Consensus 101 - Why do you need Consensus?
How do Proof of Stake protocols work?
Distributed systems are hard. More accurately, it’s a niche topic in computer science not a lot of people talk about. This series is an attempt to explain Blockchain consensus (mostly in context of AVSs) in simple terms so that anyone can understand without having prior knowledge of complex academic terms.
To keep things simple, I want you guys to assume that the blockchain is a single turing complete machine which is the ultimate source of truth. Basically think of it as a black box which is never wrong, any task you ask it to perform, it will do it correctly and any information it possesses is also correct.
This black box seems perfect for doing our everyday chores. Booking our flight tickets, managing our calendar, giving us honest reviews of restaurants, and also perhaps some more important stuff like trading derivatives, managing land records, legal cases, medical information, etc. There are, however, two drawbacks of this black box:
It cannot verify that a piece of data given to it from the outside world is correct
It cannot perform large tasks efficiently
This is a bummer. But we dont give up so easily. So lets try to improve our black box so that it can do those things. Understand that the black box is able to do certain types of tasks, like managing a record of the amount of money someone has and even changing that record if people wish to transfer that money amongst each other, hence functioning like a bank or a currency. At the same time, it cannot do tasks like giving an opinion on what you travel itinerary for the Maldives should look like.
We understand that in order to improve our black box, we need to fundamentally understand its limitations. And to do that, we must categorize what tasks it can and cannot do, and why?
Categorizing Tasks for our Black Box
How does one categorize tasks? Well let’s think of it like this, we like our black box because it can give us true answers, and or perform our tasks correctly. But what if a question does not have a correct answer?
A task like figuring out which is the “best” city is impossible because everyone has a different definition of best means. This hence becomes a subjective task, one which cannot have a correct answer. However, you can easily define what “best” means in a context like a score based on safety, beauty, cleanliness, ease of living, etc. Or you can find the “best” city based on how much a city is loved. These slightly different question do have correct answers, so we just need to remember that our black box cannot handle ambiguous tasks.
With that out of the way, let’s divide what non-ambiguous tasks our black box can or cannot execute. Notice that the black box can execute tasks easily, but in order to execute tasks you often need data. The black box cannot verify if the data is correct however we assume that any data that the black box has is correct.
This means that it’s extremely important that any data that is fed into the black box is correct. Any incorrect piece of data inside our black box can break it’s integrity and ability to perform correct tasks. So how do we ensure if a given piece of data is correct or not?
Think of a question like does 1 equal to 1? Well you know the answer is yes, because that’s just pure logic. Or think of how much money do you have in your account? Well if you know the initial balances of each person and know every transaction that ever took place amongst those accounts, you can easily calculate what your current balance is by a series of additions and subtractions. Again, simple math.
But now if I ask a question like what is the price of Ethereum, how do you answer that? I mean you can google it but that does not prove its correct. In order to prove the price of Ethereum, you need to calculate the price yourself. If you know the supply and demand of $ETH at any given time with all the buy and sell orders in the entire world, you can figure what the price is, but you can see how accumulating this much data is challenging.
Let’s take this to an extreme example, how do you prove what is the weather today? If you knew the atomic positions of every single molecule in the atmosphere, the position of the earth relative to sun and other celestial data, you can calculate (in theory) what is the weather right now or in the future. You can see how this is not trivial at all. (also considering that weather is chaotic meaning the level of precision you require to gather the initial conditions is not even physically possible)
The simple solution is of course to just look outside and see if its sunny or rainy or cloudy, what temperature it is, what’s humidity, etc. But the fundamental problem lies in the fact that you can’t prove this information to someone who’s not their. Note that this information is not subjective in nature. If its 30 degrees out their at some place, it is, and someone saying it’s 20 degrees instead is straight up wrong. But mathematically proving that it’s 30 degrees out their is practically impossible for you to do.
THIS is where consensus comes in. If a person is sitting in Mumbai, and asks what’s the temperature in New Delhi, someone can reply saying it’s 35 degrees. Not very convincing perhaps. But if two separate people reply with the same answer, the confidence increases, right? And if 10 people reply? What about a 100?
As the number of people who give the same reply to a question increases, your confidence in their collective answer also increases. If a sufficient number of people reply to your question with the same answer: 35 degrees, then you might just accept it as truth and move on. That is consensus: agreement among a group of people.
Coming back to a real world example, calculating the price of Ethereum would require trading information on every DEX, CEX, OTC and other trading entities, which is practically impossible for a blockchain to accomplish. But you can just use an oracle service instead, which is a group of independent entities looking up the price of $ETH in their own way and returning with fairly similar answers. The collective answer can be trusted to be correct and fed into the black box with high confidence.
