In November 2018 I wrote a piece critical of the centralising forces that I saw within the proposed move to Proof of Stake on Ethereum. I would like to revisit that article now that the architecture of Ethereum2 is more defined, especially as it relates to the scope and severity of slashing punishments, which were a core concern of mine at the time.
Small disclaimer before I begin: Kyne Software develops Ethereum 2.0 Enterprise Staking Infrastructure for a Staking as a Service provider. More to come on that in future. :)
This article presented a dystopic potential future, where the complexity and risk associated with staking leads to centralised staking services accounting for almost 90% of the market share of staked ether. Then, when a major hack of a staking provider occurs, the staking firms collude to exclude the valid chain with the hack in it, and instead they progress a secondary chain to replace the one containing the hack. This collusion 'saves' the money of those hacked, but at the expense of having a decentralised blockchain that Ethereum set out to be.
Firstly, I would like to address some of the core technical changes to the Eth2 protocol from it's early proposals in 2018 to now.
- Ethereum did not apply Casper the Friendly Finality Gadget on top of the Eth1 chain to provide a mechanism for the Proof of Work chain to achieve finality (nothing below this block height can ever change, it's finalised). Instead, Eth1 will be merged into Eth2 during phase 1.5, as opposed to starting with Casper FFG on top of of the regular Proof of Work chain before swapping to full Proof of Stake consensus.
- The withdrawal period for exiting staking has been greatly reduced. Rather than facing a 4 month withdrawal period to stop staking your coins, it is approximately a 24 hour period if you exited staking voluntarily, and it takes about 36 days to withdraw your coins if you were kicked out for committing a slashable offence. This greatly reduces the pressure to use a staking as a service provider that offers a fast withdrawal mechanism in exchange for a fee.
- The minimum amount of Ether to take part in staking has reduced by more than 40x. Due to the challenges of handling thousands of signature verifications every slot, there was a limit on how many stakers could take part at any one time, while still being able to verify the network on commodity hardware (a core principle in Ethereum is that it should be possible to verify a piece of it on consumer hardware). With the new adoption of the BLS signature scheme, it makes it possible to aggregate many signatures into one, and as a result, a validator can verify one signature that comprises of thousands of original signatures from other validators. This has allowed the Ethereum Foundation to boost the minimum number of validators in the network to 16,384 validators, each with a minimum stake of 32 ether. Previously it was expected that the minimum stake would be approximately 1,500 ether, which would have been prohibitively expensive for all but the wealthiest individuals and centralised staking companies.
- The expected returns from staking have become better defined and understood. They will be based on the proportion of ether being staked, to incentivise a strong and secure network. At the lowest end, staking could return up to 17% APR, and will likely hit an economic balance point closer to something like 4.5% APR excluding hosting costs when the network matures, but this is still a highly speculative number based on many assumptions. See this helpful Staking Rewards calculator here, and an in depth review of Eth2 economics here.
These changes, in particular the minimum required stake coming down and the minimum lock up period during an exit will have massively beneficial effects with respect to the decentralisation of staking providers. With lower capital requirements and lock up periods, more hobbyist validators will be able to safely validate the network, and the likelihood of staking becoming a heavily insured and regulated industry are much lower in my mind.
If I do say so myself, I am pleased with my prediction of interest bearing savings accounts becoming a feature of crypto banks, however I did not anticipate these appearing before Eth2 staking rewards by generating revenue from DeFi. Nowadays, many competing wallets offer ways for their users to earn interest on their crypto by lending it out via compound or contributing it to the DSR.
Finally, there is a significant change to Ethereum2 that is still being researched that could completely relieve me of my fears of a tyrannical supermajority of staking as a service providers making illegitimate blocks 'for the greater good', and these are called fraud proofs.
What is a fraud proof?
A fraud proof is a mathematical proof any staker can submit that demonstrates that a rule has been broken during a state transition (new block). Fraud proofs are being researched for inclusion in phase 1 of the transition to Eth2. Although fraud proofs add extra complexity for validators in deciding if a block is legitimate, their upside is that they can hold a dishonest supermajority in check.
In the scenario I outlined in The Staking Problem in 2018, I feared that a dishonest supermajority would make an illegal state transition not permitted by the rules, but because the offenders were a supermajority (representing greater than 66.6% of the validating set), there would be no mechanism to hold them to account. With fraud proofs being included in the Ethereum2 spec, even one honest validator could report this illegal state transition to the network, and the attempt to make an illegitimate chain would fail.
With the improvements made to the Eth2 spec to date (signature aggregation, good vs bad exits), and the ones under research (fraud proofs, shared secret validators), I am more confident than ever before that a transition to a Proof of Stake Ethereum 2 can allow it to scale to meet it's goals while remaining decentralised. I am looking forward to the next few years as we go from single threaded 'dial-up' Ethereum to multi-threaded 'broadband' blockchain.