This article is a translation of a report from BitMEX Research. The original article can be found at: https://blog.bitmex.com/pow-vs-pos-economic-cost-to-attack/
Abstract: This article compares the economic costs of attacking PoW (Proof of Work) networks and PoS (Proof of Stake) networks. We analyze the costs of renting and buying computing power/staking assets. We correct a common misconception that the cost of attacking PoS networks is necessarily higher due to the need to purchase tokens. Our conclusion is that the cost difference of attacking these two types of networks is smaller than many people imagine.
Overview#
This article aims to analyze and compare the most economical methods of attacking PoW and PoS systems, particularly by comparing the costs of attacks. We have written this article because others have already made some comparisons, often concluding that PoS systems are more difficult to attack, but we believe that these comparisons are not based on a fair one-to-one comparison. In this article, we focus on distinguishing between renting and buying computing power/staking assets. We believe that when comparing the economic costs of attacks, it is necessary to first determine whether to consider renting or buying, and then attempt a one-to-one comparison.
Thought Experiment#
Let's start with a thought experiment. Although this may not be very realistic, let's assume that Kamala Harris appoints Elizabeth Warren as her vice presidential candidate, and Kamala Harris wins the 2024 US presidential election with overwhelming advantage. This would be a nightmare for the cryptocurrency ecosystem. In addition to her regular duties as vice president, let's assume that Elizabeth Warren is also responsible for cryptocurrency affairs. She then forms an anti-cryptocurrency task force with a budget of billions of dollars, attempting to shut down the cryptocurrency networks.
This thought experiment is meaningful because the original intention of cryptocurrency networks is to be as difficult to shut down as possible. So let's think about how Elizabeth Warren would carry out these expensive and possibly futile attacks, and what their costs would be. Next, we will compare the costs of attacking Bitcoin and attacking Ethereum.
Full Nodes and Consensus Rules#
Many people believe that one of Bitcoin's core advantages over Ethereum is its large number of full nodes. These nodes are not directly involved in block production but play a crucial role in enforcing consensus rules. It is important to note that the operating costs of these nodes are relatively low. Many Bitcoin users run these nodes, connect them to wallets, and form a culture where these clients are not upgraded unless there is overwhelming consensus in the community for rule changes. This is not the case in Ethereum.
In this article, we will try to temporarily ignore Bitcoin's obvious advantage in this regard and focus on the theoretical costs of attacking PoW and PoS networks. Theoretically, Ethereum can also cultivate a culture and network that enforces consensus rules similar to Bitcoin. PoS itself does not prevent this, but running a fully validating Ethereum full node is more expensive because it requires verifying signatures related to the staking process. To some extent, ignoring this weakness, Ethereum is like steel.
Another issue to address is that many people in the Ethereum community have stated that the community would change consensus rules to confiscate the staked assets of attackers in response to some of the basic attacks we will outline below. For the purposes of this article, we will assume that neither Bitcoin nor Ethereum can effectively do this. Another consideration is that attackers may successfully force coordination and centralization, which some may want to avoid. Perhaps we are considering the future, where both protocols have become ossified and unable to coordinate rule changes without causing significant splits.
Cost of Attack#
Assuming a Bitcoin price of $60,000, a block reward of 3.125 BTC, and considering moderate transaction fees, this means that Bitcoin miners' annual income is about $10 billion. We believe that this is a key security indicator and the most important single security indicator. Bitcoin miners spend nearly $10 billion per year, and if you want to attack Bitcoin, you may need to match that. But what does it mean to match it? In this article, we will analyze between renting and buying.
Renting#
The cheapest way to attack a PoW network is to rent computing power. Theoretically, if miners' annual income is $10 billion, as long as you offer them slightly higher annual income, economically rational miners will be willing to rent their computing power to you. This assumption may not be very realistic, so let's assume you need to pay a 20% premium to attract miners, which is $12 billion per year. Of course, you don't actually need to spend $12 billion per year because once you rent the computing power, you can earn $10 billion in income per year. Therefore, the net cost of renting the entire Bitcoin computing power is only $2 billion per year.
Now, if you are Elizabeth Warren, you only need 51% of the computing power to launch an attack and fill the chain with empty blocks. On the other hand, when this attack is successful, we can assume that the price of Bitcoin will plummet. Therefore, the net cost of this attack may be $6 billion per year, which is renting half of the computing power with a 20% premium.
The same logic applies to staking assets. If the total staked assets in Ethereum generate $3 billion in annual income, economically rational stakers should be willing to give up direct staking in exchange for $3 billion in annual income. Similarly, as with PoW, we also need to assume a 20% premium, which is $3.6 billion per year. This means that the net cost of renting all staked assets is $600 million per year. Or, if you want to attack, maybe only one-third of the staked assets are needed, so it only costs $1.2 billion per year to completely stop the PoS network.
Therefore, we believe that a key comparable indicator when considering the economic costs of attacks is $5 billion per year for Bitcoin compared to $1.2 billion per year for Ethereum. If we normalize the market value, the attack costs are roughly the same, with Bitcoin being approximately three times the size of Ethereum. This is certainly not a perfect comparison, but in our opinion, it is the best comparison when attempting to make similar comparisons. Of course, there are many other variables, including the sustainability of Bitcoin mining income and the contrast with Ethereum's perpetual issuance. However, this is not necessarily an inherent feature of PoW and PoS. Theoretically, PoW coins can also have perpetual issuance, or PoS coins can attempt to derive staking income entirely from transaction fees.
As for the feasibility of attacking using rented computing power/staked assets, Bitcoin players and Ethereum players don't have to worry too much about Elizabeth Warren. This type of attack is somewhat unrealistic. In fact, if the attack begins, asset owners can withdraw their computing power or staked assets. Asset owners may be concerned that if the network is attacked, the value of their assets may decrease. Of course, at this point, Ethereum and staked assets seem to have an advantage. The value of staked ETH is $100 billion, exceeding the value of Bitcoin mining assets. However, while this $100 billion figure is important, it is not the key indicator for comparison with Bitcoin in our view. Annual income is more critical. On the other hand, the market value of currently listed Bitcoin mining companies, which control about one-third of Bitcoin's computing power, is approximately $28 billion. So, in fact, it is very close to the $100 billion valuation of staked ETH. On the other hand, these listed Bitcoin mining companies may be overvalued due to the narrative of "transitioning to AI". Also, keep in mind that Bitcoin's market value is more than three times that of Ethereum. Therefore, even with these listed mining companies included in the calculation, Ethereum still outperforms Bitcoin in terms of this asset value indicator by at least three times in percentage terms. Stakers in Ethereum do indeed have more at stake, which is important and perhaps the second most important indicator after annual income.
One small issue with the above analysis is that renting computing power in an unmanaged manner is relatively straightforward. Miners can provide some form of hardware control (with restrictions) to lessees over the internet and then revoke lessees' access when an attack occurs. Renting out staked assets in a completely unmanaged manner may not be feasible, which may be an advantage as it would make stakers less willing to rent out their staked assets due to greater risks. On the other hand, this is not an advantage for the PoS system if the way miners rent computing power can be easily revoked, then there is no need to worry about the risk of sustained attacks. Of course, there are also significant benefits to unmanaged staking services, and people want to establish such services (competitors of Ethereum claim to have done so), making the staking system more resilient overall. However, we believe that there must always be a significant risk because the risk of confiscation must be large enough for staking to make sense.
Buying and Building#
The next type of attack involves actual buying and building, including buying mining hardware, facilities, and electricity, or buying staked assets. Let's first consider buying staked assets.
If Elizabeth Warren's anti-cryptocurrency department wants to attack Ethereum, she can try to buy one-third of the ETH staked assets and then shut down the network. Currently, one-third of the ETH staked assets are worth $33 billion. Of course, if someone tries to buy so much ETH, especially the US government, the price will skyrocket, so the cost of buying will far exceed $33 billion. Therefore, this would be a very expensive attack, and in our view, the cost could be as high as $100 billion. If the attack succeeds, Ethereum may certainly fail, but some Ethereum users will become wealthy in the process. The impact of this attack on the ecosystem would be enormous, and the token prices of Ethereum competitors would experience a significant rebound. Now that Ethereum is destroyed, speculators will try to determine which coin will replace Ethereum. What's more interesting is that speculators will try to predict which PoS coin Elizabeth Warren will invest in next. Therefore, this attack could backfire and may not achieve Elizabeth Warren's goals.
