Every so often someone decides to write an article attacking Delegated Proof of Stake (DPOS) on some basis. The most resent example is @anonymint's article claiming DPOS can't internet-scale.
Before I go on to address Anonymint's claims, I feel it is important that people realize that everything in life has design tradeoffs and the secret is to make the best tradeoffs. In order to make the best tradeoffs you must look at the entire picture. You cannot attack an idea in a vacuum, everything must be compared to something else. Furthermore, if comparisons are to be made they should be against accurate descriptions of working alternatives and not against theoretical alternatives for which there is no known nor proven implementation.
Consortium Blockchains vs Proof of Work
In his blog, @anonymint claims that "permissioned" blockchains such as Tendermint and DPOS create overlords. The claim is that overlording "whales" can extract higher and higher rents. This claim cannot exist in a vacuum, but must be compared to alternatives of which Proof of Work is presented. What we know is that Fiat Whales control the majority of the hash power and that they hold the network ransom for fees. They use their control over block production to profit at the expense of everyone else.
The claim is that Proof of Work is "Open Entry"; however, to believe that one must ignore economic barriers to entry. For example, no one can enter the proof of work game unless they can mine profitably. Mining profitably means economies of scale and ultimately alternative revenue streams derived from the political power the miners possess. Many governments in the world can trivially make mining unprofitable for all free market actors. They can do this will relatively little capital cost because all mining profits or losses are based upon the margins. Since governments are not concerned about direct economic profit and can realize gains by defending their monopoly, all proof of work systems will be dominated by our current fiat overlords who use their fiat printing presses to subsidize and control cooperative miners.
Furthermore, no minority can create their own smaller consensus system without risk of abuse by the mining powers that be. All one needs to do is look at the mining attacks between BTC and BCH to see how this unfolds.
What we can conclude from this is that mining is a dead-end, winner takes all, system. Once economies of scale optimize a mining algorithm that algorithm cannot be used by any minority which is at odds with the mining powers.
Liveliness and the 1/3+ attack
One of the criticisms levied by @anonymint is:
colluding malevolent 33% of the stake can permanently and irreparably shutdown the blockchain
This statement is an example of one of many misunderstandings of existing DPOS systems, such as Steem. DPOS as it was originally designed for BitShares uses the longest-chain rule. Because DPOS limits the frequency a block producer can produce, the chain with the most participation will eventually become the longest chain. This means that stake holders can vote out malicious actors even if 51% are malicious, so long as their exists at least 1 honest producers willing to accurately tally an election on a temporarily minority fork. The "bad fork" will start out at 2/3 speed, and the honest fork will be operating at 1/3 speed. Once an election occurs on the 1/3 network it will gain speed to 3/3 and eventually overtake the "bad guys".
This is still the underlying "rule of DPOS" on STEEM and BitShares and everything else is simply establishing a high probability of irreversibility.
Importance of Minimizing Finality Latency
Bitcoin never reaches finality and without timely finality inter-blockchain communication is not practical. Imagine all consensus systems as a substitute for digital signatures. Now imagine if every time a user signed a transaction it took 1 hour for 99.9% certainty (6 blocks) and the transaction was never truly final. At some point society needs to make a decision to either accept the signature and "transfer the money" or reject the signature and not transfer it. If the signature is eventually invalidated then the money shouldn't be transferred; however, if the product has shipped or the "exchange made", then it isn't possible to fairly unwind the transfer.
We need to accept things as final even if there is some potential they could be wrong or be fraudulent because higher level processes cannot advance until lower level processes are final. The cost finality approaches infinity as the certainty demand approaches 100%. At some point, the cost of additional certainty is greater than the loss if it turns out to be fraudulent.
Because finality is critical for inter-blockchain communication and inter-blockchain communication is fundamental to ultimate internet-scale solutions, we can conclude that stating nothing is ever final is not an acceptable solution. Furthermore, latency in finality dramatically impacts inter-blockchain communication for real world applications. If we must have finality, then we should have it as quickly as possible.
Bitcoin accepts 6 blocks as "final" which means that 5 mining pools vote on which transactions are final. Even if miners could switch pools in the event that a pool was corrupt, they are unable to identify the corruption or switch within the 1 hour window of finality. This is even without considering the potential corruption at the hash-power distribution level.
If we are going to rely on 5 mining pools, then we might as well let them sign off on things in seconds rather than waiting an hour or more. The resulting security will be the same, but the latency will be dramatically reduced.
Conclusion
Perfecting any single dimension of a problem will come at the expense of the whole and reduce overall volume (value). The optimum solution will maximize the volume by carefully observing the 80/20 rule: 80% of the benefits (value) are achieved by 20% of the effort (cost). Furthermore, no system exists in a vacuum and therefore all security analysis that ignores the larger environment is incomplete and likely misleading.
Security must always consider the use of physical threats, the use of short selling to invert POS incentives, and the potential for alternative income streams.
- Leverage