Criticisms of blockchain consensus mechanisms in cryptocurrency usage (PoW, PoS, etc.), and why no major cryptocurrency has moved from PoW

This article is written to explain blockchain consensus algorithms, and explain why none of the current systems are any kind of improvement on normal currencies for ‘decentralised’ use such as cryptocurrency or NFTs (the meaning of which will be explained later).

A simple explanation of blockchains themselves is that they are a linked list of blocks (a ‘chain’ of blocks, as it were) that record data, and contain hashes to verify that data has not been tampered with. This includes data to ensure that the previous and next blocks are also as expected. For cryptocurrency/NFT purposes, the blockchain serves as a list of transactions.

A simple example of blockchain structure, by Matthäus Wander.

The blockchain is thus a relatively simple concept. The need for a consensus algorithm occurs when we consider ‘centralised’ vs ‘decentralised’ blockchains. In a centralised blockchain, some overarching authority or owner validates new blocks; this is fine if you e.g. had a blockchain for your own internal company use. In a decentralised blockchain, there is no ‘owner’ or ‘authority’; cryptocurrencies all use decentralised blockchains, and I will focus solely on decentralised blockchains in this article.

In order to validate new blocks on a decentralised blockchain, you have to be able to reach consensus on who should write that block and whether the block is valid. This means in a sense that the blockchain needs to solve the well-known Byzantine Generals problem, an ever-present issue when it comes to distributed systems, and one which we will examine a little bit further later on.

The Byzantine Generals problem.

This problem involves a group of entities reaching agreement on a particular action, even if one or more of the entities gives conflicting information (deliberately or unknowingly). The above diagram shows two examples of this; in both cases it is impossible for Lieutenant 1 to know who is the traitor (in both examples, they get the same orders, but in each one the traitor is different).

There are a few different ways in which decentralised blockchains attempt to solve this problem — namely Proof of Work, Proof of Stake and Delegated Proof of Stake are probably the most well known. They also need to protect the blockchain from attacks — ensuring that nobody can gain enough control to abuse the system.

Proof of Work (Bitcoin, Ethereum, Dogecoin and others)

Proof of work as a concept is simple: the person to write the next ‘block’ of transactions is chosen at random, proportionally according to the amount of ‘work’ they have done. The chosen miner is then rewarded with new coins or some existing coins for that work (all others get none; it’s more of a lottery than a guaranteed return).

The work itself is redundant and arbitrary, but is done to create a protection mechanism, as in order to subvert the blockchain and thus the cryptocurrency you’d need to hold 51% of the available working power, which would be very difficult to acquire.

This has in fact happened many times on smaller cryptocurrencies, and could perfectly well happen on a larger one like Bitcoin or Ethereum in theory, but would require gargantuan computing resources in practice (possible, but *extremely* difficult). As a result, Proof of Work is seen as the most ‘secure’, and this is why despite endless talk none of the major cryptocurrencies have moved off of PoW.

Proof of Stake (some smaller cryptocurrencies)

Proof of stake works in a similar-ish way to PoW, with one major difference: instead of choosing the miner who will write the next block randomly proportional to how much ‘work’ they did, they are chosen randomly proportional to how many coins they hold.

This comes with the obvious benefit that you no longer need to expend countries worth of electricity doing redundant calculations to decide the next writer to the blockchain; however, it also comes with the problem that now those who have enough money can just sit on it forever to gain more and more money (and more and more control over the blockchain as well).

It’s also astronomically easier to buy out a small currency than it is to acquire the necessary hardware to control a PoW blockchain, as real-world currency is much more readily available and liquid. Plenty of billionaires have a ton of cash lying around, but few or none have a million idle RTX 3090s lying around in their basement ready to take over some PoW cryptocurrency.

Delegated Proof of Stake

Delegated Proof of Stake is very similar to PoS, but with one major change: instead of the next miner to write a block being chosen randomly according to how many coins they have, their coins are used to randomly decide (again, proportional according to how many coins they have) who the ‘delegates’ are. These ‘delegates’ then decide by majority vote on the next block.

For all practical purposes this is really a very small difference from PoS, in terms of how easy it is to abuse.

The underlying fatal flaws of all these consensus algorithms

The (alleged) purpose of Bitcoin and other cryptocurrencies is to make the financial system “fairer”, by ensuring that banks and governments do not control the currency or exert undue influence/corruption, etc. In order to explain why cryptocurrency — and consensus algorithms of any kind — do not solve this problem, we will look at some of their weaknesses.

51% attacks

A 51% attack (much like a hostile takeover in business) involves controlling more than half of the blockchain’s mining power. For each consensus algorithm this would mean:

  • Proof of work: controlling ≥51% of the hardware used to mine
  • Proof of stake: controlling ≥51% of the currency
  • Delegated proof of stake: controlling ≥51% of the currency, allowing you to fill the group of delegates with your subordinates

This is the reason why proof of work is considered the most secure for a cryptocurrency or other decentralised blockchain use: firstly, controlling 51% of the total currency in a PoS system is a lot easier than controlling 51% of total mining power in a PoW system (imagine how much hardware you would need to do that for a larger cryptocurrency like Bitcoin).

Secondly, if someone acquires 51% power in a PoW system, it’s possible for others to buy more hardware to reduce that 51% share. In a PoS system, if someone gets 51% of the currency, unless they sell it the currency is at their mercy forever.

It’s worth noting that a 51% attack is significantly more likely in PoW systems as time goes on — more on that later.

False sense of security in PoS and DPoS

To quote Investopedia:

Proof of Stake (POS) is seen as less risky in terms of the potential for miners to attack the network, as it structures compensation in a way that makes an attack less advantageous for the miner.

