Proof-of-Stake (PoS)
Proof of stake (PoS) is a type of consensus algorithm by which a cryptocurrency blockchain network aims to achieve distributed consensus. In PoS-based cryptocurrencies, the creator of the next block is chosen via various combinations of random selection and wealth or age (i.e., the stake)[1][2].
In contrast, the algorithm of proof-of-work-based cryptocurrencies such as bitcoin uses mining; that is, the solving of computationally intensive puzzles to validate transactions and create new blocks.
Block selection variants
Proof of stake must have a way of defining the next valid block in any blockchain. Selection by account balance would result in (undesirable) centralization, as the single richest member would have a permanent advantage. Instead, several different methods of selection have been devised.
Randomized block selection
Nxt and BlackCoin use randomization to predict the following generator by using a formula that looks for the lowest hash value in combination with the size of the stake. Since the stakes are public, each node can predict—with reasonable accuracy—which account will next win the right to forge a block.
Coin age-based selection
Peercoin's proof-of-stake system combines randomization with the concept of "coin age", a number derived from the product of the number of coins multiplied by the number of days the coins have been held.
Coins that have been unspent for at least 30 days begin competing for the next block. Older and larger sets of coins have a greater probability of signing the next block. However, once a stake of coins has been used to sign a block, it must start over with zero "coin age" and thus wait at least 30 more days before signing another block. Also, the probability of finding the next block reaches a maximum after 90 days in order to prevent very old or very large collections of stakes from dominating the blockchain.
This process secures the network and gradually produces new coins over time without consuming significant computational power[3].
Advantages
Incentives differ between the two systems of block generation. Under proof of work, miners may potentially own none of the currency they are mining and thus seek only to maximize their own profits. It is unclear whether this disparity lowers or raises security risks. Under proof of stake, however, those "guarding" the coins always own the coins, although several cryptocurrencies do allow or enforce the lending of staking power to other nodes[4].
One advantage of a 'proof of stake' over a 'proof of work' system, is the high energy consumption demanded by the latter, at least with current technology. As an example, Bitcoin mining (2018) is estimated to consume non-renewable energy sources at an amount similar to the entire nations of Czech Republic or Jordan.
Proof of stake opens the door to a wider array of techniques that use game-theoretic mechanism design in order to better discourage centralized cartels from forming and, if they do form, from acting in ways that are harmful to the network.
Criticism
Some authors argue that proof of stake is not an ideal option for a distributed consensus protocol. One issue that can arise is the "nothing-at-stake" problem, wherein block generators have nothing to lose by voting for multiple blockchain histories, thereby preventing consensus from being achieved. Because unlike in proof-of-work systems, there is little cost to working on several chains[7][8]. Some cryptocurrencies are vulnerable to Fake Stake attacks, where an attacker uses no or very little stake to crash an affected node[5][6].
Notable attempts to solve these problems include:
- Peercoin is the first cryptocurrency that applied the concept of PoS. In its early stages, it used centrally broadcast checkpoints signed under the developer's private key. No blockchain reorganization was allowed deeper than the last known checkpoints. Checkpoints are opt-in as of v0.6 and are not enforced now that the network has reached a suitable level of distribution.
- Ethereum's suggested Slasher protocol allows users to "punish" the cheater who forges on top of more than one blockchain branch. This proposal assumes that one must double-sign to create a fork and that one can be punished for creating a fork while not having stake[9]. However, Slasher was never adopted; Ethereum developers concluded proof of stake is "non-trivial", opting instead to adopt a proof-of-work algorithm named Ethash[10][11].
- Nxt's protocol only allows reorganization of the last 720 blocks. However, this merely rescales the problem: a client may follow a fork of 721 blocks, regardless of whether it is the tallest blockchain, thereby preventing consensus[12].