Vitalik: Why choose PoS?

2022.09.15

Vitalik: Why choose PoS?

Vitalik Buterin believes that blockchain networks under the PoS (Proof-of-Stake) consensus mechanism are more secure than PoW (Proof-of-Work), have stronger defenses against attacks, and offer lower barriers for participation in validation.

2022.09.15 - 01:49:36

POWPOS以太坊

Navigating Web3 tides with focused insights

Author: Vitalik Buterin

Translation: Tyronepan - Bifrost Finance

September 15 marks a historic day in the annals of crypto—the Ethereum Merge, transitioning from Proof of Work (PoW) to Proof of Stake (PoS), seemingly declaring the end of an era.

To PoW or to PoS—that is the question.

On this special occasion, TechFlow revisits three classic articles: Wu Jihan’s “The Beauty of Hashpower,” Vitalik Buterin’s “Why Proof of Stake?”, and Jan Xie, Chief Architect of Nervos’s “The Great Debate Between PoW and PoS: Who Holds True Openness? Who Can Escape the Thermodynamic Endgame?”

Why Choose Proof of Stake (PoS)?

Compared to the Proof of Work (PoW) consensus mechanism, PoS is a superior blockchain security model for three main reasons:

1. PoS Is More Secure at the Same Cost

The simplest way to compare them is to line up both mechanisms and see how much it would cost to attack a network per $1 of daily block rewards.

GPU-based PoW mining

Renting GPUs is cheap, so the cost of attacking the network is merely the cost of renting enough GPUs to surpass existing miners. For every $1 in block rewards, existing miners should spend about $1 in costs (if they spend more, miners exit due to unprofitability; if less, new miners can join and reap high profits). Therefore, attacking the network only requires temporarily spending slightly over $1 per day—and only for a few hours.

Total attack cost: ~$0.26 (assuming a 6-hour attack), potentially dropping to zero as attackers earn block rewards.

ASIC-based PoW mining

An ASIC chip represents a capital cost, expected to last around two years before wear or obsolescence. If a chain suffers a 51% attack, the community will likely respond by changing the PoW algorithm, rendering ASICs worthless. On average, mining costs consist of roughly one-third operational and two-thirds capital expenses. Thus, for every $1 in daily block rewards, miners spend about $0.33 on electricity and maintenance, and $0.67 on ASIC hardware. Assuming an ASIC lifespan of about two years, miners must invest $486.67 in ASIC hardware for that reward level.

Total attack cost: $486.67 (ASIC) + $0.08 (electricity + maintenance) = $486.75

While ASIC-based PoW raises the cost of attacks, it simultaneously pushes the network toward centralization by increasing the barrier to entry for new miners.

Proof of Stake (PoS)

In PoS, nearly all costs are capital-based (staked coins), with only minimal operational costs for running a node. How much capital would people be willing to lock up for $1 in daily rewards? Unlike ASICs, staked coins do not depreciate—after staking, they can be withdrawn following a short waiting period. Hence, participants should be willing to pay a higher capital cost for the same reward amount.

Assume a return rate of approximately 15% is sufficient incentive to stake (this aligns with Ethereum 2.0’s expected yield). Then, $1 in daily rewards attracts deposits yielding 6.667 years of returns, i.e., $2,433. Node hardware and electricity costs are negligible—a $1,000 computer can support tens of thousands of dollars in staking, with monthly power and internet costs around $100 being sufficient. Conservatively estimating, ongoing costs account for about 10% of total staking costs, meaning only ~$0.9 of each $1 reward corresponds to capital cost—thus reducing the above figure by roughly 10%.

Total attack cost: $0.9/day × 6.667 years = $2,189

Long-term, as staking ratios increase, this cost is expected to rise further. I personally estimate it could eventually reach around $10,000.

The only "cost" of maintaining this security model is the illiquidity of staked assets. In fact, public awareness that these assets are locked up might even drive prices upward, leaving the total pool of investable funds within the community unchanged! In contrast, PoW incurs real "costs" through massive electricity consumption to maintain consensus.

Higher security or lower cost?

There are two ways to achieve a 5–20x gain in security at low cost: either keep block rewards constant and benefit from increased security, or drastically reduce block rewards (thereby minimizing "waste" in the consensus mechanism) while maintaining the same security level.

Both approaches work. Personally, I prefer the latter because, as we’ll see next, even successful attacks under PoS are far less damaging and much easier to recover from than under PoW!

