Ethereum's move to POS - Why it makes ETH much less safe

in #ethereum5 months ago (edited)

In one of my first posts on this blockchain I wrote a paper on the topic of:
51% Attack by a Nation State: Vulnerability of PoW vs PoS

In light of Ethereum's move to PoS (the Merge), my analysis is highly relevant, so I'm republishing it.

The short summary is that a big PoW blockchain like Bitcoin is safe even from nation state attack while a PoS blockchain is easy for someone with deep pockets to attack (as happened to Steem).

POS is inherently vulnerable to big money attacks. It has its place such as in a Web 3 blockchain like Hive where most DApps are content, social and games rather than big money. But Ethereum DApps are primarily financial (how else to fund gas fees).

The Ethereum blockchain is now far less safe because fiat money is far easier to create than energy or complex, highly specialised machines.

Excessive focus on "image" and green virtue signalling is what got Europe into its catastrophic energy crisis and it will doom Ethereum.

At the end of the day energy is what heats your house, cooks your food, drives your economy and protects your blockchain.

Image credit: Bitmain


51% Attack by a Nation State: Vulnerability of PoW vs PoS

This paper seeks to analyse the possibility of a 51% attack on a cryptocurrency network by a nation state.

It is well known that both Proof of Work (PoW) and Proof of Stake (PoS) networks are vulnerable to 51% attacks. A fundamental assumption of the cryptographic proofs of their security is that an attacker is in the minority of hashing or staking power in the network.

I show below that numerous nation states have both the motivation and the potential capability to conduct such attacks, but that PoS networks are far more vulnerable.

In examining a realistic 51% attack on a major cryptocurrency we need to examine :

  • motivation, and
  • resources & practical capability.

Motivation

The reaction of nations around the world to the rise of crypto-currencies has ranged from outright opposition to encouragement and support. There is a strong correlation between a nation's attitude to cryptocurrency and the freedom or repression of its people. More repressive countries such as Iran, China, Bolivia, Bangladesh, Vietnam have either banned or severely restricted creation, exchange and use of cryptocurrencies while more open, democratic nations such as Switzerland, Australia, Israel and Malta have been encouraging, passing helpful and light-handed regulation.

This reaction is not coincidental, as the decentralised, distributed nature of crypto-currencies inherently reduces government control and provides greater freedom to the people. Indeed this was the vision and promise of Satoshi Nakamoto and the cypherpunk movement.

Thus there a significant number of nation states whose governments see cryptocurrencies as a significant threat to their control over their people. Such actors have sufficient motivation to try to subvert or destroy a major cryptocurrency.

Resources and Practical Capability: PoW (ASIC & GPU) vs PoS

Attack on PoW network

In order to mount a 51% attack on a major PoW network such as Bitcoin or Ethereum an attacker must control more than 50% of the hashing power of the network. This means physically controlling more than 50% of the Bitcoin ASICs or 50% of the GPUs currently mining Ethereum.

Based on my calculations below there are currently over 4 million ASICs mining Bitcoin and over 15 million GPUs mining Ethereum. This means a nation stake attacker would presently need to either:

  • take physical control of 2 million existing Bitcoin ASICs or 7.5 million existing GPUs which are distributed all around the world; or
  • acquire 1.7 million additional high end Bitcoin ASICs or 7.9 million additional high end GPUs.

Note that these are minimum numbers based on today's network hash rates and don't take into account the natural increase in ASIC & GPU numbers over time.

Option 1: Take Physical Control of 51% of Mining Hardware

The essential preconditions for a nation state to attempt to take physical control of millions of pieces of mining hardware for a 51% attack are:

  1. having 51%+ of the relevant mining hardware located in geographic territory it controls;
  2. knowing the locations of all this mining hardware;
  3. having sufficient police/military forces to deploy simultaneously to all such locations with sufficient strength and appropriate weaponry to overcome any resistance and take physical control without the hardware being damaged or destroyed;
  4. being able to achieve surprise and achieve the operation within a short timeframe.

The only nation which comes even remotely close to achieving such pre-conditions is China with regard to Bitcoin ASICs, however it is far from certain that any of these pre-conditions are actually achievable in reality.

Are more than 50% of Bitcoin ASICs in China?

