Finality is a belief that some things will not change in the future (are final). Finality in blockchains matters because it gives us confidence that transactions or protocol decisions, will remain permanent and immutable. This ability to commit is what makes Blockchains so powerful as a coordination mechanism.

Consider the following situations:

  1. You received coins in the genesis block of Ethereum
  2. You received bitcoins three months ago, and three months passed with the chain growing and not reverting
  3. You received ETH 20 minutes ago, and two rounds of voting happened, “finalizing” the block containing the transaction that sent them to you
  4. You received ETH 10 seconds ago, and the transaction was included in one block

In each of these situations, you have some level of confidence that your ownership is “final”. How final is it? Will it hold true for eternity? In this post we argue that finality is conditional on beliefs about the future. Moreover, we explore several notions of finality and discuss how finality strengthens over time.

Social Finality

Social finality comes from a common fiction shared by the community. It reflects the belief that a blockchain will not change its protocol in a way that changes its core properties or that any such fork will be ignored.

The first two examples above are social finality. Within the Ethereum protocol, there is no way to revert the genesis block, but there is the possibility that the world will suddenly decide to call a different system with a different genesis block “Ethereum” and assign value to that new system.

If you received bitcoins three months ago, then chances are that even if there is a 51% attack, the community will not accept a chain reversion that goes that deep, and will instead take a radical measure like changing the proof-of-work algorithm.

Time gives protection against community initiated reverts. The 2010 value overflow bug was discovered and corrected within hours, when the affected blocks were still recent. After months of continuous chain growth, the chance of a socially accepted reversion becomes extremely small. The DAO vulnerability in 2016 is another example of social finality. The exploit touched only a short stretch of history, and the majority of the Ethereum community decided to favor a hard fork.

Social finality is often dependent on cryptography remaining secure. If very strong quantum computers suddenly appear, then unless you took special precautions, anyone who sees a transaction made from your account will be able to determine its private key, at which point the protocol (and the world) will have no way to distinguish such an attacker from you and determine who is the legitimate owner – and hence, you will stop being the owner.

Protocol Finality

Social finality and cryptographic finality are useful for statements that change very slowly (or essentially never change). The disruptive power of blockchains is their ability to quickly produce finality statements about changes in their state.

Blockchains achieve this by aggregating votes from sybil-resistant nodes (either proof-of-stake validators or proof-of-work miners) on proposed state changes in a way that yields finality for these changes under specific assumptions about the entire population of voters.

The canonical failure of blockchain finality is the famous double spend, where the same coin appears in two different transactions because the voters supported both.

The proof-of-work chain is a solution to the Byzantine Generals’ Problem. Satoshi email, 2008

How blockchains prevent double spend is central to their design. The standard academic model assumes that an adversary who tries to break finality or liveness controls only a limited fraction of the voting power. Under this assumption a large body of work studies Byzantine Agreement.

This connection between blockchains and Byzantine Agreement began with bitcoin and is now the prevailing point of view.

Honest Threshold Finality

Honest threshold finality relies on the belief that a majority (or supermajority) of the voting power will always act honestly. Finality under this belief follows from the safety properties of Byzantine agreement.

The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes. Bitcoin whitepaper, 2008

In stake based blockchains, honest threshold finality also relies on a belief that weak subjectivity holds. Users must periodically update their view of the validator set so that everyone agrees who is allowed to vote. This belief rules out hidden shifts in voting power that would break safety, and it is implicitly supported by the social layer.

Another form of threshold finality arises from the notion of asymmetric trust. Here, each party maintains its own view of which peers may be faulty, removing the need for a globally agreed fault threshold. Finality in this setting becomes subjective: it holds only among participants whose trust beliefs overlap sufficiently.

Cryptoeconomic Finality

In this paradigm validators must stake assets in order to get voting rights.

Cryptoeconomic finality strengthens honest threshold finality by believing that not only does a large fraction of the voting power need to behave dishonestly, but that by doing so a large fraction of their stake will be detected and punished (slashed).

The idea is that rational coalitions will avoid attacking the system because any attempt would cost more through slashing their stake than it could ever yield in rewards.

This approach relies on the accountability properties of Byzantine agreement and the ability to punish (slash) validators that are provably detected as misbehaving.

Representative Finality

With representative finality, randomly chosen committees are used to represent the decision of the entire validator set. This improves scalability by involving fewer validators, but it demands a stronger belief.

Representative finality relies on the belief that any sub sampled committee has an honest majority and that the adversary cannot adaptively corrupt its members before the committee finishes. These are stronger assumptions than honest threshold finality. Some sharded systems can be viewed as providing representative finality.

Representative finality can also be understood in the cryptoeconomic model, though the interpretation changes. There, the cost of an attack scales linearly with the number of validators. As a result, a small committee provides only limited economic security. If we adopt the cryptoeconomic perspective, the main motivation for representative finality is that using the full validator set may be unnecessarily expensive, and a committee containing only a small fraction of the validators may already provide sufficient cryptoeconomic security.

The longest-chain rule in PoW is, in fact, a form of representative finality.

Finality as a function of time

Finality strengthens with time. Early on confidence is low since the transaction has only just been proposed. As time passes the transaction gains layers of assurance through multiple forms of finality which reinforce one another.

A single transaction advances through this spectrum as more evidence accumulates. It begins as a proposal by one validator then gains depth as additional honest proposers extend the chain. It may then be endorsed by a rotating or sub sampled committee which raises its assurance further. Eventually it reaches protocol level finality when a majority or supermajority of validators confirm it. After enough time has passed social finality also applies since society treats older parts of the chain as fixed and immutable.

For humans, absolute finality exists only at the social layer. Even if a block obtains protocol finality, a severe bug that affects most validators could trigger a coordinated rollback at the social finality level. As another example, if a powerful actor (say, a new NVIDIA miner with 70% hash power) launched a large reorg on bitcoin, the community would almost certainly reject their fork socially, establishing de facto social finality.

All forms of finality operate inside a broader social envelope which is the collective agreement on the canonical chain and the rule set. Probabilistic, economic and threshold bases protocol finality hold only as long as social consensus treats the system as legitimate.

A Bayesian view might suggest that finality confidence simply converges to 100% as we “gather more information” over time. However, finality is not simple Bayesian accumulation of certainty. It is shaped by incentives since attempts to revert the chain depend on how users respond to finality. Confidence affects behaviour and behaviour affects risk. Because of this feedback loop it is still helpful to use categorical notions of finality since they capture the qualitative shifts in which assumptions protect safety whether economic penalties, quorum thresholds, or full social coordination.

Final thoughts

Finality is conditional on beliefs about the future. Users decide which beliefs they accept and how much conditionality they are willing to tolerate. Their position on the confidence curve reflects their preferences for risk and latency.

Finality strengthens over time as different assurances accumulate. Early on a transaction carries weak guarantees. As depth grows and as different protocol mechanisms endorse it, the confidence in its permanence increases.

What counts as “final enough” depends on context. For everyday payments, fast but weaker guarantees may suffice. For savings or cross chain transfers, users may wait for stronger, economically backed finality.

In all cases, a judgment of finality reflects beliefs about the future and the conditionality users are willing to accept.

Acknowledgements

Many thanks to Roberto Saltini, for insightful feedback.

Your thoughts on X.