Compared to PoW, PoS is a better blockchain security mechanism for three reasons.
PoS provides more security at the same cost GPU-based Proof of Work
You can rent GPUs cheaply, so the cost of attacking the network is just renting enough GPUs to exceed existing miner costs.
For every $1 in block rewards, existing miners should spend close to $1 in cost (if they spend more, miners quit as unprofitable, if they spend less, new miners can join and obtain high profits).
Therefore, attacking the network only costs a little over $1 per day and only takes a few hours.
Total attack cost: about $0.26 (assuming an attack time of 6 hours), which may drop to zero when the attacker receives the block reward.
ASIC-Based Proof-of-Work
ASICs are a capital cost: buy an ASIC once, and we can expect to use it for 2 years before it wears out or gets updated hardware.
If a chain is 51% attacked, the community is likely to change the PoW algorithm, and the ASIC will lose its value. On average, the ongoing cost of mining is about 1/3, and the capital cost is about 2/3.
So, with a reward of $1 per day, the miner will spend $0.33 per day on electricity + maintenance and $0.67 on ASICs. Assuming an ASIC lasts for 2 years, a miner would need to spend $486.67 on this amount of ASIC hardware.
Total attack cost: $486.67 (ASIC) + $0.08 (electricity + maintenance) = $486.75
That said, ASICs provide this higher level of security at the high cost of centralization because the barrier to entry becomes very high.
proof of stake
Proof of stake is almost entirely capital cost (coins invested); the only running cost is the cost of running a node. So how much capital are people willing to lock up to get $1 a day in return?
Unlike ASICs, the deposited tokens will not depreciate in value, and you can get your coins back in a short period of time after you complete the pledge. Therefore, participants should be willing to pay a higher cost of capital for the same amount of rewards.
Let's assume a return of around 15% is enough to incentivize people to stake (this is the expected rate of return for eth2). A return of $1 per day would then attract a deposit return of 6.667 years, or $2433.
The cost of node hardware and electricity is small; a computer worth $1,000 can stake hundreds of thousands of dollars, and electricity and network fees of around $100 per month are enough.
But to be conservative, these ongoing costs are about 10% of the total investment cost, so we only have a return of $0.90 per day corresponding to the cost of capital, so we really need to cut the above number by 10%.
Total attack cost: $0.90/day * 6.667 years = $2189
This cost is expected to be higher in the long run as staking becomes more efficient and people adjust to lower rates of return. I personally think that number will eventually rise to around $10,000.
The only "cost" for this high level of security is not being able to move coins arbitrarily while staking.
It may even be the case that the public knows that all of these coins are locked, which causes the value of the coins to rise, so the total number of tokens floating in the community ready for productive investment remains the same.
However, in PoW, the "cost" of maintaining consensus is the real electricity consumed in large quantities.
Greater security or lower cost?
There are two ways to use this 5-20x safe gain. One is to keep the block reward the same, but benefit from enhanced security.
The other is to drastically reduce the block reward (thus reducing the "waste" of the consensus mechanism) and keep the level of security the same.
Either way works. I personally prefer the latter because, as we shall see below, even a successful attack in PoS is much less harmful than an attack on a Proof of Work, and it is much easier to recover from it!
Attacks are easier to recover from in PoS
In a Proof of Work system, what would you do if your chain was 51% attacked? So far, the only response in practice has been "wait until the attacker gets bored".
But this ignores a more dangerous type of attack, the spawn camping attack, where an attacker repeatedly hits a chain with the goal of rendering it useless.
In GPU-based systems, without defenses, a persistent attacker can easily render the chain permanently useless.
In fact, after the first few days, the cost to the attacker can become very low, as honest miners quit because they cannot get rewards during the attack.
In an ASIC-based system, the community can respond to the first attack, but re-attacks since then are insignificant.
The community will encounter the first attack to change the PoW algorithm through a hard fork, thereby "breaking" all ASICs (both attackers and honest miners!)
But if the attacker is willing to pay the initial cost, after that, the situation reverts to the GPU situation (since there is not enough time to build and distribute ASICs for new algorithms), so the attacker can continue to spawn from there at very low cost camp.
However, in the case of PoS, things are much better.
For certain types of 51% attacks (in particular, reverting to the finalized block), there is a built-in "slashing" mechanism in the proof-of-stake consensus whereby a majority of the attacker's stake can be automatically destroyed.
For other, more difficult-to-detect attacks, the community can coordinate a minority-user-activated soft fork (UASF), where the attacker's funds are again massively destroyed (in Ethereum, this is done via the "inactivity leak mechanism").
There is no need for an explicit "hard fork to delete coins"; apart from the requirement to coordinate the selection of a few blocks on the UASF, everything else is automated and simply enforced according to the protocol rules.
Therefore, the first attack chain will cost the attacker millions of dollars, and the community will return to normal within a few days.
Attacking the chain a second time would still cost the attacker millions of dollars as they would need to buy new coins to replace old ones that were burned. And the third time...would cost millions more.
The game is asymmetric and disadvantageous for attackers.
Proof of Stake is more decentralized than ASICs
GPU-based proof-of-work is sound and decentralized; getting a GPU is not hard. But GPU-based mining largely fails on our aforementioned "secure against attack" criteria.
On the other hand, ASIC-based mining requires millions of dollars of capital.
This is also the correct answer to the common "Proof of Stake means the rich get richer" argument: ASIC mining also means the rich get richer, and this game even favors the rich.
At least in PoS, the minimum stake required is quite low.
Additionally, Proof of Stake is more censorship resistant.
Both GPU mining and ASIC mining are easy to detect: they require large power consumption, expensive hardware, and large warehouses.
PoS, on the other hand, can be done on a humble laptop.
Proof of work possible advantages
I think PoW has two main real advantages, although I think these are rather limited.
Proof of Stake is more of a "closed system", leading to a higher concentration of wealth in the long run.
In Proof of Stake, if you have some coins, you can also stake that coin and get more of that coin. In Proof of Work, you can always earn more coins, but you need some external resources to do that.
Therefore, one could argue that the distribution risk of proof-of-stake tokens becomes more and more concentrated in the long run.
The main response I've seen is that in PoS, rewards (and validator rewards) will be very low; in eth2 we expect annual validator rewards equal to 0.5-2% of total ETH supply.
The more validators stake, the lower the interest rate. Concentration may thus take more than a century to double, and other pressures may predominate over such a timescale.
Proof of Stake requires "weak subjectivity" while Proof of Work does not
Essentially, the first time a node comes online, and a node comes online again after being offline for a long time, the node has to find some third-party source to determine the correct chain-head.
This could be their friends, it could be exchanges and block explorer sites, the client developers themselves, or many other actors. PoW does not have this requirement.
However, this is arguably a very weak requirement: in fact, users already need to trust the client developer and/or "community".
At the very least, users need to trust someone (usually a client developer) to tell them what the protocol is, and what updates to the protocol are.
This is unavoidable in any software application. Therefore, the marginal additional trust requirement imposed by PoS remains low.
Source: https://hackernoon.com/what-is-so-great-about-proof-of-stake
Alex
Anais
Miyuki
Weiliang
Catherine