This is, at best, an exceptionally naive view. An attacker holding 51% of the currency may not have an incentive to ‘attack’ the network, but they have a massive incentive to monopolise it; much like in real life situations, you don’t get your 51% controlling stake and then hold everything to ransom in one big dramatic moment.

An attacker with 51% power could invalidate all new transactions for other users, and could for example slowly start limiting the transactions of other users or companies using the currency (targeted or otherwise) unless they paid a certain amount to the 51% owner. Once a currency is embedded enough in the economy, it will not be a feasible option for people to simply abandon their money and start over (and you won’t be able to sell it in such a situation). Like all such situations, an attacker would use a form of salami tactics, slowly taking a bigger and bigger cut from other people’s money via transactions whilst doing it slowly enough to stop them from moving away from the platform. Even in the event that the cryptocurrency later dies, the attacker will easily end up with more real-world currency than they started with.

DPoS: ‘Democratic’, in all the wrong ways

DPoS is frequently cited as being more “democratic” than PoS, as owners of the currency vote for delegates to represent them. However, this is true for all the wrong reasons.

Imagine a democracy where instead of each person having one vote on who represents them in Congress/parliament/etc, each person had one vote per dollar in their bank account. That is exactly what DPoS does; the more money you have, the more votes you have on who validates blocks in the blockchain. I hope the problem with that needs no further explanation.

Proof of Work: Tragedy of the Commons

One of the primary problems with existing PoW cryptocurrencies is that so far, they are propped up by the fact that transaction fees are very low. This is because miners are rewarded with newly-minted coins, but these coins will eventually stop being minted (Bitcoin has a hard limit), or will continually deflate and become less and less valuable to the point of not being worth mining for.

The resulting problem is the tragedy of the commons: as the currency gets closer to having no more new coins to mint, or the currency deflates sufficiently, miners will no longer find it worth the effort to validate blocks by mining, as it won’t be worth enough in coin rewards. Users will then have to pay higher transaction fees to miners to offset this; the likely result is that less and less miners would find it worthwhile, resulting in a centralisation of mining power in a few hands who could abuse the system.

A similar problem exists in PoS and DPoS; the richest users would have no incentive to spend their money, as their money gives them control over the currency and gives them the opportunity to earn more money in transaction fees.

Byzantine Fault Tolerance, and its weaknesses in decentralised blockchains

In distributed systems, Byzantine fault tolerance is related to the Byzantine Generals Problem, and is a measurement of a system’s ability to resist arbitrary ‘byzantine’ failure by one or more components. Byzantine failure means failure that is not necessarily predictable, and where you don’t necessarily have enough information to know that failure has occurred: a component might stop working, it might continue to give correct results sometimes and wrong results other times, it might give random results all over the place, or it might just keep giving bad results all the time.

To give a simple example of how Byzantine fault tolerance works:

Suppose you have an aeroplane, and on that aeroplane are ten linked identical sensors that measure the plane’s altitude and orientation that ensure the pilot is flying safely. This system has a level of byzantine fault tolerance; if one of the sensors malfunctions and gives wrong readings, the other nine sensors will still be giving correct readings, and the system can continue running as normal (as the nine correct readings will take precedence over the one faulty reading). If, however, six of the sensors malfunction at the same time, in the same manner — the pilot will not realise it, because it will seem as if those six sensors are the “majority that are correct” and the four remaining sensors are wrong.

Of course, the chances of six sensors failing at the same time in exactly the same manner, giving the same false readings, are incredibly low. This brings me to the point of this section: generally, Byzantine fault tolerance is primarily useful when failure can be attributed to mechanical or hardware/software errors, and does not have a motive.

Consider the aeroplane again. What motive does the sensor have to malfunction? None. As a result, we can be relatively sure that its failure would be down to one of three main causes:

  • Software failure
  • Hardware failure
  • Human inteference (e.g. a soldier tampering with sensors on an enemy warplane)

Byzantine fault tolerance is excellent at protecting against the first two possibilities in many systems. It is much weaker against the last possibility, because the human who sabotages the plane has a motive for the sensors to fail a specific way which will breach the maximum fault tolerance of the system. Provided the human or humans can tamper with enough of the system, the fault tolerance breaks.

This is the primary problem with claiming that blockchains are “secure” for cryptocurrency. While consensus mechanisms such as PoW are excellent at protecting against a machine that malfunctions due to a bug, it is weak at protecting against the real danger: humans causing a large section of the system to malfunction in a specific manner for a particular motive. A rich human wishing to subvert a decentralised blockchain network has a massive incentive to do so, and the resources to achieve it.

Conclusions

The overall conclusions of all of the above flaws is clear: they all point to similar scenarios, in which rich entities or those with control of large amounts of hardware would effectively control the currency to their advantage sooner or later. While it is of course not possible to say that real-world currencies don’t have this problem, cryptocurrencies don’t in any way improve upon them in this regard, as it’s not a problem a currency can solve in itself. Unlike cryptocurrencies, however, it’s possible to solve this problem with real-world currencies by enacting suitable laws (the reasons for why this hasn’t happened already are complex, but largely boil down to those with vested interests resisting such laws.)

This is the reason Bitcoin, Ethereum, Dogecoin and others have not moved from PoW; the idea that PoS or DPoS are actually workable solutions is laughable at present, both for security reasons and the fact that much of the hype around cryptocurrencies is their supposed lack of control by rich or powerful entities, which PoS and DPoS are extremely vulnerable to.

I for one would be wary of attempts by rich investors (notably Elon Musk) to hype up PoS cryptocurrencies: as most PoS currencies currently have very low market caps, it would be easy for them to hype up the currency until it gains steam, then buy enough of it to gain control and make a very nice profit by effectively ‘owning’ that currency and profiting off of transaction fees and so forth.

Computer scientist. https://twitter.com/antsstyle