>Let’s walk through a couple theoretical scenarios where a subset of malicious validators wants to censor transactions, say those originating in FATF-blacklisted countries.
Hang on a second. Just to be clear about this example, this example is walking through how Ethereum has been designed specifically to allow North Korea to transact Ethereum, and more than that, prevent anyone who dissents. Like, I mean ok, I get the ideological position in theory of saying "Hey, we're going to design this network so that you can't prevent any transactions." But it's quite different to go "The motivating example of why we would want to do this is so that we can help Iran and North Korea money launder in a direct attack against our own government's laws".
Here's my counter-example to the scenarios the author puts forward. You stake 32 eth to become a validator node and start signing off transactions from North Korea. Other people choose not to do that because... well. Your stake slowly goes up and they slowly bleed Eth. Then the US government smash down your door and throw you in federal prison because you're actively working to help North Korea.
You should understand that this is a very USA centred opinion. There’s a whole big world of different cultures and politics, and it is possible to believe there are other approaches where we reject violence and authority.
It’s the usual “you’re helping drug dealers/terrorists/North Korea, but what about the children?!” state simping that ignores the violence of the existing systems, and ignores the billions of people in the world who aren’t any of the above and are also benefiting from our attempts to design systems that respect liberty.
I think we absolutely should build infrastructure that allows people within oppressive regimes options with which they can resist, escape, coordinate. For example, we shouldn’t accept that Iranian devs get booted off GitHub.
I absolutely agree we should build infrastructure that allows people within oppressive regimes options with which they can resist, escape and co-ordinate.
Which is why this infrastructure, which is clearly designed to empower those regimes, is bad. Are North Koreans using crypto-currencies? Maybe, it doesn't seem like it. Is the North Korean regime using crypto-currencies? Absolutely, we repeatedly see the North Korean regime stealing, laundering and transferring crypto.
You're advocating for a theoretical possibility of helping dissidents to defend the actual reality which is that crypto is a tool of oppressive regimes.
I really don't get what the argument is here? NK and others also use Tor, Signal (Protocol), and more. Are they all bad? And why always use the most extreme examples like NK and China?
If US citizens could empathize with people not only from NK, but also from places like Turkey, where the value of our currency has been demolished under the current authoritarian government (and, IMO, they aren't far away from putting limits on buying USD), I think we would have healthier discussions. Now, I can — and am — moving out of the country, but not everyone can. Thinking otherwise is privileged and ignorant thinking.
Of course ETH is not flawless, and if I were in a middle-class family in the US, I would love to have these deep philosophical discussions about if Ethereum is really really decentralized, but the fact remains that cryptocurrencies DO solve real problems, and they DO help more people than they hurt, just like any technology. If this weren't the case, humans would have stoped innovating a long time ago.
You can only be sure in hindsight which solution is comparatively or net good. Not all hard work done by smart and nice people turns out to be worthwhile. There are always trade-offs and cryptoassets bring them too. You have good reasons to be worried about centralization, but concerns that this technology empowers crime and totalitarianism, just in a different way, are valid too.
See, burning coal is bad for the environment under many angles. But it fed the energy to the industrial revolution, with immense improvements to everyone's quality of life (from running water to advanced medical care). Now it's time to retire it, but it won't be realistic to go from muscle power to nuclear and solar power directly.
Same thing with crypto currency. It's like a steam engine from 1800: large, dirty and inefficient as it is, it already solves real problems.
Now, moving from proof of work to proof of stake is a huge step, like moving from firewood boiler to a turbine. Maybe not a complete perfection yet, but a huge jump in efficiency.
That's not true though. Crypto currencies do not solve any real problems in any meaningful sense. The problems it solves are all either problems that were created by crypto itself, due to the insistence on using that particular network architecture (which isn't even good), or are better solved in other ways. Moving to proof of stake fixes one of the fatal flaws in the scheme: the energy usage. All of the other fatal flaws still remain: The inability to do anything about fraud, the disastrous security of smart contracts, the ponzi-like economics, the inherent unfairness of mining/staking, the practical lack of decentralization and vulnerability to 67% attacks, the lack of any kind of legal structure around anything whatsoever, and not to mention that the technology is actively enabling new kinds of crimes like ransomware and evading sanctions on a grand scale...
It's patently obvious that the "tradeoff" for most people is that you get to gamble on the price of a highly speculative asset in exchange for enabling massive amounts of crime. I don't like that tradeoff. As a society, we can collectively decide not to make it.
Why. Imagine that I lawfully own something valuable which is located in Russia: say, a moderate-size business, or a piece of realty. I want to stop dealing with them, sell the assets, and take away the funds.
My two options are: (1) Fly there, sell stuff, and bring a suitcase of cash. (1) Sell stuff remotely and transfer the payment over Bitcoin. I suspect that the second option is more economical even with the proof-of-work electricity-guzzling proof-of-work BTC network, because two transatlantic flights are even worse.
You'll call this a marginal problem. I'll say that marginal problems are still real, and need solutions.
Or just trade it for some other asset or currency that isn't crypto? Why are those your only two options? I don't understand how you jumped from "I need to trade something" to "my only option is cash or crypto". Those dots don't line up.
The sanctions will also be blocking the legal crypto exchanges from dealing with them as well. So that isn't going to work either. You might respond that you'll just use an illegal crypto exchange, but from that perspective it's not the crypto helping you. It's the illegal exchange, which doesn't actually need crypto to function.
Edit: Also, there's a bit more to unpack here. The transfers from Russia are only a problem with RUB. If you can transfer another currency to them into an offshore bank account then it's not a problem. And I hope you don't transact in RUB anyway, that likely means selling the business back to Putin's war regime, unless you physically go over there and use the proceeds to help the anti-war movement.
"Bad tool is used by bad guys so don't support it" doesn't imply "any tool used by bad guys is bad." It's perfectly valid to think that different tech has different value based on specific pros and cons.
Right, but this presupposes that the particular tool in question is a "bad tool", and the basis of that presupposition elsewhere in this thread is very strongly implied to be "tool is used by bad guys therefore it's bad unless I specifically benefit from it".
Eh, that wasn’t my read. More that it seems to be exclusively used by bad people.
The lack of people manually verifying the _nature_ of a transaction and not just that someone claimed a transaction occurred means everything you’re doing is, well, pointless. It is (highly optimistically) a libertarian political movement that is deeply misinformed about how free markets and trust actually work.
Cryptocurrency has zero effective solutions for this. If you were to send your money to anyone claiming to be a NK citizen, you still have to personally verify entire transaction occurs, or you’ll get grifted. It’s useless. You’re being grifted. You’re making it worse by continuing to defend it and at some point you’re culpable for not admitting this despite it coming up on literally every hacker news post about cryptocurrency.
> More that it seems to be exclusively used by bad people.
So I'm a bad person, then? Are the migrant workers sending money back to their families bad people? Are the refugees using it to bring their life savings with them bad people? Are the people currently subject to those bad regimes and unable to escape bad people?
At best, the belief that "it seems to be exclusively used by bad people" is blatantly ignorant of reality. At worst, it's saying the quiet part out loud: that as far as the legacy financial system (and the supporters thereof) is concerned, these people are just as "bad" (read: worth shunning from the benefits of said system), with the only difference being that said system is able to exploit them and their labor while it pretends they don't exist.
> Cryptocurrency has zero effective solutions for this.
Because there's no problem to be solved in the first place. There are many issues with cryptocurrency, but "wah nation-states can't arbitrarily censor transactions wah" ain't one of 'em.
I never said that. I said it was my read of the parent comment. Further, it’s a comment about perceptions (“seems”), not a deliberate statement of fact.
It’s more like saying “I can’t recommend this to anyone because the legitimate use cases (if there are any) dont offset the potential for abuse (particularly in societies with an existing, trusted banking infrastructure).
> I never said that. I said it was my read of the parent comment.
Fair enough. Regardless...
> It’s more like saying “I can’t recommend this to anyone because the legitimate use cases (if there are any) dont offset the potential for abuse (particularly in societies with an existing, trusted banking infrastructure).
And in saying that, one betrays either a severe ignorance of reality or a vested interest in the continued marginalization of the very people to whom that "existing, trusted banking infrastructure" currently does more harm than good. There are legitimate use cases and they vastly offset any abuse (potential or otherwise), even in (ostensibly) "developed" economies like here in the US.
Not to mention that said "existing, trusted banking infrastructure" conflates its definition of "abuse" with "whatever the current local regime deems illegal"; as one of many examples, it seems rather plausible (if not probable) for anti-abortion states to start seizing assets from the bank accounts of women who solicit the services of abortion clinics - something which any cryptocurrency worth its salt is explicitly designed to prevent. And don't get me started on the can of worms overturning Roe v. Wade just opened; GSRMs, contraceptive customers/vendors, and other folks previously enjoying that implied right to privacy are now suddenly much more vulnerable to the same economic exile that sex workers and drug users/suppliers have already long faced. Talk about "potential for abuse"!
Ah, and now “I’m a bad person?” for not jumping on your bandwagon which promises so much but delivers so little.
If you really think cryptocurrency can help with abortion access - stfu and get to work, no need to virtue signal when you have a working system.
In the meantime, things like Biden’s recent executive action to enable purchase of birth control across state lines is far more likely to actually be helpful.
You have to at least realize that the defenses you’re making are the same ones that a jaded libertarian might make and have very little to do with the actual tech, which is too complicated to usefully describe anyway. This paired with the underlying belief-oriented nature of cryptocurrency (e.g. “it has value because we all agree it does”) makes it effectively a neo-libertarian political movement, using self-rolled (objectively worse) “patreon” as its backer.
> Ah, and now “I’m a bad person?” for not jumping on your bandwagon which promises so much but delivers so little.
I mean, if you're opposed to cryptocurrencies even after it's been shown to you both how they currently benefit marginalized groups and how they can potentially benefit yet more marginalized groups, then that does indeed say something about the quality of your character. I wouldn't go so far as to write you off as a "bad person", but I would hope that you reflect on whether one's desire to continue the marginalization of said groups on the basis of "North Korea bad" might preclude one being a "good person".
> If you really think cryptocurrency can help with abortion access - stfu and get to work
If I was qualified to administer abortions, then I absolutely would.
> In the meantime, things like Biden’s recent executive action to enable purchase of birth control across state lines is far more likely to actually be helpful.
Sure, until the same Supreme Court that was willing to overturn Roe v. Wade decides it's willing to invalidate such an EO.
> You have to at least realize that the defenses you’re making are the same ones that a jaded libertarian might make
Well I would hope so, being a jaded libertarian and all ;)
Transparent systems in which transactions are screened do not trust their people.
North Korea would never allow their people access to a truly private cryptocurrency (which Monero does better). It would become easier to funnel money internally and create opposing factions.
