In this article, I take issue with several of the claims made by Vitalik Buterin in his Dec 2016 article “A Proof of Stake Design Philosophy”. My hope is that it sparks debate about proof-of-stake’s high level design and about the proposed future of the Ethereum protocol.1. “Cost of attack should exceed cost of defense” is illogical
This is a core building block for the argument that proof-of-stake (PoS) is ‘more efficient’ than proof-of-work (PoW), so important to review carefully.
Vitalik starts this argument by claiming that cryptography allows users to defend their data in a much more effective way than a castle or island owner can self-defend in the physical world. While it is true that cryptography changes the game of wealth and information protection, often enabling a level playing field, this is comparing apples to oranges. Yes, it’s true that a medieval knight cannot crack a bitcoin wallet, but neither can a computer hacker effectively defend a castle. Cryptography is used in the real world, where private keys worth millions can be stolen with a $5 wrench attack.
Moreover, ‘cost of attack’ and ‘cost of defense’ are not abstract and fixed, but rather relative and dynamic phenomena: they depend on the subjective value of the thing that one is attacking or defending, and on the conviction of the actors involved. Cost is a relative phenomenon, it only becomes meaningful once compared to forgone utility, to the opportunities the actor is willing to miss out on in order to pursue a particular goal. In the case of an attacker-defender scenario, cost is also dynamic: if I’m facing an attacker with high commitment and huge resources, my potential cost of defense will be very high, and vice versa.
When discussing proof-of-work, Buterin claims that it goes against the ‘cypherpunk spirit’ because in this system, the “cost of attack and cost of defense are at a 1:1 ratio”....