Robert and I took the train back to Zurich and so I had a bit of time to pick his brain on a number of topics around consensus mechanisms. We talked about proof of stake and how DFINITY deals with some of the challenges present in current blockchains.
Video Transcript
I’m just checking out from my hotel in Geneva and we’re gonna head back to Zurich.
We’re on the way from Geneva back to Zurich. Robert and I gave a talk yesterday at FinTech Fusion about DFINITY and we have about an hour left on our journey. We’re here on the train and I’ll use that to pick Robert’s brain a bit on various crypto topics. One of them is what is exactly proof of stake and why is it hard to do and what is the innovation that DFINITY made in regards to proof of stake. Let’s see if I can find something where Robert doesn’t feel 100% comfortable.
What is proof of stake and why is it hard?
Proof of stake basically means that your power in the consensus algorithm is proportional to the stake that you own. In various systems, you have to deposit a stake and you get an ID in return for your stake. The stake gets locked in for a month and then you get the right to participate in the consensus mechanism.
And why it’s hard – proof of work is related to the fact that proof of work is not only just a simple way to protect against Sybil attacks. So it’s not just a way to give you an amount of power in proportion to your stake but it’s also the means of making it hard to create forks or to create a new block on the top of old blocks.
The proof of stake – it is easy to build a block. Once you get the right to build a block, you can do it without any expensive computation.
So just to summarize what I’ve heard and then also a few terms that I necessarily would like to hear a bit more about. So number one was proof of stake means that the power that you have in regards to the consensus mechanism is proportional to your stake, whereas in proof of work it’s proportional to the amount of computation you can do.
What is a consensus?
So a number of terms that maybe we should clarify. One that I’ve heard was “Sybil attack” so that’d be interesting to talk. But even before that maybe we should talk about consensus. What does consensus mean?
Consensus in the setting of distributed computing means that multiple parties, you have a set of nodes that participate in a mechanism and you need an algorithm to make sure that all these people or all these computers controlled by humans can cooperate with each other and that they can come to consensus or come to an agreement on certain things. Like on the outcome of a computation or on transactions.
Sybil attacks
The other question is the problem of Sybil attacks. So this is called Sybil attack because a Sybil attack means that you can create multiple identities of yourself. Sybil was a person in a novel who had a multiple personality disorder.
So what I’ve heard is consensus basically means multiple parties need to come to a conclusion and agree on one outcome. And then Sybil attacks – the term originated from a book where the main character had multiple personalities and the way this manifests in our context is that on my machine, I could run the same software many, many times and so instead of just one person having one account, I can have many accounts or many miners that are running for me even if there’s only one person behind it. Because we don’t have a concept like passports that we have in real life that are 1:1 mapping between a person and some virtual object.
So as you already mentioned, having multiple identities means that you could easily get majority power, so more than 50% of all the IDs. And it not only means that you can control the present, it also means in the context of a blockchain if you have more than 50% of the IDs from any past snapshot of the blockchain, you can create a new history or create a fork that rewrites the present. So it’s not only that you can control what happens now, you can also rewrite the past.
Immutability in blockchain-based systems
One of the core qualities of blockchain-based systems is immutability meaning that whenever something has been recorded, there’s no way it’s going to change anytime in the future because all these blocks are static. If someone acquires too much power in the network or too much control over the network, they could effectively change history and we would lose that quality of immutability in regards to blockchain systems.
So the problem is that you can do something called Stake Grinding. You can go back in the past and with your, let’s say 10% of keys that you have, you can influence some parameters in the blocks because the randomness in naive systems depends on the block hash. Then you can try to influence these parameters to put together some history that makes your chain longer than the valid chain. So you can effectively build a fork that’s longer than the current chain with less than 50% of the IDs that you acquired from past owners.
In proof of work, it’s different because in proof of work it’s not easy to build a fork. Because in order to build a fork in proof of work, you have to redo all the computations, all the hard and expensive crypto puzzles to find the solutions in order to create a long fork. So it’s very expensive and not feasible.
Proof of work vs Proof of stake
I think now we touched on a very important topic – the difference between proof of work a proof of stake. Proof of work means that a lot of the computation power that the miners provide goes into the system and is just wasted to solve these puzzles. Whereas in proof of stake, the overhead of computation that’s needed to build blocks is much, much smaller. A much larger percentage of the computation power goes towards actual transactions and distributed applications.
The main challenge in coming up with a functioning proof of stake system
In my view, it is how can you create randomness that’s unmanipulable, prevents you from manipulating all the factors that are taken into account in your random generator. More than 50% or at least the majority of people must come together and they must cooperate and create a randomness where no subset that’s less than 50% can manipulate or even predict the outcome of the randomness.
I think the idea in all these distributed systems is that they can only be fair and work if it’s randomly decided who has a certain job when it comes to the next block. Validating it or creating and signing it, whatever… And that’s why creating randomness is such an important task.
Most of the existing asymmetric cryptography signature schemes have a threshold grind. That means that you can easily turn the regular signature scheme into a threshold signature scheme. Our purpose needs to have a scheme that has two properties. One of them is this uniqueness. And the second property that you need is something called distributed key generation – friendliness.
Distributed key generation protocol
Distributed key generation protocol – you need to create the keys for a threshold group. It’s a bit complicated, it involves multiple rounds. It is based on the idea that every member of the group can create a random function and he can create this polynomial in a way that he overdefines it. So he adds redundancy to the polynomial. So that’s a very simplified explanation of it.
I always love it when Robert says something is a little complicated because it means I have no idea how it’s going on for me. So we’ll leave that for a future video and we’ll call that the advanced intro to distributed key generation.
Conclusion
So to summarize it, in DFINITY everyone has the possibility to make a stake deposit and to get an ID from the system which is valid for a certain amount of time and each ID costs a fixed amount of stake. So richer people who can afford to have more IDs than others. With these IDs you can participate in a consensus algorithm which means that you can create blocks and you can also be part of the random number generators, so part of the threshold groups. And you’re also part of the notary which is a fancy scheme that allows you to validate blocks to make them get finalized faster. So this is the way how DFINITY uses proof of stake.
Alright, so that was Robert’s inputs on how proof of stake works and how it especially works at DFINITY. I found it super interesting. I always learn a lot as well every time we meet and talk about these concepts.
And with that, we’re now going to talk about something else related to DFINITY which is the gas model and maybe in another episode we’ll talk about that. Soon we’ll also reach our destination in Zurich and head back to the office to get some work done. And with that, I’ll talk to you tomorrow.
You can listen to the audio version here: