In mid-September 2022, Ethereum’s blockchain completed its long-awaited merge into a Proof of Stake chain, deprecating the Proof of Work system that has found consensus for the network since its inception in 2015. The Merge marks the most significant event in crypto to date, as the community has never seen such a drastic change to such a high-profile chain, and with such unpredictable consequences. It represents the culmination of many years of research and testing by both the Ethereum foundation and its community and is just one step on a long roadmap of planned upgrades.
What is the Problem?
The Ethereum network is, at its core, a decentralised ledger/computer. This means that the information contained in its blocks is transmitted between a distributed network of nodes. Each node is a user’s machine that runs an Ethereum program: listening to blocks of transactions broadcast by other nodes, checking that the data promised by the miner is available and that the transactions dictated by that data are valid, before broadcasting the validated network state update to other nodes.
As the network grows, miners must validate more transactions and store more onchain data to keep up with the growing demands of its users. To do this under the current regime would either require existing nodes to increase their computational power to cope with larger amounts of data or for more nodes to join the network to spread the load. If existing nodes grow larger, then the pool of nodes that can profitably perform the validation of transactions on the network is smaller, introducing a centralisation risk. If the chain scales instead by adding more nodes to the network, then the energy drain of the network grows exponentially over time.
The Merge begins the process of splitting up the tasks performed by miners across multiple nodes whilst reducing the amount of computation needed to perform their tasks. This allows nodes to focus their computational resources on performing their own tasks and reduces the work completed in parallel between nodes. However, this method requires a more intricate reward and penalty structure to ensure that nodes remain incentivised to perform these actions honestly and quickly.
Proof of Stake research by the Ethereum Foundation precedes the launch of the Ethereum network, dating back to 2014. The infamous blockchain trilemma has long prevented single-chain systems from maximising decentralisation, security and scalability without sacrificing at least one property. Examples of this can be seen in the Bitcoin network, which has chosen to optimise for decentralisation and security at the expense of scalability. On the other hand, a chain like the BinanceSmart-Chain chooses to optimise for throughput and security while sacrificing decentralisation. The switch to a Proof of Stake consensus mechanism is the first step in the Ethereum Foundation’s attempt to solve that trilemma.
Why Can’t Proof of Work Solve it?
Ethereum’s Proof of Work system delegates the production of blocks and finding consensus to its miners; they are required to bundle up and verify transactions, embed them within a block, and propose it to the network. Other miners are incentivised to keep up to date with the work of other miners and agree on the latest valid block. The system also comprises independent nodes that inspect the work of the miners by locally verifying the miner’s block, and checking to see if invalid transactions were indeed added to the blocks.
Any user can propose the next block by choosing a published block to build on, bundling new transactions into a block that builds upon the updates in the previously published block, and propagating that information to other nodes. In doing so, they cast a vote of confidence in favour of that block’s chain by using it as a starting point for their own block. At any given moment, the longest chain is considered the canonical chain and single source of truth for the state of the Ethereum network. This is what is known as the “longest-chain” consensus.
ETH tokens are awarded to the miner that creates the next block, included as a transaction to the miner and without a from address. To choose between the many miners that wish to claim this reward, there is a pseudo-random lottery held to determine the one miner to mine the block. To obtain their lottery ticket, miners must first produce a block template containing user transactions. After producing a block template, miners pass the template’s data through a cryptographic function to generate a pseudo-random number linked directly to the input template. To be accepted as a valid addition to the chain, the random number on their ticket must be lower than some target value.
Miners can re-enter the lottery, changing the random number on their ticket by appending some random text at the end of a block’s template and thereby changing the input to the random number generator. This random text holds no information about transactions, and a miner cannot control the random number it outputs. The target value is specified by the Ethereum protocol and controls how many winning tickets are able to be found. The smaller the value of the target, the fewer the numbers that are valid and the more tickets a miner would need to create before they find a winning ticket. This allows the system to control the pace at which new blocks are appended to the longest chain.
Hosting this lottery ensures that each miner must use a substantial amount of energy. If a miner is found to have included an invalid transaction in their block (such as a double-spend) then miners will begin appending blocks to the first block before the offending block, with all blocks downstream of that block considered invalid. As the transaction rewarding the miner for their hard work is included in this invalid chain, miners are incentivised to avoid chain reversions that are costly for other users who have relied upon their transaction being confirmed.
