Systems like Ethereum (and Bitcoin, NXT, Bitshares, etc.) are essentially new cryptoeconomic organizations — decentralized, non-governing institutions built entirely in cyberspace, maintained by cryptography, economics, and social consensus. They are a bit like BitTorrent, but not exactly the same, because BitTorrent has no concept of state — a crucial distinction. They’re sometimes called decentralized autonomous companies, but they’re not exactly like a company — you can’t hard fork Microsoft, for example. They’re kind of like open source software projects, but they’re not quite like that — you can fork a blockchain, but it’s not as easy as forking an open source project like OpenOffice.
The encrypted network economy has a variety of different styles – some workload to prove (PoW) based on ASIC, some work certificates, certificate of some native rights based on GPU (PoS), some authorized shares prove (DPOS), there are coming soon and Casper rights and interests of the proof that the different style inevitably have their bottom Layer of philosophy. A well-known example is the idea of “proof of work”, where a “correct” blockchain is defined as the chain created by miners who spend the most economic capital. What started out as an in-protocol forking selection rule has now become a sacred dogma in many cases — see this discussion on Twitter between Chris DeRose and ME. Some people seriously want to defend the purity of this idea, even in the face of hard forking of hashing algorithm-changing types of protocol. The certificate of entitlement for Bitcoin shares offers another coherent philosophy, with everyone following a simpler principle called a shareholder vote.
Each philosophy, including the Satoshi consensus, the social consensus, and the shareholder voting consensus, leads to their own conclusions, leading to a value system that is reasonable from their own point of view, although it will certainly be criticized by other philosophies when compared. The Casper consensus also has a philosophical basis, but no one has yet articulated it succinctly.
I, Vlad, Dominic, Jae, and many others have different ideas about the idea of proof of interest and how to design it, and I want to give you a little bit of perspective on that.
I’ll go straight to listing my observations and draw conclusions.
-
Cryptography is particularly special in the 21st century because it is one of the few fields that consistently and significantly favors the defenders in confrontations. It’s far easier to destroy a castle than to build it. Islands are defensible, but can still be attacked, but an ordinary person’s elliptic curve cryptography (ECC) key is secure enough that it can even resist a national invasion. The Cyperpunk philosophy basically takes advantage of this precious asymmetry to create a world in which individual autonomy can be better maintained, while cryptoeconomics protects the security and vitality of a composite system with consistency and collaboration, rather than just the integrity and confidentiality of private information. In a way it’s an extension of that philosophy. Any system that prides itself on being the spiritual successor of digital punk should maintain this essential property, making it far more expensive to destroy or destroy than to use and maintain it.
-
The “digital punk spirit” is not just about idealism. Creating a system that is easier to maintain than to attack is also a collaborative design.
-
In the medium to long term, humans are pretty good at dealing with consensus. Even if opponents can get unlimited hash power, launch 51% attacks on the main chain, and even reverse a month’s history, it’s much harder to convince the entire community that the chain is legitimate than just having hash power beyond the main chain. They need to destroy the block browser, each a trusted member of the community, the New York times, Archive.org (Internet files) and countless other network record, in general, in the information technology intensive in the 21st century, to persuade the world to the new attack chain is the main chain, to convince the world the moon did not happen. Whether or not the blockchain community recognizes it (and remember that the bitcoin core community does recognize the primacy of the social dimension), these social considerations are the long-term security of all blockchains.
-
However, a blockchain protected only by social consensus is too inefficient, too slow, and easy to perpetuate the debate (which is already happening, despite the difficulties), so in the short term, The role of economic consensus in protecting liVENESS and security is extremely important.
-
Because the security of proof of work can only come from block rewards (in Dominic Williams’ words, it lacks two of the 3ES), and the incentive given to miners can only come from the risk of losing the possibility of future block rewards, proof of work runs the following logic: Only the huge mining reward, there is a huge amount of computing power to protect the network, which is the logical basis for the successful operation of the proof of work. With proof-of-work, it’s very difficult to recover from an attack: the first time an attack occurs, you can use a hard fork to change the proof-of-work to disable the attacker’s ASIC, but the second time you no longer have that option, so the attacker can attack again and again. Therefore, the mining network must be so large that an attack is unthinkable. The daily cost of computing power on a network is X, and an attacker less than X has no incentive to launch an attack. I’m against the logic of proof of work, both because it takes a lot of energy and because it doesn’t live up to the spirit of digital punk — it costs 1:1 to attack and defend and has no defensive advantage.
