banner
CKB 中文

CKB 中文

CKB 是理想的比特币 Layer 2

PoW vs PoS: Comparing the Economic Cost of Attacks

This article is translated from a report by BitMEX Research. The original article can be found at: https://blog.bitmex.com/pow-vs-pos-economic-cost-to-attack/

Abstract: This article compares the economic costs of attacking PoW (Proof of Work) networks and attacking PoS (Proof of Stake) networks. We analyze the costs of renting and buying computing power/staking rights. We correct a common misconception that the cost of attacking PoS networks must be higher due to the need to purchase tokens. Our conclusion is that the cost difference of attacking these two types of networks is smaller than many people imagine.

Overview#

This article aims to analyze and compare the most cost-effective methods of attacking PoW and PoS systems, particularly by comparing the costs of attacks. We have written this article because others have already done some comparisons, often concluding that PoS systems are more difficult to attack, but we believe that these comparisons are not based on a fair one-to-one comparison. In this article, we focus on distinguishing between the costs of renting and buying computing power/staking rights. We believe that when comparing the economic costs of attacks, it is necessary to determine whether to consider renting or buying first, and then attempt a one-to-one comparison.

Thought Experiment#

Let's start with a thought experiment. Although this may not be very realistic, let's assume that Kamala Harris appoints Elizabeth Warren as her vice presidential candidate, and Kamala Harris wins the 2024 US presidential election with overwhelming advantage. This would be a nightmare for the cryptocurrency ecosystem. In addition to her regular duties as vice president, we assume that Elizabeth Warren is also responsible for cryptocurrency affairs. So, she forms an anti-cryptocurrency force with a budget of billions of dollars, trying to shut down the cryptocurrency networks.

This thought experiment is meaningful because the original intention of the cryptocurrency network is to be as difficult to shut down as possible. So, let's think about how Elizabeth Warren would carry out these expensive and possibly futile attacks, and what their costs would be. Next, we will compare the costs of attacking Bitcoin and attacking Ethereum.

Full Nodes and Consensus Rules#

Many people believe that one of Bitcoin's core advantages over Ethereum is its large number of full nodes. Although these nodes are not directly related to block production, they play a crucial role in enforcing consensus rules. Importantly, the operating costs of these nodes are low. Many Bitcoin users run these nodes, connect them to wallets, and form a culture: these clients will not upgrade unless the entire community reaches overwhelming consensus on rule changes. This is not the case in Ethereum.

In this article, we will try to temporarily ignore this obvious advantage of Bitcoin and focus on the theoretical costs of attacking PoW and PoS networks. Theoretically, Ethereum can also cultivate a culture and network that enforces consensus rules similar to Bitcoin. PoS itself does not prevent this, but running a fully validating Ethereum full node is more expensive because it requires validating signatures related to the staking process. To some extent, ignoring this weakness, this is the steel-like Ethereum.

Another issue to address is that in response to some basic attacks we will outline below, many people in the Ethereum community have stated that the community will change consensus rules to confiscate attackers' staked assets. For the purposes of this article, we will assume that neither Bitcoin nor Ethereum can effectively do this. Another consideration is that attackers may successfully force coordination and centralization, which some people may want to avoid. Perhaps we are considering the future, when both protocols have become ossified and unable to coordinate rule changes without causing significant splits.

Cost of Attack#

Assuming the price of Bitcoin is $60,000 and the block reward is 3.125 BTC, considering moderate transaction fees, this means that Bitcoin miners' annual income is about $10 billion. We believe that this is a key security indicator and the most important single security indicator. Bitcoin miners spend nearly $10 billion each year, and if you want to attack Bitcoin, you may need to match that. But what does it mean to match? In this article, we will analyze between renting and buying.

Renting#

The cheapest way to attack a PoW network is to rent computing power. Theoretically, if miners' annual income is $10 billion, as long as you offer them slightly higher annual income, economically rational miners will be willing to rent their computing power to you. This assumption may not be realistic, so let's assume you need to pay a 20% premium to attract miners, which is $12 billion per year. Of course, you don't actually need to spend $12 billion each year because after renting the computing power, you can earn $10 billion in income each year. Therefore, the net cost of renting the entire Bitcoin computing power is only $2 billion per year.

Now, if you are Elizabeth Warren, you only need 51% of the computing power to launch an attack and fill the chain with empty blocks. On the other hand, when this attack is successful, we can assume that the price of Bitcoin will plummet. Therefore, the net cost of this attack may be $6 billion per year, which is renting half of the computing power with a 20% premium.

The same logic applies to staking. If the total staked assets in Ethereum generate $3 billion in annual income, economically rational stakers should be willing to give up direct staking in exchange for $3 billion in annual income. Similarly, as with PoW, we also need to assume a 20% premium, which is $3.6 billion per year. This means that the net cost of renting all staked assets is $600 million per year. Or, if you want to attack, perhaps only one-third of the staked assets are needed, so only $1.2 billion per year is needed to completely stop the PoS network.

Therefore, we believe that a key comparable indicator when considering the economic costs of attacks is $5 billion per year for Bitcoin compared to $1.2 billion per year for Ethereum. If we normalize the market value, the attack costs are roughly the same, with Bitcoin being about three times the size of Ethereum. This is certainly not a perfect comparison, but in our opinion, it is the best comparison when attempting a similar comparison. Of course, there are many other variables involved, including the sustainability of Bitcoin mining income and the contrast with Ethereum's permanent issuance. However, this is not necessarily an inherent feature of PoW and PoS. Theoretically, PoW coins can also have permanent issuance, or PoS coins can try to obtain staking income entirely from transaction fees.

As for the feasibility of attacking using rented computing power/staked assets, Bitcoin players and Ethereum players don't have to worry too much about Elizabeth Warren. This attack is somewhat unrealistic. In fact, if the attack begins, asset owners can reclaim their computing power or staked assets. Asset owners may be concerned that the value of their assets may decline if the network is attacked. Of course, at this point, Ethereum and staked assets seem to have an advantage. The staked ETH is valued at $100 billion, exceeding the value of Bitcoin mining assets. However, while this $100 billion figure is important, it is not a key indicator for comparison with Bitcoin in our view. Annual income is more critical. On the other hand, the current market value of publicly listed Bitcoin miners, which rank high, is about $28 billion. These miners control about one-third of Bitcoin's computing power, so they are actually very close to the $100 billion valuation of staked ETH. On the other hand, these publicly listed Bitcoin miners may be overvalued due to the narrative of "transitioning to AI". Also, keep in mind that Bitcoin's market value is more than three times that of Ethereum. Therefore, even with these listed miners included in the calculation, Ethereum still wins at least three times in terms of this asset value indicator, in percentage terms. Ethereum stakers do indeed have more at stake, which is important and perhaps the second most important indicator after annual income.

A small issue with the above analysis is that non-custodial computing power rental is relatively simple. Miners can provide some form of hardware control (with restrictions) to lessees over the internet, and then revoke lessees' access when an attack occurs. Renting out staked assets in a fully non-custodial manner may not be feasible, which may be an advantage as it would make stakers less willing to rent out their staked assets due to greater risks. On the other hand, this is not an advantage for the PoS system, as if the way miners rent computing power can be easily revoked, there is no need to worry about the risk of sustained attacks. Of course, there are also significant benefits to non-custodial staking services, and people want to establish such services (competitors of Ethereum claim they have already established them), which makes the staking system more resilient overall. However, we believe that there must always be a significant amount of risk because the risk of confiscation must be large enough for staking to make sense.

Buying and Building#

The next type of attack involves actual buying and building, including buying mining hardware, facilities, and electricity, or buying staked assets. Let's first consider buying staked assets.

If Elizabeth Warren's anti-cryptocurrency department wants to attack Ethereum, she can try to buy one-third of the ETH staked assets and then shut down the network. Currently, one-third of the ETH staked assets are worth $33 billion. Of course, if someone tries to buy so much ETH, especially the US government, the price will skyrocket, so the cost of buying will far exceed $33 billion. Therefore, this would be a very expensive attack, and in our view, the cost could be as high as $100 billion. If the attack succeeds, Ethereum may certainly fail, but some Ethereum users will become wealthy in the process. The impact of this attack on the ecosystem will be huge, and the token prices of Ethereum competitors will rebound significantly. Now that Ethereum is destroyed, speculators will try to determine which coin will replace Ethereum. What's more interesting is that speculators will try to predict which PoS coin Elizabeth Warren will invest in next. Therefore, this attack would backfire and may not achieve Elizabeth Warren's goals.

