A crash course on Proof-of-Stake (Part I)
From the very motivations to the edge of research
Table of contents
- Prerequisites and Motivation (this post)
- A Proof-of-Concept for Proof-of-Stake
- Introduction to Decentralized Random Number Generation
- Verifiable Delay Functions and Verifiable Secret Sharing (coming soon)
- Nothing at Stake and Long Range Attacks (coming soon)
No matter if you are a pro-blockchain enthusiast or someone who only follows the headlines about cryptocurrencies time to time, you should have already heard about Proof-of-Stake (PoS) and how it is going to revolutionize public blockchains.
In this series of posts, I am going to demystify building blocks of Proof-of-Stake. You’ll learn about basic concepts of Proof-of-Stake, important challenges of design and implementation, and hopefully a light review of the current state of research. Although I am going to dig into technical details, I try to do my best to provide enough background information to make the post self-contained. Let’s go!
Prerequisites and Motivation
I’ll keep it short and sweet; please let me know if I have forgotten to elaborate enough on any concept!
The need for Proof-of-Something
Achieving a decentralized consensus on the order of transactions is the salient motivation for blockchains. However, everyone has her own view (copy) of blockchain and it’s quite probable that your view has some differences with someone else’s view, especially in recent blocks. People need a common basis (a fork choice rule) to eventually reach agreement on the canonical chain; in Bitcoin and Ethereum, it is “follow the longest chain”. This choice of common basis motivates the metaphor that each block is a vote for all blocks in its history because it contributes to the probability of the event that their chain becomes the longest chain in the long run.
So, people vote to reach an agreement on the canonical blockchain. Basically to run online public voting, one needs to distinguish between people to make sure that everyone is voting only once. However, on Internet nobody has an identity other than her IP address and IP addresses are cheap to obtain. Hence, one can pretend to be different persons with different IP addresses and vote as much as he wants for a low price. Not good! We need something else to do the functionality of identity for us approximately and prevent so-called Sybil attacks.
Proof-of-Work proposes the use of mining power as a proxy for identity. Each miner gets the chance to mine a new block proportional to the ratio of its mining power to total network mining power; the more CPUs and GPUs you have, the more votes you have.
Note that, we can replace “Work” with any scarce and well-distributed resource such as “Stake”.
What is wrong with Proof-of-Work?
After all, Proof-of-Work based blockchains are working like a charm, why even bother to consider an alternative? Well, the fact is Proof-of-Work based blockchains are not doing great!
- First and foremost, Proof-of-Work consumes so much energy. According to The Economist:
Current global power consumption for the servers that run bitcoin’s software is a minimum of 2.55 gigawatts, which amounts to energy consumption of 22 terawatt-hours per year — almost the same as Ireland.
Besides the destructive effects of high energy consumption for the environment, a Proof-of-Work based system is forced to reward miners higher than a minimum to keep them incentivized and cover the energy and hardware cost. As a result, there is lower flexibility in the economic design of the inflation in those monetary systems, and we expect higher transaction fees as well.
2. Proof-of-Work encourages centralization of mining. According to arewedecentralizedyet.com, right now 4 entities control more than 50% of mining power in Bitcoin network. This number is 3 for Ethereum network. Centralized mining, as a direct result of economies of scale, reduces the cost of maintenance, and the variance of reward.
3. Proof-of-Work security is implicit in term of economics; the resource at stake, energy and infrastructure, is outside of the system. This makes the blockchain prone to spawn camping attacks:
Proof-of-Stake in a nutshell
The core idea of Proof-of-Stake is to use “Money” as a scarce and well-distributed resource to prevent cheap attacks to the voting mechanism of permission-less blockchains.
In other words, we want to simulate Proof-of-Work without requiring heavy computation! Let me illustrate this simulation in 3 simple steps.
- In PoW, miners were supposed to purchase mining infrastructure and pay for energy and maintenance costs. In PoS, miners are supposed to lock their stake (coins) on the blockchain. They lose their authority on spending their money for an amount of time, which incurs them a cost similar to the cost of energy and maintenance.
- In Pow, each miner gets the chance to mine the next block with a probability proportional to its mining power (which is proportional to the money that she has spent on purchasing it). In PoS, each miner gets the chance to become the next block’s miner proportional to the amount of money that she has staked (locked). To make this possible, we need a random number here. In fact, we need a Decentralized Random Number Generation mechanism, which we are going to learn more about in the upcoming post!
- In PoW, miners can stop being a miner anytime they want and even sell their equipment. In PoS, miners can withdraw their stake anytime they want.
What is good about Proof-of-Stake ?
- Proof-of-Stake consumes significantly less energy, much more sustainable and environment-friendly. It also enables more flexible economic design.
- It doesn’t need massive computational power, so it is doable on a modern smartphone with a good internet connection. This feature encourages decentralization of mining.
- The stake of miners is now inside the system which enables the possibility of response to a wide range of attacks including spawn camping attacks!
What is next?
Is it all Proof-of-Stake buzz? Simulate Proof-of-Work?! Well, it is yes and no at the same time. While the core idea seems to be quite simple and doable, lots of challenges are yet to get addressed.
In the upcoming posts, I will write about lots of exciting stuff including Decentralized Random Number Generation, Nothing at Stake Attack, Long Range Attacks, and more. Yeay!
My sincere graduate to
, for pointing me lots of errors in the text. :)
