Separating Consensus Concerns
One of the things I was a little disappointed with at the recent ethereum devcon was how little time was put into discussing Casper. Casper is the proposed ethereum Proof of Stake protocol that the ethereum team are planning to switch to in their next major milestone release. Currently, ethereum is a Proof of Work-based system, which has been able to protect its value throughout an incredibly eventful 2016. PoS is pitched as an alternative to 'wasteful' mining, but its also often sold as supporting faster block times. I spent a good chunk of time at devcon discussing PoS, and it's clear there is not a lot of confidence in ethereum's community about the work of the core developers when it comes to this matter. One issue in particular stood out after a conversation with Vitalik, and so I'm going to try to articulate it here as a fundamental concern with native Proof of Stake, where the network state is validated based on the prior network state.
What it means is that Proof of Stake may seem to work when the market is in a good mood. When it's in a bad mood, power centralises to people with the wrong incentives. In Proof of Work networks, a down mood creates an incentive for new investment, while PoS creates incentives to protect existing investments. This ultimately removes any security long term.
Background on Casper
Casper is a new Proof of Stake protocol that attempts to address the 'nothing at stake' problem. This problem is typically described as a lack of punishment for committing to every fork. Because there is nothing to lose by signing every alternative state, it is difficult to come to consensus on a single version of those states.
Though there are two versions of Casper in design at the moment (one from Vitalik Buterin and one from Vlad Zamfir), both plan to solve this via 'consensus by bet.' In consensus-by-bet, validators (the PoS equivalent of miners) commit to losing their funds in every state but the one they believe is canonical. If they commit their funds to a state that is not accepted by the network, they lose them in the chain that 'matters'.
The second component to it is that validators are pre-selected, and pseudorandomly chosen to create the next block within a specific time frame, like a lottery.
Systems of governance should be less opinionated, more accountable and transparent the larger the group they represent - they should serve the people - current and future generations, and protect the collective best interests while protecting individual rights. That's the fundamental basis of the First Amendment. In history, when the Church has been too involved in the State, the law becomes strongly opinionated, to the detriment of some groups. When the two are bound together, the state can influence people through religion and the church can enforce their will as law.
Consensus mechanisms (also systems of governance) face the same kind of problems. The role of maintaining order needs to be separate those holding strong political opinions about the rules of the network. Only universal facts that all users can come to consensus on are those which should be made law, and the role of the church and the state are to not just to serve and protect its people today, but to protect the future generations as well. For open protocols, this really means that the rules should stay the same for generations to come, and the role of maintaining order is preferably left to protecting the protocol from anything that shifts its course.
Proof of Work has this separation of parties involved because of the practicalities of the physical component of the algorithm - you need large investments in power, infrastructure and IP, and you need to spend real-world money and resources to receive a block reward. This forces miners to behave predictably and acquire Bitcoins primarily for the purpose of paying their operational expensis. Miners are interested in short term profits, while non-validating users are typically interested in long term profits. The ability to transfer ownership between the two groups becomes a critical mechanism for enabling transfer of value between economic agents, meaning that short term miner behaviour is concentrated on continuously enforcing the existing protocol. This means that value transfer is inherently guaranteed to happen continuously between users in the Bitcoin system, in exchange for physical resources or fiat currency.
This is pretty simple economically, but super important. The act of mining a block values it in a separate measure of account, such that we can tell the correct global canonical state. Its price can be approximated by the combination of computational efficiency (ASICs), the minimal value of energy, and political power (the difficulty of accessing large volumes of cheap power). This lets us see which is the true chain by counting the computational difficulty energy. We can always estimate the value of a bitcoin at a particular point in time against the mining difficulty and the block reward.
Once a miner receives their reward, they rely on someone mining another block according to the same rules that were in place when they mined their block, in order to see a profit from the difference in the price of enery and the value of the reward. If the rules change, then the previous miners could lose their investment to the future miners, so they'd better keep mining. Because miners are forced to sell a portion of their reward to get back whatever it cost them to get the reward, they distribute the tokens between themselves and between long term investors and generate liquidity, creating a useful currency.
Proof of Stake doesn't have that same internal measurement, or separation of concerns. It has a circular dependency on its own history to figure out its current state, and the people enforcing the rules are worried about long term investment, worrying less about protecting users of the system today.
You don't make a real sacrifice when you commit your funds and become a validator, because you have no forced expenditure outside of opportunity cost. This actually has the inverse effect of Proof of Work, which incentivises you to protect against faults. PoS forces you to instead agree with the majority or face losing your money. It's like being a bank and lending central government money - as long as you support whatever they decide to do, you have guaranteed return on your investment. The problem is that when all validators are long-term investors, they are incentivised to collaborate to change the rules whenever they come to a social consensus, creating a very volatile system. They don't care about how useful the system is today (for the users), they only care about changing the rules in such a way that their holdings will be worth more tomorrow.
This means that validators are incentivised to work together, not to compete, empowering the subset of validators with the most social and economic power - they lead and others follow. In PoW, because the canonical chain can be determined in a decentralised way, without continuous communication (by counting cumulative difficulty), miners are incentivised to call others out when they produce invalid blocks. In Proof of Stake, there's no such mechanism - you lose your money if you call them out and they don't politically agree with you. So you stick with whatever set of rules protects your money. This means that the canonical chain gets set by a combination of large investors and large exchanges, as opposed to competing with others to correctly enforce the protocol rules. In PoS the protocol is fluid, while the canonical chain selection is rigid, but in PoW the protocol is rigid while the canonical chain selection is fluid.
Another way of thinking about this is that collusion is punished in a PoW system because it creates opportunity. If you attempt to 51% attack the network, you are making anyone playing by the rules get twice the rewards by forking, who'll likely have the users on their side. In Proof of Stake, there is no such separation. A 51% attack in Proof of Stake is by definition not an attack at all, but 'governance'. So PoS centralises, where PoW decentralises. Validators are not dependent on the current set of rules, and more important, can only lose money, not gain money, by betting against the crowd.
How does PoS improve performance?
Given that, let's go back to main reported benefit of Proof of Stake - an increased block time. If PoS is supposed to be equal to Proof of Work in practice, but without the energy expenditure, what on earth would cause it to enable faster block times? If anything, nodes should have to spend more time talking to each other to figure out what the correct state is, since we need to be damn sure all our available options before we make a bet about where to place our money, rather than just mining on the longest chain at any point in time.
There is obviously only one answer to this and it is network centralisation. By reducing the number of parties involved in validation, and creating incentives to collaborate, blocks are decided by the de-facto authority at the center of the graph - the heaviest weight and the strongest degree of connectivity to other validators. This means we have to sacrifice reliability and trust for an increase in performance, since they have political power over the bets of other validators.
This may seem to be okay in a stable environment - what could be bad about coming to consensus? If everyone has an investment mindset, maybe that's what they all want to agree upon - but when there's a disagreement, you get a clear fork, where either the smaller group loses out big time, or the chain splits in two. If every token-holder was a validator, you could argue this is fine, but the reality is that only a small number of token holders will be validators. And because the token used to measure difficulty is the token of value itself, people can make no adjustment to their investment. When it splits, if no new validators join, but old validators decide to leave the market, the ones left over will then have even greater power to change the rules to try to get the market to move in the direction they want again.
I'm not completely negative about PoS - there are ways to implement it with non-native tokens. In the same way that PoW is an external measurement that protects the value of the token through computational power, a PoS consensus system could require proof of expenditure of a PoW token to protect the value of the reward. Native PoS is illogical - it assumes continued demand, while not economically guaranteeing a supply - you may as well own rights to a git repository.