the network consensus and forget that decentralization also depends on the network layer. In the case of Bitcoin, this layer is outdated and vulnerable.
Direct and indirect delegation of power
PoS is criticized for people being staking on centralized exchanges. That’s a legitimate criticism, but if you look at the image above, you’ll see that Binance has an 11% share. That’s a smaller share than Bitcoin mining, where Binance has a 14% share.
Staking on exchanges means that people entrust coins to a third party who decides what pool they delegate to. Exchanges can then create their own pools and use the coins of users for delegation. The exchanges can misuse the coins for an attack, or the coins can be stolen by an attacker who then uses the coins for an attack. As you can see, Binance’s share is not significant and will likely trend downward over time. People will trust centralized solutions less and less and decentralized solutions will appear on the market. In addition, the number of major players will also grow. At the moment, this is not a major risk. The community is working to ensure that people are educated about the risks related to centralized exchanges and stakes from their own wallets.
In general, the delegation of power can be divided into direct and indirect. Direct delegation means that the owner of the coins or hash rate, i.e. the one who paid for them, directly chooses the pool to which he delegates and can change his choice at any time. Indirect delegation means that the user entrusts the coins or hash rate to a third party, which promises a reward and decides itself to whom it delegates the power. Thus, delegators do not have the choice entirely in their control.
It is important to mention that Bitcoin has exactly the same problem with indirect hash rate delegation as PoS networks with staking on exchanges. People can buy computing power from third parties who run PoW mining for their money. It’s called cloud mining. If the price of energy is expensive in Europe, for example, and people still want to make money from mining, they can buy hash rates or rent ASIC miners from a third party in America. Payments are made through bank accounts. Everything is done remotely.
The problem is the same as with staking, as the third party can reserve the right to what pool to delegate to. Even if the user is allowed to choose a pool, he can hardly check that the third party has delegated the hash rate to the chosen pool. Users pay without controlling the use of the hash rate. The possibility of misusing the hash rate for an attack is similar to that of misusing coins. The third-party risks essentially nothing, since many people can pay for the energy upfront.
Large third parties always have the disadvantage of being easy to attack. An attacker can temporarily cut off the hash rate at the time of the attack or redirect it to where it needs to go.
In PoS networks, the problem can be solved through user education or legislation (centralized exchanges can be banned from staking). For PoW networks, it is much more complicated, as PoW mining is exclusive by principle and those who want to participate have to essentially trust the third party. There is no other choice.
On the Genesis Mining website, you can find information that over 2 million people use its services. Moreover, there are more similar players. These third parties have a significant contribution to the overall hash rate for bitcoin mining.
Resources and security
The distribution of decision-making power is dependent on a particular resource. Power consumption is important for PoW mining. Electricity is an expensive and infinite resource that is not scarce. Electricity can be bought with money, which in the context of bitcoin mining can be seen as a kind of investment in order to make a profit. The resource must be consumed, for which a reward is earned. The cost of mining is covered by the reward and ideally, the participants will profit. Mining is a risky business and may not be profitable.
Coins in PoS projects are an expensive and finite resource. The resource itself is therefore scarce. Coins are not consumed in staking. The reward is always guaranteed by the protocol for honest behavior.
As we wrote above, rewards will increasingly depend on the collection of fees. Let’s take a look at the biggest differences between PoW and PoS.
Bitcoin provides its security through brute force. If someone wants to attack Bitcoin, or rewrite history, they must unconditionally consume a given amount of electricity. There is no other option.
PoS networks like Cardano base their security on decentralization, i.e., the distribution of ADA coins. The greater the distribution of decision-making power, the more difficult it is to attack the network. It is necessary to attack a large number of independent entities that make decisions for themselves, including securing their pools and coins. Individual actors must protect their private keys well. However, this is consistent with industry-wide efforts and people are used to using hardware wallets. For pool operators, this is a necessity.
Energy consumption performs two tasks in PoW networks. Firstly, it is a form of lottery to help decide who gets the right to create a new block in the given time period. In the second place, it is a security against history overwriting.