This discussion is no different than a discussion about just rulers. If the person in charge of a monetary system has good intentions, or is informed by a democracy with collectively good intentions, it is better for them to dictate who can have access and who cannot.
Crypto forces those on the network to trust in the free decisions of the collective. If you think more people would transact with a large criminal psychopathic state like North Korea than they would with people who oppose North Korea, that is a collective choice. In a truly decentralized system, where everyone had access (which is not the case, and complicates things), the real, in practice will of the people comes out.
It’s an appealing idea and what attracts so many bright minds to crypto. People voting with their money for their interests or the interests of the group. Love it. But that’s not how this dynamical system plays out. It would perhaps stand a chance if players could make transaction decisions based on information about the other party but that just isn’t the case in practise. Bad actors have had no issue obscuring sources if they need to (as is clear by NK state successfully using stolen crypto). But let’s say they could make truly informed decisions, that would put them at a competitive disadvantage to those who just trade with anyone regardless of potential harm. So you have a system of oligarchic growth of bastards - the biggest bastards get bigger. We of course have a similar problem in fiat, but with a currency backed by government, you have a chance to place sanctions or seize funds of actors harming the group.
Organisation of systems of humans is _hard_. We’ve been trying many different systems of governance for thousands of years. There are appealing ideas, many experiments but no easy answer. Does currency decoupled from local governance work better or worse for the interests of humanity? The answer is not obvious and we should be careful saying we have clarity. It’s worth the experiment. I’m curious to know the result and watching the evidence carefully but my reading is results don’t support the suggestion that crypto is a force for good overall. It’s not even clear crypto stays trust-less and decentralised in any practical sense once it begins to collapse into more efficient structures of big players (coinbase and friends)
Well said, agree with all of that. I have hope for systems that allow for the easy, anonymous (to outside observers, at least) build up of networks for the kind of information exchange you rightly claim to be the most important aspect of creating good systems in practice.
It doesn’t solve that information bottleneck problem, but I think the more efficient structures that lead to transactional bottlenecks and are necessary in things like Bitcoin are technical problems that can and I think have been worked out in currencies like Monero. Monero has quite successfully resisted the same pulls to centralization that Bitcoin and Ethereum have succumbed to for the sake of efficiency. It is smaller, but still quite large.
That does not necessarily mean it is good, and while I’m optimistic, I understand where the caution comes from. At the very least it’s extremely interesting, both from a technical perspective and a social/political perspective.
At the end of the day I am more and more convinced that all of this money and power stuff is downstream of relationships, culture, and ability to communicate and cooperate across differences. That’s what’s really important, and can be either encouraged or discouraged to move in a direction that helps the most people with all kinds of different tools, of which money is just one, and which could happen all kinds of different ways in different systems.
I wish it were easier to know what helps and what doesn’t so we wouldn’t risk making things worse. But I think the only way to know is to experiment.
>but I think the more efficient structures that lead to transactional bottlenecks and are necessary in things like Bitcoin are technical problems that can and I think have been worked out in currencies like Monero
That might be true, but the structure doesn't appear to have any technical considerations behind it. Following this comment:
>At the end of the day I am more and more convinced that all of this money and power stuff is downstream of relationships, culture, and ability to communicate and cooperate across differences.
If you ask me, the conclusion to this is that Monero has not actually "resisted" centralization, what it's actually done is become centralized around a group of criminals who all refuse to snitch on each other, and use the token as a means to do that. The key part is that "refuse to snitch on each other" comes before everything else including all the blockchain nonsense. These people are the only group who have any reason to bother using this token. Attacking the Monero network itself is orthogonal to what is typically done to break up these groups.
I disagree. Bitcoin started the same way on the darknet. That does not mean it had no greater value, as we now see.
The actual people using Monero are unknown. That’s the point. To say it is centralized behind a group of criminals is incorrect. It has been extensively used to get money into places like Venezuela where the state is hostile, and for all kinds of positive services where people simply value privacy. See http://monerica.com
The fact that criminals also use Monero is a feature, not a bug, and proves that it works in the most hostile environments. The fact that it enforces the fourth amendment is a good thing, and it forces law enforcement to target criminals specifically rather than enabling blanket surveillance.
Anyone who wants tools to prevent the state from abusing power has ample reason to use Monero, and given the way politics has been infringing on banking rights in Canada, that is bound to be a growing number.
Regardless of what you think of the Canadian protestors, the real question is what do you think of the right to privacy and our ability to ensure our rights in the USA, given our constitution. If we do not trust people to transact privately then lets just repeal the fourth amendment and be honest about what rights we do and don’t have.
I happen to believe the right to privacy is fundamental and that to remove it is to create a panopticon. I believe law enforcement has ample means to go after crime without violating financial privacy, and believe it is equally if not more important to prevent abuse of law enforcement powers given the tendency for corruption, political use, and lack of effectiveness that has plagued all of human history.
Yep. Trust is a feature, not a bug. So that the 'legitimate and righteous' blockade of North Korea by the Angloamerican establishment could turn on its domestic dissent whenever needed. As we saw during the Occupy protests in 2011.
To really help ordinary people in oppressed countries, the first step is to implement policies such that they only affect those who should be affected.
If you do that, cryptocurrency benefits become moot: a Russian freelancer working overseas can legally TransferWise money to help her mom, but a Putin-connected oligarch can't wire money to help the regime.
For many reasons, it's difficult: e.g., how do you verify that your Russian user does not in fact work for Gazprom? Much safer to implement a total ban on anyone connecting from a Russian IP or using a Russian bank, explicitly sanctioned or not.
However, blanket financial anonymity at scale is not an acceptable workaround. Making it simpler for kleptocrats in charge to finance questionable activities and launder money obtained through thievery and violence, it introduces more problems than it solves, and in fact props up the regime.
>>If you do that, cryptocurrency benefits become moot: a Russian freelancer working overseas can legally TransferWise money to help her mom, but a Putin-connected oligarch can't wire money to help the regime
There are plenty of nationalities which are banned from TransferWise:
Maybe you misunderstood me. This year Russians got de facto banned from many services, cannot use paid features of Github (Copilot or sponsoring projects), are blocked by freelancer marketplaces, etc. I am not risking using TransferWise to transfer money home (to a non-sanctioned individual's account in a non-sanctioned bank) out of fear of losing my account forever. This is because Western companies interpret sanctions wider than strictly required to err on the side of caution due to the aforementioned reasons.
>>However, blanket financial anonymity at scale is not an acceptable workaround
Blanket financial anonymity is the only way to prevent circumstances like today's, where entire nationalities are locked out of the global financial system, and power becomes more concentrated over time.
It's not the answer, you may have missed the other part of what I wrote.
Implementing this anonymity to allow regular guys help their families in Russia, who are now dealing with 4x price hike on basic goods, will help kleptocrats (the very guys causing that hike in the first place) finance their wars and further entrench themselves in power. Don't you see how this ultimately hurts those it ostensibly aims to help?
Regular guys will send home hundreds of USD, kleptocrats will launder billions.
Financial anonymity at scale exacerbates these asymmetries by helping those with the most money/power the most. Thinking otherwise is hoping they are clueless and don't employ teams of savvy people specifically to figure out various financing workarounds.
Those with the most power can legalize everything they do. The monopoly on violence wielded by the government tends to concentrate power. Mass-surveillance of financial transactions, or conversely, lack of private money, extends the reach of the government, and with it, the ability of the most powerful to extract resources from the general population.
Those in the centers of power don't need to launder money. They write the laws, so their income is not illicit.
> Those in the centers of power don't need to launder money.
Oh yes they do. Read about all the ways dictators and their friends wash ill-gained riches in the West to buy real estate, enjoy lavish lifestyle, finance activities that undermine democracies and further their own agenda, etc. Sanctions exist for a reason.
You can't have anonymity without enabling crime and laundering. In a digital world where you need less to be physically present to profit from a crime, I want law enforcement to be able to seize criminal's funds.
If you think your government abuses that power try electing a different one, if you are in a democracy you can. If you want lawless anarchy I'm not with you, we had something like that in Russia in the 90s and it's not fun.
It's only the dictators of banana republics, which by definition are not great power states, which need to engage in that kind of corruption, and only because they don't wield government power within the largest economies, where they would prefer to park their wealth due to their centrality and stability.
Those at the top of the political order within the centers global economic power have no need to engage something as crude as money laundering, or at least not the kind that depends on clandestine exchanges of briefcases filled with cash. Everything is reported and ostensibly legal.
>>You can't have anonymity without enabling crime and laundering.
You can very much combat crime without warrantless mass-surveillance of private financial transactions. Real crime leaves huge numbers of evidence trails that can be followed. Private electronic cash can also be utilized by law enforcement to incentivize informants to come forward anonymously.
Warrantless mass-surveillance enables tyranny. It enables the kind of systemic repression that can harm billions of people.
It is not in any sense a USA-centered opinion. Look at the list of countries and supra-national organizations which have comprehensive sanctions in place against North Korea: which include not only the US, but Japan, the European Union, Australia and Taiwan.
You can adopt whatever degree of moral relativism suits your purpose, but there's basically not a lot of people anywhere in the world who are looking at what's happening in North Korea and saying "looks good to me".
To be fair though, those are all Western-aligned countries dependent on US force. They'll typically go along with whatever the US says. They're not exactly vassal states but close enough.
NK is just another tiny country caught in a proxy war between imperialists.
Look at China, which I think is bigger (or nearly so) than all those countries combined, and they don't have nearly as big a problem with NK as we do.
I'm not saying NK is a model country, but the US has a long history of demonizing random small countries to suit its purposes, from Afghanistan to Iraq to NK to Vietnam to much of Central/South America. That we use our military and propaganda to coerce our allies doesn't mean we automatically get the moral high ground. It just means we're the biggest bully.
"They're not exactly vassal states but close enough."
This is a comical overstatement. If you followed the ins and out of international relations you'd know this is far from true. The health of those relationships (and any security arrangements included) is constantly debated up and down, and there are periodic crises of various magnitudes that kick up conversation of security arrangements ending.
If you think those countries are not acting in their own carefully-measured self interest and just show up blank faced to support the US... you have a very uninformed notion of the reality.
"they don't have nearly as big a problem with NK as we do."
You're really shooting from the hip. China has enormous problems with North Korea, which it primarily solves by appeasing them and working with them because it's easier than fighting them. As long as North Koreas spends most of it's energy being an active and passionate combatant against democracy and human rights, that suits China just fine.
"That we use our military and propaganda to coerce our allies doesn't mean we automatically get the moral high ground."
Every political regime tries to play these narrative and influence games. And every political regime will gravitate towards what works for it. It's an absurdly myopic American delusion to think that America is pulling all the strings among a world of puppets. That's not serious stuff.
But what you are failing to consider is that there are regimes willing to be far more horrific than whatever failures you see in American behavior. Criticizing America's faults is good. When you end up at "shrug is North Korea worse?" then you've ended up lost.
That's not entirely true. America has forever been a bully. It's more like a crybaby.
CAATSA act states that if you don't like anything of country X sanction them and force others to do the same. This makes every other country as a puppet of America.
>To be fair though, those are all Western-aligned countries dependent on US force.
They're not, but whatever ...
There is also the matter of nine United Nations Security Council resolutions calling for sanctions, of twenty one total resolutions relating to non-proliferation; and a UN Commission of Inquiry report on human rights that found, amongst other things that:
"systematic, widespread and gross human rights violations have been and are being committed by the Democratic People’s Republic of Korea. In many instances, the violations found entailed crimes against humanity based on State policies"
"there is an almost complete denial of the right to freedom of thought, conscience and religion, as well as of the rights to freedom of opinion, expression, information and association"
"police and security forces of the Democratic People’s Republic of Korea systematically employ violence and punishments that amount to gross human rights violations in order to create a climate of fear that pre-empts any challenge to the current system of government and to the ideology underpinning it. The institutions and officials involved are not held accountable. Impunity reigns"
Of all the hills to die on, the one that involves takes a moral relativist position on the badness of the North Korean regime is one of the oddest ones.
Eh, no. Helping North Korea to bypass international agreements won't help us to "reject violence and authority." What authority are you talking about here specifically, what are you trying to reject?
Throwing an existing system out of the window without offering anything in return is madness. Cryptocurrency won't replace all the financial and government systems that have been developed internationally for years.
How can you help Iranian/Russian people that genuinely would like to reject and escape their current government, without helping that very same government to finance itself?
One could argue that the current way to stop nuclear proliferation is "peer to peer"—after all, the peers of would-be nuclear nations are other nations!
"During the campaign, conventional weapons such as explosives, incendiary bombs, and napalm destroyed nearly all of the country's cities and towns, including an estimated 85 percent of its buildings"
No idea why they have bad infrastructure and hate the west
They rebuilt a lot of that in the decade after the war with extensive aid from Russia and China. Their economy was actually doing better than South Korea's up until maybe the '70s or even '80s (it depends on what metrics you are looking at).
Where it started going seriously off the rails was in the '80s when they adopted a policy of radical self-sufficiency. Unfortunately they can't really be self-sufficient, at least at their current population levels, because the climate and geography limit the amount of arable land and limit how much can be grown on it. They get winds from Siberia bringing bitter cold and heavy snow, making it so they can usually only get one crop per year (compare to two crops per year which is possible in much of South Korea).
So they remained heavily dependent on Russia and China. When the Soviet Union broke up they lost most of their Russian aid, and that really hurt. They never really recovered from that, and their infrastructure suffered as part of the general poor economic conditions.
But that still makes them 20 years behind the times. And then:
"Russian accusations of indiscriminate attacks on civilian targets did not register with the Americans at all. But for the North Koreans, living in fear of B-29 attacks for nearly three years, including the possibility of atomic bombs, the American air war left a deep and lasting impression. The DPRK government never forgot the lesson of North Korea's vulnerability to American air attack, and for half a century after the Armistice continued to strengthen anti-aircraft defenses, build underground installations, and eventually develop nuclear weapons to ensure that North Korea would not find itself in such a position again. ... The war against the United States, more than any other single factor, gave North Koreans a collective sense of anxiety and fear of outside threats that would continue long after the war's end"
What is a US-centric idea is the thought of helping North Korea because their are an enemy of the United States. If your primary concern is breaking US hegemony then that is a US-centric viewpoint.
So are all the people calling for peer-to-peer electronic cash to be banned and the status quo, of a centralized global financial system which cuts off entire countries, to remain in place:
> You should understand that this is a very USA centred opinion.
Hmm. IMHO libertarianism (which is at the core of the crypto movement) is much more striking as a USA-centric belief system than “KYC / AML is desirable”. In fact, most developed countries seem to have anti money laundering regulations.
Your “what about the children?” is a straw man whereas “you’re helping North Korea” is a fact. See the exponential growth of the ransomware market when cryptocurrencies took of.
We all universally agree that we should build infra that helps people within oppressed regimes. The disagreement is that not only crypto fails to do so meaningfully, it empowers those oppressive regimes by providing them with ways to circumvent trade restrictions.
> There’s a whole big world of different cultures and politics, and it is possible to believe there are other approaches where we reject violence and authority.
The post you're replying to was discussing sanctions, not violence.
That is a nutshell is a variant of the Byzantine generals problem.
Without a central authority that governs difficult decisions like censorship of nodes NK could launder their crime money through ETH validator nodes.
On the other hand of the spectrum you have the Solana/Solend farce where the Solend team just "voted" to take over the wallet of their main customer.
It is still a long way.
> Then the US government smash down your door and throw you in federal prison because you're actively working to help North Korea.
Not a real issue because transactions are not associated with IPs. There's basically no way to know the country of a sender or recipient. Also, it was ruled that virtual currency miners are not subject to AML regulations[0].
Not related to miners but to the best of my knowledge, every transaction is broadcasted to the network from an IP address. Therefore the IP can be traced back or hidden with TOR or proxies.
Receiving cryptocurrency is by default anonymous because it requires no public action on the part of the receiver.
Except, checking a transaction tx or wallet balance on blockchain.info could flag the IP checking that balance.
> Not related to miners but to the best of my knowledge, every transaction is broadcasted to the network from an IP address.
Right, but even if you banned North Korea IPs, you'd still get their transactions through the transaction relay mechanism (other peers outside North Korea relaying their transactions).
It's an arguably poor example in an article by "foobar," not a motivating example from Ethereum's white paper, design documents, a senior researcher, or anything official at all. Ethereum was not designed specifically to allow North Korean transactions.
Reasonably good censorship resistance in general is a design goal shared with pretty much all decentralized blockchains. Without that, complaints about proof-of-stake being oligarchic rule would have a lot more legitimacy.
HN is so crypto-phobic it’s almost impossible to have a comment section without bad-faith arguments like this.
It’s a censorship-resistant technology, of course that applies to both good and bad guys. You know that, yet here you are making this absurd argument and the top-voted post.
Yes, if you actively and knowing break the law, you might get punished for it. Not sure what's new here? If you don't want to connect to North Korea, block connections coming from North Korea, it's like one or two commands of iptables.
The sanctions go a little bit further than that though. Financial institutions are not merely blocked from accepting transactions from the IP region of North Korea, but actually from doing business with a whole list of companies and individuals with ties to NK. To comply with the sanctions regulation you would need to have a lookup service listing the owner of every wallet and for every transaction you validate, check if any of the wallets involved belongs to a sanctioned company or individual.
I don't think "but I didn't know that it was a NK wallet!" is going to hold up in court either. There are laws regulating the minimum Know-Your-Customer a money transmitting company needs to perform and when the regulators come knocking you need to be able to show your procedures for that and how they lead to compliance with the law.
The real question is whether courts will rule that POS validators are "money transmitters" in a legal sense. To me it's kinda obvious that they are, since without the action of the validators no money would get transmitted. No doubt there will be much water under the bridge before that gets settled though.
> The first ruling states that, to the extent a user creates or “mines” a
> convertible virtual currency solely for a user’s own purposes, the user
> is not a money transmitter under the BSA.
That seems to leave rather a lot of open space IMO. For example, does a POS validator create convertible virtual currency? Clearly. But is it solely for their own purposes? Do they become a money transmitter as soon as they sell their crypto? Also, only part of miner income is the block reward; there are transaction fees as well. Is a miner allowed to accept fees from sanctioned individuals for providing payment validation services?
2014 was forever ago in crypto terms of course, so I can imagine that the viewpoints of regulators have evolved together with the technology.
It probably seems unclear to you because you are not familiar with the industry and/or AML regulations. To answer your questions, cryptocurrency miners are not money transmitters, even if they sell their cryptocurrency and they can accept fees from any transactions.
Of course regulations can change, but in this case it seems unlikely unless the intention is to effectively "ban" cryptocurrency.
I didn't get the sense that WJW is unfamiliar with the industry. I read their comment as suggesting that the administrators who designed the existing regulations did so at a time when the widely understood definition of "miner" was a proof-of-work miner. If the same regulations were drafted today, would PoS validator nodes be considered functionally equivalent to PoW miner nodes? I hope not, since they aren't.
Regulations can and do change. Cryptocurrency fanatics are expanding their regulatory capture with various senators and state governments friendly to the 'movement.' I worry about the next crypto crash tanking the economy after this crypto crash.
What I'm saying here is that this system is designed to tax your staked ETH if you do that. So you have three choices: 1: Run a validator blocking NK transactions, safe in the knowledge it's probably legal, but your staked ETH is slowly going to taxed by the network costing you money. 2: Run a validator including the NK transactions, your staked ETH is safe, but you are violating your countries money laundering laws most likely. 3: Don't run a validator, now the only people running ETH validator nodes are those who work with North Korean money launderers, which doesn't seem like a particularly stable footing for Ethereum.
Ignorance of the law is not a valid defense. It might get you a lighter sentience, but don't count on that. You are expected to know all the laws that apply to all the activities you do.
This is no different than good ole Proof of Work (bitcoin, current eth, etc). A miner already decides what transactions to include in their block, and also their parent block.
Bitcoin has been working like this for 13 years. And your hypothetical situation hasn't happened.
I think what you're missing is that this is the entire point of cryptocurrencies. To be decentralized such that governments, banks, central authorities, cannot stop them. No laws, sanctions, rules, taxes, can force the crypto system to do anything.
Imho, they are inferior to real currencies at everything except for that.
Now, if you want to discuss whether that makes crypto a good or bad thing, oh, I'm with you, let's dive into that. But this article is discussing the implementation of such a system, not the frankly quite concerning ethics behind the existence of the system.
> Imho, they are inferior to real currencies at everything except for that.
Add to that list the transaction speeds for just about any PoS cryptocurrency. A new transaction is visible to others on the network within seconds, and is fully validated within a few minutes (as I just observed moving some Cardano around last night). That first metric is on-par with your average credit/debit transaction while the second blows it out of the water (credit/debit transactions can take multiple days to actually move out of a "pending" state). The only thing other than a PoS cryptocurrency that's even theoretically faster on both points would be a payment app like PayPal or Venmo, and that's only if you're maintaining a balance in those apps (otherwise they fall back on credit/debit or bank withdrawls anyway).
There are other possible superiorities or inferiorities which are indeed a matter of opinion (for example, IMO the inability to reverse a cryptocurrency transaction makes it superior to a credit/debit charge or wire transfer or payment app, and the "downsides" are better solvable with escrow anyway; as another example, IMO the ability to send arbitrarily-large-or-small amounts of cryptocurrency makes it superior to said alternatives), but transaction speeds are factual and readily observable.
