Andreas Park PRO
Professor of Finance at UofT
Instructors: Andreas Park & Zissis Poulos
Rotman – MBA
Motivation: Silos vs Common Infrastructures
Change ledger entry locally
Sue's bank transfers from Sue's account to Bob's bank's account
Bob's bank transfers from its account to Bob's account
Sue's bank transfers from Sue's account to its own account
Bob's bank transfers from its account to Bob's account
Central Bank
Central bank transfers from Sue's bank's account to Bob's bank's account
Sue's bank transfers from Sue's account to its own account
Bob's bank transfers from its account to Bob's account
use the Swift network of correspondent banks
very complex
many parties
lots of frictions and points of failure
very expensive
How does it all work and why?
A deep dive into the "How?"
Cryptography: only Sue can spend her money
Problem: double-spending
How can we trust that
Contains transaction from Sue to Bob
Question: Can Sue rewrite history?
Where to add a new block B7?
Contains transaction from Sue to Bob
Sue wants to undo the transaction by rewriting history with B6
How do you agree though that something happened, or, what is consensus?
Problem statement:
How can we reach consensus (of whether or not to make a change? The Byzantine Generals' problem
With more players, the problem is less severe
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
One approach to reach consensus: re-broadcast proposer message and follow majority
\(t\)
\(t\)
\(x\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(x\)
\(t,t,x\)
\(t,t,x\)
\(t,t,t\)
Reaching Consensus with a Rogue/Faulty Player?
\(x\)
\(y\)
\(z\)
\(y\)
\(x\)
\(z\)
\(y\)
\(x\)
\(z\)
\(x,y.z\)
\(x,y,z\)
\(x,y,z\)
Reaching Consensus with a Rogue/Faulty Proposer?
General result
Equilibrium
Blockchain requirement
Proof-of-Work
Technical Process in Proof of Work
How do you find the NUMBER (NONCE) that works? You do not know which works, you need to try (=guess) many many times
This Hash starts with a pre-specified number of zeros!
Claim: Can be used for a Byzantine Fault Tolerant Algorithm
consensus is reached if hash starts with right number of leading zeros
= 00000xd4we...
= 00000xd4we...
= 00000xd4we...
Contains transaction from Sue to Bob
Sue wants to undo the transaction by rewriting history with B6
Sue's objective
What does it take?
How does Proof of Work prevent this?
Back of the envelope calculation
Proof-of-Stake
Proof of Stake (PoS) - What is the goal?
Validation and leader election
random
32 ETH
Validation and leader election
random
random
random
Committee 1
Committee 2
random
Block formation
Committee 1
Committee 2
...
Committee 32
attest
attest
Slot 1
Slot 2
Slot 32
...
12 seconds
Finality!
...
checkpoint
...
vote
vote
When final?
2/3 of stake has voted
Security
What do we need from validators?
if "lazy"
misses out on rewards
if dishonest
Security
What is dishonest?
TLDR
Performing a 51% attack still possible but "almost equivalent to having your entire mining farm burn down while you are doing it" -Zamfir
Other malicious behaviour
What about forks??
Still possible
Protocol Rule
"The canonical chain is the one with greatest weight of attestations in its history"
Economics of Proof-of-Work and Proof-of-Stake
Double spend attack prevention
Basic idea of competitive equilibrium
aggregate mining cost = aggregate reward
Double spending attack
condition that prevents it
(Chiu & Koeppl RFS 2018)
PoS vs PoW
https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/
PoS vs PoW Economics
Basics:
validators receive:
PoS vs PoW Economics of Coinbase Rewards
PoS Economics of Coinbase Rewards
Question: do the rich get richer?
Intution
PoS Coinbase Rewards: do the rich get richer?
stakes
20%
80%
rewards
PoS Coinbase Rewards: do the rich get richer?
stakes
20%
80%
PoS Coinbase Rewards: do the rich get richer?
stakes
20%
80%
PoS Other Questions
By Andreas Park
This deck introduces some tech concepts