Why trusted execution environments will be an integral part of proof-of-stake blockchains

We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!


Since the invention of Bitcoin, we have seen a tremendous flow of computer science creativity in the open community. Despite its apparent success, Bitcoin has several shortcomings. It is too slow, too expensive, the price is too volatile and the trades are too public.

Several cryptocurrency projects in the public space have attempted to solve these challenges. There is particular interest in the community in solving the scalability challenge. Bitcoin’s proof-of-work consensus algorithm only supports seven transactions per second throughput. Other blockchains like Ethereum 1.0, which also rely on the proof-of-work consensus algorithm, also show mediocre performance. This has a negative effect on transaction costs. Transaction costs vary with the amount of traffic on the network. Sometimes the cost is less than $1 and sometimes more than $50.

Proof-of-work blockchains are also very energy-intensive. At the time of writing, the Bitcoin creation process consumes approximately 91 terawatt hours of electricity annually. This is more energy than Finland, a country of about 5.5 million inhabitants, consumes.

While some of the commentators see this as a necessary cost to securely protect the entire financial system, rather than just the cost of running a digital payment system, there is another portion that thinks these costs can be eliminated by developing proof-of-stake consensus protocols. Proof-of-stake consensus protocols also deliver much faster throughputs. Some blockchain projects aim to deliver over 100,000 transactions per second. At this level of performance, blockchains can compete with centralized payment processors such as Visa.

Figure 1: Validators

The shift to proof-of-stake consensus is quite significant. Tendermint is a popular proof-of-stake consensus framework. Several projects like Binance DEX, Oasis Network, Secret Network, Provenance Blockchain and many more use the Tendermint framework. Ethereum is evolving into a proof-of-stake-based network. Ethereum 2.0 is likely to launch in 2022, but the network already has more than 300,000 validators. After Ethereum makes the move, it is likely that several Ethereum Virtual Machine (EVM) based blockchains will follow. In addition, several non-EVM blockchains, such as Cardano, Solana, Algorand, Tezos, and Celo, use proof-of-stake consensus.

Proof-of-stake blockchains introduce new requirements

As proof-of-stake blockchains make their appearance, it’s important to take a closer look at the changes that are unfolding.

First, there is no more “mining”. Instead there is ‘betting’. Staking is a process of putting the original blockchain currency on the line to gain the right to validate transactions. The cryptocurrency deployed is rendered useless for transactions, i.e. it cannot be used for making payments or interacting with smart contracts. Validators deploying cryptocurrency and processing transactions earn a fraction of the fees paid by entities submitting transactions to the blockchain. The returns from staking are often between 5% and 15%.

Second, unlike proof-of-work, proof-of-stake is a vote-based consensus protocol. Once a validator deploys cryptocurrency, it commits to staying online and voting on transactions. If for some reason a significant number of validators go offline, transaction processing stops completely. This is because it takes a super majority of votes to add new blocks to the blockchain. This is quite different from proof-of-work blockchains where miners can come and go as they please, and their long-term rewards would depend on the amount of work they did while participating in the consensus protocol. In proof-of-stake blockchains, validator nodes are penalized and part of their stake is taken away if they do not stay online and vote on transactions.

Figure 2: Fair voting versus unfair voting.

Third, in proof-of-work blockchains, if a miner misbehaves, for example by trying to fork the blockchain, he hurts himself. Mining on a wrong block is a waste of effort. This is not the case in proof-of-stake blockchains. In fact, if there is a fork in the blockchain, a validator node is incentivized to support both the main chain and the fork. There is always a small chance that the forked chain will eventually turn out to be the main chain.

Punishing Blockchain Misconduct

Early proof-of-stake blockchains ignored this problem and relied on validator nodes that participated in consensus without misbehaving. But this isn’t a good assumption to make in the long run and so newer designs are introducing a concept called slashing. If a validator node finds that another node is misbehaving, such as voting for two separate blocks of the same height, the observer can sever the malicious node. The cut node loses some of its staked cryptocurrency. The size of a cut cryptocurrency depends on the specific blockchain. Each blockchain has its own rules.

Figure 3: Validators that misbehave will be curtailed by other validators for reasons such as “Breach of the attestation rule” and “Breach of the submitter’s rule”

Fourth, in proof-of-stake blockchains, misconfigurations can lead to slashing. A typical misconfiguration is one where multiple validators, which may be owned or controlled by the same entity, end up using the same key to validate transactions. It’s easy to see how this can lead to slashing.

Finally, early proof-of-stake blockchains had a hard limit on how many validators could participate in consensus. This is because each validator signs a block twice, once during the protocol preparation phase and once during the commit phase. These signatures add up and can take up quite a bit of space in the block. This meant that proof-of-stake blockchains were more centralized than proof-of-work blockchains. This is a serious problem for proponents of decentralization and as a result newer proof-of-stake blockchains are shifting towards newer cryptosystems that support signature aggregation. For example, the Boneh-Lynn-Schacham (BLS) cryptosystem supports signature aggregation. Using the BLS cryptosystem, thousands of signatures can be aggregated in such a way that the aggregated signature occupies the space of only a single signature.

How trusted execution environments can be an integral part of proof-of-stake blockchains

While the core philosophy of blockchains revolves around the concept of trustlessness, trusted execution environments can be an integral part of proof-of-stake blockchains.

Secure management of long-life validator keys

For proof-of-stake blockchains, validator keys must be managed securely. Ideally, such keys should never be available in plaintext. They must be generated and used in trusted execution environments. Trusted execution environments must also ensure disaster recovery and high availability. They must always be online to meet the requirements of validator nodes.

Secure execution of critical code

Reliable execution environments today are capable of more than secure key management. They can also be used to implement critical code that operates with high integrity. In the case of proof-of-stake validators, it is important that conflicting messages are not signed. Signing conflicting messages can lead to economic sanctions under various proof-of-stake blockchain protocols. The code that tracks the status of the blockchain and ensures that validators do not sign conflicting messages must be executed with high integrity.

conclusions

The blockchain ecosystem is changing in very fundamental ways. There is a big shift towards using proof-of-stake consensus as it offers higher performance and lower energy footprint compared to proof-of-work consensus algorithm. This is not an insignificant change.

Validator nodes must stay online and will be penalized if they go offline. Keeping keys safe and always online is a challenge.

To make the protocol work on a large scale, several blockchains have introduced penalties for misconduct. Validator nodes continue to suffer these penalties due to misconfigurations or malicious attacks on them. In order to maintain the large-scale distributed nature of blockchains, new cryptosystems are being adopted. Reliable execution environments that provide disaster recovery and high availability, support new cryptosystems such as BLS, and enable high-integrity custom code execution are likely to be integral to this shift from proof-of-work to proof-of-stake blockchains.

Pralhad Deshpande, Ph.D., is senior solutions architect at Fortanix

DataDecision makers

Welcome to the VentureBeat Community!

DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.

If you want to read about the latest ideas and up-to-date information, best practices and the future of data and data technology, join us at DataDecisionMakers.

You might even consider contributing an article yourself!

Read more from DataDecisionMakers