Proof of stake is no different than most traditional governance structures such as corporations in that it relies on a committee with an honest majority to keep the system secure. Validators are supposed to act like some kind of completely neutral, decentralized system, but they are not.
For example, the fundamental principle of PoS is slashing for equivocation: when validators present two alternate versions of history (this could be part of a "double spend" attack), they are supposed to be slashed and have their stake taken away.
It takes 1/3 of validators to successfully pass off two versions of history to a double spend victim. However, 1/3 of validators can censor this slashing transaction. So if a double spend attack happens, the perpetrators of the attack are in charge of punishing themselves.
So, the fundamental security mechanism of PoS, equivocation slashing, can in fact never work in practice to punish an actual attack!
Another example is the idea that participation in a PoS chain is permissionless. This is the case in PoW. However, in PoS, 1/3 of the existing validator set could censor any new validators that would like to join, maintaining complete control of the chain. The existing validators only act as if the system is permissionless.
There has been a large amount of thought put into this paradox, and the PoS research community has settled on the idea that if the validator set breaks these norms, then users can just use a new chain with the same state, and a new, more trustworthy validator set. This has several problems:
- Philosophically, what is the point of creating a system that obviously doesn't work as intended, and then when this is pointed out saying "that's not a problem because users don't have to use the system"?
- The coordination of this hypothetical switch to a better validator set is completely unexplored since it is totally outside of the PoS protocol. It may be very disruptive to users and result in downtime, loss of funds sent during the switchover period, multiple new blockchains, or other issues and confusion.
- The fact that the system does not work, and there must always be the possibility of human operators sorting things out based on an undefined recovery procedure means that truly autonomous and truly secure clients are not possible in PoS. This is a problem for both far-out concepts like self-owned self-driving cars, and for bridges between blockchains, which must always rely on either trusting the validators, or a multisig made of trusted people who can stop or reconfigure the bridge.
In fact, there is no clear dividing line between a PoS blockchain, a PoA blockchain (this has a predefined validator set), a multisig, and a single entity running a chain. The only differences between these models are a matter degree of diffusion of authority.
This is what Bitcoin people do not like about PoS. PoW has its own problems, but they are different, and PoW chains do not rely on a set of trusted operators in the same way.
For example, the fundamental principle of PoS is slashing for equivocation: when validators present two alternate versions of history (this could be part of a "double spend" attack), they are supposed to be slashed and have their stake taken away.
It takes 1/3 of validators to successfully pass off two versions of history to a double spend victim. However, 1/3 of validators can censor this slashing transaction. So if a double spend attack happens, the perpetrators of the attack are in charge of punishing themselves.
So, the fundamental security mechanism of PoS, equivocation slashing, can in fact never work in practice to punish an actual attack!
Another example is the idea that participation in a PoS chain is permissionless. This is the case in PoW. However, in PoS, 1/3 of the existing validator set could censor any new validators that would like to join, maintaining complete control of the chain. The existing validators only act as if the system is permissionless.
There has been a large amount of thought put into this paradox, and the PoS research community has settled on the idea that if the validator set breaks these norms, then users can just use a new chain with the same state, and a new, more trustworthy validator set. This has several problems:
- Philosophically, what is the point of creating a system that obviously doesn't work as intended, and then when this is pointed out saying "that's not a problem because users don't have to use the system"?
- The coordination of this hypothetical switch to a better validator set is completely unexplored since it is totally outside of the PoS protocol. It may be very disruptive to users and result in downtime, loss of funds sent during the switchover period, multiple new blockchains, or other issues and confusion.
- The fact that the system does not work, and there must always be the possibility of human operators sorting things out based on an undefined recovery procedure means that truly autonomous and truly secure clients are not possible in PoS. This is a problem for both far-out concepts like self-owned self-driving cars, and for bridges between blockchains, which must always rely on either trusting the validators, or a multisig made of trusted people who can stop or reconfigure the bridge.
In fact, there is no clear dividing line between a PoS blockchain, a PoA blockchain (this has a predefined validator set), a multisig, and a single entity running a chain. The only differences between these models are a matter degree of diffusion of authority.
This is what Bitcoin people do not like about PoS. PoW has its own problems, but they are different, and PoW chains do not rely on a set of trusted operators in the same way.