Proof-of-stake is a method by which a cryptocurrency blockchain network aims to achieve distributed consensus. While the proof-of-work method asks users to repeatedly run hashing algorithms to validate electronic transactions, proof-of-stake asks users to prove ownership of a certain amount of currency (their "stake" in the currency). Peercoin was the first cryptocurrency to launch using Proof-of-Stake. Other prominent implementations are found in BitShares, Nxt, BlackCoin, NuShares/NuBits and Qora.
Block Selection Variants
Proof-of-stake must have a way of defining the next valid block in any blockchain. Selection by account balance would result in (undesirable) centralization, as the single richest member would have a permanent advantage. Instead, several different methods of selection have been devised.
Randomized Block Selection
Nxt and BlackCoin use randomization to predict the following generator, by using a formula that looks for the lowest hash value in combination with the size of the stake. Since the stakes are public, each node can predict - with reasonable accuracy - which account will next win the right to forge a block.
Coin Age Based Selection
Peercoin's proof-of-stake system combines randomization with the concept of "coin age," a number derived from the product of the number of coins times the number of days the coins have been held. Coins that have been unspent for at least 30 days begin competing for the next block. Older and larger sets of coins have a greater probability of signing the next block. However, once a stake of coins has been used to sign a block, they must start over with zero "coin age" and thus wait at least 30 more days before signing another block. Also, the probability of finding the next block reaches a maximum after 90 days in order to prevent very old or very large collections of stakes from dominating the blockchain. This process secures the network and gradually produces new coins over time without consuming significant computational power. Peercoin's developer claims that this makes a malicious attack on the network more difficult due to the lack of a need for centralized mining pools and the fact that purchasing more than half of the coins is likely more costly than acquiring 51% of proof-of-work hashing power .
Velocity Based Selection
Voting Based Selection
Instead of only using the stake size, the block generators can be selected by votes. BitShares uses a system where stake is used to elect a total of 101 delegates, who are then ordered at random. This has many of the advantages of shareholder voting (for example, the flexible accountability enhance the incentives of the generators to act responsibly), and yet it reintroduces the dangerous sybil attack - as in one case where one user posed as the top five delegates.
Proof of Work relies on energy use. According to a bitcoin mining-farm operator, energy consumption totaled 240kWh per bitcoin in 2014 (the equivalent of 16 gallons of gas). Moreover, these energy costs are almost always paid in non-cryptocurrency, introducing constant downward pressure on the price. Proof of Stake currencies can be several thousand times more cost effective.
The incentives of the block-generator are also different. Under Proof-of-Work, the generator may potentially own none of the currency he is mining. The incentive of the miner is only to maximize his own profits. It is unclear whether this disparity lowers or raises security risks. In Proof-of-Stake, those "guarding" the coins are always those who own the coins (although several cryptocurrencies do allow or enforce lending the staking power to other nodes).
Some authors argue that proof-of-stake is not an ideal option for a distributed consensus protocol. One problem is usually called the "nothing at stake" problem, where (in the case of a consensus failure) block-generators have nothing to lose by voting for multiple blockchain-histories, which prevents the consensus from ever resolving. Because there is little cost in working on several chains (unlike in proof-of-work systems), anyone can abuse this problem to attempt to double-spend (in case of blockchain reorganization) "for free".
Many have attempted to solve these problems:
- Peercoin uses centrally broadcast checkpoints (signed under the developer's private key). No blockchain reorganization is allowed deeper than the last known checkpoints. The tradeoff is that the developer is the central authority controlling the blockchain.
- Nxt's protocol only allows to reorganize last 720 blocks. However, this only rescales the problem: a client may follow a fork of 721 blocks, regardless of whether it is the tallest blockchain, preventing consensus.
- Ethereum's suggested Slasher protocol allows users to "punish" the cheater, who mines on the top of more than one blockchain branch. This proposal assumes you must double-sign to create a fork and that you can be punished if you create a fork while not having stake.
Statistical simulations have shown that simultaneous forging on several chains is possible, even profitable. But Proof of Stake advocates believe most described attack scenarios are impossible or so unpredictable that they are only theoretical.
- Proof-of-Work vs Proof-of-Stake, 31-8-2014
- King, Sunny. "PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake" (PDF). Retrieved 2014-11-17.
- "Nxt Whitepaper (Blocks)". nxtwiki. Retrieved 2 January 2015.
- mthcl (pseudonymous). "The math of Nxt forging" (PDF). pdf on docdroid.net. Retrieved 22 December 2014.
- Vasin, Pavel. "BlackCoin’s Proof-of-Stake Protocol v2" (PDF).
- Buterin, Vitalik. "What Proof of Stake Is And Why It Matters". Bitcoin Magazine. Retrieved 2013-11-20.
- Bradbury, Danny. "Third largest cryptocurrency peercoin moves into spotlight with Vault of Satoshi deal". CoinDesk. Retrieved 2013-11-20.
- Thompson, Jeffrey (15 December 2013). "The Rise of Bitcoins, Altcoins—Future of Digital Currency". The Epoch Times. Retrieved 29 December 2013.
- Whelan, Karl (2013-11-20). "So What's So Special About Bitcoin?". Forbes.
- Ren, Larry. "Proof of Stake Velocity: Building the Social Currency of the Digital Age" (PDF).
- "Carbon Foodprint of Bitcoin". coindesk.com. Retrieved 2 January 2015.
- "Nxt Network Energy and Cost Efficiency Analysis" (PDF). Retrieved 21 December 2014.
- "Proof of Work, Proof of Stake and the Consensus Debate". cointelegraph.com. Retrieved 3 January 2015.
- Andrew Poelstra. "Distributed Consensus from Proof of Stake is Impossible" (PDF).
- Vitalik Buterin. "On Stake".
- "Hard Problems of Cryptocurrencies".
- "Nxt Whitepaper: History Attack". Nxtwiki. Retrieved 2 January 2015.
- Buterin, Vitalik. "Slasher: A Punitive Proof-of-Stake Algorithm".
- Chepurnoy, Alexander. "PoS forging algorithms: multi-strategy forging and related security issues" (PDF). github.com. Retrieved 30 December 2014.
- Chepurnoy, Alexander. "PoS forging algorithms: formal approach and multibranch forging". scribd.com. Retrieved 22 December 2014.