Authors: Ittai Abraham, Vitalik Buterin, and Luca Zanolini
Source: Decentralized Thoughts
Translation: Shan Ouba, Jinse Finance
Finality is a belief that something will not change in the future (it has finality). Finality is crucial in blockchain because it allows us to believe that transaction or protocol decisions will remain permanent and immutable. This certainty is precisely why blockchain is so powerful as a coordination mechanism.
Consider the following scenarios: You received tokens in the Ethereum genesis block. You received Bitcoin three months ago, and the blockchain has continued to grow without any rollback. You received Ethereum 20 minutes ago, and after two rounds of voting, the block containing the transaction was "finally confirmed." You received Ethereum 10 seconds ago, and the transaction has been included in a block. In each of these scenarios, you would believe to some extent that your ownership is "final." But how strong is this finality? Can it last forever? This article argues that finality depends on beliefs about the future. Furthermore, we will explore several different concepts of finality and discuss how finality strengthens over time. Social finality stems from a consensus held by the community. It reflects the belief that the blockchain will not modify the protocol in a way that changes its core properties, or that any such forks will be ignored. The first two examples above both exemplify social finality. In the Ethereum protocol, the genesis block cannot be rolled back, but there is a possibility that the world might suddenly decide to call another system with a different genesis block "Ethereum" and assign value to that new system. If you received Bitcoin three months ago, even in the event of a 51% attack, the community is unlikely to accept such a deep blockchain rollback, but would instead take radical measures such as changing the proof-of-work algorithm. Time provides a safeguard against community-initiated rollbacks. The value overflow vulnerability in 2010 was discovered and fixed within hours, when the affected blocks were still relatively new. With blockchains growing for months on end, the likelihood of a community accepting a rollback becomes extremely small. The 2016 DAO vulnerability is another example of social finality. That vulnerability only affected a small portion of history, and the majority of the Ethereum community decided to support a hard fork. Social finality typically relies on the security of cryptographic techniques. If a super-powerful quantum computer suddenly appears, unless you take special precautions, anyone who sees your account's transaction history can crack your private key. At that point, the protocol (and the world as a whole) will be unable to distinguish between the attacker and you, nor will it be able to determine who the rightful owner is—therefore, you will no longer own that ownership. Protocol finality and cryptographic finality apply to situations where change is very slow (or essentially unchanged). The disruptive power of blockchain lies in its ability to quickly provide final confirmation of state changes. Blockchain achieves this by having nodes resistant to Sybil attacks (proof-of-work miners or proof-of-stake validators) vote on proposed state changes, making these changes finality under specific assumptions about all voters. A typical failure scenario for blockchain finality is the well-known double-spending attack—the same token appears in two different transactions because voters supported both transactions simultaneously. The proof-of-work mechanism is a solution to the Byzantine Generals Problem. — Satoshi Nakamoto, 2008 email. How blockchain prevents double-spending attacks is central to its design. Standard academic models assume that attackers attempting to compromise finality or liveness control only a limited proportion of the voting power. Under this assumption, much research revolves around the Byzantine consensus mechanism. This connection between blockchain and Byzantine consensus began with Bitcoin and has now become mainstream. Honesty threshold finality is based on the belief that a majority (or vast majority) of voting power will always be held by honest nodes. Under this belief, finality stems from the security of Byzantine consensus. As long as the CPU computing power collectively controlled by honest nodes exceeds that of any colluding group of attacker nodes, the system is secure. —Bitcoin White Paper, 2008. In stake-based blockchains, honesty threshold finality also relies on the belief that weak subjectivity holds. Users must periodically update their understanding of the validator set to ensure that everyone agrees on the legitimate voters. This belief eliminates the possibility of implicit transfers of voting power that could compromise security and has implicit social support. Another form of threshold finality stems from the concept of asymmetric trust. In this model, each party independently judges which nodes might fail, without needing to reach a globally unified failure threshold. Finality in this case is subjective: it only holds true among participants whose trust beliefs overlap sufficiently. Cryptoeconomic Finality: In this paradigm, validators must stake assets to gain voting rights. Cryptoeconomic finality reinforces honesty threshold finality, requiring not only that a majority of voting rights holders act dishonestly, but also that their dishonest behavior is detected and that a majority of staked assets are punished (scrambled). Its core idea is that rational alliances will avoid attacking the system because the loss of staked assets due to any attack attempt will outweigh the potential gains. This approach relies on the accountability mechanism of Byzantine consensus and the ability to punish (withhold) validators found to have engaged in misconduct. Representative Finality: Representative finality uses a randomly selected committee to represent the decisions of all validators. This approach reduces the number of nodes involved in validation and improves scalability, but requires stronger conviction. Representative finality is based on the belief that any sampled committee contains an honest majority of members and that an attacker cannot adaptively corrupt its members before the committee makes a decision. These assumptions are more stringent than those of honesty threshold finality. Some sharded systems can be considered to provide representative finality. Representative finality can also be interpreted in cryptoeconomic models, although with a different connotation. In cryptoeconomic models, the cost of an attack is linearly related to the number of validators. Therefore, small committees can only provide limited economic security. From a cryptoeconomic perspective, the main reason for adopting representative finality is that utilizing all validators can incur unnecessary costs, while a committee comprising only a small group of validators may already provide sufficient cryptoeconomic security. The longest chain rule in proof-of-work mechanisms is essentially a form of representative finality. Finality changes over time. When a transaction is first proposed, its certainty is low; over time, the transaction will gain layers of protection through various mutually reinforcing forms of finality. As more evidence accumulates, a single transaction gradually undergoes this process: it is first proposed by a validator, then gains depth as more honest proposers extend the blockchain; subsequently, it may be approved by a rotating or sampling committee, further increasing certainty; finally, when a majority or vast majority of validators confirm it, the transaction achieves protocol-level finality; after a sufficiently long period, social finality begins to take effect, as society considers earlier portions of the blockchain fixed and immutable. For humans, absolute finality exists only at the social level. Even if a block achieves protocol finality, a serious vulnerability affecting a majority of validators could trigger a coordinated rollback at the societal level. For example, if a powerful entity (such as a new Nvidia mining rig with 70% of the computing power) initiates a large-scale reorganization of Bitcoin, the community will almost certainly reject the fork at the societal level, thus establishing de facto social finality. All forms of finality exist within a broader social framework, which is a collective consensus on the norms of the blockchain and its rule set. Protocol finality based on probability, economics, and thresholds only holds true if the social consensus recognizes the legitimacy of the system. A Bayesian perspective might suggest that as more information is gathered over time, confidence in finality gradually approaches 100%. However, finality is not simply a simple accumulation of Bayesian determinism. It is influenced by incentive mechanisms—because attempts to roll back the blockchain depend on users' reactions to finality. Confidence influences behavior, and behavior, in turn, influences risk. Because of this feedback loop, using categorized finality concepts remains meaningful, as they capture the qualitative shifts that occur in the assumptions underlying security—whether it's economic penalties, quorum thresholds, or comprehensive social coordination. Conclusion: Finality depends on beliefs about the future. Users decide for themselves which beliefs to accept and how much constraint they are willing to tolerate. Their position on the confidence curve reflects their preference for risk and delay. Finality strengthens over time as various safeguards accumulate. Initially, transactions offer only weak safeguards; as blockchain depth increases and different protocol mechanisms are adopted, confidence in its permanence gradually grows. The standard for "sufficient finality" varies depending on the scenario. For everyday payments, quick but weak safeguards may suffice; for savings or cross-chain transfers, users may wait for stronger, economically supported finality. In all cases, the judgment of finality reflects beliefs about the future and the constraints that users are willing to accept.
Kikyo
Brian
Alex
Hui Xin
Joy