Consensus mechanisms are the instruments used in blockchain technology to arrive to a consensus in the distributed network, without a central authority. They are a foundational element of blockchain, and they come in many different forms. This series aims at defining the characteristics of different consensus mechanisms and elaborate on the strengths and weaknesses of each.
A note on terminology: throughout the site we refer to those who add transactions to a blockchain as “validators”, as we believe this to be the clearest indicator of their function for those new to the blockchain parlance. Most consensus mechanisms have their own name for validators; in Proof of Stake, that name is “forger” or “minter”.
I need to understand this STAT!
Proof of Stake is a consensus mechanism in which the resource being used is, to put it simply, money.
Instead of choosing who creates a new block by who has the more computational power, the entity who creates the block is decided by the relative size of their “stake”, i.e. the coin or token of that blockchain that they have put in escrow for that purpose. The whole concept is based on the assumption that somebody who invested a lot of money into the system (by acquiring the necessary tokens) has a strong incentive not to waste their money by attacking the chain.
There are many different variations on proof of stake, most of them based on a mixture of stake size, and some other metric such as “coin age”, which is how long a certain amount of value has been locked up, or “importance”, loosely defined as active participation in the network with transactions, and others still.
There are also very different implementations in Tendermint, which requires much patience to understand so I won’t get into it in this recap, and Delegated Proof of Stake, in which each coin counts as a vote, anyone with coins can vote for prospective “delegates”, and the elected delegates are the ones actually validating blocks (which results in much faster validation since it’s a very small group, and therefore much less communication is needed).
Speaking of the advantages and disadvantages of Proof of Stake vs. Proof of Work, the broad strokes are the same, with a few key differences: Proof of Stake is much less resource-intensive, and is therefore a lot less costly to maintain. On the other hand, it’s not been used extensively in the wild (yet), and therefore its security is still contentious.
Now, how does this work, in depth?
In Proof of Stake (PoS) blockchains, there is no race to be the first to solve a computational puzzle. Would-be validators reserve part of their holdings as collateral (“stake”), and they have a chance to be selected based on a few parameters, most notably the size of their stake. Bigger stakes result in a higher chance of becoming a validator.
Proof of Stake systems rely mostly or completely on transaction fees as the mechanism to incentivize validators (much like Bitcoin will do after all 21 million coins have been mined), therefore the selection of who gets to validate the next block is very important, and there are many variants of PoS, unlike Proof of Work.
“Naïve” Proof of Stake (click to expand)
In “Naïve” Proof of Stake, each validator has a chance of creating a new block proportional to their stake, i.e. more bonded tokens mean creating new blocks more often. Each stake is checked against the total amount of staked tokens, so if a validator has 5% of the total, they will mint 5% of new blocks.
“Coin age” Proof of Stake
This type of PoS introduces the concept of “coin age”, which is how long a token has remained motionless in a certain wallet, not part of any transaction. The probability of being the minter of the next block is then based on both the size of the stake and its age, with older tokens having a bigger weight in the calculation. This serves to give an opportunity not only to large holders but also early supporters.
It is not considered a usable PoS algorithm “as-is”, because the age of tokens owned by early adopters could be disproportionately big, potentially overpowering validators that came in later even if their stake is a lot bigger. Current PoS blockchains using token age have adopted a few improvements, namely putting a cap on the maximum age tokens can reach, and resetting the age of tokens in the stake of a validator whenever they mint a new block.
Proof of Importance
As with the previous method, Proof of Importance relies on a certain metric to decide who the next minter is, in this case how “useful” a certain validator is being for the network, with usefulness being calculated by the number of transactions going in and out of the wallet, the size of their stake, and how many other nodes they are linked to.
Such mechanism tries to discourage the hoarding of tokens to form an ever-growing stake, and instead encourages participation in the economy.
Leased Proof of Stake
A problem that is immediately apparent when one is confronted with the total amount of staked tokens is that unless one has a sizeable stake, the chance of minting a block is comically low: small participants are at a disadvantage against big players. This is the same problem that exists in Proof of Work systems, and the same solution arises: pooling resources.
In Leased Proof of Stake systems, multiple stakes can be pooled together, and the reward for blocks is then divided between the owners of those pooled stakes. Note that this doesn’t change the reward anybody gets, since the reward from leasing one’s tokens is proportional to the total tokens in the pool. The real improvement when using Leased Proof of Stake is that payouts by pools are regular: instead of getting the whole reward for minting a node once every ten years, you get one tenth of that reward every year.
DPoS is slightly more involved, as it is not immediately apparent how it fits with other PoS mechanisms. In this system, every token represents one vote, and token holders use them to give their vote to anybody else. Any participant in the system is allowed to “run for election”, but the system only allows a certain number of validators, so they will become “delegates” only if they get enough votes to reach one of those top spots. If they do, they are allowed to mint blocks.