The tradeoffs between centralized control and permissionless primitives are better explored elsewhere, but the dangerously high costs of depending on a fickle intermediary for all transactions should be clear to any informed observer.
Consider a Russian citizen unable to flee Putin's wartorn regime because all personal life savings and assets have been frozen.
Just as private communications make some tradeoffs for not acquiescing to the surveillance state, so permissionless value transfer makes tradeoffs.
This is very well put. If you believe the trade-offs of permissionless and private communications (as granted by cryptography) are worth-it and you don't think similar trade-offs to value transfer are worth-it (as granted by cryptocurrencies) you have to be able to explain how you are tracing the risk-reward in both cases to arrive at different conclusions. I'm not claiming it's not possible but certainly some very fine-tuning of the weights involved is necessary to reach different conclusions.
The average opinion (as in, the most oft-repeated or most popularly represented through upvotes) in HN maintains opposite conclusions. Which is an interesting observation.
It's been explained countless times. The world has come together and numerous societies have agreed to not give money to North Korea. There is no comparable discussion or agreements about restricting communications among individuals. It's asinine to ignore all of the history and turmoil of North Korea, just about as asinine as creating a crypto currency for the espress purpose of funding the Kim regime.
Hello, I read your twitter thread. While privacy is absolutely important, your reasoning is fundamentally flawed. In the context of financial transactions, we know from a ridiculous amount of history with banking regulations that it's not ordinary people who benefit from having complete privacy and anonymity in all matters. It's criminals and fraudsters who lie and misrepresent themselves to conceal the source of their funds and their activities. They'll gladly continue to use their privacy as a weapon to disguise themselves and further rob and steal. There is no other group that benefits as much from being able to transfer large amounts of money secretly. This can be verified over and over again, ask any traditional company that processes international remittances.
It doesn't really matter what kind of political activism you believe you're engaging in: the reality is, these nasties are the main people that benefit. They absolutely love what you're doing. Anyone involved in cryptocurrency, even tangentially, is complicit in this fraud because it's the only way these currencies have any significant value to begin with. And it will continue to happen for the indefinite future, because even with this new move ETH will still have no capital controls to prevent any of the massive market manipulation that happened over the last few years, that drove tons more fraud and ransomware and also resulted in the recent crash.
A system that tries to give privacy but does nothing to stop fraud is just creating worse problems under the false guise of helping people. I ask that you please stop working on these things and please stop promoting them until you can dial the whole thing back to rectify this situation. Any kind of "censorship resistance" without fraud prevention is not going to work. If enough people put their heads together they can solve this, but it will not happen with any of the supposed "privacy solutions" you mentioned. Yes, I'm aware the traditional finance system also has many of the same problems. It's not helping to recreate the exact same system but with even more layers of technical debt around it, which is essentially all you'll be able to do with any of the suggested tools.
The system you have built specifically and explicitly provides much less cover to the Russian citizens than it does to Putin's regime, who will gladly adopt it and then turn around and use the proceeds to further oppress, murder and destroy. It is a net loss for privacy.
When we have a system that could prevent transactions, you'd think the most common use case is to prevent criminals to transact dirty money. But the most common use case is most likely China freezing dissidents' assets and blocking all alternative ways for them to safely emigrate.
It's not about whether Ethereum is American, it's about whether Americans can use Ethereum, or in fact the citizen of any western democracy, they pretty much all have harsh sanctions against NK and Iran. The list of countries that sign up to the FATF list the author was talking about includes the whole of the G20 plus several other countries.
Not anymore, see lack of counter sanctions on oil buyers in India and China of Russian oil. (Even though oil buyers in China have significantly increased their purchase volume and Indian purchases of Russian oil have increased 3100%, not a typo, YoY)
Of course Washington doesn't want to give the Russian, Chinese, and Indian establishments common cause against the US.
The complexities and intricacies of geopolitics (which is both driven and impacted by history, culture, school of taught, incentives,.. etc) are literally like a DC Comic Movie in the minds of some people with United States being the superhero world police who will crush evil with a mighty army and restore democracy and peace throughout the world..
What happened to Dotcom is fairly normal in the case where someone in country X is doing something that violates similar laws in both country X and country Y, more of the damages are occurring in country Y than in country X, and X and Y have extradition treaties.
On the other hand, North Korea is the way it is because they've rejected our neo-liberal ideology. I think much like TOR did for Iraq this would actually move them away from China and closer to us.
EDIT (out of comment quota): I'd hope not but I'm not convinced they aren't. It sure seems to degenerate into that more often than not.
Nobody said it was necessary. Hell, it arguably doesn't count as a rejection of neo-liberal ideology in the first place (see also: Guantanamo Bay, Japanese internment camps, and border camps all previously or currently existing within the archetype for neoliberalism).
Convenient feature especially for countries that are heavily under sanction. Isn't the alleged creator of Ethereum Russian? His father is a Russian computer scientist?
I'm going to be really impressed and surprised if this ends up working (moving ETH to PoS). I'm still fairly skeptical. It seems like PoS has so many issues that come up with additional complexity being added to handle them. Worried it's increasing the attack surface too much and making a system that's not going to be able to be secured. That being said, I hope it works but it's been "two months from merge" for 5 years so hard to say
I have been professionally close to the situation for more than four years, and it has never been "two months from the Merge" before. It was expected to be in about four years about five years ago. That's the most it's been delayed so far, which is impressive in my view given how much novel research has been required.
For anyone curious about an academic explanation of the problems being solved by ETH 2.0's consensus model, see this paper[1] out of David Tse's lab at Stanford.
I'm not closely involved, and was speaking a little off the cuff referencing the perceptions given by casual observers by the hype crowd. Thanks for the info will read the paper linked
The Merge has been a pipe dream for a long time, but at this point, the implementation exists. Multiple testnets have already undergone the PoW -> PoS transition. Some minor implementation issues came up that have been fixed. I'm pretty confident it will happen, it's more a matter of more extensive testing and coordination at this point.
As for when, Metaculus thinks 5 months from now [1], Polymarket thinks 2-3 months from now. [2] If you are truly skeptical about that timeline, you can make money on Polymarket (or virtual internet points on Metaculus).
In addition to what others have said about testnet transitions already being successful, we already have multiple active PoS networks (Solana, Avalanche, Cosmos, BSC, etc.) that have been successfully securing billions of value for multiple years.
Four or five years ago, it was tenable to say “PoS may just never be successful”, but saying that today ignores literally dozens of real world examples running in production.
The targets on those networks are a small fraction of ETH's marketcap. If one had an exploit against ETH2, it certainly won't be "announced" until after launch.
The article does not even mention long range attacks in which large portions of the block chain are rewritten.
This is made extremely hard in Bitcoin through proof-of-work. To rewrite history you must re-do all of the work, which means you burn enough real-world energy to work faster than the entire rest of the network (aka majority hash rate attack). It's allowed, but expensive.
In PoS, there was never any work, so you can just rewrite history.
Every time the subject of Ethereum's move to PoS comes up, it seems this issue is there. The solutions mutate into a head-spinning kaleidoscope of different guises, all rabbit holes in their own maddening way and suspicious on that basis alone.
That this lengthy piece doesn't even mention long range attacks speaks volumes.
Supermajority attestations and block finalization, as well as withdrawal queues, prevent long-range attacks. To attempt to reorg a finalized block (blocks are generally finalized after 6 minutes) you have to commit to losing 1/3 of total staked ether, currently several billion dollars.
The only participants who can equivocate (vote for two blocks at the same height) are active validators so there is significant economic value at risk to pursue such an attack.
Theoretically, if somebody forked the Ethereum PoS blockchain and faked timestamps to catch up to the real chain’s height, would there be any way to know which was the original other than community agreement? Seems like PoW makes it impossible since duplicating the original chain is prohibitively expensive.
Not challenging the solution, just genuinely curious in how PoS works.
Great question, it's not timestamps but attestations (signed validator votes for pairs of checkpoint blocks) that determines the canonical chain head. This fork choice rule, known as LMD-GHOST, is different from PoW which has a "greatest difficulty" rule for determining the canonical chain.
Wasn’t there a recent attack on solana/ solend, where the attacker was willing to lose more than 30% for the chance to cash out and crash solend at the same time ?
The Solend drama was at the app-layer rather than the protocol-layer. Solana also runs PoS but its variant is a bit more handwavy and weaker imo, slashing rules are applied in a post-hoc human decision-making process rather than clear rules enshrined within the protocol.
That you’re getting downvoted speaks to the poor quality of discussion on this thread. To me this is the core issue with PoS. I don’t know enough about it to say if the Ethereum devs have solved it or not, but this is a much more interesting topic than misguided comparisons of PoS to crony capitalism, which is just uninformed.
There's no solution that will give PoS the same objectivity PoW enjoys, but PoS (with slashing and exit delays) is secure against long forks under a weakly subjective model.
Essentially, the solution is to ignore forks whose lengths exceed the exit delay, since such forks can be created without a slashing risk.
The main issue is that new nodes need to start with a (somewhat recent) trusted checkpoint. This does open up some attack surface that doesn't exist in PoW, though in my view it's not much of an issue. If I want to be extra careful, I can always ask several sources for a checkpoint and make sure they match.
> If 51% of validators start censoring, the victims and users can coordinate on a minority soft fork where they build on each other’s blocks and ignore the attacker. On the minority soft fork, the attacker’s deposits would lose millions of ETH to an inactivity leak, and after a few weeks the chain resumes finalizing.
It seems that this could easily be turned around: if enough malicious validators coordinate, they can create a soft fork that burns every honest validator’s stake until the malicious validators have an ever increasing supermajority.
New victims who aren’t validators could try to become validators to fight back, but the colluding validators can just ignore those proposed transactions.
Yes, and thus is exactly what happens is 49% of validates start censoring. The legitimacy of the chain exists on the social level and not the protocol level - just as it does with BTC.
What's new here is the cost as it forces participants (stakers) to choose a side.
Reminds me of the (largely failed) bitcoin XT fork. Bitcoiners didn't choose what was right for the network- they chose the easy path in an attempt to prevent fragmentation and keep the price high.
I have no reason to expect that ETH users won't do the same, just as they did in the DAO hack fork: they just choose whatever fork happens to profit them in the short-term at the expense of the decentralization of the network. Because at the end of the day it's just a money-making scheme to them.
>What's new here is the cost as it forces participants (stakers) to choose a side.
It doesn't force the stakers to do anything. The default behavior is to do nothing and accept censorship, in the same way that the default behavior for Bitcoin was to do nothing and accept small block sizes.
That's not what happened. Bitcoiners defended decentralization over throughput. The argument back then was that we should first experiment with scaling with other solutions and try to innovate as far as possible, and after that see how much actual L1 block space is needed. Now we are starting to see that it was the right choice.