2. Recovery After an Attack Is Easier Under PoS Consensus

In a PoW network, what can you do if your chain suffers a 51% attack? So far, the only practical response has been to “wait until the attacker voluntarily stops.” But this ignores a more dangerous possibility: the pawn camping attack, where an attacker repeatedly targets the chain specifically to cripple it.

In a GPU-based system, there is no defense—an persistent attacker can easily paralyze the chain indefinitely (or force a switch to PoS or PoA). In fact, after a few days of attack, the attacker’s costs may drop significantly, as honest miners receive no block rewards on the attacked chain and thus exit.

In an ASIC-based system, the community can respond to the first attack but becomes helpless afterward. Initially, the community might hard fork to change the PoW algorithm, effectively “bricking” all ASICs (both attackers’ and honest miners’). But if the attacker is willing to absorb this initial loss, the situation reverts to the GPU scenario (since there isn’t enough time to build and distribute new ASICs for the new algorithm), allowing the attacker to cheaply continue pawn camping attacks—an inevitable outcome.

In PoS, however, the situation is much better. For certain types of 51% attacks (especially rolling back finalized blocks), PoS includes a built-in “slashing” mechanism that automatically destroys most of the attacker’s stake (without affecting others). For other harder-to-detect attacks (e.g., a 51% coalition censoring everyone else), the community can coordinate a user-activated soft fork (UASF), again resulting in the destruction of most of the attacker’s funds (on Ethereum, this is achieved via the “Inactivity Leak Mechanism”). No explicit “hard fork coin elimination” is needed—aside from coordinating on selecting a minority of blocks during the UASF, everything else proceeds automatically according to protocol rules.

Thus, the first attack on the chain would cost the attacker millions of dollars, while the community recovers within days. A second attack still costs millions, as attackers must buy new coins to replace those destroyed. The third attempt becomes even more expensive. This game is asymmetric—and heavily disadvantages the attacker.

3. PoS Is More Decentralized Than ASIC-Based Mining

GPU-based PoW mining is reasonably decentralized—obtaining a GPU is not difficult. However, GPU mining fails our earlier “security” benchmark. ASIC-based mining, on the other hand, requires millions of dollars in capital to enter (and if you buy ASICs from others, mining manufacturers usually capture most of the profit).

This also answers the common argument that “proof of stake means the rich get richer.” ASIC mining also means the rich get richer—and the game is limited only to the wealthy. At least in PoS, the minimum staking requirement is quite low, accessible to many ordinary individuals.

Additionally, PoS is more resistant to censorship. GPU and ASIC mining are highly detectable—they require massive power consumption, expensive hardware purchases, and large warehouses. PoS, however, can run on an inconspicuous laptop—even through a VPN.

Advantages of PoW

I believe PoW has two genuine advantages, though I consider them weak.

1. PoS Is More Like a “Closed System,” Where Wealth Concentration Takes Time

In PoS, if you have some coins, you can stake them and earn more rewards. In PoW, you can keep earning rewards, but you need more external resources. Therefore, one could argue that over the long term, coin distribution in PoS may become increasingly concentrated.

However, typical rewards in PoS (validator income) are low—in Ethereum 2.0, validator rewards are expected to represent only about 0.5–2% of total ETH supply annually, decreasing further as more validators join. Thus, concentration might take over a century to double—and on such timescales, other forces (people wanting to spend money, donate to charity, distribute wealth among children, etc.) are likely to dominate.

2. PoS Requires “Weak Subjectivity,” While PoW Does Not

The concept of “weak subjectivity” (see Vitalik’s original explanation) essentially means that when a node first comes online, or any node reconnects after being offline for a long time (i.e., several months), it must consult some third-party source to determine the correct chain head. This could be a friend, an exchange, a block explorer website, client developers, etc. PoW does not have this requirement.

That said, this requirement is easy to fulfill—users already need to trust client developers or community-provided information to some extent. At minimum, users must trust someone (usually client developers) to tell them what the protocol is and any updates to it. This is unavoidable in any software application. Therefore, the marginal additional trust required by PoS remains quite low.

Even if some risk exists, I remain confident that PoS networks offer far greater efficiency and resilience compared to PoW networks.

Join TechFlow official community to stay tuned

Telegram:https://t.me/TechFlowDaily

X (Twitter):https://x.com/TechFlowPost

X (Twitter) EN:https://x.com/BlockFlow_News

Source

Add to Favorites

Share to Social Media

Author

Vitalik Buterin

@VitalikButerin