Cardano’s PoS is built on the same principles as Bitcoin and it is based on the Nakamoto Consensus. The fundamental difference is that modern cryptography is used instead of energy consumption (Key Evolving Signature, Verifiable Random Function). Cryptography is used for a lottery, i.e. to determine who gets the right to produce the next block. The fundamental difference is basically just the amount of energy consumed. The difference is considerable. While Bitcoin needs about the same amount of electricity as a European country, Cardano needs about the same amount as a hotel. As for protecting against history overwriting, it would be necessary to break the cryptographic keys, which would be a more computationally expensive process than trying to get a higher hash rate for a multi-day PoW attack.
The security of PoW networks is directly dependent on the price of coins at the time of the attack. In a bear market, there is a greater chance of an attack taking place. Let’s calculate the overnight cost of a 51% attack on Bitcoin, neglecting transaction fees and the price of hardware. Transaction fees are not a significant component of the budget, especially in bear markets. Suppose an attacker had been planning an attack for a long time, so he would have been buying up older hardware from miners who capitulated and went out of business during the bear market. Theoretically, he could get older hardware. With BTC coins worth $20,000, a one-day attack would cost roughly $18,000,000.
If the attacker succeeds in the PoW attack, he also receives the block reward for the longest chain, so the cost of the attack is essentially recovered when it comes to energy. The cost of the attack is only associated with the hardware.
The attack on the PoS network is also dependent on the value of the coins. However, the attacker does not buy an external infinite resource at a given price (like energy). The attacker must buy directly the project’s native coins in the required amount. For example, about 51% of the ADA coins in the case of the Cardano network. At the time of writing, the value of ADA coins is $0.50, so an attack would cost at least $6,000,000,000. An attack on Cardano would be about 333 times more expensive than an attack on Bitcoin.
However, this is only the theoretical cost of an attack. Since the security of PoS networks is more related to decentralization, an attacker would have to somehow arrange for people to sell him coins. Once there is a high demand for coins on the open market, the value would also rise. This would motivate people to buy the coins for staking purposes. The cost of the attack would get steadily more expensive. It is difficult to estimate whether it is possible for one entity to buy such a large amount of coins. The higher demand to buy coins the less likely is the attack. Again, it is not only about the value of coins. The distribution also helps prevent attacks. As network adoption, i.e. the distribution of ADA coins, continues to increase, the chances of an attack will decrease. Moreover, whales may not be willing to sell their coins. As long as there are honest whales in the network, an attack is basically impossible.
It is relatively difficult to quantify how much better PoW is than PoS, or vice versa, in terms of resilience against a 51% attack. Both concepts are doing very well. In both cases, the attacker is attacking his own wealth. If someone owns 1% of the PoS network’s native coins, they basically have enough to live comfortably from staking rewards, including their family. This is not the case with BTC coins.
The security of the Bitcoin protocols is directly linked to the value of BTC coins. If the value of BTC coins increases, security also increases. Unfortunately, the reverse is also true. This means that for every additional halving that occurs every 4 years, the value of BTC coins must also increase at least 2-fold to keep at least the current level of the security budget. However, as we explained above, the desired property is that security scales with adoption.
During the last bull run, BTC value rose approximately 3.3-fold and has now fallen below the ATH of the previous bull run. This basically means that if Bitcoin is to surpass the last ATH, the multiplication must be higher than the last time. It is definitely possible. However, with higher capitalization, it will be more difficult to do multiples of the coin’s value.
The cost of a one-day attack can be calculated by taking the number of rewards per day and multiplying it by the current BTC value and the block reward size. If the value of BTC in 2032 is, say, $500,000, the calculation would look like this:
144 * 500,000 * 0.78 = 56,160,000
If transaction fees are neglected, the security budget in 2032 could be roughly $56 million, assuming the value of BTC reaches this projected value.
PoW is very good protection against an external 51% attack, but only until there is a sufficient budget. This seems to be a problem as no one can predict the value of BTC coins in the future. Let’s not forget that the value of bitcoins can drop by 80% after reaching the ATH in a four-year cycle, so security will also drop by the same amount. So it is fair to say that Bitcoin might not be economically sustainable in the long run.
An interesting work on the topic of security budget comes from Paul Sztorc. In the article, you will find the following table that illustrates the declining block reward and the projected value of BTC. Paul predicts that after 2032, the security budget will start to decrease.
In our view, there is no point in speculating on market developments in the long run. It is clear that PoW security may have serious problems after say 20–30 years.
PoS networks may be significantly better off because the security budget is not so dependent only on the value of the coins, but also on their distribution. The attacker needs to have more than half of the coins that are staked. One can expect that if Cardano has a significant social and financial role in the future, the value of ADA coins will increase at least 10x, maybe 20x over the next 10–20 years. If the value of ADA coins got to, say, $10, the minimum cost of an attack would be roughly $125,000,000,000. This seems sufficient from a network security perspective.
The cost of running the PoS network will always be similar, more or less to the cost of running a hotel. It is realistic to expect to collect enough transaction fees to remunerate pool operators and delegators.
Let’s do one quick and hypothetical calculation. If any network processed 1,000 transactions per second at a cost of $0.20, it would earn $17,280,000 each day. In the case of the PoS network, a stakeholder with a 0.001% share would earn $172 per day. For a regular PoS network, this would be a sufficient reward to motivate users to hold the coins. PoS networks can hypothetically be economically sustainable only from the fees collected. We have neglected network operation costs, but these are minimal in PoS networks.
In the case of PoW networks, the situation is not so good, as a similar income of the network would not provide sufficient network security. What is even worse, a significant part of the income is used by miners to cover energy costs. The profit to the miners would therefore be relatively small. Let’s not forget that the cost of hardware and paying taxes are also expenses that miners have to take into account.
Once the network subsidy starts to decrease significantly, which will be sometime after 2044 when the block reward will be 0.09 BTC, the Bitcoin network will have to collect tens, but better hundreds of millions of USD in fees. If the scalability of the first layer does not improve, users would have to pay fees in the hundreds of USD.
Of course, if the value of BTC coins were in the tens of millions of USD, the network would not be so dependent on fees.
Predicting the income from the fees collected is also quite problematic, as development is dependent on technological advances, adoption, and people’s willingness to pay expensive fees at the first layers. Regular market principles will always work and if there is a cheaper alternative, people will use it. It is likely that people will use second layers and other cheaper solutions to transfer value, so these solutions will collect transaction fees at the expense of the first layers.
Impact on the environment
Cardano is about 100,000-fold more energy-efficient than Bitcoin. It may be more or less depending on the value of the BTC coins, as the actual energy consumption depends on the size of the reward. This is an important factor, as high energy consumption will always be a controversial topic. If we have several PoS networks operating today, it will become increasingly difficult to justify running a PoW network. There will always be a large part of the population that is environmentally minded and will reject PoW. The younger generation tends to care more about the environment than the older generation.
Proponents of PoW, including Lyn, argue that PoS is a much more complex consensus and therefore we should prefer to use PoW. Just because PoW is simpler. We are afraid this argument is hard to defend in the world of technology. It’s like arguing that we shouldn’t make more efficient and cleaner combustion engines because it increases the risk of traffic accidents. Or we should use the first generation of mobile phones and progress would stop at texting. The reality is that science and research are constantly pushing technology forward. Improving technology is a natural part of our culture. Today, almost no one knows what technologies are used in a mobile phone and how exactly they work. Yet we all use them.
PoS is a more complex consensus, but that doesn’t mean it doesn’t work. As we wrote in the introduction, all scientific studies and source code are open-source. If we can create more environmentally friendly technologies, we should use them, and people naturally gravitate towards that.