How is LN the right choice for decentralization? you need central relay nodes with a ton of liquidity. Besides there is nothing stopping you from setting up LN over a L1 that isn't cramped, you have a limited throughput of settlement transactions.
Satoshi himself even suggested a blocksize increase. It is really a no-brainier when the cost of storage and bandwidth will continue to decrease over time, especially in a cryptocurrency like Bitcoin where the vast majority of the hashrate is from ASIC farms that can bear the cost of a single node while the rest simply use SPV wallets.
Well, the idea is that most people should be able to run a full node. Even now, you need a quite large SSD to sync and store the blockchain. Ideally, you'd want to run full node on a mobile device. Block size can be increased in the future when it's reasonable to do so.
Even with larger blocks, there's still the issue of latency and throughput. LN offers trustless instant settlement with very high throughput. Everyone is able to run their own node and open channels, so it doesn't really depend on any central third parties, even if there's some degree of concentration of liquidity. There should always be multiple routes and it should be possible to circumvent any bad actors. And obviously, L1 is still available for everyone.
In addition, there are other L2 solutions such as fedimints and statechains. The beauty of layered architecture is that there can be multiple competing solutions on L2, and L1 can be kept simple, secure and decentralized.
Doing nothing is still a choice, and will result in their stake being slashed in the non censored "fork". If socially the non censored chain is deemed legitimate, this is a negative outcome that cannot be undone - hence a "commitment".
Without slashing, miners do not have to make any commitments - their funds are duplicated in both chains and they can switch to mining whenever they like.
That's the social consensus, or "L0 consensus". It's a fork, so on only on this fork the attackers would lose the ETH.
The social consensus means that actual humans, in front of these 2 forks of ETH , the original chain being attacked, and the one where all the attackers stake has been deleted so it's safe (and also non-attackers "richer"), humans would call the latter "Ethereum" and use that. And the former would fall into irrelevance.
Suppose I stake enough ETH to create a fork that passes muster (which may include quite a bit of inactivity penalties for the honest folks, etc). Then I validate honestly, withdraw my stake, and launder those ETH for different ETH.
Now I make my anachronistic fork. I use those same private keys, invent inactivity penalties for everyone else, etc.
This fork is of dubious value. If I publicize it, anyone can prove that cheating happened, although I can’t actually be slashed because, on the real chain, I’ve already withdrawn and, on my chain, I won’t slash myself. Anyone who looks at (centralized!) websites will know my chain is fake. Anyone who sees both chains will clearly know that funny business happened.
But perhaps I can fool a node that was simply offline during the attack. As far as a regular node is concerned, both chains are a bit funny — slashable votes occurred. But I can probably fudge my chain so it wins over the real chain, and I can potentially attack my victim node.
The best part of this attack is that it cost essentially nothing. The computing resources I used are negligible. I spent 0 ETH, although I needed access to some private keys that required having money at some point to obtain.
At least with PoW, I need a lot of hashing to do this.
Sure, the L0 consensus means I’m unlikely to be able to double-withdraw $10bn from a pair of exchanges, but that’s a pretty weak argument for using Ethereum over a centralized system.
Any reasonable implementation of classical consensus isn't susceptible to Sybil attacks. You manually select which peers sign transactions for you, in the same way that you manually select CA's to sign TLS keys for you.
Manually selecting peers doesn't prevent sybil attacks, it just moves the problem one layer up (to the social level).
Either you have some trust in all participating parties or you don't. Classical consensus algorithms assumes the former. Achieving consensus when a percentage of parties cannot be trusted and may even be bad actors is a seperate problem.
The problem is already on the social level, it's just that in Classical Consensus, trust is established explicitly. Whereas in Proof-Of-Stake, it's established implicitly by means of controlling monopoly money.
If the stakers disagree with each other, or if the users disagree about who ought to be stakers, then that's a social problem. That's really no different than the problem of notaries disagreeing with each other or with users disagreeing about who ought to be notaries.
The difference is that in PoW, Miners have to stop when it becomes unprofitable for them (due to economies/dis-economies of scale). PoW is decentralized so long as normal people have great economies at a small scale (They have free access to electricity, they are using hardware they already own anyways, they would pay for heating anyways). In PoS, Stakers just get more and more power.
I have seen description like this so many times, but no guide seems to describe exactly how everything is done in decentralised way.
"The validators for each slot are assigned to committees". By whom? Also what if there is network partition for these 12 seconds. It's not very unlikely that some country could be completely cutoff from the internet for some time due to anything from natural or political reasons. Could there be recovery after this? At least in PoW, it is clear on what could be the possible scenarios.
Generally we've described this sort of research as "review resistant", rather than being secure in some classical sense. How Ethereum and other cryptocurrencies actually work is often eagerly explained but completely unfathomable on closer inspection. Concerns raised are fixed with additional complexity repeatedly until the reviewer grows weary of attempting to piece it together. Consequently there's sufficient conflicting descriptions that I don't think anybody has any hope of successfully understanding the system as a whole, much less being able to come to conclusions about its security.
How can this argument be made in good faith? The spec is open source, all the clients are open source.
Furthermore, it's implemented and running. You could argue that someone in particular has made a poor or incomplete explanation of how it works but not that they way it works is unfathomable or being patched as your speak. It's already implemented, go look at the code if you don't want to believe what anyone says.
If the spec is open source, how can you say all the clients are open source? Or do you simply mean there are open source clients one can inspect and use?
That's a gross misrepresentation of how it works in the real-world.
Do you believe the same about cryptography? Since you can't understand it, and few really understand the full system, algorithms and functions, it must be "review resistant" rather than actually safe to use?
Cryptography has mathematical proofs of the underlying math that are rigorous. There are constraints such as breaking if a proof of an attack against the discrete log were to emerge or other constraints related to p=np.
The implementations are also very close to formally verified if not fully formally verified.
Nothing is perfect but cryptographic code has to be pretty bulletproof or a lot of systems would get owned. The descriptions of how to verify cryptographic systems are academically and professionally rigorous especially compared to eth.
Caveat: sometimes the underlying systems that cryptographic implementations utilize change degrading their guarantees. There have been times where the compiler will get updated and cause what was a branchless process to branch which could lead to information leaks against a dedicated attacker. Thankfully such examples are rare in the literature.
> The implementations are also very close to formally verified if not fully formally verified.
So is Eth2, see "Formal Verification of the Ethereum 2.0 Beacon Chain" by Franck Cassez, Joanne Fuller, Aditya Asgaonkar, paper (https://arxiv.org/abs/2110.12909) and source code (https://github.com/ConsenSys/eth2.0-dafny). More efforts to formally verify Eth2 is ongoing as well, by different entities.
> Nothing is perfect but cryptographic code has to be pretty bulletproof or a lot of systems would get owned
Same with Ethereum. The chance of having a major impact with a vulnerability is even higher I'd argue, as you can easily extract currency you can trade for USD, and the entire network is inter-connected, so finding targets to exploit becomes even easier.
Point still stands that cryptography goes over a lot of peoples head, but you don't hear those people complaining that because they don't understand it, no one does.
I mean, I think this really depends on how you define ethereum. I think we all agree that there hasn’t been an effective attack against the consensus mechanism in a while (we could argue the original dao was sort of a successful attack against all of eth due to the hard fork).
This is kinda where I’ve gotten to on this: consensus is pretty much safe. Smart contracting is very hard to do safely.
This is not unlike the guarantees in general computation. The metal is pretty safe. The further you get away from the metal, the more layers of abstraction you’re relying on functioning predictably.
To be clear, I’m not arguing with you and appreciate your point about formal verification of eth.
I respectfully disagree. While some cryptographic primitives are surely based on some sound math, building cryptographic systems is very hard, and when built, they ane not generally proven to be correct.
Some attacks involve influencing source of randomness, whereas proofs simply assume random unguessable numbers, for example. You correctly mention unintended degradation, that is another pretty serious concern, but even when built first, most systems are incorrect, faulty and unsafe.
Proving systems to be correct in computer science is far from settled matter.
I would say that it really depends on how you think about "the system."
If the hardware is in-scope for the system, you're generally out of luck at having provable guarantees unless you're willing to operate a foundry and courier your own products.
I think it comes down to threat modeling. You have some threshold where it's unreasonable for someone to attack a system for less than $X spend. Right now on iOS I think that's on the order of $500k-$1m usd.
There is a perfectly good mathematics-research-level question that was review resistant for a long time: the fabled solution to the ABC Conjecture, and that is still a controversial topic since the author still claims his work is, in fact, a solution despite reviews.
I wager Ethereum would be much the same if a researcher came around to say "This is actually wrong." It would be happily ignored by the authors.
Considering that Eth2 also have about 7 clients that work today (with more being worked on), the specification is clearly understandable by at least 7 different entities, further eroding the argument that Eth2 specification is so complicated no one actually understands it.
Most of the linked spec is pseudocode - actually it looks like valid python code. So to be fair I highly doubt you'd need any understanding of what it's actually doing to successfully implement that spec. Just like I still have no clue how Quaternions work, yet I've implemented them multiple times.
That's just a random function description. The main thing here is how is seed calculated and analysis of whether it seed is safe from network partition, DDoS, malicious attack, nodes being offline, forks etc.
But isn't that a great description of our current banking system as it is today? Not everyone knows everything, somehow it works, complex, etc. However, still so woefully insecure.
Great questions, should have explored the randomness beacon more. Ethereum uses [RANDAO](https://github.com/randao/randao), which is a distributed commit-reveal scheme where participants in the generation post a hash of their data on the commit portion and then at a later timestamp reveal the data preimage, and get slashed if they do not reveal a correct preimage. Then all participant data is aggregated together. This means if there is at least one honest participant the generation will be random.
A supermajority (2/3rds) of validators is required to finalize a block, in case of a 50-50 network partition blocks would stop being finalized and attestation rewards would stop. Non-participating validators would slowly leak stake through the inactivity leak until online validators once again had a supermajority. This is the "self-healing" mechanism that allows both safety and liveness.
> One validator is randomly selected to be a block proposer in every slot. This validator is responsible for creating a new block and sending it out to other nodes on the network. Also in every slot, a committee of validators is randomly chosen, whose votes are used to determine the validity of the block being proposed.
Maybe I am stupid, but at least to me its not obvious how one would randomly select a member in a decentralized way, assuming some actors are malicious?
There are tons of different ways of doing so, with their own set of pros/cons. I'm not familiar with exactly how Eth2 does it, but I suppose your curiosity is a general one, not specific to Eth2, so here is how it works for Algorand as an example using VRFs (Verifiable Random Function):
> The VRF takes a secret key and a value and produces a pseudorandom output, with a proof that anyone can use to verify the result. The VRF functions similar to a lottery and is used to choose leaders to propose a block and committee members to vote on a block. This VRF output, when executed for an account, is used to sample from a binomial distribution to emulate a call for every Algo in a user’s account. The more Algos in an account, the better chance the account has of winning – it’s as if every Algo in an account gets its own lottery. This method ensures that a user does not gain any advantage by creating multiple accounts.
