proof-of-stake

Proof-of-stake (PoS) protocols are a class of consensus mechanisms for blockchains that work by selecting validators in proportion to their quantity of holdings in the associated cryptocurrency. This is done to avoid the computational cost of proof-of-work (POW) schemes. The first functioning use of PoS for cryptocurrency was Peercoin in 2012, although its scheme, on the surface, still resembled a POW.

Description

For a blockchain transaction to be recognized, it must be appended to the blockchain. In the proof of stake blockchain, the appending entities are named ''minters'' or (in the proof of work blockchains this task is carried out by the miners); in most protocols, the validators receive a reward for doing so. For the blockchain to remain secure, it must have a mechanism to prevent a malicious user or group from taking over a majority of validation. PoS accomplishes this by requiring that validators have some quantity of blockchain tokens, requiring potential attackers to acquire a large fraction of the tokens on the blockchain to mount an attack.

Proof of work (PoW), another commonly used consensus mechanism, uses a validation of computational prowess to verify transactions, requiring a potential attacker to acquire a large fraction of the computational power of the validator network. This incentivizes consuming huge quantities of energy. PoS is more energy-efficient.

Early PoS implementations were plagued by a number of new attacks that exploited the unique vulnerabilities of the PoS protocols. Eventually two dominant designs emerged: so called '' Byzantine fault tolerance-based'' and '' chain-based'' approaches. Bashir identifies three more types of PoS:
* committee-based PoS (a.k.a. nominated PoS, NPoS);
* delegated proof of stake (DPoS);
* liquid proof of stake (LPoS).

Attacks

The additional vulnerabilities of PoS schemes are directly related to their advantage: a relatively low amount of calculations required when constructing a blockchain.

Long-range attacks

The low amount of computing power involved allows a class of attacks that replace a non-negligible portion of the main blockchain with a hijacked version. These attacks are called in literature by different names, ''Long-Range'', ''Alternative History'', ''Alternate History'', ''History Revision'', and are unfeasible in the PoW schemes due to the sheer volume of calculations required. The early stages of a blockchain are much more malleable for rewriting, as they likely have much smaller group of stakeholders involved, simplifying the collusion. If the per-block and per-transaction rewards are offered, the malicious group can, for example, redo the entire history and collect these rewards.

The classic "Short-Range" attack ( bribery attack) that rewrites just a small tail portion of the chain is also possible.

Nothing at stake

Since validators do not need to spend a considerable amount of computing power (and thus money) on the process, they are prone to the ''Nothing-at-Stake'' attack: the participation in a successful validation increases the validator's earnings, so there is a built-in incentive for the validators to accept all chain forks submitted to them, thus increasing the chances of earning the validation fee. The PoS schemes enable low-cost creation of blockchain alternatives starting at any point in history (''costless simulation''), submitting these forks to eager validators endangers the stability of the system. If this situation persists, it can allow double-spending, where a digital token can be spent more than once. This can be mitigated through penalizing validators who validate conflicting chains (" economic finality") or by structuring the rewards so that there is no economic incentive to create conflicts. Byzantine fault tolerance based PoS are generally considered robust against this threat ( see below).

Bribery attack

Bribery attack, where the attackers financially induce some validators to approve their fork of blockchain, is enhanced in PoS, as rewriting a large portion of history might enable the collusion of once-rich stakeholders that no longer hold significant amounts at stake to claim a necessary majority at some point back in time, and grow the alternative blockchain from there, an operation made possible by the low computing cost of adding blocks in the PoS scheme.

Variants

Chain-based PoS

This is essentially a modification of the PoW scheme, where the competition is based not on applying brute force to solving the identical puzzle in the smallest amount of time, but instead on varying the difficulty of the puzzle depending on the stake of the participant; the puzzle is solved if on a tick of the clock (, , is concatenation):
: $Hash(ProposedNewBlock , , ClockTime) < target * StakeValue$
The smaller amount of calculations required for solving the puzzle for high-value stakeholders helps to avoid excessive hardware.

Nominated PoS (NPoS)

Also known as "committee-based", this scheme involves an election of a committee of validators using a verifiable random function with probabilities of being elected higher with higher stake. Validators then randomly take turns producing blocks. NPoS is utilized by Ouroboros Praos and BABE.

BFT-based PoS

The outline of the BFT PoS "epoch" (adding a block to the chain) is as follows:
# A "proposer" with a "proposed block" is randomly selected by adding it to the temporary pool used to select just one consensual block;
# The other participants, validators, obtain the pool, validate, and vote for one;
# The BFT consensus is used to finalize the most-voted block.
The scheme works as long as no more than a third of validators are dishonest. BFT schemes are used in Tendermint and Casper FFG.

Delegated proof of stake (DPoS)

Proof of stake delegated systems use a two-stage process: first, the stakeholders elect a validation committee, a.k.a. ''witnesses'', by voting proportionally to their stakes, then the witnesses take turns in a round-robin fashion to propose new blocks that are then voted upon by the witnesses, usually in the BFT-like fashion. Since there are fewer validators in the DPoS than in many other PoS schemes, the consensus can be established faster. The scheme is used in many chains, including EOS, Lisk, Tron.

Liquid proof of stake (LPoS)

In the liquid PoS anyone with a stake can declare themselves a validator, but for the small holders it makes sense to delegate their voting rights instead to larger players in exchange for some benefits (like periodic payouts). A market is established where the validators compete on the fees, reputation, and other factors. Token holders are free to switch their support to another validator at any time. LPoS is used in Tezos.

'Stake' definition

The exact definition of "stake" varies from implementation to implementation. For instance, some cryptocurrencies use the concept of "coin age", the product of the number of tokens with the amount of time that a single user has held them, rather than merely the number of tokens, to define a validator's stake.

Implementations

The first functioning implementation of a proof-of-stake cryptocurrency was Peercoin, introduced in 2012. Other cryptocurrencies, such as Blackcoin, Nxt, Cardano, and Algorand followed. However, , PoS cryptocurrencies were still not as widely used as proof-of-work cryptocurrencies.

In September 2022, Ethereum, the second-largest cryptocurrency, switched from PoW to a PoS consensus mechanism, after several proposals and some delays.

Concerns

Centralization

Critics have argued that the proof of stake will likely lead cryptocurrency blockchains being more centralized in comparison to proof of work as the system favors users who have a large amount of cryptocurrency, which in turn could lead to users who have a large amount of cryptocurrency having major influence on the management and direction for a crypto blockchain.

Legal status in US

US regulators have argued over the legal status of the proof-of-stake model, with the Securities and Exchange Commission claiming that staking rewards are the equivalent of interest, so coins such as ether and ada are financial securities. However, in 2024, the SEC sidestepped the question by recognising Ethereum market funds on condition that they did not stake their coins. The level of staking of ether at 27% of total supply was low compared with Cardano (66%) and Solana (63%). However, not staking their tokens meant that the funds were losing about 3% of potential returns a year.

Energy consumption

In 2021, a study by the University of London found that in general the energy consumption of the proof-of-work based Bitcoin was about a thousand times higher than that of the highest consuming proof-of-stake system that was studied even under the most favorable conditions and that most proof of stake systems cause less energy consumption in most configurations.

In January 2022, Erik Thedéen, the vice-chair of the European Securities and Markets Authority, called on the EU to ban the PoW model in favor of PoS because of the latter's lower energy consumption.

Ethereum's switch to proof-of-stake was estimated to have cut its energy use by 99%.

References

Sources

*
*
*

{{Cryptocurrencies, state=expanded

Cryptography
Cryptocurrencies