|This article may rely excessively on sources too closely associated with the subject, potentially preventing the article from being verifiable and neutral. (August 2016) (Learn how and when to remove this template message)|
Proof-of-stake (PoS) is a method by which a cryptocurrency blockchain network aims to achieve distributed consensus. While the proof-of-work (PoW) method asks users to repeatedly run hashing algorithms or other client puzzles to validate electronic transactions, proof-of-stake asks users to prove ownership of a certain amount of currency (their "stake" in the currency). Peercoin was the first cryptocurrency to launch using proof-of-Stake. Other prominent implementations are found in ShadowCash, Nxt, BlackCoin, NuShares/NuBits, Qora and Nav Coin. Ethereum has planned a hard fork transition from PoW to PoS consensus. Both Peercoin and Decred hybridize PoW with PoS and combine elements of both consensus approaches in an attempt to garner the benefits of the two systems and create a more robust notion of consensus.
Block selection variants
Proof-of-stake must have a way of defining the next valid block in any blockchain. Selection by account balance would result in (undesirable) centralization, as the single richest member would have a permanent advantage. Instead, several different methods of selection have been devised.
Randomized block selection
Nxt and BlackCoin use randomization to predict the following generator, by using a formula that looks for the lowest hash value in combination with the size of the stake. Since the stakes are public, each node can predict - with reasonable accuracy - which account will next win the right to forge a block.
Coin age based selection
Peercoin's proof-of-stake system combines randomization with the concept of "coin age," a number derived from the product of the number of coins times the number of days the coins have been held. Coins that have been unspent for at least 30 days begin competing for the next block. Older and larger sets of coins have a greater probability of signing the next block. However, once a stake of coins has been used to sign a block, they must start over with zero "coin age" and thus wait at least 30 more days before signing another block. Also, the probability of finding the next block reaches a maximum after 90 days in order to prevent very old or very large collections of stakes from dominating the blockchain. This process secures the network and gradually produces new coins over time without consuming significant computational power. Peercoin's developer claims that this makes a malicious attack on the network more difficult due to the lack of a need for centralized mining pools and the fact that purchasing more than half of the coins is likely more costly than acquiring 51% of proof-of-work hashing power .
Proof of Work relies on energy use. According to a bitcoin mining-farm operator, energy consumption totaled 240kWh per bitcoin in 2014 (the equivalent of 16 gallons of gasoline). Moreover, these energy costs are almost always paid in non-cryptocurrency, introducing constant downward pressure on the price. Proof of Stake currencies can be several thousand times more cost effective.
The incentives of the block-generator are also different. Under Proof-of-Work, the generator may potentially own none of the currency they are mining. The incentive of the miner is only to maximize his own profits. It is unclear whether this disparity lowers or raises security risks. In Proof-of-Stake, those "guarding" the coins are always those who own the coins (although several cryptocurrencies do allow or enforce lending the staking power to other nodes).
Some authors argue that proof-of-stake is not an ideal option for a distributed consensus protocol. One problem is usually called the "nothing at stake" problem, where (in the case of a consensus failure) block-generators have nothing to lose by voting for multiple blockchain-histories, which prevents the consensus from ever resolving. Because there is little cost in working on several chains (unlike in proof-of-work systems), anyone can abuse this problem to attempt to double-spend (in case of blockchain reorganization) "for free".
Many have attempted to solve these problems:
- Peercoin uses centrally broadcast checkpoints (signed under the developer's private key). No blockchain reorganization is allowed deeper than the last known checkpoints. The tradeoff is that the developer is the central authority controlling the blockchain.
- Nxt's protocol only allows to reorganize last 720 blocks. However, this only rescales the problem: a client may follow a fork of 721 blocks, regardless of whether it is the tallest blockchain, preventing consensus.
- Ethereum's suggested Slasher protocol allows users to "punish" the cheater, who mines on the top of more than one blockchain branch. This proposal assumes you must double-sign to create a fork and that you can be punished if you create a fork while not having stake. However Slasher was never adopted; Ethereum developers concluded proof-of-stake is "non-trivial". Instead Ethereum designed a proof-of-work algorithm named Ethash. It is planned to be replaced by a different PoS protocol called "CASPER".
- Hybrid "Proof of burn" and proof of stake. Proof of burn blocks act as checkpoints, have higher rewards, are more secure - and are more expensive.
- Hybrid "Proof of work" and proof of stake. Proof of work blocks also act as checkpoints, containing no transactions, but anchor both to each other and to the PoS chain.
Statistical simulations have shown that simultaneous forging on several chains is possible, even profitable. But Proof of Stake advocates believe most described attack scenarios are impossible or so unpredictable that they are only theoretical.
- Proof-of-Work vs Proof-of-Stake, 31-8-2014
- King, Sunny. "PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake" (PDF). Retrieved 2014-11-17.
- Lockhart, Sophia. "Nav Coin goes live with POS online wallet". www.navcoin.org.
- Jepson, Christina. "DTB001: Decred Technical Brief" (PDF). Retrieved 2016-03-01.
- "Nxt Whitepaper (Blocks)". nxtwiki. Retrieved 2 January 2015.
- mthcl (pseudonymous). "The math of Nxt forging" (PDF). pdf on docdroid.net. Retrieved 22 December 2014.
- Vasin, Pavel. "BlackCoin's Proof-of-Stake Protocol v2" (PDF).
- Buterin, Vitalik. "What Proof of Stake Is And Why It Matters". Bitcoin Magazine. Retrieved 2013-11-20.
- Bradbury, Danny. "Third largest cryptocurrency peercoin moves into spotlight with Vault of Satoshi deal". CoinDesk. Retrieved 2013-11-20.
- Thompson, Jeffrey (15 December 2013). "The Rise of Bitcoins, Altcoins—Future of Digital Currency". The Epoch Times. Retrieved 29 December 2013.
- Whelan, Karl (2013-11-20). "So What's So Special About Bitcoin?". Forbes.
- "Carbon Footprint of Bitcoin". coindesk.com. Retrieved 2 January 2015.
- "Nxt Network Energy and Cost Efficiency Analysis" (PDF). Retrieved 21 December 2014.
- "Proof of Work, Proof of Stake and the Consensus Debate". cointelegraph.com. Retrieved 3 January 2015.
- Andrew Poelstra. "Distributed Consensus from Proof of Stake is Impossible" (PDF).
- Vitalik Buterin. "On Stake".
- "Hard Problems of Cryptocurrencies".
- "Nxt Whitepaper: History Attack". Nxtwiki. Retrieved 2 January 2015.
- Buterin, Vitalik. "Slasher: A Punitive Proof-of-Stake Algorithm".
- Buterin, Vitalik. "Slasher Ghost, and Other Developments in Proof of Stake". Retrieved 23 January 2016.
one thing has become clear: proof of stake is non-trivial
- Wood, Gavin. "Ethereum: A Secure Decentralised Generalised Transaction Ledger" (PDF). Retrieved 23 January 2016.
Ethash is the planned PoW algorithm for Ethereum 1.0
- Chepurnoy, Alexander. "PoS forging algorithms: multi-strategy forging and related security issues" (PDF). github.com. Retrieved 30 December 2014.
- Chepurnoy, Alexander. "PoS forging algorithms: formal approach and multibranch forging". scribd.com. Retrieved 22 December 2014.