The search term you're looking for is "decentralized leader election", searching for that on Google or Google Scholar gives you bunch of results ranging from random musings to academic papers.
I tried to search for it, but can't find any concrete example assuming malicious nodes. There are many edge cases to cover here like who gets to set the secret key or any parameter. What if nodes get offline. What about things like DDoSing the node.
For Algorand, the answer is in the very paper I linked:
> If the network does stall, either from network outages or malicious behavior, the nodes go into recovery mode, waiting for recover messages. Individual nodes will send these messages to signal to the network that it should either continue processing the last known block proposal or to propose a new block. When a quorum of votes is received for either one of these messages, the system will revert to normal operation. In the case of malicious behavior, the protocol may select a new leader. In the case of network outage, the current block will continue to be processed or a new block might be proposed.
For other blockchains, the answer will depend on their implementation. It's likely you're gonna have to understand the underlying protocol before you can understand the potential threats, and consequently how the protocol addresses those threats. So for other blockchains, your best bet to understand what happens in the case of malicious nodes, is to understand the whitepaper describing the protocol.
One simple algorithm, just to convince you that this is possible, would be as follows:
* All of the members generate a key-pair, and introduce themselves to each other with their public key as their identity.
* After a certain time interval, all members individually pick their own random number, and publish just the hash of it, thereby "pre-committing" to it (signing it with their private key).
* Once all the hashes are known, the members reveal the random numbers that were the inputs (and the other members check that they hash to the pre-committed values).
* The members then XOR all the random numbers together (and then maybe hash the result) to produce a single final random number.
* That random number is reduced modulo the number of members, producing a number which is then used as an index into the list of members (sorted by public key).
There are edge cases with malicious or badly connected nodes potentially dropping out at each stage, so this requires a bootstrapped consensus system that can agree on which nodes are bad and punish them financially.
It's not entirely up to date (none of the annotated specs are) but out of the three annotated specs I'm aware of, it's the one that is most focused on explaining how things work. Vitalik's annotation (linked in another comment) places a particular focus on the reason specific constants where chosen.
Heres my understanding of it: committee assignment is random, as in baked into the protocol, similar to how a validator is selected for a block (i.e. randomly).
While only one validator creates the block, others create attestations which I understand as duplicate work done to check the chosen validators produced block.
If an entire country goes down, those validators fall out of the active set and assuming some majority is still active they'll produce and verify blocks.
Incorrect state is rejected by the majority, and the minority is punished (slashing their stake).
Full disclosure, I'm not an expert - just an enthusiast interested in these protocols. Would love for someone more knowledgeable to correct my mistakes. I'm also not arguing for or against anything here.
> Incorrect state is rejected by the majority, and the minority is punished (slashing their stake).
That's wrong. Also the state of those validators that are separated from the larger network is not wrong it's just not the same as what the majority considers the state.
They will be on a forked chain of the network. But for being on a fork, no validator is slashed. They will only lose out on the rewards they would have gotten on the majority chain.
Validators are only slashed if they try to vote for the same slot/blockheight on different forks of the chain.
I think that depends on how long the validators were cut off from the majority of validators.
Ethereum's POS has a concept called finality which means that under certain conditions the blockchain gets checkpoints that can't ever be reverted. Somewhat simplified but the the blocks are finalized if 2/3rd of the validators validated the last 64 blocks. So, normally after about 13 minutes you can be sure if the transactions are set in stone or not.
If the cut off validators are reunited after not too long, they won't have been able to finalize any blocks and then they will just throw away the part of the chain they have been building since they were separated from the majority. As far as I understand it that's quite similar to a reorg on a POW blockchain.
The other case, if they've been separated for a very long time, the situation is a bit different. If you don't follow your duties as a validator, you get penalized. A little of your staked ETH is burned. Note, that's not the same as slashing (which is much harsher) and if your staked ETH balance falls below 16 ETH, you're kicked off the list of validators. This is so that active validators will be able to reach again a 2/3rd majority after a while and be able to finalize blocks. If this happens to our cut off validators, even if they get access to the other validators data again, they can't reorg the blockchain as their blocks have been finalized.
In this case, the admins need to manually reset the data so the validators can rejoin the correct chain. This is a known issue which POW networks don't have. There you can always rely on the chain that has the most work done. But the work is cheap and fast in POS networks so you sometimes need to get external info and verify it by hand.
1: The definition of an acceptable transaction is a part of the protocol. Being a block validator or attestor doesn't let an entity change the rules of the protocol.
2: intentionally excluding transactions from the Blockchain (essentially censorship) causes economic harm to the PoS censors and is ultimately futile.
The fine article discusses both these points in more depth (mostly in the misconception section).
Essentially stake in a proof of stake system is used to punish selfish/destructive behaviours and reward honest cooperation. Participating in that system does not create a 2 tiered system of participants where one tier has powers the other doesn't not. Nonstakers simply do not aid in the production of blocks and therefore the incentive mechanisms of block production do not have any impact on them.
"The idea of CPUs, GPUs, and ASICs churning away in a mathematical competition to find hash preimages the fastest has an egalitarian elegance to it. Sovereign individuals where individuals running home gaming computers can compete with nation-states for the right to earn 6.25 freshly minted BTC.
Unfortunately, ASIC supply chains are easily controlled by import/export regulations, not to mention a dangerous dependency on Taiwan. The need for cheap, abundant energy is another weak point that prohibits individuals from running discreet mining setups. And because we have not yet entered a post-scarcity utopia, you need upfront capital to purchase mining rigs. Worse, technological advances mean miners are constantly required to upgrade their setups to remain competitive, meaning the supply chain dependency is an ongoing weak point if things ever go south.
PoW can be thought of as a specific instantiation of PoS, where users stake capital to purchase mining rigs that then compete for the block proposal rights. Your staked principal can be withdrawn at any time, but its value follows a decay curve corresponding to the current market value of your computer chips. The need for upfront capital is identical in both PoW and PoS, the key difference being that the capital is forced through a computer chip supply chain in PoW while it can be purely staked in PoS."
Decide on what? They are not governing the protocol or restricting who can use it, only proposing blocks and submitting attestations. They have limited capabilities to make changes in the ledger, and if they do enact undesirable changes they risk their capital being slashed. If you as a user wants to participate in protocol validation and its rewards without staking 32ETH, you can use a decentralized staking pool like RocketPool.
As of yet there are no sound methods of securing a public ledger without either PoW, PoS or PoA. Bitcoin uses PoW, most central banking and traditional payment processors use PoA, Ethereum will soon use PoS.
1. As you said, it was compute-rich before, and native token-rich now. I see it that way: the difference is that your richness is now a part of the protocol which allows it to e.g. punish bad actors (aka slashing) which isn't possible in PoW scenario where attacks can continue indefinitely.
2. Validators don't solely decide rules of execution: full nodes do. If you, as a validator, try to break the rules (double spend, incorrect execution, etc.), full nodes won't accept this new world view and discard it. So providers like Infura which most users (currently) use will continue working as expected and the canonical chain won't be damaged.
So what? Pardon the pun, but what is at stake here?
It's not that the those proposing blocks can change the rules of the game, validators are only there to ensure that rules of the game are being followed.
> ‘The law, in its majestic equality, forbids the rich as well as the poor to sleep under bridges, to beg in the streets, and to steal bread.’
Relative wealth changes because both parties need to eat and, assuming ETH becomes a usable currency, the poor will have to take a larger relative portion of their staked ETH and spend it to buy food.
Edit: Though, to be clear, this is hardly Ethereum's fault.
True enough, but that is more than counter-acted by a larger number of opportunities existing for small amounts of capital. As a person's capital holdings grow larger, it becomes progressively harder to find investments that can absorb a significant share of their capital. That means having to find multiple superior investment opportunities to divide their investment capital across, to fetch high rates of return.
The empirical evidence does not suggest that capital investment is a process that is inherently inequality generating. Capital's share of income has actually declined in the G7 when you exclude housing (see Figure 3):
Ahh proof of stake, the nail in the coffin of decentralization.
What did you say? the more you have of the capital the more you influence the system? what a novel concept!
Monterey and legal systems based on structures that are at least partially built to take care of the needs of people of similar culture and geographic area? YUCK!
Machine enforced plutocratic system where early adopters and syndicates have absolute power?! SIGN ME THE FUCK UP!
The internet is this way. The reality is more about peering agreements and CDNs than a neutral decentralized computer network. But it is still decentralized, just primarily among a few big players.
Very large ETH miner here. It is less challenging than you think. I'm not saying it is easy, but it is definitely doable with the right team of people.
Is it? Or are you letting perfect be the enemy of good?
Cryptocurrencies might not be perfectly immune to centralization, but even with their problems they're far less prone to centralization than any other sort of currency short of reverting to gold coins or seashells - and you can't exactly use gold coins and seashells for online payments.
I disagree. If you can design a PoW system where the distinguishing factor between profitable mining and unprofitable mining is the depreciation of generic hardware, then the public will generally have control over the network so long as the public owns most of the world's generic computing power as opposed to some special interest group like ASIC miners.
This is exactly what Chia (https://www.chia.net) has done by using hard drive storage space to hold the proofs. This allows the generic hardware of general purpose computers with hard drives to operate profitable and energy efficient full nodes on the network. Especially if these are existing machines people already own. Also, the computing infrastructure needed to farm (mine) the plot files (files holding the proofs) is minimal enough that it can be run from a Raspberry Pi.
The move to PoS is the most brutal attack Bitcoin ecosystem will face, there will be no reason why regulators wouldn't ban PoW currencies, this is why expect all sorts of 'motivated reasoning' coming out from the BTC citadel.
PoS does not give you any power to change the rules of the system, it only makes sure that those who are invested in the system get (slightly) rewarded for good behavior and (heavily) penalized for bad behavior.
This is the prevailing theory but in practice I'm not sure it will work. Ethereum forked early on due to someone stealing some money from The DAO. In reality the exchanges/large corporate owners will be the ones doing network validation, and they will be the ones most easily leaned on by their respective governments. If a government(s) says "you need to veer off this version of Ethereum and run your own", the chain will fork. It looks to me that proof of stake defends against small time actors, not activist shareholders or government regulation.
Ethereum's fork was at the social layer, and whatever om chain consensus mechanisms cannot prevent that. Even with the fork, ETC still exists to this day.
The difference with slashing is that forking is no longer "free" as each fork penalises members who only support the other fork.
Let's consider your example in PoW and PoS with slashing. In PoW both chains would continue and miners can freely switch - their funds are also duplicated. In PoS those that support each chain will eventually be locked in, and penalised if the other chain "wins".