In a nutshell, as tasks get more complicated and the data required to prove them increases exponentially, it makes more sense to gain consensus on the task result instead of just trying to prove everything from scratch.
Formally, tasks that can be mathematically proven inside our black box can be called as “objective tasks” while tasks that require consensus to be considered verified can be termed as “inter-subjective”. The EIGEN Tokenomics paper published by the EigenLayer Team talk in more detail about these categorizations.
How does achieving consensus guarantee verifiability?
Yes, 10 people agreeing on something makes it more likely to be true than just 3 people, but we’re not here trying to improve our odds of finding the correct answer, we’re here to verifiably give correct answers to our black box.
How do we know for a fact the people participating in consensus are not naughty. This is similar to the Bynzatine general’s problem. Imagine two generals of the Byzantine army, laying siege outside a city. To succeed, they must agree unanimously on a common plan—attack or retreat. The generals communicate by sending messengers, but some generals might be traitors, purposely sending false messages to create confusion. The loyal generals must find a way to ensure they all agree correctly, despite the presence of traitors, unreliable communication, and conflicting information.
This is a common problem in Distributed systems, and to solve this, they are designed with the assumption that a few generals are bad actors, but the army as whole can still work with them. It is said that the distributed network is fault tolerant.
Let’s assume that you have f generals who are malicious and don’t send messages. So in order to outweigh them, you need a majority of honest generals. If the total number of generals are n, then (n-f) > f. But wait, what if a general is just taking a nap and that’s why they were not able to send a message? If you don’t receive a message from someone else, you as a general cannot differentiate between them being “sleepy” or “faulty”. This means at most, f honest generals are sleepy (and hence do not participate in the consensus) and f awake generals are faulty (send false messages to cause confusion). So in order to gain a majority: (n - 2f) > f or n > 3f.
In a nutshell, what this means is that if you have a group of 10 people (let’s call them the truth council for shits and giggles) giving you answers, than you only need answers from more than 2/3rd or a supermajority of them to feel confident that the answer is not tampered. In order to tamper with the answer, someone would have to collude with more than 66% of the group and sway them.
This improves our confidence in the consensus even further. Now let’s put the final nail in the coffin of any malicious actor trying to sabotage our so called “truth council”. Imagine that each member of this council needs to put a security deposit for taking part in this process, and that deposit can be taken away from them if they’re found to act dishonestly, then we have effectively secured the council economically. This what’s called a Proof Of Stake network and it is said to be crypto-economically secured. Forget the fancy terms, basically what this means is that each member will think twice before giving a wrong result because of the risk of them losing their “stake”. This event is called slashing.
Remember that if more than 2/3rd of the council agree on a single answer, any bad actor disagreeing with this supermajority will get slashed. Hence, a bad actor would need to sway more than 2/3rd of the council to join the attack if they want to sabotage the network. The least damage they can do is prevent this supermajority from reaching, i.e. persuade more than 1/3rd of the network to disagree. This way, a consensus is not reached and the network stops working.
What I mean by “persuade” is basically the sabotager needs to bribe the council members with at least their security deposit and then some in order to convince them to join the network. If each member was asked to say deposit $100 and the total pool was $1000, then the sabotager would need a minimum of a third of that or $333 to bribe the council members. This amount is called “cost of corruption”. You can see that no bad actor will execute this attack if they can’t find a motive to do so. The motive to carry out this attack would be if the sabotager can somehow gain $334 by carrying out this attack. The amount an attacker can gain from attacking a network is called “profit from corruption”.
So in simple terms, it is clear that for any council, if the “cost of corruption” > “profit from corruption”, it is guaranteed by game theory that it will not be attacked and the members of that council will always behave honestly. Hence, we achieve a trustless and verifiable way of creating a truth council (Proof of Stake network) to feed data (or any other service) into our Black Box (blockchain, which itself is often a proof of stake network).
Conclusion
A proof of stake network is one where nodes participating in consensus stake some amount of assets as collateral which is subject to slashing if it is discovered that a node is behaving maliciously. This was an attempt to explain the concept in simple terms.
However, distributed systems are much more complex than that. Consensus is not achieved by a “truth council”, it’s achieved by nodes located on geographically isolated regions communicating with each other in real time. The “security deposit” are real assets that affect tokenomics of various protocols. And an entirely new field introduce by EigenLayer called “restaking” changes the entire landscape of the economics of PoS, making it much easier for anyone to bootstrap a network.
We’re gonna take a much deeper look at these concepts in later parts. Stay tuned!