Proof of stake

This post is part of our Blockchains Study Group and the Cryptography series . Take a look there to learn more about related topics.

Prerequisite knowledge: Proof of Work

With Eth2.0 just around the corner, it is a good time to understand what is Proof of Stake (PoS), how it works and the security concerns around it. At the moment, Ethereum works on the Proof of Work (PoW) consensus algorithm. The core principle of PoW is, there are special nodes called “miners” who compete against each other to solve a very complex mathematical puzzle. The first node to solve the puzzle gets to add a block in the blockchain, and hence get the block reward. In order to solve these puzzles, the miners need to have devices with high computational powers. These machines are very costly and also consume a lot of electricity, therefore only a few who could afford the cost could become a miner. Hence, not only is PoW unsustainable for the environment but also creates a problem of centralisation.

Proof of Stake attempts to solve the problems created by PoW. To do so, PoS replaces PoW’s competition by randomly selecting stake-holders who would forge a new block and append it to the blockchain.

What is Proof of Stake?

Proof of Stake is a consensus algorithm in which the stake-holders who want to participate in the validation process, are required to lock a certain amount of coins into the network as their stake. A stake-holder of a given blockchain is an individual holding some native coins of that blockchain, and stake references the native coin holding of a stake-holder. For example, on the ethereum network, the stake would be the amount of ether held by a node.

The size of the stake determines the chances for a node to be selected as the next validator - the bigger the stake, the bigger the chances. In theory, validators with higher stakes are more likely to be selected for the validation for their reputation. If they decide to act maliciously, the network would have a mechanism to punish them, and they will lose much more money than those validators who stake less.

If a node is chosen to be a validator the next block, it will check if the transactions in the block are valid, sign the block and add it to the blockchain. In return, the node gets a reward for making the new block. When a node decides to stop being a validator, its stake along with the earned rewards are released after a certain period of time, giving the network time to verify that there were no fraudulent blocks added to the blockchain by that node.

To ensure that the validators are not acting maliciously, some PoS blockchains have a figure of fisherman. This fisherman is basically the police in the system, who would keep tabs on the validators and catches fishy transactions or validations. If the accused validator turns out to be malicious, they are punished by the network. This punishment varies across the networks, it could result in the validator node being thrown out of the network or blacklisted from being validator in the future or losing funds.

Existing methods to choose a validator

In theory, PoS systems might favour only the wealthiest nodes in the network since they have higher stakes. Although this solves the energy consumption problem of PoW, this could still result in centralization. In the real world, to make sure that the validator selection process is fair for other participants, each blockchain has its own mechanism for choosing the validator.

Blackcoin and Nxt select the validator by the amount of stake in the consensus protocol, which means that the node with a higher stake will have more chances to create a block. For example, to be a validator in the Nxt protocol, the node should maintain a balance of at least 1000 NXT and have at least one outgoing confirmed transaction for over the last 1440 blocks. The protocol uses a deterministic algorithm to determine the next validator. The major disadvantage of this process is that it is possible the predict who could be the next validator, resulting in planned denial of service attack.

Another commonly used validator selection method is Coin Age Selection. The Coin Age Selection method chooses nodes based on how long their tokens have been staked for. Coin age is calculated by multiplying the number of days the coins have been held as stake by the number of coins that are staked. Once a node has validated a block, their coin age is reset to zero. This method has been used in Peercoin and Cloakcoin. However, relying on coin age discourages the nodes from actively participating in the consensus process, a node can perform stake grinding by skipping an opportunity to create a block if it is able to increase its advantage by creating blocks in the future.

To solve the problem of stake grinding, a stake time method was introduced which takes into account the activity of the nodes in the network along with the coin age. If the nodes do not participate in block generation with their stake for a certain period of time, their stake time starts to degrade. This method is used by VeriCoin.

Celo proposes a delegated Proof-of-Stake where the network users vote for a group of validators (delegators) who generate the blocks and split the reward.

Ethereum’s version of PoS, Slasher and Casper are deposit-based protocols that require the nodes to submit a deposit in order to become a validator. If a validator creates a malicious transaction, he/she losses the deposited funds.