This doesn't prevent all (or effectively enough) stakers being coerced/forced by a powerful enough entity, but that's a social problem that no consensus algorithm can resolve - just as if effectively everyone was a bad actor.
That “bad behavior” is precisely what the above poster meant by “changing the rules of the system.” If you or a syndicate have a large enough stake, you can manipulate the transactions which occur.
"By large enough", you mean 67% to attempt to do it with some chance of success, and if it fails it gets slashed.
Not to mention that no one would be interested in using any network where this level of centralization could pose a real threat, and the most likely outcome of such a scenario would be a loss of the value of the native token.
...but if it succeeds, then everyone else gets slashed. The network has no concept of "truth". PoS doesn't fix this, it just puts all your eggs in one basket.
Who would be interested in using any network which exists only for the profit of the existing stakeholders? Why not just fork it?
Forking it is the real threat. If some entity does end up controlling 67% or doing something the community does not agree with, people will just stop using the chain.
Well, the problem with this is that the misinformation stays around, influencing future discussions when it comes up again, when people keep repeating the same thing over and over.
It would be more interesting to discuss new flaws in the protocol, or things that generally haven't been discussed before.
Do you think that I mean direct influence? that they can reprogram contracts? Don't straw man me.
Large miners do have power, the power to destabilize the system. The same power large POW syndicates have that delays POS will be there in POS only in a more direct literal way.
What do you think will happen if a more decentralized verification system will be proposed once there are people and institutions that will have large sums of invested money and effort? do you think that they will just give away the financial power they have? this is not how any system involving human works and cryptographic technology is not going to change that.
"machine enforced plutocratic system where early adopters and syndicates have absolute power"
Also applies to, e.g. USD spent on amazon, casting votes in bipartisan elections, paying taxes, etc.
It is a fundamental aspect of modern capitalist organization of wealth. It is worth assessing the rate at which it is being concentrated, which for USD is a historically unprecedented rate.
Let me know when ETH gives interest-free borrowing, debt forgiveness, bankruptcy bailouts, years of quantitative easing, 10x leveraging of capital etc. but only for the richest 100 or so ETH holders...
It's easy to believe in M1 and even M2 USD, but when you look at M3 and FR policy driving continuous unending inflation, I think you'll find proof-of-stake to be Robinhood level egalitarian by comparison.
Btw you can stake less than 32 eth on plenty of services.
I don't know what you are trying to say here, but know this:
ETH and USD are not comparable. The US Government secures real-world business operations themselves, while cryptocurrencies merely secure payments.
Who pays the price of USD inflation? It's largely not Americans. It's a net transfer of wealth from the satellite economies (that the USA secures through its military presence) to the USA. Not to mention, (an appropriate amount of) inflation promotes actual spending.
Cryptocurrencies are not economies, they are merely payment networks. They should be useful as payment systems. They should primarily serve to provide value to those using them as payment systems, not investors, developers, inside traders, stakers, miners, or any other middleman. The moment that it's more favorable to become a middleman than to use cryptocurrency for it's intended purpose is the moment that the dynamics of the system switch from payment network to ponzi scheme.
Cryptocurrencies SHOULD NOT favor early investors. They SHOULD have inflation in the form of a block reward, which ensures the security of the network for those that USE cryptocurrency at the cost of those who merely OWN it.
> the more you have of the capital the more you influence the system?
You can influence the payment processing. And if the crypto would allow false payments, it’s value would immediately drop to zero. The more money you have invested, the higher your incentive to keep it’s value stable.
PoS validators have the power to propose new blocks and attest to the chain head. They cannot change the state transition function to allow false payments, just as BTC miners cannot use their block proposal power to mint arbitrary coin amounts.
If it's like BTC, then can't you spend coin, then attest that a different head was the correct chain, thereby undoing the transaction? (Assuming you have enough hashing power / staking power to get people to believe a different head)
Great question, PoS actually has stronger guarantees against double-spending than PoW does. For PoW you just need to temporarily rent enough hashpower to do a mild reorg.
PoS has a concept called "block finality", where once a block has been marked finalized it cannot be reorged without committing to getting slashed for 1/3 of total staked ether (several billion dollars). Blocks typically get finalized after 6 minutes. This is possible because you can explicitly check whether validators have voted (attested) for two separate blocks at the same chain height.
keep the value stable or keep the value high? two very different things; For example I'd argue Bitcoin's high L1 transaction fees keep the value unstable, but higher.
It is not obvious to me that an agent with higher investment should be allowed to notarize the payments. The system should generally work for the benefit of the users, not the HODLers, developers, miners, stakers or any other special interest group.
P.S. I think PoS is a major downgrade in decentralization. At that point, you might as well just use classical consensus: it's more secure as your relationships with notaries are explicitly established as opposed to choosing whoever happens to have the most coins.
>>the more you have of the capital the more you influence the system? what a novel concept!
That is exactly how Proof of Work works as well.
What makes PoW and PoS implementations like Ethereum's capture resistant is that they are governance-free, so capital is NOT used to influence governance. It is only used as a signal that is costly so as to prevent Sybil attacks.
The "Move" to POS breaks the myth of the system being immutable and "governance-free". The people with a lot of stake in the system can change or prevent change to the system.
One of the major reasons that POS takes so long to implement is that individuals and syndicates that have invested a lot of money in to POW infrastructure block it and warn that it "doing it hastily" will harm the stability of the system. And they are right, it will harm the stability of the system because it is centralized and is governed by the individuals and syndicates with the most vested interest.
>>The people with a lot of stake in the system can change or prevent change to the system.
This is very misinformed. There is no governance by stake vote in Ethereum. The protocol is immutable absent a user willingly updating their node software to run a different protocol.
Stake is used exactly the same way hash generation hardware is used in PoW: to determine what share of blocks a person produces. This is safe in both Ethereum PoS and PoW as long as the assumption that 51% of block generation capital (stake, and hashing hardware, respectively) is controlled by honest parties holds true.
I can't see governments allowing PoW to continue to exist in our current climate (in all senses). How would Bitcoin ever move over to PoS like this? Would it just be a Bitcoin hard fork?
Current Bitcoin usage is literally a rounding error of global energy usage (0.1%) and if wildly successful would still be < 1% of energy usage. https://www.lynalden.com/bitcoin-energy/
If Bitcoin moved to PoS it would be fundamentally different. It might work for other coins since they aren't as decentralized.
> Instead, proof-of-stake mainly seems less suitable for a decentralized and censorship-resistant global monetary asset, especially when considered along with the issues that I’ll describe in the second half of this article about stablecoins. Proof-of-stake is inherently equity-like rather than money-like, compared to proof-of-work
> Current Bitcoin usage is literally a rounding error of global energy usage (0.1%) and if wildly successful would still be < 1% of energy usage. https://www.lynalden.com/bitcoin-energy/
That author doesn't seem to actually understand the scale of financial transactions in the world. Right now, there are about 300,000 Bitcoin transactions per day. The author defines Bitcoin being "wildly successful" as a 20x increase. Right now there are over 1 billion credit card transactions per day alone right now. If Bitcoin grew by 20x it still would be a drop in the bucket of global transactions but using up a relatively huge percentage of the world's energy compared to it's share of financial transactions. The author also justifies bitcoins energy usage by saying it's similar to Google's. But Google serves billions of people everyday and Bitcoin is used by a very small subset of people.
The average US adult does 2.3 financial transactions per day.
The all time high number of bitcoin network transactions in a 24h period is a bit less than 500k.
The busiest day for Bitcoin usage worldwide is roughly equivalent to the population of Modesto, CA.
Blockchain occupies so much of the conversation and generates such incredible amounts of hype very few people truly understand just how insignificant it is in terms of not only the global financial system but also the internet. As you say billions of users and billions of transactions.
It's almost as though people forget these networks are completely public and open - adoption numbers for any chain are a blockchain explorer away.
She does write about this topic as well, it is worth reading the full article. Bitcoin can never be used directly for all the world's financial transactions since it is not capable of that throughput. But those transactions can use things like the Lightning Network that is built on top of Bitcoin. Bitcoin is useful as a final settlement layer, more like how banks use Fedwire today.
That is assuming it scales linearly, which is not necessarily true. It would only be true if the value of BTC went up such that more miners were incentivized to join the system. In BTC, there isn't a 1:1 direct correlation between energy spent and transactions processed.
food waste generates 60x more emissions than Bitcoin, yet nobody is freaking out about that, which makes me think people are just riding the ESG bandwagon
Gold mining? What does gold mining have to do with the financial system in 2022? It's funny how Bitcoin's "goldbug" roots crop up from time to time in these discussions.
It also processes several orders of magnitude less transactions, and does so much slower (and at a higher cost). Please stop posting misleading claims.
Even if the 0.1% figure is correct, I find it a lot of energy (and growing) for something found useful by so few. Reducing it to a percentage and saying it's ok because it's within a rounding error is like taking the entire population of New York City (8.38 million), killing them all, and saying it doesn't matter because it's "literally a rounding error of global population (0.1%)".
It's actually a soft fork to change the consensus method believe it or not, even changing to a new proof of work scheme is completely backwards compatible. It's not a good idea and it's sort of ridiculous, but it is technically doable. If you felt inclined, we could change the transaction format, switch the scripting language to x86 assembly, issue new currencies- all in a soft fork.
How is it backwards compatible? Clients cannot continue to secure the protocol by hash mining after switching the protocol from PoW to PoS. Bitcoin moving to PoS would probably lead to a hard fork and split - two protocols, one where some group want to stay on the PoW fork, and another where some group want to migrate to the new PoS fork.
You define a consensus rule in NewStakeChain that it must include within it a valid block for OldChain that contains no transactions, or otherwise causes damage to the network by making it unusable such as a reorganization proof. Once the OldChain network has been destroyed by the new one, the consensus rule can be relaxed and there no longer needs to be POW completed by anybody.
This specific example works and is economically rational because miners could make a PoW block and get its reward, or they could make the no transaction attack block and get its reward, plus the reward on NewStakeChain for submitting the proof.
Nobody would be mining OldChain so it's difficulty would be irrelevantly close to zero, you'd just just drop the requirement for POW down to something effectively gone. I said it's contrived as anything, but it's all technically possible if you mess with the incentives and intentionally create really perverse systems. That's the messiest of them though, changing the transaction format, script language, issuing new coins or whatever is pretty clean in comparison.
> Nobody would be mining OldChain so it's difficulty would be irrelevantly close to zero, you'd just just drop the requirement for POW down to something effectively gone.
Why would nobody be mining OldChain? You can't remove the block reward or change the difficulty without a hard fork. PoW miners would still decide which blocks are mined and reap the rewards (block reward and transaction fees). You haven't actually proposed a solution that wouldn't require a hard fork.