The process of minting is as follows:
- Delegates are sorted randomly
- Delegates take turns creating one new block.
- With every block, the other delegates double-check that it is valid.
- The process repeats until all delegates have minted a block.
- The delegates are sorted again, and the process is repeated.
There is constant competition to get enough votes to become a delegate that can collect transaction fees, so existing delegates can’t grow too complacent. The DPoS structure also obviates the need to wait for a number of blocks to consider a transaction final: delegates check each other’s work, so each transaction is final in the block containing it.
Tendermint can be quite a challenge to understand. I have removed every step that is not strictly necessary to get the general concept, but it might take more than one reading to absorb the process fully.
Another complex PoS consensus mechanism is Tendermint. It is divided in four steps, each with a fixed duration that is slightly longer than the previous one.
- First is the “Propose” step:
- every round, a “proposer” is chosen based on their stake, in a round-robin fashion.
- The proposer, well, proposes a block to the network. This block includes the proposer’s signature to identify them if they are found to be malicious.
- After the time allotted for the Propose step, the “Prevote” step begins.
- Validators can accept the proposed block and “prevote” for it.
- If a validator doesn’t receive a proposal, or they receive an invalid one, they sign a special “nil” prevote.
- At the end of the Prevote phase begins the “Precommit” step. There’s more complexity to it than what I’m going to write, but trust me when I say you don’t want me to go into the concept of “locking”.
- In short, if at the end of the Precommit step a validator’s block has received ⅔ of other validator’s precommits, we enter the fourth and final step.
- Otherwise, we go to another Propose step.
- The “Commit” step:
- with the precommitted block, validators broadcast a “Commit” for that block.
- Once a validator received commits numbering at least ⅔ of the precommits for that block, they sign and broadcast some additional information and the node is added to the chain.
Two concepts are important to understand what Tendermint brings to the table.
First is “liveness”, which can be understood as the “responsiveness” of the system, i.e. how quickly it reacts to new transactions being broadcast. Blockchains tend to favor liveness over other aspects because transactions and the time it takes to validate them are an important part of their functionality.
The second concept is the problematic nature of forks: when a network splits in two, the power required to attack each fork is less than that required to attack the previous “whole” chain.
Tendermint’s approach is to favor security instead of liveness (and availability) by being an algorithm in which a fork is impossible unless more than ⅓ of validators are not doing their job correctly.
Advantages of Proof of Stake consensus
It is fair(er)
Proof of Work enterprises benefit from economies of scale, which is why they tend to centralize: the cost of operating a thousand mining rigs is proportionally lower than the cost of operating ten, and thus more capital means higher profits. In Proof of Stake, holding a 5% stake will let you mint 5% of the blocks. In principle, this system is fairer for small holders.
In a certain sense, the system can become unfair depending on the success of the project. If we simplify by assuming that a successful token increases in price, the system becomes unfair to late-comers, as somebody buying a thousand dollars of a certain token at launch will probably have a larger stake than somebody buying the same dollar-amount when the token costs ten times as much. Conversely, if the token devalues, the opposite is true and late-comers get a larger stake by investing less.
It has a higher throughput for a fraction of the cost
As there is no computational race to be won, PoS requires a fraction of the energy expenditure of Proof of Work to function, which in turn helps decentralization. Minters/delegates can better direct their efforts, reaching a much higher number of transactions per second. Overall, Proof of Stake is a lot more efficient than Proof of Work, though it has to be kept in mind that Proof of Work is “inefficient” by design, as that is what secures the network in that consensus algorithm.
Drawbacks of Proof of Stake consensus
It is more difficult to reach a consensus
Full consensus is only reached when all nodes agree that a certain chain is the “right” one, and in Proof of Work there is an implicit benefit to converging rapidly: all work done on a fork that is then discarded is a net loss. In Proof of Stake, this is not the case because trying to create a block has a negligible cost, and so a minter will try creating a block on top of every single fork in the chain, just to be sure. This is commonly called the “nothing at stake” problem (in the sense that there’s no negative to minting on multiple chains), and it goes out of control rather quickly; to avoid the problem it is mandatory to add a mechanism that explicitly discourages mining on top of multiple forks – usually slashing the stake of the “serial minter”, thus depriving them of their funds.
Its security is contentious
It can be argued that a majority attack on PoS blockchains is less expensive than an attack on a PoW one.
If a malicious actor wants to conduct the attack themselves, they will need to obtain enough of either mining equipment (for PoW) or tokens (for PoS). Up-to-date mining equipment is preferable, because it is the most optimized, but is also very expensive, and the electricity to used in the attack is a non-negligible cost that must be considered.