-
Proof of interest breaks this symmetry by punishing rather than rewarding. Verifiers who “deposit” money with the margin receive a small reward for their frozen capital and maintenance of the node, and take additional precautions to secure their private keys. The cost of reversing blocks can be hundreds or thousands of times greater than the rewards earned at the same time. Thus, if a one-sentence philosophy is used to explain proof of interest, “its security comes not from the energy burned, but from the economic value of increasing economic losses.” A given block or state has security of X, so long as it is shown that achieving an equal degree of finalization is not achievable for any conflicting block or state unless the malicious node pays an intra-protocol penalty for the value of X.
-
In theory, if most verifiers collude, they can take over the whole chain and do bad things. By agreement of clever design, however, they through this control method can obtain extra profits can be as much as possible to limit, and, more importantly, if they try to prevent other verifier to join, or 51%, the whole community can be hard bifurcate, simply coordination and remove problematic verifier deposits. Organizing a successful attack can cost $50 million, but cleaning up the aftermath isn’t much more complicated than the Geth/Parity consensus failure of November 25, 2016. Two days later, the blockchain and the community would be back on track, with the attacker $50 million poorer and the rest of the community potentially richer, as the attack would cause the price of tokens to rise due to the supply crunch that followed the attack. That’s the attack defense asymmetry that gives you.
-
This shouldn’t lead us to believe that unplanned hard forks will become routine; If necessary, the cost of a single 51% attack in a proof of claim mechanism can be set as high as the cost of a permanent 51% attack in a proof of work mechanism, so the expensive attack cost and inefficiency guarantee that few attacks will be launched.
-
Economics is not everything. Individual actors may be motivated by extrinsic motives, they may be hacked, they may be kidnapped, they may simply drink too much one day and decide to break the blockchain, screw your cost. Moreover, on the bright side, individual moral forbears and inefficient trenches often raise the cost of an attack far above the so-called value-at-loss level defined in the agreement. That’s an advantage we can’t rely on, and it’s one we shouldn’t throw away.
-
Therefore, the optimal protocol is one that works well under various models and assumptions — economic rationality with Coordinated choice, economic rationality with individual choice, simple fault tolerance, Byzantine fault tolerance (ideally, Ideally with both adaptive and maladaptive variants), such as the behavioral economic model inspired by Ariely and Kahneman (we’re all just cheating a little) and other realistic and practical models that stand up to the test. It is important to have two layers of defense: financial incentives to prevent centralized, illegal cartel antisocial behavior, and decentralized incentives to prevent cartel formation.
-
A consensus mechanism that processes work as quickly as possible is risky and must be handled with great care, because if efficiency of processing work is linked to incentives, the efficient-plus-incentive combination rewards centralization at the network level (for example, all verifiers are under the same host service provider), creating systemic risk. For consensus protocols that don’t care about the speed at which the verifier sends messages, as long as they do it in an acceptable time (say 4-8 seconds, because we know from our experience that the latency under Ethereum is generally around 500ms-1 second), there won’t be these issues. A possible compromise would be to create a protocol that works very quickly, but with a mechanism like Ethereum’s tert-block mechanism that ensures that the marginal rewards for nodes that make their network more connected than a certain point are quite low.
So far, there’s a lot of detail and differentiation, but these are at least the core principles that my version of Casper is built on. From here, of course, we can argue about trade-offs between competing values. Are we going to pay $50 million for a remedial hard fork by issuing 1% more ether per year, or are we going to pay $5 million for a remedial hard fork with a zero rate of issuance? When do we increase the security of a protocol in economic mode in order to make it less secure in fault-tolerant mode? Do we care more about having a predictable level of security or having a predictable level of distribution? These are all questions for another blog post, and the different trade-offs between realizing these values will be discussed in more blogs. We’ll talk about it sooner or later. 🙂
Original text: medium.com/@VitalikBut…
Author: Vitalik
Translator: Elisa
Source: Ethereum enthusiast (ethfans.org/posts/a-pro…)