Proof-of-What?

Currently-deployed permissionless blockchains such as Bitcoin and Ethereum rely on proof-of-work (PoW) to distribute both the computational networking costs, and the financial rewards, of maintaining and extending the blockchain. In proof-of-work systems, participating miners race (“work”) to compute solutions to cryptographic puzzles. These puzzles effectively act like self-printed lottery tickets, in that a miniscule fraction of these proof-of-work solutions may be easily verified by anyone as “winning” the lucky miner the right to add one block to the blockchain and collect associated rewards. Proof-of-work has proven practical and relatively secure, at least for cryptocurrencies with sufficient critical mass to deter ransom or hijacking by powerful attackers. However, it has been recognized for years that proof-of-work blockchains are a tremendous waste of energy. Recent estimates show that Bitcoin now consumes more energy than 60% of the world’s countries, and that Ethereum already consumes more energy than Cyprus or Cambodia.

Motivated in part by this energy waste and its carbon footprint, the cryptocurrency community has developed increasing interest in alternative security foundations such as proof-of-stake (PoS). The essence of this idea is to apportion consensus power not according to energy wasted performing useless work, but rather according to the amount of “stake” that participants already hold in the system: e.g., according to the number of coins they own. The underlying principle is not unlike that of a traditional joint-stock company, in which voting power to affect a company’s decisions (e.g., by electing board members who in turn choose executives) is apportioned in proportion to shares of stock (“stake”) held in the company. The venerable underlying security principle is that stakeholders have an interest in preserving and ideally increasing the value of their stake – with bigger stakeholders having more to gain (or lose) from good (or bad) decisions – thereby aligning their individual interests with those of the overall system. While proof-of-stake conceptually represents a sensible and promising alternative to proof-of-work, implementing proof-of-stake systems securely is challenging, due to many difficulties well-documented in a BitFury white paper and elsewhere.

Is Proof-of-Investment Really the Answer?

Proof-of-work and proof-of-stake are both investment-proportional security foundations, in that they apportion consensus power and mining rewards proportionally to prior investment (in computational effort or coin purchases, respectively). Many other alternatives such as proof of space, proof of bandwidth, and proof of human work similarly fit into the same broad category, which might be accurately classified as proof of investment. In the long term, I am skeptical that cryptocurrencies based on proof of investment will fundamentally transform our society or economy for the better (or at all really). At the end of the day, cryptocurrencies or decentralized autonomous organizations based on proof of investment are merely a more-automated functional equivalent to the stakeholder-driven joint-stock companies that already dominate today’s global economy, and hence are fundamentally nothing new.

In other words, proof-of-investment cryptocurrencies may put more white-collar office workers out of work and hasten the rise of the machines, but will ultimately do little to address society’s fundamental challenges such as rising economic inequality. For that purpose, I see more promise in truly democratic alternatives such as proof-of-personhood or proof-of-individuality, which could create a sort of “permissionless basic income“ by apportioning voting and consensus power and currency-mining rewards to all human participants, in a one-person-one-vote distribution. But truly democratizing and decentralizing cryptocurrencies will require solving many further challenges. In the meantime, even if proof-of-stake achieves nothing but ending the energy waste and environmental impact of proof-of-work, that goal is easily worth pursuing. And it’s an interesting technical challenge, so the rest of this blog post will focus on that.

Will the One True Blockchain Please Raise Your Hand?

Long-term Attacks