Ethereum, Proof-of-Stake, And The "Free Hard Fork" Problem
/This post will outline an issue with the aspiration to move the Ethereum network to full Proof-of-Stake. Vlad Zamfir currently leads one team researching that effort, which is known as Casper "Correct By Construction", or CBC. Previously, a hybrid PoS system called Casper FFG had been planned-- this issue does not apply to such a system. To the extent new plans for a "beacon chain" involve a full PoS system, this issue might apply to said chain. (The technical details of that effort are still unclear to me, so I hesitate to make any pronouncements).
It's worth noting at the outset that it's entirely possible the point laid out in this post has indeed been made before and discussed, perhaps on the boards of ethresear.ch, for example. If it has, then I'll be happy to have someone point me toward that discussion. I've been unable to find it.
Still Nothing At Stake
Simply stated, the "free hard fork" problem is the "nothing at stake" problem moved up to the level of pre-planned, possibly-contentious hard forks.
Casper CBC aims to solve the nothing at stake issue by slashing validator deposits for bad behavior. To greatly simplify a complex, work-in-progress protocol, the network will take funds from validators who vote on multiple chains. The goal is-- at a minimum-- to recreate the incentive structure of Proof-of-Work.
For the sake of this discussion, let's assume the CBC, or some other research effort, is successful in developing an algorithm that is secure, decentralized, and replicates the incentive structure of PoW within the network.
The issue is, tautologically, the network can only punish you for activity on the network. In a pre-planned hard fork, node software can be programmed to begin validating multiple chains that are invisible to each other at a given block height. The network parameters can simply be changed.
This is important. It means to execute a possibly contentious hard-fork, you don't have to convince miners to dedicate scarce resources (hardware & electricity) to your fork instead of the consensus chain. You need-only to convince validators to run software that will validate your chain in-addition to the consensus chain.
And why shouldn't they? There is no marginal cost to do so. Even if the fork ends up worth a small fraction of the main chain, this is "found money" to the validators.
Stated another way, when a PoW chain hard forks, it is (nearly) guaranteed that one chain will be significantly less secure than the other. In a post-PoS world, you can hard fork and end up with two chains which are equally as secure as the original.
Have we fully considered what that might mean for the ecosystem? Might we be headed down a path that results in a proliferation of Ethereum forks?
Objections
In the next section, I'll enumerate some objections to this point and respond to them.
Validators won't bother to install and run specific software for hard forks
They probably won't bother to run any old software that purports to create a fork, true. But if a moderately prominent developer or company in the ecosystem decided to hard fork, my guess is a very sizable percentage would. Again, why not? This is found money for very minimal effort.
A parallel can be seen in Dogecoin, which is merge mined with Litecoin. Litecoin miners happily run software that mines both, because they can do so for free. I doubt many care about Dogecoin. But why not take free money?
No one in the ecosystem with any credibility will attempt a contentious hard fork
This is incredibly naive and obviously wrong. In fact, not only is it inevitable that multiple hard forks will eventually be attempted due to pure community disagreement, the ability to hard fork for free also brings up some interesting legal and moral questions.
One example: in a world where it's shown hard forks can be executed with shallow consensus, might Parity have a fiduciary duty to create and champion a hard fork that unlocks customer funds lost in their multi-sig wallet fiasco? Many customers had significant amounts of money lost. If executing a fork can result in even a small percentage of that value being returned, ought they not try to do it?
Validators won't support contentious hard forks because it would hurt the ecosystem, devaluing their investment
This is a silly argument which is clearly false from a game-theoretic perspective. If it were true, Proof-of-Stake would already work in a fully decentralized way, and we wouldn't need efforts like CBC in the first place.
Validators will only run the software the Ethereum Foundation approves
If this is true, then the detractors who claim Ethereum is centralized because of the Foundation's outsized influence are right. We might as well shut the thing down and just let the Ethereum Foundation run some servers for us. It will certainly scale better.
We can find a way to punish validators who vote on other networks
There are a few things that you might mean by this, so let's take them one at a time:
1. A centralized oracle controlled by [some group] will report dishonest validators
Seriously? Just get out!
2. A decentralized oracle, something like an Augur market, will report dishonest validators
Well, I guess this is theoretically possible, but boy, we're adding whole new layers of complexity to the game theory involved-- let alone the technical challenges.
3. We'll use [magic cryptography] to punish validators when they vote on other networks
The idea here would be some form of cryptographic mechanism which would force the validator to reveal some information on the non-consensus chain that could be used by a self interested party on the main-chain to claim a chunk of the validator's stake.
I'm not aware of any mechanism that could accomplish this, but I admit to being far enough out of my league on advanced cryptography to know it's definitely impossible. zkSnarks still feels like magic to me, so maybe it can be done.
OK let's assume you're right. Who cares? Is having lots of forks actually a problem?
This is a good question. I don't know, and the truth is nobody does. It'd be an experiment in game theory at a grand scale, thats for sure.
My instinct tells me that if you make it much easier for a community to fracture, then it will probably fracture. A lot.
Protestantism might be an odd-but-interesting historical analog. Because it made it theologically painless to create a new church, a single splinter off the Roman Catholic Church has subsequently self-divided into 30,000+ unique denominations.
Do we care if that happens? What happens to Ethereum(s) in that case, in a world where Bitcoin and other cryptonetworks also exist?
Basically ¯\_(ツ)_/¯
So...what? I'm not sure. Am I missing something obvious that makes this a non-issue? Maybe! Has this issue been discussed and resolved by folks smarter than me already? Possibly!
Do we just proceed full steam with PoS, recognizing this limitation but hoping it turns out not to matter too much? Well, maybe...but that sure makes me nervous.
I don't have a profound conclusion here. Basically...¯\_(ツ)_/¯