Nothing is absolute. We have to evaluate the pros and cons of ETH PoS vs PoW from different perspectives . Discussion will be meaningless if we compare security to decentralization, just like comparing apples to oranges.
We can think of censorship resistance from at least two perspectives:
→ If being censored, how long will it prevent your transactions from going on chain?
→ If being censored, can you guarantee that your transactions can still be packaged on chain in the future?
To prevent a 51% attack, let’s consider the following two aspects:
→ How much does it cost hackers to attack?
→ How likely can they rent sufficient mining equipment?
For the ETH merge, we shouldn’t simply state that PoS Eth’s levels of decentralization and security are "higher" and "lower" than those of PoW. The scopes of these questions are too broad. So, let's unpack them one by one.
First of all, the safety issue. There is no doubt that the cost of attack has become higher under PoS. This has been discussed many times. If you try to attack a PoW network with your crazy hash rate, your actual cost is only your electricity bills.
Your hashrate won’t change if you run an attack, especially when the proportion of ETH graphics card mining machines is high in the market. Even if your attack fails, you can dismantle the crypto mining facilities and sell off the graphics cards afterwards.
However, if you attack the ETH PoS network, you will lose all of your staked ETH. This increases the cost of attack by hundreds of times. You should know that the cost of attacking PoW is temporary. Nevertheless, for PoS, it’s permanent.
However, it becomes slightly worse for PoS when considering renting mining equipment. Given the physical properties of PoW mining, miners are scattered around the world which makes it really difficult for you to rent 51% of the total ETH hash rate. It's not a cost issue here, rather, it's a 1 or 0 issue.
It’s different for PoS. There are 120 million ETH in circulation, with 13 million+ staked on the beacon chain. In theory, as long as you can "borrow" 5% of the ETH in circulation, you can run a 51% attack. Of course, I'm not saying it's easy. It's still "very hard", but not as hard as that for PoW.
In a centralized world, borrowing may require some collateral, or it may be possible to rely on reputation, or even by power, such as regulators, so here comes to our second question.
Censorship-resistance is part of the features for decentralization.
At least 2/3 of the nodes of the ETH beacon chain are under the jurisdiction of the US regulators, which may turn up censorship. The discussion starts there：https://twitter.com/TheEylon/status/1558911348255461378
After the merge, the top 4 entity is Lido, Coinbase, Kraken and Binance respectively, which only the top4 pools account for >55%。
Let's take Tornado Cash as an example. If US regulations require 2/3 of the mining pools to ban this transaction, it will take much longer time for the tornado tx to go on the chain. In the past, it took about 12 seconds, but in the future it may take more than 30 seconds, or even a minute or two if you are unlucky.
I calculated a curve (below), the probability of continuously banning you for 1 minute is about ~7%, which is kinda disappointing.
But in fact, this is not a consensus issue of PoS. It is about the changes in the miners. In the past, PoW's top 10 mining pools took up 78% of hashrate. In theory, they could also jointly censor your transaction and prevent it from going on the chain.
Many of them are Chinese-backed mining pools, and some are located in Russia and Central Asia. China and Russia are the few regions in the world that the United States cannot sanction directly. So censorship-resistance is not about the technology, but about the location of miniers .
Today's PoS pools, whether Lido, Coinbase or Kraken, are all in the United States so that they are subject to strict restrictions. Although they are all making positive statements now, it’s just a matter of time for the regulators to censor illegal transactions in the future. PoS is actually worse than PoW in terms of censorship time.
There is one more indicator to evaluate the pros and cons of PoW vs. PoS, the worst-case scenario, which is whether you can guarantee that your transaction will at least get on-chain. Let's continue the calculations above, if we still assume 2/3 of nodes are under censorship, your transaction within 10 blocks will go on the chain in 98% of cases. You can always find mining pools that ignore US regulatory requirements, but all you have to do is wait.
In other words, the US can control validators to exclude your transactions for a few minutes, but they cannot do it for a lifetime. This is completely different from the case of AAVE blocking Tornado users. Afterall, mining pools are unlike AAVE, which is controlled by a single party.
As long as you want, you can always change your pools to fight against censorship and get your transactions on chain.
Of course, you can also randomly change mining pools under PoW. In real life now, there are many people who might know that you are running a pool, but very few people would know that you are running a PoS node on a server or PC. From this perspective, PoS can physically conceal your identity. However, if you withdraw ETH from CEXes and stake them, the KYC of CEXes will expose your identity. In contrary, under a PoW network, CEXes would never be able to know that you’ve bought mining machines.
What if the ruling government decides to roll back your transactions once they find that you can always get away from sanctions simply by waiting a bit longer to include your transactions in the block?
First of all, this question is no longer under the censorship resistance scope. This is almost like a direct attack to the network. The probability of this happening is extremely small, but not zero.
For instance, one of your tornado transactions is finally on-chain through a node that is not regulated by the government. At this time, the regulators who have controlled ⅔ of the large pools can directly fork the network and remove the block that includes your transaction, so that your transaction will never be on chain. Though they cannot delete your transaction, they can simply discard the block and this can be done within a single echo under PoS.
In this case, some Ethereum community members are proposing “social slashing”, which is to confiscate the staked ETH of those nodes. However, this may lead to a new totalitarian regime. Ethereum should not adopt the kind of rule that does not exist on the blockchain.
Furthermore, the current pool nodes are usually connected to MEV tools like Flashbot. However, Flashbot is also regulated.This means that transactions that failed to meet the regulatory requirements will not appear in the Flashbot transaction list at all, and nodes include these transactions will be affected. Thus, more MEV tools are also needed.
Last month, coinbase stepped up and said that they would rather quit the Ethereum staking business than censor the network to comply with sanctions.
But staking service is lucrative, and the staking APR is expected to be 6-8%, usually with 10%-20% commissions. If Coinbase stops providing staking service, it will lose at least tens of thousands of ETH a year, simply based on their million ETH in their cold wallet.
This business must be carried on. But regulators will also keep regulating.
Therefore, we can't really count on Cefi, whether Coinbase, Lido (semi-cefi), or Flashbot (centralized tool). Instead, we have to make technical improvements and optimization on the chain itself. There is still a long way to go.
But only in this way can we protect our Ethereum network.