This article may rely excessively on sources too closely associated with the subject, potentially preventing the article from being verifiable and neutral. (August 2016) (Learn how and when to remove this template message)
Proof of stake (PoS) is a type of algorithm by which a cryptocurrency blockchain network aims to achieve distributed consensus. In PoS-based cryptocurrencies, the creator of the next block is chosen via various combinations of random selection and wealth or age (i.e., the stake). In contrast, the algorithm of proof-of-work-based cryptocurrencies such as bitcoin uses mining; that is, the solving of computationally intensive puzzles to validate transactions and create new blocks.
Block selection variants[edit | edit source]
Proof of stake must have a way of defining the next valid block in any blockchain. Selection by account balance would result in (undesirable) centralization, as the single richest member would have a permanent advantage. Instead, several different methods of selection have been devised.
Randomized block selection[edit | edit source]
Nxt and BlackCoin use randomization to predict the following generator by using a formula that looks for the lowest hash value in combination with the size of the stake. Since the stakes are public, each node can predict—with reasonable accuracy—which account will next win the right to forge a block.
Coin age-based selection[edit | edit source]
Peercoin's proof-of-stake system combines randomization with the concept of "coin age", a number derived from the product of the number of coins multiplied by the number of days the coins have been held.
Coins that have been unspent for at least 30 days begin competing for the next block. Older and larger sets of coins have a greater probability of signing the next block. However, once a stake of coins has been used to sign a block, it must start over with zero "coin age" and thus wait at least 30 more days before signing another block. Also, the probability of finding the next block reaches a maximum after 90 days in order to prevent very old or very large collections of stakes from dominating the blockchain.
This process secures the network and gradually produces new coins over time without consuming significant computational power. Peercoin's developer claims that the lack of need for centralized mining pools—and the fact that purchasing more than half of the coins in circulation is likely more costly than acquiring 51 percent of available proof-of-work hashing power—makes a malicious attack on the network more difficult.
Masternodes[edit | edit source]
Another form of staking is running a masternode, a form of decentralized server. The main disadvantage of operating a masternode is the relatively high barrier to entry as opposed to staking alone. In order to secure the network, those willing to run a masternode are required to purchase a certain number of coins as collateral at current market price.
Advantages[edit | edit source]
Proof-of-stake currencies can be more energy efficient than currencies based on proof-of-work algorithms.
Incentives also differ between the two systems of block generation. Under proof of work, miners may potentially own none of the currency they are mining and thus seek only to maximize their own profits. It is unclear whether this disparity lowers or raises security risks. Under proof of stake, however, those "guarding" the coins always own the coins, although several cryptocurrencies do allow or enforce the lending of staking power to other nodes.
Criticism[edit | edit source]
Some authors argue that proof of stake is not an ideal option for a distributed consensus protocol. One issue that can arise is the "nothing-at-stake" problem, wherein block generators have nothing to lose by voting for multiple blockchain histories, thereby preventing consensus from being achieved. Because unlike in proof-of-work systems, there is little cost to working on several chains, anyone can abuse this vulnerability by attempting to double spend "for free".
Many have attempted to solve these problems:
- Ethereum's suggested Slasher protocol allows users to "punish" the cheater who forges on top of more than one blockchain branch. This proposal assumes that one must double-sign to create a fork and that one can be punished for creating a fork while not having stake. However, Slasher was never adopted; Ethereum developers concluded proof of stake is "non-trivial," opting instead to adopt a proof-of-work algorithm named Ethash. It is planned to be replaced by a different PoS protocol called "Casper".
- Peercoin, in its early stages, used centrally broadcast checkpoints signed under the developer's private key. No blockchain reorganization was allowed deeper than the last known checkpoints. Checkpoints are opt-in as of v0.6 and are not enforced now that the network has reached a suitable level of distribution.
- Nxt's protocol only allows reorganization of the last 720 blocks. However, this merely rescales the problem: a client may follow a fork of 721 blocks, regardless of whether it is the tallest blockchain, thereby preventing consensus.