Next to consider is the opponent's attempt to buy 51% of the computing power in PoW coins to produce empty blocks. To achieve 51%, the cost may be very high and take a considerable amount of time, possibly several years. This would involve buying mining hardware, purchasing mining facilities, purchasing electricity, and hiring personnel to operate these facilities and maintain mining hardware. It is important to remember that new technologies are constantly developing, new facilities are coming online, new ASICs are being manufactured, and new mining chips are being developed. To achieve 51%, it may also be necessary to participate in and fund chip development and ASIC manufacturing. Many of these processes involve significant risks, and the execution risks are also quite high. The government may need to spend at least twice as much as the private sector, and possibly more, to have a chance of achieving 51% due to the complexity and risks involved. In our view, this could result in costs close to $100 billion within a few years, which is similar to or slightly lower than the cost of buying one-third of the staked ETH, but with much greater execution risks. This is extremely expensive. Similarly, doing so would backfire as it would result in a significant waste of energy, which may not align with Elizabeth Warren's stated goals. Of course, one advantage of the government is that if the private sector discovers the government's plans, the private sector may reduce spending due to expected lower return on investment, making the attack cheaper.
Here, a key factor of the PoW system is that attackers may need to spend funds over a long period of time to maintain and sustain the attack, while for the PoS system, it is mainly a one-time cost. Bitcoin extremists can patiently wait for any attack to end. Attackers may eventually lose control of the computing power, and the network may recover. On the other hand, in a PoS system, once attackers have one-third of the staked assets, they may be able to kill the chain forever. Of course, there may also be a hard fork to confiscate the attacker's funds, just as the PoW system can hard fork to change the hash algorithm. But assuming no changes to consensus rules, the advantage of the PoW system is that attackers must continue to pay the cost to maintain the attack, perhaps indefinitely. This is somewhat related to a key weakness of the PoS system that PoW supporters believe, which is the lack of anchoring to the real world.
Confiscation Risk#
Another more feasible attack that Elizabeth Warren could take is to attempt to confiscate one-third of the staked assets or confiscate half of the computing power by force or legal means. This approach is beyond the scope of this article, as the focus of this article is to explore the economic costs of more typical forms of attacks. However, it is worth considering what is more easily confiscated. In terms of risk, it is easy to imagine the difficulty of confiscating staked assets from small self-custodied stakers who use their own physical hardware. Transferring staked assets is as simple as transferring private keys and can easily be transferred across borders without being detected. This is in stark contrast to mining hardware, which can be discovered and seized during transportation. On the other hand, confiscating staked assets that are done through regulated custodial services seems to be easier than confiscating mining assets. Therefore, it is not difficult to understand that the security of mining depends fundamentally on whether mining assets are distributed across multiple jurisdictions and whether the scale of mining farms is as small as possible. Similarly, the security of staking depends on whether users use their own hardware for self-custodied staking.
Of course, if Elizabeth Warren actually confiscates a large portion of the computing power, these mining assets may degrade and deteriorate over time, and others can build infrastructure so that the network can eventually recover. In contrast, if an opponent obtains 33% of the staked assets, then the PoS chain may be permanently doomed. In a PoW system, you at least have a chance to wait for the attack to end, get rid of the burden of the past, and recover the network.
Conclusion#
It is generally believed that when calculating the basic costs of attacking PoW and PoS networks, the cost of attacking PoS networks is much higher. In fact, when making incomplete comparisons of costs, the difference between the two is smaller than many people expect, and the cost of attacking the staking system is only slightly higher. Overall, our logic is based on the following assumptions: to organize a PoS network, you need one-third of the staked assets, not 50% like in a PoW network; building and maintaining computing power has more execution risks than building staked assets. Taken together, these factors mitigate the higher cost of buying a large number of tokens on the market.
Regardless of how people view the resistance of PoS or PoW systems to classic economic attacks, the distribution of mining assets and staking agents is crucial for these networks to survive attacks from resource-rich countries. Unfortunately, both Ethereum and Bitcoin have room for improvement in this regard. In the long run, resistance to censorship may depend on the economic incentives of staking service providers and the distribution of cheap and reliable energy globally.
📖 Recommended Reading: