I find the complexity of that algorithm both impressive ( since they seem to have made it work), but also quite worrying. I'm really not sure how such a beast can't be filled with bugs, not in the implementation but rather in the protocol.
I know a lot of very smart people are working on this, but i'd rather have something conceptually simpler to work as the base layer for a whole new economy.
There is large areas in cryptography where if you don’t do it right the whole thing won’t work at all - in that sense there are large parts that are self verifying which collapses complexity. I’m not saying it’s all easy, just that experts can navigate through complexity because they know what to ignore by abstracting it and thinking about properties it holds, not keeping in mind all the guts underneath. Maybe good example is that you can use sha256 effectively in your code without knowing or focusing on how it works internally. You’re interfacing with it through relatively easy properties it has.
There are even larger areas in cryptography where if you don't do it right the whole thing will work, and after a few months someone will make $1B by crashing your currency into oblivion.
Edit: if you want to see how that can happen, I like to take apart weak cryptocurrencies and show what's wrong with them. Someone paid me to do a public review of a thing called Stratis a while back, and I went to town. Here's a highlight. https://twitter.com/PLT_cheater/status/1235036182284820481
I still accept commissions doing code review. It's just too much fun.
Except cryptography usually rely on mathematical proofs. I'm not aware of such possibility for distributed systems. I know Lamport did work on that subject, but i'm not sure if you can equate a TLA+ proof on some properties to a mathematical proof about the structure of numbers, nor do i know if ethereum even has a TLA+ proof or equivalent of anything regarding the PoS protocol (i honestly don't know, so i may be completely wrong).
But the main issue in provable security is that you're trying to prove real world things with math, and so far we're quite bad at it. The more mathematical the thing you want to prove is, the better.
I wouldn't rely on experts being able to navigate through complexity as it happens quite a bit that a major bug in a protocol obliterating it completely is found 15 years after its inception...
Formal? Computer assisted proof checkers? Building strong cryptosystems is notoriously hard, especially when you start composing different systems since some are only secure given certain preconditions which are on you to remember and ensure.
Proof checkers only check for invariants you knew to check for. They're not future proofing against exploits, they're merely a solidification of what you knew about your attack surface at a time.
Good cryptography should be auditable, that means it should be simple. It should not rely on experts knowing their way through the complexity but should rely on mathematical guarantees.
Yes the cryptography primitives should act like black boxes, no need to peak inside but when a number of these black boxes are used together to form a high level protocol allot of subtle things can go wrong for example see the history of SSL/TLS https://www.feistyduck.com/ssl-tls-and-pki-history/
Agreed that conceptual simplicity is always best, and the current Casper FFG + LMD-GHOST doesn't have provable guarantees yet (though seems to be working in practice). I'm excited to see slight modifications to the consensus/forkchoice algo that do have provable guarantees, like [Goldfish](https://www.paradigm.xyz/2022/09/goldfish) from Paradigm Research.
Cryptocurrencies impose some complex constraints on themselves that require complex solutions.
Conceptually banks and exchanges solved the consensus problem decades ago and they did it with a highly secured simple database and lots of crosschecks.
But if you trust nobody (except some developers somehwere) then things get tricky
Could you go into more detail or provide references on where I could read up more on how banks do this? I've always wondered why we hear a lot about crypto exchanges getting hacked, but seldom about banks. What is it that banks are doing right (or crypto exchanges doing wrong) in terms of security?
Banking systems do not require consensus. So, it is a single party that has to make a trust decision with a counterparty that it partially trusts, but may potentially be a fraudulent party masquerading as a trusted party.
Crypto requires consensus amongs millions of untrusted and possibly malicious parties i.e., no trust, all cryptography.
Both require cryptography to work (eg: online banking transaction vis-a-vis crypto currency transfer). But the former is well-known (Public Key Encryption and Symmetric Encryption) client and server with established trust relationships that can be cryptographically verified whereas the latter is a distributed system with untrusted nodes and has different dynamics.
The other issue is about correctness. If there is an error (system or human) in the banking system, there are compensatory transactions/procedures possible. Crypto has not evolved yet to accommodate these real world issues. It is also not proven that the crypto protocols are 100% correct. Therein lies the rub. The banking system is also not 100% correct, but has procedures to address the failures (complaint system, appeals, courts etc.,) but with crypto, there is no way to address the failure cases (hacks, lost wallets, corrupted drives, 51% attacks etc.,)
I'm not sure if you're half joking, but banks authentify every single tenant in the transaction (from account owners, to institutions) in the most rigid way. Fraud usually happens at the edge (credit card), but everything "inside" the system is a legally registered entity.
It is completely integrated with the legal system.
They do solve the consensus problem but don't have the same constraints crypto does.
The consensus (of who owns what and how did that happen) is whatever the banking says it is at the moment.
This works because society places a lot of trust in the actors and the checks and regulations surrounding them (e.g. liability regimes) as well as the ways to rectify mistakes (through the legal system).
Crypto adds the additional requirement that every participant of the system (even end users) can independently come up with the same state without a single entity being the arbitrator of truth. The tradeoff is added technical complexity and inefficiency (storage and computation)
This is all about ledgers, traditional banks have a centralized ledger that only they can edit. Blockchains the ledger is decentralized, anyone can edit the ledger (based on specific rules) this provides allot of avenues of attack.
Making PoS scale to hundreds of thousands of nodes with commodity hardware is not simple though. Few projects managed so far, and Ethereum wasn‘t designed for it from the outset, so it‘s even more difficult.
I'm a crypto skeptic, but I have to admit, one of the cool things about crypto-currencies is that they come with their own built-in bug bounty. If there's a bug, it will most certainly be found.
I'm not sure a criminal mind would advertize having found a bug in the algorithm. Instead it would probably try to capitalize on that bug for as long as possible while remaining quiet about it (assuming it's possible, of course).
I know a lot of very smart people are working on this, but i'd rather have something conceptually simpler to work as the base layer for a whole new economy.