Andreas Park PRO
Professor of Finance at UofT
Instructor: Andreas Park
Conceptual background for what a blockchain has to accomplish
How should you think of a blockchain formally?
Some vocabulary
Responsibility of the Blockchain PROTOCOL
Execution: keep state of the virtual machine up-to-date.
new block added ➔ execute the corresponding snippets of code (do computations, update variable values, etc.)
conceptually straightforward (but hard/interesting engineering)
Responsibility of the Blockchain PROTOCOL
Goal: a protocol that satisfies consistency and liveness
A blockchain aims to work like a single computer
= "State Machine Replication" (SMR)
What is (a) a protocol (b) consistency and (c) liveness?
Key Subproblem: Agreeing on a Block
Question: what could go wrong?
Issue: leader could crash or go offline.
Idea: if don’t receive a timely block proposal, retry with the next leader (according to the round-robin schedule).
Issue: unexpected network delays.
Issue: leader could propose different blocks to different validators.
Who are the validators?
A deep dive into the "How?"
Workflow of a transaction
Contains transaction from Sue to Bob
Question: Can Sue rewrite history?
No! Because: Economics! (remember: scare resource)
Where to add a new block B7?
Contains transaction from Sue to Bob
Sue wants to undo the transaction by rewriting history with B6
Sidebar: this type of attack is also referred to as "selfish mining"
How do you agree though that something happened, or, what is consensus?
Problem statement:
How can we reach consensus (of whether or not to make a change? The Byzantine Generals' problem
With more players, the problem is less severe
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
One approach to reach consensus: re-broadcast proposer message and follow majority
\(t\)
\(t\)
\(x\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(x\)
\(t,t,x\)
\(t,t,x\)
\(t,t,t\)
Reaching Consensus with a Rogue/Faulty Player?
\(x\)
\(y\)
\(z\)
\(y\)
\(x\)
\(z\)
\(y\)
\(x\)
\(z\)
\(x,y.z\)
\(x,y,z\)
\(x,y,z\)
Reaching Consensus with a Rogue/Faulty Proposer?
General result
Equilibrium
Blockchain requirement
Proof-of-Work
Technical Process in Proof of Work
How do you find the NUMBER (NONCE) that works? You do not know which works, you need to try (=guess) many many times
This Hash starts with a pre-specified number of zeros!
Claim: Can be used for a Byzantine Fault Tolerant Algorithm
consensus is reached if hash starts with right number of leading zeros
= 00000xd4we...
= 00000xd4we...
= 00000xd4we...
Contains transaction from Sue to Bob
Sue wants to undo the transaction by rewriting history with B6
Sue's objective
What does it take?
How does Proof of Work prevent this?
Back of the envelope calculation from 2021
Proof-of-Stake
Blockchain organization
Slot 1
Slot 2
Slot 32
...
12 seconds
epoch\(_t\)
epoch\(_{t+1}\)
epoch\(_{t-1}\)
Block inclusion
Committee #1 of validators
Slot 1
Slot 2
Slot 32
...
proposer #1 assembles transactions in block and proposes to a committee
attests validity
Block inclusion
Committee #2 of validators
Slot 1
Slot 2
Slot 32
...
proposer #2 assembles transactions in block and proposes to a committee
attests validity
Block inclusion
Committee #32 of validators
Slot 1
Slot 2
Slot 32
...
proposer #32 assembles transactions in block and proposes to a committee
attests validity
Blockchain finality rules
Slot 1
Slot 2
Slot 32
...
12 seconds
epoch\(_t\)
epoch\(_{t+1}\)
epoch\(_{t-1}\)
checkpoint
checkpoint
checkpoint
checkpoint
Blockchain finality rules
...
epoch\(_t\)
epoch\(_{t+1}\)
epoch\(_{t-1}\)
checkpoint
checkpoint
checkpoint
checkpoint
all validators vote on validity
all validators vote on validity
all validators vote on validity
all validators vote on validity
(for clarity: checkpoint voting happens over time, by all validators)
Blockchain finality rules
...
epoch\(_t\)
epoch\(_{t+1}\)
epoch\(_{t-1}\)
checkpoint
checkpoint
checkpoint
checkpoint
valid?
\(\Rightarrow\) "justified"
last justified block becomes "final"
valid?
\(\Rightarrow\) "justified"
last justified block becomes "final"
valid?
\(\Rightarrow\) "justified"
Validators, Committees, Proposers
ETH owners lock up funds (\(\ge32\)ETH) in a special smart contract
validators selected at random based on proportional ownership of total stake
Slot 1
proposer
Slot 2
proposer
Slot 32
proposer
Validators, Committees, Proposers
Slot 1
proposer
Slot 2
proposer
Slot 32
proposer
validation
committee
validation
committee
validation
committee
128 validators per committee (\(\Rightarrow\) 32 x 128) are selected at random based on proportional ownership of total stake
Security?
To sabotage block production or to censor transactions, an attacker generally needs at least 33% of the total stake (so no 2/3 majority can be reached)
To create your own blocks only you need the 2/3 majority
on Sept 8, 2025: 34M ETH x $4,300=$146B
How much is that?
Rewards and Punishments
What do we need from validators?
if "lazy"
misses out on rewards
if dishonest
Concretely they need to
What rewards?
proposer
Committee
What penalties?
offline
misbehavior
Economics of Proof-of-Work and Proof-of-Stake
Goal: Attackers wants to create an alternative history
Double spend attack prevention
Basic idea of competitive equilibrium
aggregate mining cost = aggregate reward
Double spending attack
condition that prevents it
(Chiu & Koeppl RFS 2018)
PoS vs PoW Economics of Coinbase Rewards
PoS Coinbase Rewards: do the rich get richer?
stakes
20%
80%
rewards
PoS Coinbase Rewards: do the rich get richer?
stakes
20%
80%
PoS Coinbase Rewards: do the rich get richer?
stakes
20%
80%
PoS Other Questions
By Andreas Park
This deck introduces some tech concepts but shorter; it's a 2024 update