Ethereum 2.0’s Nothing at Stake Problem
Link: Ethereum Proof of Stake FAQ – What is the nothing at stake problem and how can it be fixed?
Last time I explained Proof of Work, blockchains, and the Byzantine General’s Problem: A Simple Expanation of The Game Theory Behind Bitcoin’s Proof of Work System
This isn’t the exciting full look at Ethereum’s Serenity Proof of Stake system. Sadly, the spec is still changing massive amounts every day and anything I write now will likely be actively misleading six months from now (for example, six months ago the leading concept was Consensus by Bet) (the spec is shifting every day and the current system is nothing like it was even six months ago) it will quickly look at a particularly interesting piece of the puzzle.
———————————————-
Proof of Stake blockchains attempt to solve many of the problems inherent to Proof of Work (see my last post) by replacing miners with validators. Instead of using their money to purchase expensive mining hardware, validators directly stake their money by putting it in blockchain-based time-locked deposits and validating blocks directly. The specifics of this locking and validation process are outside the scope of this post.
In Proof of Work miners are incentivized to mine on the longest/most valid chain and only that chain because it is the chain where their blocks (and their accompanying block rewards) are least likely to be orphaned (abandoned by the network in favor of another longest chain). The computing power they invest in a certain chain is proportional to their reward. However, Proof of Stake validators aren’t limited by computing power. When one of these orphan chains appears and a fork happens, validators can easily begin validating on multiple chains (as in these “alternate realities” of sorts their money can be represented differently). In this way, a validator’s dominant strategy is to mine on every chain to maximize their expected revenue. Obviously, this creates a problem. Now, attackers only need to overpower the few “altruistic” nodes that only validate one chain at a time and the rest will follow.
To mitigate this problem, researchers introduced the idea of a slashing system. The slasher will punish those who cheat by validating multiple orphan chains simultaneously by “slashing” their deposits. However, blockchains are unable to communicate with orphan chains on their own, so the system relies on “bounty hunters” of sorts who collect orphan blocks and extract cryptographically signed votes offenders made on other chains. If these hunters discover the offender also voted on a block of the same height in the main chain, they can submit the two conflicting singed votes to the slasher. As a reward, the slasher pays a portion of the offender’s stake to the bounty hunter and burns a larger portion (this portion is gone entirely, nobody can ever use it again).
As a result, the incentives have changed. Now, as these validators can actively lose their principal by misbehaving (as opposed to a certain time period worth of profits a miner might lose), they are more incentivized to avoid participating in 51% attacks than even miners are!
How do we know that hunters are not misbehaving? It seems that the reward for the hunters should come outside of the system and not from inside.
As far as I know, hunters have no way to misbehave, as they’re only rewarded when they submit a block signed by the offender. In the same way you prove Bitcoin/Eth/etc belongs to you by signing your transactions with your private key, the same is true for staking.
@Kostas