Security in PoS

While PoS has some benefits, its long-run viability is questioned because it is feared that PoS might fail to generate consensus. Like PoW, PoS does offer a validator an explicit monetary block reward to update the blockchain, but unlike PoW, PoS does not require validators to incur an explicit monetary cost (such as that incurred from solving PoW’s puzzle) to gain the authority to update the blockchain. This lack of explicit cost along with the explicit benefit of the block reward means that a malicious validator will always update the ledger whenever given the opportunity even if there is no consensus. This is called Nothing at Stake attack. The nothing at stake attack allows the nodes to mine conflicting blocks without risking their stake which increases the number of forks in the system as well as the time to reach consensus in the network. Further, this could result in double-spending.

To remedy nothing at stake attack, a number of proposals suggest the reliance on deposit-based PoS. This approach has been used by Slasher and BitShares. In deposit-based PoS, the validators are required to provide a deposit which will be locked for a period of time. The deposited stake works as a financial motivator for the validator node not to create or validate fraudulent transactions. It should be noticed here that the deposited stake should be a significant amount. If this deposited stake is low and the block reward is huge, a malicious validator would still end up validating fraudulent transaction or creating network forks if the loss of the deposited stake is very less compared to the profit earned by the block reward.

Another security concern for PoS systems is long-range attacks (commonly referred to as history attack) in which an attacker aims to alter the entire history of the blockchain starting from early blocks (even from the genesis block). In theory, this attack requires an attacker to control the majority of stake in the network (also known as the 51% attack), however, practically, this can be achieved when the attacker acquires the private keys of older accounts which no longer have any stake at the moment, but that had a large stake at some previous block height h. The attacker can leverage this account and construct a fork starting from block h.

Many blockchain networks solve this problem by creating network checkpoints to limit the range of such attacks. A checkpoint refers to a block until which the blockchain is regarded as “finalized” and immutable. These checkpoints limit the impact of the long-range attack to some extent, as the earliest attack point has to be after the last checkpoint. However, the part of the blockchain after the checkpoint is still vulnerable. Few PoS based blockchains, such as PeerCoin, use a centralised server to create checkpoints. This practice has been criticised by the community as a bad practice for decentralisation and security.

Conclusion

Proof of Stake isn’t perfect and that’s okay

To secure any protocol, it is important to understand its working and its vulnerabilities. Hope this article was useful. :slight_smile:

References and further reading:

2 Likes

Thanks for the brilliant post!
Can you please look upon and explain about the idea of Effective Proof of Stake?
It’s being utilized by Harmony Blockchain…
Can’t quite wrap my head around the median staking thing that they have…

2 Likes

Hi @asmeedhungana,
Thanks for leaving the question about the Effective Proof of Stake.
Here is my understanding about it:
As mentioned in the PoS article, there are various methods of selecting the validator of a network. The most common way is to select the node which puts in a higher stakes. In theory, the node which is richer has a higher reputation and would result in validating a legitimate transaction. This leads to the rich getting richer, and eventually result in stake centralisation.

The idea of Effective PoS is that everyone who stakes should get a fair share of reward. If a rich node puts up a high stake, he gets penalised. However, if a node puts up a small stake, they are rewarded more, thereby creating a balance within the network. The high reward to the poorly staking validator incentives them to spin up more validating nodes (I assume that the Harmony blockchain protocol wants to give a fair opportunity to everyone to participate in the network, thus they are empowering common people with more rewards to set up more validating nodes, rather than big mining pools who can already invest in heavy equipments).

While this disincentivizes the richer node to work alone, they can still participate in validation by becoming delegators. How this works is, the rich node (known as delegators) would give their stakes on loan to some other validator node. If this validating node earns the reward, he returns the stake he took on loan back to the rich node along with a portion of the reward.

I hope this helps in understanding the concept of Effective Proof of Stake. Not every validator gets the same reward, the reward is calculated based on the effective stake the validator put up.

Now to answer your question on the median staking, this is used in calculating the reward for an individual validator. Harmony blockchain works on sharding, it has 4 shards. At every epoch (which is 1 day for this blockchain), the protocol selects top 400 stakers in each shard based on their reputation to participate in the validation process. In total, there are 1600 stakers who are competing to become validators in every epoch. Median stake is the median of the amount staked by the 1600 stakers, and actual stake is the actual stake hold by an individual validator. These values are used to calculate the reward earned by the individual validator.

Hope this helps :slight_smile:

You can read more about this:

  1. Medium article
  2. Youtube video
  3. Harmony whitepaper
2 Likes

Thanks a lot @SmritiVerma !
Actually, I had gone through the aforementioned resources already, but despite that, I was somehow unclear on the topic…

Your post was really helpful! :heart:

2 Likes