Both PoW and PoS rely on cryptography, which is based on mathematics. Functionality can be scientifically verified. From our point of view, PoS is not fundamentally more complex than PoW. Let’s say that different cryptographic tools are used. How big is the difference between hash function and Key Evolving Signatures?
There is no reason to prefer old cryptographic tools and fear new ones. Old cryptographic tools become obsolete and no longer secure. It is important to keep creating new ones. With the advent of quantum computing, current cryptography will be replaced. Blockchain networks will either be ready for it or they will disappear. In other words, even Bitcoin will have to use more complex cryptography in a few years.
Different attacks on the network
Decentralized networks should ideally have no single point of failure. The reality is that blockchain networks have significant actors. These are mainly pool operators and a group of delegators.
It is relatively easy to physically attack important points in PoW networks because mining takes place in large mining halls that are easy to trace. In the past, hash rates have dropped due to flooding in China. If a country decides to ban mining, it takes a long time to transport ASIC miners somehow elsewhere.
PoS networks are much more resilient to physical attacks, as they depend essentially only on the Internet and electricity. Millions of people around the world can delegate power to a chosen pool through the wallet. If a country outlaws staking or operating a pool, the coins can be transferred in minutes and business can be set up on the other side of the world relatively quickly.
ASIC miners can be easily confiscated and then used for attack or destroyed. It is more difficult with coins since delegators are more distributed all around the world. So, it is worse to find them and enforce the law.
If the hash rate drops unexpectedly and cannot be delivered quickly, block production slows down. This can quickly clog the network with new transactions. If this happens at the beginning of a difficulty-adjustment cycle, it can take a relatively long time before the network is usable again.
PoS networks have nothing like difficulty adjustment. At regular short intervals, different pools are given the right to produce the next block. They either take the chance and get rewarded, or they don’t. If a pool fails to produce a block in a given slot, this is not a problem, as another pool will soon get the chance.
Bitcoin’s dependence on hardware and electricity is seen as an advantage because of its anchoring in the physical world. However, it has obvious drawbacks as well. If a vendor created a new technology that was significantly more efficient than competing solutions and decided not to sell their device and instead use it themselves, they would essentially centralize mining. Over time, such a player would completely control the network.
Something similar can happen with energy. If a state wanted to control mining and thus essentially control the voting process, all it would have to do is subsidize energy or build a new source. More states could do something similar. Trouble is, entrepreneurs would be at a disadvantage and retail would have no chance to participate in mining at all. The network would essentially be controlled by a few states.
Attacking PoW networks seems to be more difficult, as the attacker needs to get ASIC miners. Over time, all technologies are becoming cheaper and more efficient. For example, Intel has come out with a new chip that will be half the cost and 15% more efficient than solutions from current competitors. This means that current ASIC miners will sell at a discount. The more ASIC miners technology develops, the easier and cheaper the 51% attack will be.
Participation in decentralization must be as inclusive as possible, as the desire to control the network grows together with its importance. Today, the business has essentially driven retail out of the system. In time, Bitcoin may be controlled by a few top businessmen, or by a few states. There’s no one in my area who mines bitcoin. A few people mine Ethereum. However, I know dozens of people who stake ADA. That’s the reality today.
To build the decentralization of the PoS network and the decision-making process on the distribution of coins seems a better design. Still, states can try to buy large amounts of coins and gain dominance. Once a few big players have a significant dominance, people would lose confidence and migrate to another network. Trying to gain dominance and abuse their position doesn’t make much sense from the side of the big players.
It can be said that both PoW and PoS networks can be controlled by a few entities that have a large budget. From this point of view, we see no difference between the two consensus protocols.
Decentralized networks should be resilient not only to external attacks but also to internal attacks. That is, to attacks from pool operators and large delegators. Assuming a large enough security budget, PoW networks are well resilient to external attacks. According to the study cited above, about 50 miners control 50% of the hash rate. This means that if these 50 miners cooperate, they could collectively compromise the network. Although 50 actors is still a relatively large number, this number may decrease over time. The risk of abuse of power increases.
PoS networks are more likely to be resilient not only to external attacks but also to internal ones, assuming the distribution of coins grows. PoS networks are younger, so we will have to wait a few years before we can draw firm conclusions.
Whales will always be present in any system where power can be gained through money. It is realistic to imagine that teams along with the community will be forced to come up with new rules in order to increase decentralization.
It’s interesting to see how people behave during big drops in the value of coins. PoW miners need to sell coins regularly to stay profitable. When the value of coins drops steeply, miners are forced to sell coins quickly to be able to cover their energy costs. However, this causes the value of the coins to fall further. It causes panic in the market and a massive sell-off. Alternatively, miners can temporarily shut down ASIC miners and wait to see how the situation develops. Both of these can reduce the security of Bitcoin. The reduction in the value of BTC coins will mainly affect owners.
For PoS networks, the drop in coin value does not have such a dramatic impact on security. During the recent drop of BTC value below the level of $20K, the number of people who staked ADA coins did not drop. Staking carries no direct risk of losing money, other than a drop in the value of ADA coins. People are more willing to resist a short-term drop in price because if they believe in a return in the value of ADA coins, they have no reason to stop staking. They essentially continue to protect the network against a 51% attack. Independence from electricity seems to be an advantage in this case.
If there were a large number of ASIC miners in the market and the miner’s reward budget was declining over time, miners would be motivated to mine coins from another newer project. Miners are essentially mercenaries who want a reward for their work and will go where the reward is higher. Younger projects might have higher rewards, so miners can easily move elsewhere. It could be that a younger PoW project will have a higher hash rate than Bitcoin. Of course, it depends on the demand for coins of the competing project, however, at the same time to some extent this scenario depends on the value of BTC coins.
We can imagine that the world will face an energy crisis due to the transition to green energy sources and there will be increased pressure for reasonable consumption. Governments may not like PoW mining and may be inclined to drive miners out of the country, as China has done. The reasons can only be environmental. This will weaken the hash rate at least in the short term. PoS networks do not have this problem.
There are many other attack vectors that we have not described. However, it turns out that PoW networks do not have any extra advantage over PoS networks, and the dependency on energy consumption seems to be more of a disadvantage. If already running PoS networks like Cardano, Algorand, Polkadot remain secure for the next few years and nobody manages to break their protection, it will be obvious that PoW is not necessary.
The need for punishment
In Lyn’s work, you can find the following argument:
Proof-of-work is simple, because there is no need to punish bad miners that try to validate the wrong chain or make invalid blocks that don’t fit the rules of the node network. Their punishment is simply that they spent electricity on blocks that weren’t valid or weren’t included in the longest eventual chain, and thus lost money. They self-inflict their own wound, and thus it rarely happens on purpose. There is a tangible connection between the blockchain and real-world resources.
Cardano does not need to directly punish bad actors. It does not need something like slashing since it has a unique reward-sharing scheme that supports a high level of decentralization in an environment where all stakeholders are economically incentivized to behave rationally. A Nash equilibrium is a prescription of a strategy for each rational participant, with the property that if other players follow it, it does not make sense for a rational player to deviate from it.
If the pool intentionally does not produce any blocks in a given epoch, it does not get a reward. This penalty is sufficient since the attacker is running his pool and is not rewarded by the protocol. For a pool to have a chance to mint blocks, it must have a sufficient stake. The stake is made up of either operator coins or delegator coins. If the pool is not profitable, delegators migrate to a competitive pool. Naturally, an inefficient pool is punished and an honest pool is strengthened. The pool operator can use its own coins and deliberately harm the network. However, this does not happen and even if it did, it would not have a significant effect on block production.
Lyn assumes that a link to a physical resource that is constantly consumed is necessary for people to behave rationally. But people behave rationally because of the chance to get a reward. Direct punishment is not necessary. It is not difficult to implement direct penalties for low block production efficiency in the protocol, but practice so far shows that this is not necessary.
