Proof-of-stake is a method of securing a blockchain network (such as those used for cryptocurrency) and achieving distributed consensus through requesting users to show ownership of a certain amount of currency. It is different from proof-of-work systems that run difficult hashing algorithms to validate electronic transactions. Peercoin was the first cryptocurrency to launch using Proof-of-Stake. Other prominent implementations are found in BitShares, Nxt, BlackCoin, NuShares/NuBits.
Block Selection Variants
Every time a block is added to the blockchain, a creator for the following one has to be selected. Since it can't always be the account with the biggest stake of the currency (then this one would create all blocks), different methods of selection have been devised.
Randomized Block Selection
Nxt and BlackCoin use randomization to predict the following generator, by using a formula that looks for the lowest hash value in combination with the size of the stake. Since the stakes are public, each node can predict - with reasonable accuracy - which account will next win the right to forge a block.
Coin Age Based Selection
Peercoin's proof-of-stake system combines randomization with the concept of "coin age," a number derived from the product of the number of coins times the number of days the coins have been held. Coins that have been unspent for at least 30 days begin competing for the next block. Older and larger sets of coins have a greater probability of signing the next block. However, once a stake of coins has been used to sign a block, they must start over with zero "coin age" and thus wait at least 30 more days before signing another block. Also, the probability of finding the next block reaches a maximum after 90 days in order to prevent very old or very large collections of stakes from dominating the blockchain.  This process secures the network and gradually produces new coins over time without consuming significant computational power. Peercoin's developer claims that this makes a malicious attack on the network more difficult due to the lack of a need for centralized mining pools and the fact that purchasing more than half of the coins is likely more costly than acquiring 51% of proof-of-work hashing power .
Velocity Based Selection
Voting Based Selection
Instead of only using the stake size, the block generators can be selected by votes. BitShares uses a system of 101 delegates and selects randomly among these. The community votes enhance the incentives of the generators to act responsibly, while on the downside opening the door for sybil attacks - as in the case where one user posed as the top five delegates.
Advantages and Disadvantages
Proof of Work relies on energy use. That means an external tangible good is providing the security. On the down-side, this leads to a race towards burning more and more energy. By account of a Bitcoin mining-farm operator these were 240kWh per Bitcoin in 2014 (the equivalent of 16 gallons of gas). Proof of Stake currencies can be several thousand times more cost effective. These mining costs have to flow out of the currency - putting a downward pressure on the price.
One aspect are the incentives that are very different. Proof-of-Work means that the generator is not necessarily holding the currency. The incentive is to maximize returns from the hardware. There is a discussion whether this lowers or raises security risks. In Proof-of-Stake the coin owner and coin guard are the same. Though several cryptocurrencies allow or enforce lending the staking power to other nodes.
Some authors argue that proof-of-stake is not an ideal option for a distributed consensus protocol. The main problem is usually called the "nothing at stake" problem. It means that in case of a chain fork (or any other kind of consensus disagreement), a person can "vote" for both variants, because he has a stake in each branch. There is little cost in working on several chains (unlike in proof-of-work systems), and that gives the ability to try to cheat (e.g. double-spend in case of blockchain reorganization) "for free".
Many have attempted to solve these problems:
- Peercoin uses centrally broadcast checkpoints (signed under the developer's private key). No blockchain reorganization is allowed deeper than the last known checkpoints. The tradeoff is that the developer is the central authority controlling the blockchain.
- Nxt's protocol only allows to reorganize last 720 blocks. Disallowing blockchain reorganizations can cause your client to follow a fork of 721 blocks regardless of whether it is the tallest blockchain, preventing consensus.
- Ethereum's suggested Slasher protocol allows users to "punish" the cheater, who mines on the top of more than one blockchain branch. This proposal assumes you must double-sign to create a fork and that you can be punished if you create a fork while not having stake.
Statistical simulations have shown that simultaneous forging on several chains is possible, even profitable. But Proof of Stake advocates believe most described attack scenarios are impossible or so unpredictable that they are only theoretical.
- Proof-of-Work vs Proof-of-Stake, 31-8-2014
- King, Sunny. "PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake" (PDF). Retrieved 2014-11-17.
- "Nxt Whitepaper (Blocks)". nxtwiki. Retrieved 2 January 2015.
- mthcl (pseudonymous). "The math of Nxt forging" (PDF). pdf on docdroid.net. Retrieved 22 December 2014.
- Vasin, Pavel. "BlackCoin’s Proof-of-Stake Protocol v2" (PDF).
- Buterin, Vitalik. "What Proof of Stake Is And Why It Matters". Bitcoin Magazine. Retrieved 2013-11-20.
- Bradbury, Danny. "Third largest cryptocurrency peercoin moves into spotlight with Vault of Satoshi deal". CoinDesk. Retrieved 2013-11-20.
- Thompson, Jeffrey (15 December 2013). "The Rise of Bitcoins, Altcoins—Future of Digital Currency". The Epoch Times. Retrieved 29 December 2013.
- Whelan, Karl (2013-11-20). "So What's So Special About Bitcoin?". Forbes.
- Ren, Larry. "Proof of Stake Velocity: Building the Social Currency of the Digital Age" (PDF).
- "Carbon Foodprint of Bitcoin". coindesk.com. Retrieved 2 January 2015.
- "Nxt Network Energy and Cost Efficiency Analysis" (PDF). Retrieved 21 December 2014.
- "Proof of Work, Proof of Stake and the Consensus Debate". cointelegraph.com. Retrieved 3 January 2015.
- Andrew Poelstra. "Distributed Consensus from Proof of Stake is Impossible" (PDF).
- Vitalik Buterin. "On Stake".
- "Hard Problems of Cryptocurrencies".
- "Nxt Whitepaper: History Attack". Nxtwiki. Retrieved 2 January 2015.
- Buterin, Vitalik. "Slasher: A Punitive Proof-of-Stake Algorithm".
- Chepurnoy, Alexander. "PoS forging algorithms: multi-strategy forging and related security issues" (PDF). github.com. Retrieved 30 December 2014.
- Chepurnoy, Alexander. "PoS forging algorithms: formal approach and multibranch forging". scribd.com. Retrieved 22 December 2014.