Next to consider is the opponent's attempt to buy 51% of the computing power in PoW coins to produce empty blocks. To achieve 51%, the cost may be very expensive and take a considerable amount of time, possibly several years. This would involve buying mining hardware, purchasing mining facilities, purchasing electricity, and hiring personnel to operate these facilities and maintain mining hardware. It is important to remember that new technologies are constantly evolving, new facilities are coming online, new ASICs are being manufactured, and new mining chips are being developed. To achieve 51%, it may also be necessary to participate in and fund chip development and ASIC manufacturing. Many of the above processes involve significant risks, and the execution risks are also quite large. The government may need to spend at least twice as much as the private sector due to the complexity and risks involved. In our view, this could result in costs close to $100 billion within a few years, which is similar to or slightly lower than the cost of buying one-third of Ethereum staked assets, but the execution risks may be much greater. This is extremely expensive. Similarly, this would backfire as it would result in a significant waste of energy, which may not align with Elizabeth Warren's surface goals. Of course, one advantage of the government is that if the private sector discovers the government's plan, the private sector may reduce spending due to lower expected return on investment, making the attack cheaper.

Here, a key factor of the PoW system is that attackers may need to spend funds in the long term to maintain and sustain the attack, while for the PoS system, it is mainly a one-time cost. Bitcoin extremists can patiently wait for any attack to end. Attackers may eventually lose control of the computing power, and the network may recover. On the other hand, in the PoS system, once the attacker has one-third of the staked assets, they may be able to kill the chain forever. Of course, there may also be a hard fork to confiscate the attacker's funds, just as the PoW system can hard fork to change the hash algorithm. But assuming no changes to consensus rules, the advantage of the PoW system is that attackers must continue to pay the cost to sustain the attack, perhaps indefinitely. This is somewhat related to a key weakness of the PoS system that PoW supporters believe, which is the lack of anchoring to the real world.

Confiscation Risk#

One more feasible attack method that Elizabeth Warren can take is to attempt to confiscate one-third of the staked assets or confiscate half of the computing power by force or legal means. This approach is beyond the scope of this article's discussion, as the focus of this article is to explore the economic costs of more typical forms of attacks. However, it is worth considering what is more easily confiscated. In terms of risk, it is easy to imagine the difficulty of confiscating staked assets from small self-custodial stakers who use their own physical hardware. Transferring staked assets is as simple as transferring private keys and can be easily transferred across borders without being discovered. This is in stark contrast to mining hardware, which can be discovered and confiscated during transportation. On the other hand, confiscating staked assets seems easier if staking is done through regulated custodial services. Therefore, it is not difficult to understand that the security of mining fundamentally depends on whether mining assets are distributed across multiple jurisdictions and whether the scale of mining farms is as small as possible. Similarly, the security of staking depends on whether users use their own hardware for self-custodial staking.

Of course, if Elizabeth Warren actually confiscates most of the computing power, these mining assets may degrade and deteriorate over time, and others can build infrastructure so that the network can eventually be restored. In contrast, if the opponent obtains 33% of the staked assets, then the PoS chain may be doomed forever. In the PoW system, you at least have a chance to wait for the attack to end, get rid of the burden of the past, and recover the network.

Conclusion#

It is generally believed that when calculating the basic costs of attacking PoW and PoS networks, the cost of attacking PoS networks is much higher. In fact, when making incomplete comparisons of costs, the difference between the two is smaller than many people expect, and the cost of attacking staked asset systems is only slightly higher. Overall, our logic is based on the following assumptions: to organize a PoS network, you need one-third of the staked assets, not 50% like a PoW network; establishing and maintaining computing power has more execution risks than establishing staked assets. Taken together, these factors mitigate the higher cost of buying a large number of tokens on the market.

Regardless of how people view the resistance of PoS or PoW systems to classic economic attacks, the distribution of mining assets and staking agents is key to the survival of these networks under attacks from resource-rich countries. Unfortunately, both Ethereum and Bitcoin have room for improvement in this regard. In the long run, resistance to censorship may depend on the economic incentives of staking service providers and the distribution of cheap and reliable energy globally.

📖 Recommended Reading:

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.