The purchasing power of ADA coins and the ability to exchange them for fiat currency is a sufficient link between the digital and physical worlds. The network consensus does not need to consume excessive amounts of electricity to be secure and reliable.
Rich gets richer
A popular argument, which Lyn also describes, is that in a PoS network the rich get richer. This argument appears to us to be false. Lyn wrote:
With a proof-of-stake system, the more coins you have, the more voting power you have, and those with the coins are also the ones earning the new coins from staking. Since they don’t need to expend resources to stake, they can simply increase their overall staking amount as they earn ongoing coins from staking rewards, and exponentially grow their influence on the network over time, forever. Network dominance tends to lead to more network dominance, in other words.
The argument “the more coins you have, the more voting power you have” can be rewritten as “the more hash rate you have, the more voting power you have”. It holds true in both PoS and PoW cases.
When it comes to profit, the one with the bigger business always earns more. If you run 10-fold more ASIC miners, you will make 10-fold more profit than the one who runs a single ASIC miner.
Cardano rewards delegators proportionally. If you hold 100 ADA coins, you will receive an average of 5.4 ADA coins per year. If you hold 100,000 ADA coins, you get 5,433 ADA coins. So if you hold 1,000 times more coins, your reward is 1,000 times higher. Your skin in the game is higher, so it’s fair that you have more voting power.
What really matters is how quickly you can leverage the reward to gain more influence over network decision-making and the reward at the same time. Cardano is fairer than Bitcoin, as each new ADA coin is automatically counted towards your stake and boosts it. This is not the case with PoW. In order to increase your hash rate share in the network, you need to be able to buy a new ASIC miner from the gained rewards. So you have to collect the rewards for a longer period of time before you are able to buy a new ASIC miner. As a home hobby miner, you can wait as long as a year. A big businessman earns enough every day to buy a new ASIC miner so he can expand the business faster than the hobby miner.
In the case of PoW networks, it holds true that the rich get richer faster. For PoS networks, this problem is significantly less dramatic.
The IOG team published the first research about Cryptocurrency Egalitarianism and we recommend you to read it.
Fair coin distribution
Another common argument is that only PoW has a fair coin distribution because all coins must be mined. With PoS networks, a team can keep a large number of coins and thus retain control. We dare say that Cardano had a fair coin distribution. There are over 33,800,000,000 ADA coins in circulation, which is over 75% of the total amount of coins. 26,000,000,000 were sold to the public.
What is fair coin distribution anyway? From the point of view of new users, it’s about how they can get coins. Today, cryptocurrency investors buy coins on exchanges. It is hardly conceivable that someone would start mining bitcoins if the entry costs are in the thousands of USD. Newcomers don’t care what the initial distribution of coins was. What should be of interest to newcomers is how many coins are currently in circulation out of the total amount and what is the current composition of holders. If most of the coins are held by the team and VC investors, this can be dangerous if they decide to sell in bulk.
In practice, a fair distribution of coins could not be achieved because those who bought first bought significantly cheaper. Fairness cannot be achieved for volatile assets in the same way as for equities. Buying cryptocurrencies always carries risk, and whoever is more willing to take the risk at the beginning has a higher profit. Let’s not pretend that the way coins are mined or initially sold in an ICO is more significant than it really is. A fair distribution would be one in which all people on the planet get the same amount of coins at the same time. That’s an unattainable goal.
Commodity vs. Equity
Lyn and others believe that BTC coins are a commodity while PoS network coins are equity. BTC is considered gold, while ADA coins as Cardano network equities. We don’t think it is reasonable to try to describe cryptocurrencies with old economic labels. However, let’s take a look at it.
Many mining companies mine gold and the goldsmith turns it into gold bullion that you can buy. This bullion is not dependent on the mining company. They can go bankrupt and the gold bullion will still be worth the same. There is no link between gold and mining companies. Gold mining and gold ownership are completely separate from each other. Gold mining may not take place at all unless it is economically viable.
In the case of cryptocurrencies, the existence of coins is directly dependent on the network and its ability to create new blocks. Without the network, the coins would not be liquid. Thus, the owner of the coins is mainly dependent on the economic model, security, and decentralization of the network. If cryptocurrency holders want to protect their wealth, they must continue to monitor the state of the network, understand the underlying mechanisms, and sell coins in a timely manner if there is any danger. There is a direct link between the existence of a network and the possession of coins.
Is it advantageous to separate PoW mining from BTC coin owners, or is it better if ADA coin owners have some control over the Cardano network?
The way the current financial world works is that all users of USD have no control over monetary policy. Monetary policy is controlled by the Federal Reserve Board (Fed). Users of USD must trust the Fed, which is a small group of actors. Holding BTC coins is essentially the same thing. BTC holders have to trust PoW miners and pool operators. The control of BTC holders over the behavior of miners and pool operators is minimal. As we said, most users do not and will not operate full nodes. Mining is an exclusive business. So BTC is very similar to fiat currency in terms of control. PoW miners, like the Fed, will always put their own interests above those of BTC holders. The only difference is that BTC holders rely on the immutability of Bitcoin rules. However, this is merely a kind of social contract between users and the team along with the mining participants.
Imagine if every single USD holder could decide monetary policy with his or her share. This is how PoS networks work. ADA holders have control over the network consensus and can directly decide which pool to support. In doing so, they essentially participate in decentralization, ensure that pools do not censor transactions, and can even directly decide monetary policy. Together, they guarantee that monetary policy remains unchanged. If it should change under any conditions, it will be decided by all ADA coin owners, not a small group of miners. This has nothing to do with the current fiat world.
I understand the argument that BTC is like gold because of mining, but I’m afraid that analogy is not accurate in the world of the internet. Moreover, through cryptocurrencies, we want to have a better system than the current financial one. The solution is to distribute power among all users, not to leave important powers to a small group of actors.
If we had to decide whether to replace the current financial world with a PoW or a PoS network, a PoS network definitely seems preferable. It appears to us to be an advantage that whoever holds the ADA coins also has proportional decision-making power in the network forever. Conversely, if people are forced to spend financial resources (energy consumption) in order to have decision-making power, this appears to be an exclusive system in which only the rich make decisions.
One of the other reasons is that no one can predict the future and it is very likely that network rules will have to be changed. For example, if Bitcoin’s security budget runs out and inflation needs to be introduced, who is to decide? Should it be the miners or all BTC coin holders? How will the voting be conducted? PoS networks are much better prepared for decentralized governance and for the future.
The ability to easily adapt to new conditions can be a big advantage against rigid systems that cannot be changed. The debate is not about whether to change the rules or not, but mainly about who will decide. One of the basic rules of decentralization is that everyone in the system has equal status. This basically means that if the majority agrees to the change, it is fine and the change can be made.
Satoshi Nakamoto wanted to create a system in which people would be able to vote. Let’s take a look at the Bitcoin white paper:
The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote.
As you can see, the original vision is that people will be able to vote in some form. PoS networks distribute voting power through coins, so they are closer to the original vision than Bitcoin as it stands today.
Both PoW and PoS consensus have drawbacks and no blockchain network is complete. Bitcoin’s decentralization is degrading and long-term security is uncertain. Cardano is still a relatively new network, but it is more decentralized since the deployment of the PoS consensus, attacking it is more costly and harder to commit. PoS networks are generally much more sustainable in the long term.
The advent of quantum computers will force teams to completely change current cryptography. Blockchain networks are still dependent on humans. The most important things networks have are teams and communities. Any major changes in protocol rules must be in line with the wishes of the majority of the community, as this is how we satisfy the basic principle of decentralization. How to properly grasp the communication between the team and the community is still a subject of research and experimentation.
Serious debates on the advantages and disadvantages of PoW and PoS networks are not yet taking place. The communities are fighting each other more than debating. Many of the arguments are false and based more on ideology than reality or rational reasoning. That’s a shame because if we really want to find suitable networks and decentralize our world, we need to work together to find the best candidates.