Whilst this does ensure that miners must commit to the transactions they include in their blocks, only the work of the successful miner directly results in the addition of a block to the chain. The work performed by all other unsuccessful miners who enter this lottery by searching for a winning ticket is wasted and must be restarted on the next block. Proof of Stake aims to reduce the work performed by miners in parallel by enforcing nodes to take turns to produce blocks. However, this forgoes the financial incentives that naturally follow PoW miners’ commitment to energy expenditure. As PoS does not require the same commitment to energy use, it must instead use other systems to ensure that its block creators behave honestly, commit to the turn-based system, and are able to come to an agreement on the valid chain in a timely manner.
How Does Proof of Stake Solve it?
Proof of Stake formally decouples the actions currently conducted by PoW miners by splitting the work amongst new roles and discarding miners entirely. PoS introduces proposers who have the role of producing blocks just like a miner does, and validators who have the duty of voting on the blocks that the proposers build. There is one party whose functionality is common to both PoW and PoS mechanisms: the nodes that independently check the validity of the proposed blocks on the network.
In splitting up those roles, the new PoS architecture allows the chain to compartmentalise the three functionalities that are currently performed by Proof of Work’s mining process on a single chain: transaction execution, consensus and data availability, with the intention of increasing the network’s security, decentralisation and scalability.
Instead of a single chain creation process, Ethereum’s new PoS architecture will devote the Beacon chain to finding consensus, with a transaction layer built on top of it responsible for perpetuating the state of the network. That main chain referred to as the network’s consensus layer will then be able to assume the sole responsibility of finding consensus among the distributed nodes regarding the order and inclusion of blocks on its own chain. Transaction execution can then be included on top of this layer, with its data included in a data field within a Beacon block.
Main Characters in Proof of Stake
A blockchain protocol’s nodes are the set of users that voluntarily run a version of the software that processes messages from other users on the network. Nodes are, by definition, the set of all parties that participate in this message-sending process. In a Proof of Work system, this includes miners and nodes that do not participate in mining. Nodes on the Ethereum network can broadly be classified into two different categories; block-producing and non-block-producing nodes, the former of which will be discussed in subsequent sections.
In both Proof of Work and Proof of Stake consensus mechanisms, non-blockproducing nodes are typically responsible for maintaining the integrity of the network by storing its history and confirming the validity of the blocks submitted to the network. Whilst miners can also perform these duties, this action does not require the node to be able to change or advance the state of the network. They are nonetheless crucial to the ecosystem as they ensure that the contents of the blocks are indeed valid.
Consider a scenario where all miners/validators on the network are corrupt. The blocks produced by these miners may include invalid transactions. It would be up to the non-block-producing nodes on the network to recognise the invalid blocks and alert the community of users that the network is under attack. It is worth again noting that this class of nodes are unable to effect any changes within the protocol themselves. Non-block-producing nodes are therefore mainly incentivised by the security and utility of the blockchain itself and not by any rewards distributed by the protocol. This corresponds with their lack of power to make changes to the blockchain. PoS preserves the role of non-block-producing nodes with the same rights and responsibilities.
Some nodes can obtain more power over the network than others by depositing 32 ETH to a smart contract. Doing so entitles them to rewards (commonly referred to as staking yields) and grants them the title of “validator”. This qualifies them to take part in the process that creates new blocks in order to grow the canonical Beacon chain.
In PoW consensus, miners cast an implicit vote towards a block by using its hash to find the next subsequent block on the chain. Ethereum’s PoS system removes mining entirely, and instead assigns this role to validators, who find consensus regarding the canonical chain of blocks by casting votes towards all blocks that have been created. However, this role grants the node extra responsibilities, and nodes that choose to deposit this sum risk losing some or all of their deposit should they perform their duties lazily or dishonestly.
The protocol incentivises these validators to participate in these elections by incrementing their staked balances if they correctly perform their voting duties, which are intended to lead to a secure and smooth functioning of the network. Conversely, the protocol disincentives activities that disrupt this functionality by decrementing a small proportion of the validator’s staked balance. Such actions include (but are not limited to) casting invalid votes and missing the vote entirely. Such actions are often indistinguishable from the actions of a malicious actor, and so are treated as such.