- Hybrid "proof of burn" and proof of stake. Proof-of-burn blocks act as checkpoints, have higher rewards, contain no transactions, are more secure, and anchor both to each other and to the PoS chain but are more expensive.
- Decred's hybrid proof-of-work and proof-of-stake, in which proof of stake is an extension dependent on the proof-of-work timestamping, based on the "proof of activity" proposal, which aims to solve the nothing-at-stake problem by having proof-of-work miners mining blocks and proof-of-stake acting as a second authentication mechanism.
Statistical simulations have shown that simultaneous forging on several chains is possible, even profitable. But proof of stake advocates believe that most described attack scenarios are impossible or so unpredictable as to be only theoretical.
See also[edit | edit source]
References[edit | edit source]
- "Nxt Whitepaper (Blocks)". nxtwiki. Archived from the original on 3 February 2015. Retrieved 2 January 2015.
- mthcl (pseudonymous). "The math of Nxt forging" (PDF). pdf on docdroid.net. Retrieved 22 December 2014.
- Vasin, Pavel. "BlackCoin's Proof-of-Stake Protocol v2" (PDF).
- King, Sunny. "PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake" (PDF). Retrieved 2014-11-17.
- Buterin, Vitalik. "What Proof of Stake Is And Why It Matters". Bitcoin Magazine. Retrieved 2013-11-20.
- Bradbury, Danny. "Third largest cryptocurrency peercoin moves into spotlight with Vault of Satoshi deal". CoinDesk. Retrieved 2013-11-20.
- Thompson, Jeffrey (15 December 2013). "The Rise of Bitcoins, Altcoins—Future of Digital Currency". The Epoch Times. Retrieved 29 December 2013.
- Whelan, Karl (2013-11-20). "So What's So Special About Bitcoin?". Forbes.
- "What is a masternode?". Invest it in. 2017-09-22. Retrieved 2017-12-19.
- "What Is A Masternode And How Is It Useful For Cryptocoin Investors". CoinSutra - Bitcoin Community. 2018-01-04. Retrieved 2018-01-08.
- "What Are Masternodes? An Introduction and Guide". CoinCentral. 2017-12-19. Retrieved 2018-01-09.
- "Nxt Network Energy and Cost Efficiency Analysis" (PDF). Retrieved 21 December 2014.
- "Proof of Work, Proof of Stake and the Consensus Debate". cointelegraph.com. Retrieved 3 January 2015.
- Andrew Poelstra. "Distributed Consensus from Proof of Stake is Impossible" (PDF).
- Vitalik Buterin. "On Stake".
- "Hard Problems of Cryptocurrencies".
- Buterin, Vitalik. "Slasher: A Punitive Proof-of-Stake Algorithm".
- Buterin, Vitalik. "Slasher Ghost, and Other Developments in Proof of Stake". Retrieved 23 January 2016.
one thing has become clear: proof of stake is non-trivial
- Wood, Gavin. "Ethereum: A Secure Decentralised Generalised Transaction Ledger" (PDF). Retrieved 23 January 2016.
Ethash is the planned PoW algorithm for Ethereum 1.0
- Prisco, Giulio (Nov 29, 2017). "The Ethereum Killer Is Ethereum 2.0: Vitalik Buterin's Roadmap". Bitcoin Magazine. Retrieved Jan 19, 2018.
- "Nxt Whitepaper: History Attack". Nxtwiki. Archived from the original on 3 February 2015. Retrieved 2 January 2015.
- Bentov I., Gabizon A., Mizrahi A. 2015. Cryptocurrencies without Proof of Work. arXiv Cryptography and Security. https://decred.org/research/bentov2015.pdf
- Chepurnoy, Alexander. "PoS forging algorithms: multi-strategy forging and related security issues" (PDF). github.com. Retrieved 30 December 2014.
- Chepurnoy, Alexander. "PoS forging algorithms: formal approach and multibranch forging". scribd.com. Retrieved 22 December 2014.