You can remove the block reward as a soft fork, the consensus rule for Bitcoin and its derivatives is a maximum. Even if it wasn't, you can soft fork in a rule that the block reward should be spent to somewhere invalid, or paid to a particular person.
That doesn't work, unless 100% of miners accept your rule change forever (aka impossible). It would only take a single miner to keep mining using the old rules and this miner would reap the block reward / transaction fees. An old Bitcoin client would follow the chain created by this miner, wouldn't it?
> Is there any precedent for this? Have governments ever ruled on how people can use their computational power?
Yes, they have. For instance, the DMCA is a USA law which, among other things, forbids people in the USA from using their computational power to circumvent an access control system (for instance, by brute forcing a cryptographic key) which happens to be preventing access to a copyrighted file. An older example is that encryption within France used to be severely restricted (quoting from https://www.theregister.com/1999/01/15/france_to_end_severe_... which is from before the current laws: "Until 1996 anyone wishing to encrypt any document had to first receive an official sanction or risk fines from F6000 to F500,000 ($1000 to $89,300) and a 2-6 month jail term. Right now, apart from a handful of exemptions, any unauthorised use of encryption software is illegal. Encryption software can be used by anyone, but only if it's very easy to break.")
More generally, governments have banned inefficient light bulbs, appliances, and cars. Banning PoW ASICs would be no different. PoW on GPUs would be harder to ban.
> How would Bitcoin ever move over to PoS like this? Would it just be a Bitcoin hard fork?
I believe it would be possible for Bitcoin to migrate to proof of stake with a soft fork, similar to how they migrated to SegWit. A majority of nodes (both non-miner full nodes and miners) would have to upgrade to a version which rejects blocks which do not contain a proof of stake together with the current proof of work; non-upgraded nodes would ignore the proof of stake but would still accept the blocks as valid since the proof of work is valid (this is the key difference between a soft fork and a hard fork; on a hard fork, non-upgraded notes would reject the new chain). And to get rid of the proof of work, the block intervals would have to be tweaked to make the network appear to be running slow (for instance, making every block take one minute longer, either on reality or through clever manipulation of the block timestamps), so that the difficulty adjustment gradually reduces the difficulty, until the (now vestigial) proof of work becomes trivial to compute.
> There are two key equivocation rules a validator must follow, taken from the Gasper paper:
>
> Double vote - no validator makes two distinct attestations for the same target block
>
> Surround vote - no validator makes an attestation that surrounds or is surrounded by a previous attestation
Which are both punished by having the saked ETHs being "slashed" (32 ETHs staked, you end up losing 16 of the 32).
I never understood that: it opens a door for a huge attack in that it's now impossible to safely "stake". Ethereum devs says you can safely stake in that staked ETHs aren't at risk of being stolen (the key to stake and to move the ETHs aren't the same, so it's impossible for an attacker to steal the 32 ETHs) but...
An attacker accessing a staking node can, on purpose, double vote or surround vote to get the ETH slashed. The difference between losing 32 ETHs or 16 ETHs is not that big (sure, in the case of slashing at least the attacker doesn't get them, but for the person losing the ETHs, it doesn't make a huge difference).
So it's impossible to stake without risking your ETHs getting slashed, even if the staker is honest.
Here's my prediction: we'll see exactly that attack on slashing nodes, people are going to lose ETHs and we'll see excuses to the tune of "you didn't securize your node well enough".
I do think it should be possible to stake without that risk (just as it is possible to hold the private keys to cryptocurrencies on hardware wallets because, well, computers are all too often insecure).
Here's another prediction: some are going to come up with HSM to stake ETHs (maybe they already exist?). The risk of getting people's ETHs slashed is just too big.
> So it's impossible to stake without risking your ETHs getting slashed, even if the staker is honest.
I mean, the entire point of staking your ETH is to say "Hey, I'm willing to risk these ETH to \"prove\" that I'm a honest validator and that my node is secure. If I fuck up, I'm willing to accept the punishment". Without risking those ETH, it means nothing to stake ETH, and would break down the idea behind it.
I'm not sure if you fundamentally miss the idea behind staking, or if I'm missing something obvious in your critique of staking.
Wait... Couldn't the same argument be used simply to move coins? "My keys, my coins. If I fuck up by holding my keys on an insecure computer, I deserve my coins to be stolen.".
Yet there are HSM / hardware wallet so that it becomes way harder to "fuck up".
There's a difference between a nefarious actor having its own ETH slashed and a nefarious actor finding a way to have an honest actor's ETH slashed.
Isn't it possible to imagine secure hardware device to stake ETHs instead of having to run validation code on general, insecure, purpose computers which gets owned all the time?
I literally mean that: the same as hardware wallet to stake/validate instead of sign transactions.
I think you got my critique right: I find it's folly to stake on general purpose computers.
> I think you got my critique right: I find it's folly to stake on general purpose computers.
Validators are not supposed to run on general purpose computers you use for other things, they are supposed to be extra hardened against attacks, as they WILL be targeted. A validator won't be running on the same machine someone does general web development on, where you download random packages over npm for example. If someone does run a validator on a machine where they are randomly trust 3rd party code from a public registry, they have zero sense of security.
If you run them in a hosted server environment, you better trust that environment to be really secure. If you run it at home, you really need to know what you're doing in regards to software, hardware, networking and physical access.
Just like you're not supposed to run production banking infrastructure on home computers, validators are not supposed to run in that environment either.
> Wait... Couldn't the same argument be used simply to move coins? "My keys, my coins. If I fuck up by holding my keys on an insecure computer, I deserve my coins to be stolen.".
Yes. The blame of coins getting stolen is often laid 100% on the victim. Who would have thought that being a bank is hard? /s
> There's a difference between a nefarious actor having its own ETH slashed and a nefarious actor finding a way to have an honest actor's ETH slashed.
Only for the owner of those ETH. For the network, they don't look different. Because of the decentral nature I don't think the network can even have a different view.
> I think you got my critique right: I find it's folly to stake on general purpose computers.
The part about general purpose computers wasn't clear from your original post. I too read it as "staking is inherently unsafe in general".
> An attacker accessing a staking node can, on purpose, double vote or surround vote to get the ETH slashed.
What is the incentive for them to do that? If the node is secured physically they would need to break into a person's house and decrypt whatever security setup they might have in place. The whistleblower reward is typically fairly small, probably not worth the criminal behavior.
They could be short trading ETH. They could just want to create havoc. Why did people deface websites long before online ransoms were a thing? I don't think bad people need many incentives to do bad things. I may be wrong of course.
> If the node is secured physically they would need to break into a person's house and decrypt whatever security setup they might have in place.
But that's not how most exploit work. Most exploits, and by very far, are 100% software.
I mean: it's for the very reason that computers aren't devices to be trusted that many are protecting their coins using hardware wallets.
I don't know what software is needed to stake Ethereum but I'm pretty sure it involves a huge software stack.
Seriously: I don't understand how, on one hand, there are people holding the keys to move their ETHs on hardware wallets who are, on the other hand, staking these ETHs on a purely software stack. It makes approximately zero sense to me.
If you're certain your node can be trusted to safely stake your ETHs (as in: there's not risk of your ETHs getting slashed in two), why bother with a hardware wallet? Just keep the private keys that allows to move your ETHs on your node too, because you consider it's safe anyway?
I don't know: I may be all wrong on this but it sure makes no sense to me.
In Eth2 PoS the validator has two keys: signing key, and withdrawal key. They are derived from the same mnemonic seed phrase that can be kept in cold storage. The signing key must be stored on the device doing the staking, but the withdrawal key does not need to be, it is only secured by cold storage.
Right, but OP is not talking about theft, OP is talking about someone (with possible short interest) creating havoc by causing people's staking nodes to behave in a bad way caused them to be slashed. You can't get the money they lost (it's gone for good), but you might be able to profit of a short position, or with a more sophisticated scheme, a resulting fork.
I see - I am sure those sort of attacks will happen. If you secure thousands of ETH in a single validator and are tied with something that could be shorted - such as a company and its stock or token - then your situation is just as vulnerable to attack as keeping your cold wallet in your home's safe. Somebody could break into your house and either coerce you to provide the staking keys, or crack the device, or find another vulnerability if your opsec is not effective enough. If you're staking in the cloud with Amazon you are probabbly even more vulnerable.
But isn't this the whole idea? By staking, you are placing your capital at risk in order to help secure the network. This is how staking is often described by Ethereum developers.
> or with a more sophisticated scheme, a resulting fork
You might be able to create enough havoc in the staking system to cause a fork, and you might be able to preposition buy and sell orders (selling very early on the fork you don't favor, not selling on the one you do favor, and using the money you made by selling to buy more in the fork you favor as soon as possible, possibly from an automatic market that springs up within minutes. You would then use your position to make money as the price of the fork rises, closing out all positions before the whole thing goes down again.)
Something that always trips me up about PoS is how a system that determines the transactional chronology (i.e. sequence of valid blocks) that uses, as a weighted input, the current transactional chronology (valid blocks determine your stake) isn't a logically a circular definition.
I keep seeing this kind of retort online whenever I ask someone to describe what is "great" about something. Why does it matter what I consider "great"/marvelous?
This is an opinion piece supporting POS. Simple question: if blockchains of similar (large) market cap are compared, which has the best Gini coefficient: PoS or PoW?
Leaving behind the technical details and the energy consumption aspect, it seems to me that the main economic difference between PoW and PoS is that in the former miners are forced to sell their earned tokens due to a high cost of keeping their equipment up and running. This sounds like a healthier approach.
Whereas PoS validators don't have the same burden, therefore they'd naturally tend to simply increase their shares.
> To attempt to reorg a finalized block (blocks are generally finalized after 6 minutes) you have to commit to losing 1/3 of total staked ether, currently several billion dollars.
Hmm... Several billion dollars is not actually that much money for nation states. Am I misunderstanding something here? Shouldn't it be much more expensive than several billion?
> Honest validators see both forks but would built on the honest fork because it has greater weight in the LMD-GHOST fork choice rule.
I don't understand this part. Is an "honest" validator someone who follows the rules, or someone who is purely profit-motivated? If the latter, what specifically incentivizes them to obey this LMD-GHOST rule?
Hang on a second. Just to be clear about this example, this example is walking through how Ethereum has been designed specifically to allow North Korea to transact Ethereum, and more than that, prevent anyone who dissents. Like, I mean ok, I get the ideological position in theory of saying "Hey, we're going to design this network so that you can't prevent any transactions." But it's quite different to go "The motivating example of why we would want to do this is so that we can help Iran and North Korea money launder in a direct attack against our own government's laws".
Here's my counter-example to the scenarios the author puts forward. You stake 32 eth to become a validator node and start signing off transactions from North Korea. Other people choose not to do that because... well. Your stake slowly goes up and they slowly bleed Eth. Then the US government smash down your door and throw you in federal prison because you're actively working to help North Korea.