Proof-of-stake

From Infogalactic: the planetary knowledge core
(Redirected from Proof of stake)
Jump to: navigation, search

Proof-of-stake (PoS) is a method by which a cryptocurrency blockchain network aims to achieve distributed consensus. While the proof-of-work (PoW) method asks users to repeatedly run hashing algorithms or other client puzzles to validate electronic transactions,[1] proof-of-stake asks users to prove ownership of a certain amount of currency (their "stake" in the currency). Peercoin[2] was the first cryptocurrency to launch using proof-of-Stake. Other prominent implementations are found in BitShares, ShadowCash, Nxt, BlackCoin, NuShares/NuBits and Qora. Ethereum has planned a hard fork transition from PoW to PoS consensus. Both Peercoin and Decred[3] hybridize PoW with PoS and combine elements of both consensus approaches in an attempt to garner the benefits of the two systems and create a more robust notion of consensus.

Block selection variants

Proof-of-stake must have a way of defining the next valid block in any blockchain. Selection by account balance would result in (undesirable) centralization, as the single richest member would have a permanent advantage. Instead, several different methods of selection have been devised.

Randomized block selection

Nxt and BlackCoin use randomization to predict the following generator, by using a formula that looks for the lowest hash value in combination with the size of the stake.[4][5][6] Since the stakes are public, each node can predict - with reasonable accuracy - which account will next win the right to forge a block.

Coin age based selection

Peercoin's proof-of-stake system combines randomization with the concept of "coin age," a number derived from the product of the number of coins times the number of days the coins have been held. Coins that have been unspent for at least 30 days begin competing for the next block. Older and larger sets of coins have a greater probability of signing the next block. However, once a stake of coins has been used to sign a block, they must start over with zero "coin age" and thus wait at least 30 more days before signing another block. Also, the probability of finding the next block reaches a maximum after 90 days in order to prevent very old or very large collections of stakes from dominating the blockchain.[2][7][8] This process secures the network and gradually produces new coins over time without consuming significant computational power.[9] Peercoin's developer claims that this makes a malicious attack on the network more difficult due to the lack of a need for centralized mining pools and the fact that purchasing more than half of the coins is likely more costly than acquiring 51% of proof-of-work hashing power .[10]

Velocity based selection

Reddcoin's proof-of-stake velocity (PoSV)[11] claims to encourage velocity i.e. movement of money between people, rather than hoarding.

Voting based selection

Instead of only using the stake size, the block generators can be selected by votes. BitShares uses a system where stake is used to elect a total of 101 delegates, who are then ordered at random.[12] This has many of the advantages of shareholder voting (for example, the flexible accountability enhances the incentives of the generators to act responsibly), and yet it reintroduces the dangerous Sybil attack - as in one case where one user posed as the top five delegates.[13]

Advantages

Proof of Work relies on energy use. According to a bitcoin mining-farm operator, energy consumption totaled 240kWh per bitcoin in 2014 (the equivalent of 16 gallons of gasoline).[14] Moreover, these energy costs are almost always paid in non-cryptocurrency, introducing constant downward pressure on the price. Proof of Stake currencies can be several thousand times more cost effective.[15]

The incentives of the block-generator are also different. Under Proof-of-Work, the generator may potentially own none of the currency he is mining. The incentive of the miner is only to maximize his own profits. It is unclear whether this disparity lowers or raises security risks.[16] In Proof-of-Stake, those "guarding" the coins are always those who own the coins (although several cryptocurrencies do allow or enforce lending the staking power to other nodes).

Criticism

Some authors[17][18] argue that proof-of-stake is not an ideal option for a distributed consensus protocol. One problem is usually called the "nothing at stake" problem, where (in the case of a consensus failure) block-generators have nothing to lose by voting for multiple blockchain-histories, which prevents the consensus from ever resolving. Because there is little cost in working on several chains (unlike in proof-of-work systems), anyone can abuse this problem to attempt to double-spend (in case of blockchain reorganization) "for free".[19]

Many have attempted to solve these problems:

  • Peercoin uses centrally broadcast checkpoints (signed under the developer's private key). No blockchain reorganization is allowed deeper than the last known checkpoints. The tradeoff is that the developer is the central authority controlling the blockchain.
  • Nxt's protocol only allows to reorganize last 720 blocks.[20] However, this only rescales the problem: a client may follow a fork of 721 blocks, regardless of whether it is the tallest blockchain, preventing consensus.
  • Ethereum's suggested Slasher protocol allows users to "punish" the cheater, who mines on the top of more than one blockchain branch.[21] This proposal assumes you must double-sign to create a fork and that you can be punished if you create a fork while not having stake. However Slasher was never adopted; Ethereum developers concluded proof-of-stake is "non-trivial".[22] Instead Ethereum designed a proof-of-work algorithm named Ethash.[23]
  • Hybrid "Proof of burn" and proof of stake. Proof of burn blocks act as checkpoints, have higher rewards, are more secure - and are more expensive.
  • Hybrid "Proof of work" and proof of stake. Proof of work blocks also act as checkpoints, containing no transactions, but anchor both to each other and to the PoS chain.

Statistical simulations have shown that simultaneous forging on several chains is possible, even profitable. But Proof of Stake advocates believe most described attack scenarios are impossible or so unpredictable that they are only theoretical.[24][25]

See also

References

  1. Proof-of-Work vs Proof-of-Stake, 31-8-2014
  2. 2.0 2.1 Lua error in package.lua at line 80: module 'strict' not found.
  3. Lua error in package.lua at line 80: module 'strict' not found.
  4. Lua error in package.lua at line 80: module 'strict' not found.
  5. Lua error in package.lua at line 80: module 'strict' not found.
  6. Lua error in package.lua at line 80: module 'strict' not found.
  7. Lua error in package.lua at line 80: module 'strict' not found.
  8. Lua error in package.lua at line 80: module 'strict' not found.
  9. Lua error in package.lua at line 80: module 'strict' not found.
  10. Lua error in package.lua at line 80: module 'strict' not found.
  11. Lua error in package.lua at line 80: module 'strict' not found.
  12. Lua error in package.lua at line 80: module 'strict' not found.
  13. Lua error in package.lua at line 80: module 'strict' not found.
  14. Lua error in package.lua at line 80: module 'strict' not found.
  15. Lua error in package.lua at line 80: module 'strict' not found.
  16. Lua error in package.lua at line 80: module 'strict' not found.
  17. Lua error in package.lua at line 80: module 'strict' not found.
  18. Lua error in package.lua at line 80: module 'strict' not found.
  19. Lua error in package.lua at line 80: module 'strict' not found.
  20. Lua error in package.lua at line 80: module 'strict' not found.
  21. Lua error in package.lua at line 80: module 'strict' not found.
  22. Lua error in package.lua at line 80: module 'strict' not found.
  23. Lua error in package.lua at line 80: module 'strict' not found.
  24. Lua error in package.lua at line 80: module 'strict' not found.
  25. Lua error in package.lua at line 80: module 'strict' not found.
Retrieved from "https://infogalactic.com/w/index.php?title=Proof-of-stake&oldid=722677390"