In PoS, it’s difficult to calculate an overall cost: the equipment cost is negligible, but purchasing such a massive number of tokens decreases the supply considerably and would therefore affect the price in the same way however, we have no real-world example to know how the market would behave in response. On the other hand, conducting an attack on a PoS system would probably damage the chain’s reputation and lower the price of that token considerably, making repeated attacks cheaper even if the initial stake is removed by the system as punishment.
Another possibility is to “rent” the power needed. This can be done in Proof of Stake by posting a bribe for anybody creating a block on the desired fork that is larger than the amount received by minting honestly.
This can technically be done on Proof of Work chains too, but might be more expensive since in PoW systems there are more fixed costs to cover, namely the electricity used by the miners and the token reward that they get in addition to transaction fees. Validators receive both transaction fees and new tokens by mining, so an attacker would have to consider that cost as well. In addition, PoW miners must often invest in specialized hardware that is only good to mine a particular chain, which can’t be sold easily and therefore offers a stronger incentive not to participate in attacks. Ironically, because mining pools are fairly centralized, they are well known, and participating in an attack incurs a high risk of completely losing their reputation if associated with it.
This is not a nail in the coffin for the security of Proof of Stake: a malicious actor with the resources to overpower a public blockchain based on Proof of Stake will probably have the resources to overpower a Proof of Work one of the same size, and until real-world data is available their relative security cannot be definitively ascertained.
Is it a good fit for humanitarian action and development?
Most of the points made regarding Proof of Work apply to Proof of Stake: the cost to secure the chain is certainly lower, but unless it is affordable to maintain the network it is still too expensive. PoS at large is useful to solve issues of trust in a way that is less resource-intensive than Proof of Work; if blockchain is used for optimization of existing processes then a private or permissioned network is a better fit than a public network secured by PoS.
Further reading (if you’re interested)
- NXT whitepaper: https://www.dropbox.com/s/cbuwrorf672c0yy/NxtWhitepaper_v122_rev4.pdf
- Waves whitepaper: https://blog.wavesplatform.com/waves-whitepaper-164dd6ca6a23
- BlackCoin’s Proof-of-Stake Protocol v2: https://blackcoin.co/blackcoin-pos-protocol-v2-whitepaper.pdf
- Proof of Stake versus Proof of Work: http://bitfury.com/content/5-white-papers-research/pos-vs-pow-1.0.2.pdf
- Tendermint: https://tendermint.com/static/docs/tendermint.pdf
Articles and other resources
- On stake: https://blog.ethereum.org/2014/07/05/stake/
- Governance, Part 2 – Plutocracy Is Still Bad: https://vitalik.ca/general/2018/03/28/plutocracy.html
- Proof-of-Work Vs. Proof-of-Stake Explained: https://www.ethnews.com/proof-of-work-vs-proof-of-stake-explained
- Proof-of-stake https://en.wikipedia.org/wiki/Proof-of-stake
- What is Proof of Stake? https://hackernoon.com/what-is-proof-of-stake-8e0433018256
- Delegated Proof of Stake (DPOS) vs Proof of Work (POW): https://bytemaster.github.io/bitshares/2015/01/04/Delegated-Proof-of-Stake-vs-Proof-of-Work/
- Review of blockchain consensus mechanisms: https://blog.wavesplatform.com/review-of-blockchain-consensus-mechanisms-f575afae38f2
- Delegated Proof of Stake: http://docs.bitshares.org/bitshares/dpos.html
- What is Delegated Proof of Stake? (DPoS): https://lisk.io/academy/blockchain-basics/how-does-blockchain-work/delegated-proof-of-stake
- Proof of Stake: How I Learned to Love Weak Subjectivity: https://blog.ethereum.org/2014/11/25/proof-stake-learned-love-weak-subjectivity/
- Basic Primer: Blockchain Consensus Protocol: https://blockgeeks.com/guides/blockchain-consensus/
- ICON DPOS (Delegated Proof Of Stake), Incentive Explained: http://icon.support/icon-dpos-delegated-proof-of-stack-incentive-explained/
- Understanding the Basics of a Proof-of-Stake Security Model: https://blog.cosmos.network/understanding-the-basics-of-a-proof-of-stake-security-model-de3b3e160710
- Consensus Compare: Casper vs. Tendermint: https://blog.cosmos.network/consensus-compare-casper-vs-tendermint-6df154ad56ae
- What would the equivalent of a 51% attack against Casper look like? https://github.com/ethereum/wiki/wiki/Proof-of-Stake-FAQ#what-would-the-equivalent-of-a-51-attack-against-casper-look-like
- Proof-of-Stake & the Wrong Engineering Mindset: https://medium.com/@hugonguyen/proof-of-stake-the-wrong-engineering-mindset-15e641ab65a2