Proof of stake
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)(Learn how and when to remove this template message)
Proof of stake (PoS) is a type of consensus algorithm by which a cryptocurrency blockchain network aims to achieve distributed consensus. In PoS-based cryptocurrencies the creator of the next block is chosen via various combinations of random selection and wealth or age (i.e., the stake). In contrast, the algorithm of proof-of-work-based cryptocurrencies such as bitcoin uses mining; that is, the solving of computationally intensive puzzles to validate transactions and create new blocks.
Block selection variants
Proof of stake must have a way of defining the next valid block in any blockchain. Selection by account balance would result in (undesirable) centralization, as the single richest member would have a permanent advantage. Instead, several different methods of selection have been devised.
Randomized block selection
Nxt and BlackCoin use randomization to predict the following generator by using a formula that looks for the lowest hash value in combination with the size of the stake.[non-primary source needed][non-primary source needed][non-primary source needed] Since the stakes are public, each node can predict—with reasonable accuracy—which account will next win the right to forge a block.
Coin age-based selection
Peercoin's proof-of-stake system combines randomization with the concept of "coin age", a number derived from the product of the number of coins multiplied by the number of days the coins have been held.
Coins that have been unspent for at least 30 days begin competing for the next block. Older and larger sets of coins have a greater probability of signing the next block. However, once a stake of coins has been used to sign a block, it must start over with zero "coin age" and thus wait at least 30 more days before signing another block. Also, the probability of finding the next block reaches a maximum after 90 days in order to prevent very old or very large collections of stakes from dominating the blockchain.[non-primary source needed]
Incentives differ between the two systems of block generation. Under proof of work, miners may potentially own none of the currency they are mining and thus seek only to maximize their own profits. It is unclear whether this disparity lowers or raises security risks. Under proof of stake, however, those "guarding" the coins always own the coins, although several cryptocurrencies do allow or enforce the lending of staking power to other nodes.
One advantage of a 'proof of stake' over a 'proof of work' system, is the high energy consumption demanded by the latter, at least with current technology. As an example, Bitcoin mining (2018) is estimated to consume non-renewable energy sources at an amount similar to the entire nations of Czech Republic or Jordan.
Proof of stake opens the door to a wider array of techniques that use game-theoretic mechanism design in order to better discourage centralized cartels from forming and, if they do form, from acting in ways that are harmful to the network.
Some authors[non-primary source needed][non-primary source needed] argue that proof of stake is not an ideal option for a distributed consensus protocol. One issue that can arise is the "nothing-at-stake" problem, wherein block generators have nothing to lose by voting for multiple blockchain histories, thereby preventing consensus from being achieved. Because unlike in proof-of-work systems, there is little cost to working on several chains. Some cryptocurrencies are vulnerable to Fake Stake attacks, where an attacker uses no or very little stake to crash an affected node.
Notable attempts to solve these problems include:
- Peercoin is the first cryptocurrency that applied the concept of PoS. In its early stages, it used centrally broadcast checkpoints signed under the developer's private key. No blockchain reorganization was allowed deeper than the last known checkpoints. Checkpoints are opt-in as of v0.6 and are not enforced now that the network has reached a suitable level of distribution.
- Ethereum's suggested Slasher protocol allows users to "punish" the cheater who forges on top of more than one blockchain branch.[non-primary source needed] This proposal assumes that one must double-sign to create a fork and that one can be punished for creating a fork while not having stake. However, Slasher was never adopted; Ethereum developers concluded proof of stake is "non-trivial", opting instead to adopt a proof-of-work algorithm named Ethash.[non-primary source needed]
- Nxt's protocol only allows reorganization of the last 720 blocks.[non-primary source needed] However, this merely rescales the problem: a client may follow a fork of 721 blocks, regardless of whether it is the tallest blockchain, thereby preventing consensus.
- "Nxt Whitepaper (Blocks)". nxtwiki. Archived from the original on 3 February 2015. Retrieved 2 January 2015.
- mthcl (pseudonymous). "The math of Nxt forging" (PDF). pdf on docdroid.net. Retrieved 22 December 2014.
- Vasin, Pavel. "BlackCoin's Proof-of-Stake Protocol v2" (PDF).
- King, Sunny. "PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake" (PDF). Retrieved 2014-11-17.
- Thompson, Jeffrey (15 December 2013). "The Rise of Bitcoins, Altcoins—Future of Digital Currency". The Epoch Times. Retrieved 29 December 2013.
- Irfan, Umair (June 18, 2019). "Bitcoin is an energy hog. Where is all that electricity coming from?". Vox.
- Andrew Poelstra. "Distributed Consensus from Proof of Stake is Impossible" (PDF).
- Vitalik Buterin. "On Stake".
- "GitHub - ethereum/wiki: The Ethereum Wiki". August 7, 2019 – via GitHub.
- "Resource exhaustion attacks on PoS". University of Illinois at Urbana–Champaign. 22 January 2019. Retrieved 15 February 2019.
resource exhaustion attack affecting 26+ several chain-based proof-of-stake cryptocurrencies. These vulnerabilities would allow a network attacker with a very small(in some cases, none) amount of stake to crash any of the network nodes running the corresponding software
- Buterin, Vitalik. "Slasher: A Punitive Proof-of-Stake Algorithm".
- Buterin, Vitalik. "Slasher Ghost, and Other Developments in Proof of Stake". Retrieved 23 January 2016.
one thing has become clear: proof of stake is non-trivial
- Wood, Gavin. "Ethereum: A Secure Decentralised Generalised Transaction Ledger" (PDF). Retrieved 23 January 2016.
Ethash is the planned PoW algorithm for Ethereum 1.0
- "Nxt Whitepaper: History Attack". Nxtwiki. Archived from the original on 3 February 2015. Retrieved 2 January 2015.