There is little hard evidence of the actual number or percentage of Bitcoin ASICs in China. A 2017 study is often cited as evidence that 60% of Bitcoin ASICs are in China. However what the study actually found is that while China hosted 58% of global mining pools with more than 1% of global hash power, all of these pools included an English language website and attracted miners not based in China.

Thus properly understood this finding does not provide evidence that more than 51% of Bitcoin ASICs are based in China. It is likely that, because of language issues, Chinese miners almost exclusively use Chinese (or at least Chinese language) mining pools, while non-Chinese miners also use Chinese pools (in English) as well as non-Chinese pools. Miners can easily and quickly change pools and would certainly do so in response to any attempts by China to take control of Chinese mining pools or miners.

More recently, miners have been moving out of China. Thus the chances of this first essential precondition being fulfilled are decreasing by the day as a direct result of China's other anti-crypto actions.

Does China know where they all are?

Bitcoin miners in China tend to keep a very low profile and keep their locations secret for fear of both crime and corrupt officials and because some of them are stealing electricity. While large Bitcoin mining facilities can be found by their massive power consumption, medium and smaller facilities can easily be hidden among other energy intensive commercial and industrial activity.

Home Bitcoin miners with 1 - 5 ASICs make up an unknown percentage of total Chinese hashing power but it is notable that Bitmain produced a special silent ASIC miner (the Antminer R4) especially to target this market. The R4 looks like a blow heater and uses less electricity than a heater or air-conditioner. Bitmain must have considered the home market to be at least 5 - 10% of total addressable market to be bothered doing the R&D to create a silent miner.

Each Bitcoin ASIC uses around 1kW of electricity, which is less than many typical home appliances. Thus a small number of them in a home are impossible to find using analysis of electricity bills. It is essentially impossible to take physical control of these devices without conducting invasive searches of almost half a billion households. Not even the PLA or Chinese police have this capacity and attempting it would cause massive social unrest.

Thus at best China might be able to determine where 75% of its Bitcoin ASICs are located, at worst less than 50%.

Does China have sufficient and capable force to take physical control

While China certainly has a very large army and police force, there is a big difference between being able to exercise physical force to take control of a physical location and being able to do so without damaging delicate equipment at that location.

The Chinese are not a docile and compliant people and Bitcoin miners even less so. Attempting to steal valuable equipment from a person naturally creates resistance, which would take many forms. Depending on the time available, miners could remove the ASICs to secret locations, conduct electronic or physical sabotage or even destroy the ASICs.

While the Chinese troops and police would have the advantage of potentially lethal force over the miners, the miners would have the advantage of technical competency and the knowledge that any use of kinetic or explosive weaponry would damage or destroy the ASICs.

Could China achieve surprise?

The massive scale and geographic scope at which such an operation would need to be conducted would make surprise virtually impossible. It would require perhaps 50 - 200 thousand troops and police deployed throughout commercial and industrial areas throughout China especially for this purpose.

Any advance notice to the miners of a planned operation would fatal to its success. Bitcoin ASICs are very portable and valuable equipment. They would disappear into tens of thousands of homes and hiding places within a day of any forewarning of an operation to forcibly seize them.

Thus, even in the case of China, none of the essential preconditions for an operation to seize physical control of 51% of Bitcoin ASICs is fulfilled. No other nation state comes even remotely close to fulfilling even the first pre-condition in relation to Bitcoin ASICs and thus is not even relevant for consideration.

GPU miners are much more broadly spread throughout the world and no nation has anywhere near 50% of GPU miners located in its territory. The same is true for GPUs more generally.

Therefore one can conclude with a high degree of certainty that no nation state can take physical control of 51% the existing mining equipment of a major PoW cryptocurrency.

Option 2: Buy Mining Hardware to get to 51%

Bitcoin ASICs

Its certainly within the financial resources of a large nation state to place a $3.4 Billion order for 1.7 million Antminer S9s @ $2000 each (with government discount) with Bitmain, the largest supplier of Bitcoin ASICs.

However Bitmain's 2017 revenue from chip sales was $2.3 Bn and not all of this comes from Bitcoin ASIC sales. Bitmain also sells other types of ASICs and power supplies. Further, because most of Bitmain's revenue from ASIC sales is in Bitcoin the huge rise in the Bitcoin price in 2017 substantially inflated this figure.

