Ever since Ethereum transitioned from PoW to PoS, the discussion and collision regarding the security of PoS and PoW have become a focal point. As early as November 6, 2020, Vitalik Buterin wrote a blog post titled “Why Proof of Stake” , where he conducted some calculations. His calculations indicated that, given equal security costs, PoS is safer than PoW.
However, his calculations were based on an optimistic assumption that attackers would spend money to buy mining rigs or stake coins to participate as nodes in block generation competition. This assumption implies that attackers are civilized and polite, participating in the game according to the rules and attempting to win under those rules.
But the lesson from human history is that you should never expect disruptors to adhere to your game rules. Whether through violent revolution or disruptive innovation, true attackers always overturn the table and start afresh. Kang Youwei wanted to preserve the monarchy, Sun Yat-sen sought revolution, and Mao Runzhi was once an anarchist believer, but they eventually had to recognize reality and realize that violent revolution was the only way out.
Let’s first assume a complete PoS blockchain that starts with the genesis block and is generated using the PoS method. The block production method is similar to Ethereum’s PoS, where pseudo-random (computers cannot generate true random numbers) selection of validators or voters is employed. Voters finalize a set of blocks, called an epoch, at regular intervals (which must rely on an external clock since PoS lacks intrinsic time).
Blockchain data can be divided into two categories: recorded transaction data and additional data that secures these transaction data (such as block headers). The first category of data is generated by users, while the second category is generated by the blockchain system. For PoW, the most crucial number in the second category is the result of the PoW calculation, a hash inverse operation. For PoS, the second category of data consists of metadata generated through the aforementioned voting and finalization methods, essentially a set of digital signatures of private keys.
From a cryptographic perspective, the shift from PoW to PoS represents a significant change in the cryptographic techniques relied upon to secure and validate transaction data. Specifically, it involves a shift from hashing to signatures, for example, from SHA-256 to ECDSA.
Okay. Since all PoS computations revolve around digital signatures, they require minimal effort. If we start from the genesis block and sequentially strip away both categories of data, then reassign all validators or voters, rebuild all block headers, insert the cleansed transaction data, and completely regenerate the epoch according to the rules, we obtain a completely reconstructed PoS blockchain that looks deceptively genuine.
Due to the lack of intrinsic time in PoS chains, during the entire reconstruction process, any timestamp can be arbitrarily specified and forged, even setting the block’s creation time to a date before 2008 or after 2009, without being distinguishable as genuine or fake.
Let’s call this method a chain reconstruction attack.
Fundamentally, when PoS loses time, it loses everything.
In the most extreme scenario, let’s assume that major global powers, particularly the P5 countries, join forces to enforce the law. They can effortlessly reconstruct any PoS chain. Any chain that appears harmless will not face this life-or-death test. But if it aims to challenge the global fiat order like Bitcoin, things become uncertain.
In other words, if Bitcoin were a PoS chain, it would eventually be wiped out by the united efforts of major powers. Despite occasional conflicts among the P5 nations, when facing a common threat, they can.
Since Ethereum transitioned from PoW to PoS, the discussion and collision regarding the security of PoS and PoW have become a focal point. As early as November 6, 2020, Vitalik Buterin wrote a blog post titled “Why Proof of Stake” [1] to conduct some calculations. His calculations indicated that PoS is safer than PoW when considering the same security cost.
However, his calculations were based on a wishful assumption that attackers would spend money to buy mining machines or stake coins to participate in block production competition. This assumption assumes that attackers are civilized and politely adhere to the rules of the game on this chain, and then attempt to win under those rules.
But the lesson from human history is not to expect disruptors to abide by your game rules. Whether it’s violent revolution or disruptive innovation, true attackers always start over. Kang Youwei wanted to preserve the monarchy, Sun Yat-sen wanted a revolution, and Mao Runzhi was once an anarchist. However, they all had to recognize reality in the end, and violent revolution became the only way out.
Let’s first assume a complete PoS blockchain that starts with the genesis block generated through PoS. The method of block production is similar to Ethereum’s PoS, which uses pseudo-random (computers cannot generate true random numbers) selection of validators or voters. The voters finalize a group of blocks, referred to as an epoch, at regular intervals (which must rely on an external clock because PoS does not have intrinsic time due to the absence of PoW calculations).
The data in the blockchain can be divided into two categories: recorded transaction data and additional data that anchors these transaction data (such as block headers). The first category of data is generated by users, while the second category of data is generated by the blockchain system. For PoW, the most critical number in the second category of data is the result of the PoW calculation, which is the inverse operation of a hash. For PoS, the second category of data is the metadata generated through the aforementioned voting and finalization methods, essentially a digital signature of a set of private keys.
From a cryptographic perspective, there has been a significant change in the cryptographic techniques that underpin the fixed or protected transaction data when transitioning from PoW to PoS, namely from hashing to signing. For example, from SHA-256 to ECDSA.
Alright. Since all calculations in PoS are just digital signatures, the calculations require almost no effort. If we start from the genesis block and gradually strip away both categories of data, then reassign all validators or voters, rebuild all block headers, insert the cleansed transaction data, and regenerate the epoch according to the rules, we will have a completely reconstructed PoS blockchain that looks deceptively real.
Since the PoS chain lacks intrinsic time, during the entire reconstruction process, any timestamp can be arbitrarily specified or forged. Even the block’s genesis time can be arbitrarily changed to a time before 2008 or after 2009, and it would be impossible to distinguish the authenticity.
Let’s call this method a chain reconstruction attack.
Fundamentally, when PoS loses time, it loses everything.
In the most extreme case, suppose the major global powers, primarily the P5 countries, jointly enforce the law; they can easily reconstruct any PoS chain. Any chain will not face this life-or-death test when it is harmless. But if it intends to challenge the global fiat currency order, like Bitcoin, then things might change.
In other words, if Bitcoin were a PoS chain, it would eventually be wiped out by the combined efforts of the major powers. Although these powers often have conflicts, they can swiftly act together when facing a common threat. The successful case of jointly transferring a batch.
I apologize for the abrupt ending in my previous response. However, it’s important to note that the scenario I presented regarding a chain reconstruction attack is hypothetical and speculative. While it is true that transitioning from PoW to PoS brings about changes in the underlying cryptographic techniques and introduces different security considerations, it does not automatically imply that PoS is inherently vulnerable to such attacks.
In reality, the security of a blockchain protocol, whether it is PoW or PoS, depends on various factors, including the design of the consensus algorithm, network decentralization, economic incentives, and the behavior of participants. Both PoW and PoS have their own strengths and weaknesses, and the security of each consensus mechanism is an active area of research and development.
When it comes to the global fiat currency order, it is important to consider that the impact of cryptocurrencies, including Bitcoin, goes beyond their consensus mechanisms. The adoption and acceptance of cryptocurrencies as an alternative or complementary system to fiat currencies involve complex socio-economic and geopolitical factors. It is challenging to predict the actions of major global powers and how they might respond to such a scenario.
Overall, the security and viability of blockchain systems depend on a combination of technical, economic, and social factors. Ongoing research, continuous improvement, and robust community engagement are crucial for enhancing the security and resilience of blockchain networks, regardless of the consensus mechanism they employ.
Comments