Just as with PoW, the validator set is the largest potential pressure point for attackers. A malicious actor could seek to gain a majority of the validating nodes, which would allow them to vote for their invalid blocks and have them accepted by the network. In certain scenarios, the network issues very harsh penalties for actions that are explicitly linked to an attack on the network, with the penalties they receive during this time proportional to the number of validators caught conducting similarly dishonest actions in the same time frame. These are called slashable offences. In addition to a large fine from their staked balance, colluding validators are queued to be ejected from the network whilst continuing to receive penalties (discussed in detail later) as if they were neglecting their voting duties during this period. These types of actions that warrant these penalties must be reported by other validators in order for the penalties to be issued.
Nodes that have deposited 32 ETH to qualify as validators also have a random chance to be selected as block proposers. This role, if performed according to some basic rules, grants the user the right to financial rewards in addition to those it collects from performing its duties as a validator. It is worth noting that all active validators have the chance to be selected as proposers and validators cannot opt in or out of this selection. However, the selection process is weighted by the validator’s staked balance, with validators with larger stakes more likely to be selected as proposers.
Where miners bundle up transactions into blocks and broadcast them to the network in PoW, proposers perform the same functionality in the PoS system. When proposers have been chosen by the network, they are asked to listen for transactions, validate them, and bundle them up into a block to be presented to the network to be added to the main chain. In doing so, they perpetuate the state of the network to a state where the included transactions have been executed.
Alongside transaction data that is included inside the proposed blocks, the proposers must also include the votes cast by previous validators. The protocol incentivises them to do so by giving them rewards based on how many “correct” votes (defined in more detail later) they include in their block. Proposers also receive rewards by including evidence of slashable offences inside of their blocks, an action which aligns the incentives of proposers with the security of the network.
Proposers are subject to the same penalties as validators. However, because validators are in charge of block production, they have the most influence over the state of the network at any given point in time and have the potential to causecontention in the network should they plan to conduct an attack. Because of this, proposers who create more than one block when they are chosen to produce only one are liable to receive slashing penalties as described above.
It is worth stating here that all rewards distributed by the protocol are proportional to a validator’s staked balance: the higher their staked balance, the higher their reward. So too are the penalties levied on malicious validators. To further bolster the network’s security, the protocol also encourages validators to monitor one another and keep themselves honest. Validators are rewarded for reports of evidence of any malicious activity, though only specific types of actions are eligible to be reported.
In the previous PoW system, miners were rewarded with nearly 13,000 ETH per day for adding valid blocks to the chain. In PoS, validators are distributed around 1,600 ETH per day as rewards for voting correctly. Prior to the Merge, the Beacon chain was running in parallel to the PoW chain meaning that their combined issuance was close to 14,600 ETH/day pre-merge. After The Merge, only the ~1,600 ETH earned from staking rewards will be introduced to the network per day, and no new ETH will be awarded to miners. This will drop the total new ETH issuance by ~90%, and result in an inflation rate of near 0.49%.
An update in August 2021 introduced the burning of gas fees on the network, which removes a base fee of ETH in every transaction. That fee fluctuates based on market activity and is not fixed. This is planned to continue post-Merge, acting as a balancing force to the introduction of new ETH via staking rewards. Additionally,the penalties levied on the validator’s staked balances result in the removal of that ETH from the network. At the current rate at least 1,600 ETH is burned per day, which effectively brings net ETH inflation to zero or less post-Merge.
The Beacon chain
Ethereum’s new voting system changes the way that nodes propose and confirm new blocks, relying on a fixed timing system composed of slots and epochs. The chance for a proposer to add a block to the chain occurs once in each slot, with 32 consecutive slots defining an “epoch”. However, a proposer may be offline and miss the chance to propose a block in their slot.
Each block proposed adds to a growing tree of blocks, with each branch starting at the original Beacon block. It is the job of the proposers to add new leaf blocks to this tree. It is the job of the validators to link blocks together along a branch, from the original Beacon block to the latest valid block in order to define a canonical history of the Beacon chain.
The slot time, 12 seconds, is the smallest unit of time recognised by the chain, meaning that the chain can confirm a maximum of 32 blocks per epoch, or 32 blocks per 6 minutes and 24 seconds. The chain chooses to regulate the timing of additions to the blockchain in this way so that the distributed nodes are able to first agree on which block they are voting on, and for new blocks to be presented to the network in a predictable manner. In a PoW chain, the regular arrival of new blocks is controlled by the adjustable difficulty of finding a valid hash.