Prerequisite knowledge: Proof of Work
With Eth2.0 just around the corner, it is a good time to understand what is Proof of Stake (PoS), how it works and the security concerns around it. At the moment, Ethereum works on the Proof of Work (PoW) consensus algorithm. The core principle of PoW is, there are special nodes called “miners” who compete against each other to solve a very complex mathematical puzzle. The first node to solve the puzzle gets to add a block in the blockchain, and hence get the block reward. In order to solve these puzzles, the miners need to have devices with high computational powers. These machines are very costly and also consume a lot of electricity, therefore only a few who could afford the cost could become a miner. Hence, not only is PoW unsustainable for the environment but also creates a problem of centralisation.
Proof of Stake attempts to solve the problems created by PoW. To do so, PoS replaces PoW’s competition by randomly selecting stake-holders who would forge a new block and append it to the blockchain.
What is Proof of Stake?
Proof of Stake is a consensus algorithm in which the stake-holders who want to participate in the validation process, are required to lock a certain amount of coins into the network as their stake. A stake-holder of a given blockchain is an individual holding some native coins of that blockchain, and stake references the native coin holding of a stake-holder. For example, on the ethereum network, the stake would be the amount of ether held by a node.
The size of the stake determines the chances for a node to be selected as the next validator - the bigger the stake, the bigger the chances. In theory, validators with higher stakes are more likely to be selected for the validation for their reputation. If they decide to act maliciously, the network would have a mechanism to punish them, and they will lose much more money than those validators who stake less.
If a node is chosen to be a validator the next block, it will check if the transactions in the block are valid, sign the block and add it to the blockchain. In return, the node gets a reward for making the new block. When a node decides to stop being a validator, its stake along with the earned rewards are released after a certain period of time, giving the network time to verify that there were no fraudulent blocks added to the blockchain by that node.
To ensure that the validators are not acting maliciously, some PoS blockchains have a figure of fisherman. This fisherman is basically the police in the system, who would keep tabs on the validators and catches fishy transactions or validations. If the accused validator turns out to be malicious, they are punished by the network. This punishment varies across the networks, it could result in the validator node being thrown out of the network or blacklisted from being validator in the future or losing funds.
Existing methods to choose a validator
In theory, PoS systems might favour only the wealthiest nodes in the network since they have higher stakes. Although this solves the energy consumption problem of PoW, this could still result in centralization. In the real world, to make sure that the validator selection process is fair for other participants, each blockchain has its own mechanism for choosing the validator.
Blackcoin and Nxt select the validator by the amount of stake in the consensus protocol, which means that the node with a higher stake will have more chances to create a block. For example, to be a validator in the Nxt protocol, the node should maintain a balance of at least 1000 NXT and have at least one outgoing confirmed transaction for over the last 1440 blocks. The protocol uses a deterministic algorithm to determine the next validator. The major disadvantage of this process is that it is possible the predict who could be the next validator, resulting in planned denial of service attack.
Another commonly used validator selection method is Coin Age Selection. The Coin Age Selection method chooses nodes based on how long their tokens have been staked for. Coin age is calculated by multiplying the number of days the coins have been held as stake by the number of coins that are staked. Once a node has validated a block, their coin age is reset to zero. This method has been used in Peercoin and Cloakcoin. However, relying on coin age discourages the nodes from actively participating in the consensus process, a node can perform stake grinding by skipping an opportunity to create a block if it is able to increase its advantage by creating blocks in the future.
To solve the problem of stake grinding, a stake time method was introduced which takes into account the activity of the nodes in the network along with the coin age. If the nodes do not participate in block generation with their stake for a certain period of time, their stake time starts to degrade. This method is used by VeriCoin.
Celo proposes a delegated Proof-of-Stake where the network users vote for a group of validators (delegators) who generate the blocks and split the reward.
Ethereum’s version of PoS, Slasher and Casper are deposit-based protocols that require the nodes to submit a deposit in order to become a validator. If a validator creates a malicious transaction, he/she losses the deposited funds.
Security in PoS
While PoS has some benefits, its long-run viability is questioned because it is feared that PoS might fail to generate consensus. Like PoW, PoS does offer a validator an explicit monetary block reward to update the blockchain, but unlike PoW, PoS does not require validators to incur an explicit monetary cost (such as that incurred from solving PoW’s puzzle) to gain the authority to update the blockchain. This lack of explicit cost along with the explicit benefit of the block reward means that a malicious validator will always update the ledger whenever given the opportunity even if there is no consensus. This is called Nothing at Stake attack. The nothing at stake attack allows the nodes to mine conflicting blocks without risking their stake which increases the number of forks in the system as well as the time to reach consensus in the network. Further, this could result in double-spending.
To remedy nothing at stake attack, a number of proposals suggest the reliance on deposit-based PoS. This approach has been used by Slasher and BitShares. In deposit-based PoS, the validators are required to provide a deposit which will be locked for a period of time. The deposited stake works as a financial motivator for the validator node not to create or validate fraudulent transactions. It should be noticed here that the deposited stake should be a significant amount. If this deposited stake is low and the block reward is huge, a malicious validator would still end up validating fraudulent transaction or creating network forks if the loss of the deposited stake is very less compared to the profit earned by the block reward.
Another security concern for PoS systems is long-range attacks (commonly referred to as history attack) in which an attacker aims to alter the entire history of the blockchain starting from early blocks (even from the genesis block). In theory, this attack requires an attacker to control the majority of stake in the network (also known as the 51% attack), however, practically, this can be achieved when the attacker acquires the private keys of older accounts which no longer have any stake at the moment, but that had a large stake at some previous block height h. The attacker can leverage this account and construct a fork starting from block h.
Many blockchain networks solve this problem by creating network checkpoints to limit the range of such attacks. A checkpoint refers to a block until which the blockchain is regarded as “finalized” and immutable. These checkpoints limit the impact of the long-range attack to some extent, as the earliest attack point has to be after the last checkpoint. However, the part of the blockchain after the checkpoint is still vulnerable. Few PoS based blockchains, such as PeerCoin, use a centralised server to create checkpoints. This practice has been criticised by the community as a bad practice for decentralisation and security.
To secure any protocol, it is important to understand its working and its vulnerabilities. Hope this article was useful.
References and further reading:
- Proof of stake, Wikipedia
- Proof of Stake Explained, Binance Academy
- Securing Proof-of-Stake Blockchain Protocols by Wenting Li, Sébastien Andreina, Jens-Matthias Bohli, Ghassan Karame
- Cryptocurrencies Without Proof of Work by Iddo Bentov, Ariel Gabizon, Alex Mizrahi
- Proof-of-Stake (vs. Proof-of-work) by Xavier Decuyper
- Proof of Stake FAQs by Ethereum Wiki
- On Stake by Vitalik Buterin
- To read about Slasher
- To read about Nxt
- To read about Celo
- To read about BlackCoin
- To read about PeerCoin
- To read about BitShares