Given the above, a high end estimate of Bitmain's current production capacity of Bitcoin ASICs is 800,000 units per year. This means a 1.7 million unit order by the Chinese government would tie up Bitmain's entire production for over 2 years!

The purpose of such an order would be blindingly obvious to Bitmain. They would be unwilling to fulfil it because the consequences of a successful 51% attack on the Bitcoin network would be devastating for Bitmain's very profitable long term business.

Even if Bitmain could be acquired by the Chinese government or coerced into accepting such an order, the inability of Bitmain to supply new miners to its regular customers would make it obvious that someone had cornered all Bitmain's supply in order to conduct a 51% attack. It would cause an exodus of crypto-believer Bitmain staff to other companies. Suppliers, especially outside China, would likely boycott Bitmain and production would grind to a crawl. R&D would also suffer greatly. It would be impossible to maintain secrecy.

At the same time, other ASIC manufacturers would arise and expand production outside China of more efficient ASICs to meet demand, defend the Bitcoin network and capture that $2.3 Bn of annual revenue that Bitmain had abandoned. This expansion would be funded by the hundred's of billions of dollars of vested interest (Bitcoin market cap) in defeating the Chinese government's 51% attack.

The combined effect of all of this would be to delay China obtaining 51% of Bitcoin hashing power for many years, probably indefinitely.

Thus the massive size of the installed base of Bitcoin ASICs combined with the supply constraints inherent in a mass manufactured computer product make it impossible for the Chinese or any government to acquire enough Bitcoin ASICs secretly and in a reasonable timeframe to pull off successful 51% attack.

Ethereum GPUs

Unlike Bitcoin ASICs, the manufacture of GPUs is not dominated by one China based firm whose main business is in the crypto space. The two main GPU manufacturers are two US companies AMD & Nvidia.

AMD has a large CPU business in addition to its GPU arm while Nvidia is GPU focussed and has a larger share of the GPU market. Despite the popularity of GPU mining, gamers are still the main market for GPUs. GPUs also have demand from Artificial Intelligence and professionals in visual content industries.

While the core graphics processing chips and architecture of a graphics card come from AMD or Nvidia, the crucial memory chips (which provide the ASIC resistance) come from a range of suppliers (Samsung, Elpida & Hynix). Supply of GPUs and the crucial memory chips is already insufficient to meet demand caused by GPU mining.

So a government order for 8 million high end GPUs would simply not be able to be met at the current time. AMD & Nvidia have already made it clear that they do not want to lose their core business of supplying gamers because of crypto mining demand and are restricting sales to 2 units per person.

At some future time demand for GPUs may drop and/or memory supply will increase allowing some spare capacity to meet a large government order. However the number of high end GPUs required for a 51% will likely have increased substantially by then and total high end GPU supply will still be quite limited compared to the size of order required.

In 2015, prior to the current GPU mining boom, high-end or enthusiast GPUs were only 5.9 million units (11% of total discrete GPU sales) compared to the say 10-15 million units that would be required for a 51% attack in a year's time.

Essentially, short of some sort of totalitarian takeover of GPU companies by the US government and the diversion of 90% or more of new high end GPUs to meet government requirements, there is no way any government can acquire a high enough percentage of new GPU supply to overcome the huge installed base of GPUs.

Furthermore, such a large government order would be obvious in its purpose and thus not a basis for long term growth justifying AMD or Nvidia investing in an expansion of manufacturing capacity.

Thus the massive size of and rapid increase in the installed base of high end GPUs used for mining, the US domicile of AMD & Nvidia, the large ongoing demand for GPUs for non-crypto uses and the supply constraints inherent in a mass manufactured computer product make it impossible for any government to acquire enough GPUs to pull off successful 51% attack now or in the foreseeable future.

Attack on PoS network

In contrast, to control 51% of the staking power of a PoS network, the attacker nation state would just need to quietly, via numerous avenues and wallets, buy enough of the cryptocurrency to acquire 51% of the staking and/or voting power.

It doesn't really matter exactly what form of PoS is used. Any mechanism to try to incentivise network positive behaviour can be subverted by a nation state. This can be done via lots of seemingly legitimate stakers, witnesses and/or voters who are actually government hackers. It can be kept completely secret because it does not involve any physical, real world activity.

The actual attack would come out of the blue, without warning and without any time to take defensive action.

Purchasing say 11% of Ethereum (to take a majority in a 20% staked PoS network) would cost US$7.3 Billion, which is well within the capabilities of even relatively small nation states.

However it simply doesn't matter to a nation state how much it costs to purchase enough stake to conduct a 51% attack, because they can just issue more of their fiat currency to cover the costs of purchasing the PoS cryptocurrency.

By using anonymous coins between the fiat conversions and the purchase of the attacked PoS cryptocurrency the nation state can even hide its tracks making in impossible to know who actually conducted the 51% attack. Thus the nation state attacker will suffer no negative reputation consequences. Its only cost is fiat currency which it can easily create more of and the amount required, even for a PoS Ethereum, would be small change on most nation's balance sheets.

Thus on a fundamental level, Proof of Stake simply does not work to defend against nation state attacks. As long as the POS cryptocurrency can be purchased with fiat currency and fiat currency can be conjured out of thin air (which is what nation states do), nation states simply have no real stake, no disincentive for burning what they can easily create.

Thus not only are PoS cryptocurrencies fundamentally vulnerable to 51% attack by nation states in a way that PoW cryptocurrencies are not, their vulnerability arises from the fundamental problem with fiat currency that cryptocurrencies are supposed to solve.

Conclusion

With PoS gaining in popularity and Ethereum planning to move to PoS, it is crucial to properly understand the real world security vulnerability of PoS networks to motivated nation state 51% attacks. It is also important to understand that major PoW networks are really very secure, combining cryptographic proofs of security with the real world impossibility of a 51% attack, even by the most powerful entities on the planet.

This is not to say that PoS has no place in the crypto ecosystem, after all I am posting this paper on Steemit, which runs on the Steem PoS network. However it should not be used for mission critical applications that nation states might be motivated to attack.

Steem itself, is perhaps a good example of a non-mission critical network that nation states would have little motivation to attack. But Ethereum, which is not only the No 2 cryptocurrency, but also provides the foundation for large numbers of important projects running on ERC20 tokens, is a bad choice for PoS.

A successful 51% attack on a PoS Ethereum world be devastating for the entire crypto world.

As I've shown above, under its current PoW model, Ethereum is currently extremely well protected from 51% attack.
To move such a valuable and crucial part of the crypto ecosystem to a fundamentally vulnerable PoS model would be extremely foolish.

Endnote: ASIC & GPU number calculations

The current hashing power of the Bitcoin network is 31.5 million TH/s and the most powerful common Bitcoin ASIC miner, the Antminer S9 does 14 TH/s. Thus there are at least 2.25 million Bitcoin ASIC miners currently in operation, and likely significantly more as older ASICs (with hashrates a fraction of the S9) are still profitable with cheap electricity. If just 25% of total hashing power was coming from ASICs equivalent to the Antminer S7, the total number of operational Bitcoin ASICs would be over 4 million.
Thus an attacker would need to take control of over 2 million ASIC miners.

The current hashing power of the Ethereum network is 271 million MH/s and the most powerful common GPUs, the AMD RX470,RX480, RX570 & RX580 does between 22 - 30 MH/s (average 26MH/s). Thus there are at least 10.5 million high end GPUs currently mining Ethereum and likely more, as even 6 year old high end old GPUs (eg HD 7970 @ 16MH/s & RX280X @11 MH/s)) and weaker new RX550 & 560s are still profitable in most countries. Thus if 40% total hashing power was from weaker GPUs with average hashing power of 13MH/s then the total number of GPUs mining Ethereum would be 15 million.

Sort:  

Your analysis are very true and POW is far a superior technology over PoS in terms of security. Nonetheless , speed is important as well. ETH is not meeting its latency requirement and in attempt to solve that is evolving to PoS. There is no solution without perks. I guess we just have to move and solve challenges that do come along with it


The rewards earned on this comment will go directly to the people( @toofasteddie ) sharing the post on Twitter as long as they are registered with @poshtoken. Sign up at https://hiveposh.com.

Thanks for sharing, this ETH Merge is really a shame that is going against decentralization and the whole crypto world. I don't expect anything good from this mess...

Your analysis are very true and POW is far a superior technology over PoS in terms of security. Nonetheless , speed is important as well. ETH is not meeting its latency requirement and in attempt to solve that is evolving to PoS. There is no solution without perks. I guess we just have to move and solve challenges that do come along with it

Your analysis are very true and POW is far a superior technology over PoS in terms of security. Nonetheless , speed is important as well. ETH is not meeting its latency requirement and in attempt to solve that is evolving to PoS. There is no solution without perks. I guess we just have to move and solve challenges that do come along with it

Congratulations @apshamilton! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s):

You received more than 45000 upvotes.
Your next target is to reach 50000 upvotes.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Check out the last post from @hivebuzz:

HiveFest⁷ badges available at the HiveBuzz store
HiveFest⁷ meetup in Amsterdam is next week. Be part of it and get your badge.
Our Hive Power Delegations to the August PUM Winners

A solid summary of the whole move over and some of the issues facing the network and the miners. I think the move to POS isn't just for scaling or lowering energy use but to easily merge ETH with the traditional financial rails, exchanges will be the biggest validators, which are all companies that can be acquired, setting up a validator to compete is all just about acquiring stake and then letting that stake rent seek in perpetuity, apart from slashing there isn't really a force that can knock you off your perch, so there's no free market competition in POS

Posted Using LeoFinance Beta

I disagree.

Create friendly environment for miners to attract more hardware to the territory you control. Create government agency that will be responsible for helping miners become more environmentally friendly, f.e. by using heat produced by ASICs to heat homes. Give extra incentives in form of tax deductions when miners use their hardware that way - it would require them to register their hardware, so you'd know not only location but also its parameters and owner. Next, for example "due to widespread abuse of the system", require miners to run your software to monitor mining activity. Now you've removed the problem with acquiring enough hardware for the attack.

It's even easier in case of ETH, because its mining hardware can be used for other purposes, f.e. AI. Therefore you could even justify expenses in that field as part of military spending. Better yet, you can build couple of secret factories with that purpose in mind, and even if the secret leaks out no one would expect preparations for an attack on crypto.

On the other hand, if you want to acquire enough stake, you are creating an upward pressure that will push the price up and attract more investors to the coin you want to attack, even if you do it in distributed manner and over long period of time. You won't be getting your tokens with (enough stake)*(current price).

The main question would be: what are you trying to achieve with the attack? The example of Steem showed that even in case of very favorable conditions (large stake already in the hands of attacker, more pools of stake in the hands of his friends) and clear goal (take over governance) - the case of successful attack - other users of the coin can react simply by forking out. This is probably to strongest defense against any kind of attack (and such defense is easier with PoS, because it would be easier to know which funds were used in that attack, so you can omit them during airdrop to fork, just like Hive did to Steem).

Excessive focus on "image" and green virtue signalling is what got Europe into its catastrophic energy crisis and it will doom Ethereum.

This is a hot take but I think you're right. We've seen go woke go broke and I think we will see next go green grow thin.


By the way, I noticed you are holding some Leo Power, so here's a few Leo initiatives you might want to check out!

Posted Using LeoFinance Beta

Congratulations @apshamilton! You received a personal badge!

HiveFest 7 Attendee

You can view your badges on your board and compare yourself to others in the Ranking

Congratulations @apshamilton! You received a personal badge!

Thank you for your participation in the HiveFest⁷ Balls of Steel tournament.

We truly hope you enjoyed HiveFest⁷ and it's been our pleasure to welcome you in Amsterdam.

See you next year!

You can view your badges on your board and compare yourself to others in the Ranking

Dear, @apshamilton

May we ask you to review and support our @cryptobrewmaster GameFi proposal on DHF? It can be found here

If you havent tried playing CryptoBrewMaster you can give it a shot. Our @hivefest presentation available here on the YouTube with a pitchdeck of what we building in general

Vote with Peakd.com, Ecency.com, Hivesigner

Thank you!


Congratulations @apshamilton!
You raised your level and are now an Orca!

Check out the last post from @hivebuzz:

Hive Power Up Day - October 1st 2022
Balls of Steel - HiveFest⁷ Petanque Tournament Results