Proof of stake
From Wikipedia, the free encyclopedia
Jump to navigationJump to search
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)
Some of this article's listed sources may not be reliable. (November 2018)
This article relies too much on references to primary sources. (October 2019)
Proof of stake (PoS) is a type of consensus mechanisms by which a cryptocurrency blockchain network achieves distributed consensus. In PoS-based cryptocurrencies the creator of the next block is chosen via various combinations of random selection and wealth or age (i.e., the stake).
Contents
1 PoS vs PoW
2 Block selection variants
2.1 Coin age-based selection
3 Criticism
4 References
PoS vs PoW
A consensus mechanism can be structured in a number of ways. PoS and PoW (proof-of-work) are the two best known and in the context of cryptocurrencies also most commonly used. Incentives differ between the two systems of block generation. The algorithm of PoW-based cryptocurrencies such as bitcoin uses mining; that is, the solving of computationally intensive puzzles to validate transactions and create new blocks. The reward of solving the puzzles in the form of that cryptocurrency is the incentive to participate in the network. The PoW mechanism requires a vast amount of computing resources, which consume a significant amount of electricity. With PoS there is no need for 'hard Work'. Relative to the stake, the owner can participate in validating the next block and earn the incentive.
Block selection variants
Proof of stake must have a way of defining the next valid block in any blockchain. Selection by account balance would result in (undesirable) centralization, as the single richest member would have a permanent advantage. Instead, several different methods of selection have been devised.
Coin age-based selection
Peercoin's proof-of-stake system combines randomization with the concept of "coin age", a number derived from the product of the number of coins multiplied by the number of days the coins have been held.
Coins that have been unspent for at least 30 days begin competing for the next block. Older and larger sets of coins have a greater probability of signing the next block. However, once a stake of coins has been used to sign a block, it must start over with zero "coin age" and thus wait at least 30 more days before signing another block. Also, the probability of finding the next block reaches a maximum after 90 days in order to prevent very old or very large collections of stakes from dominating the blockchain.[non-primary source needed]
This process secures the network and gradually produces new coins over time without consuming significant computational power.[unreliable source?]
Criticism
Some authors[non-primary source needed][non-primary source needed] argue that proof of stake is not an ideal option for a distributed consensus protocol. One issue that can arise is the "nothing-at-stake" problem, wherein block generators have nothing to lose by voting for multiple blockchain histories, thereby preventing consensus from being achieved. Because unlike in proof-of-work systems, there is little cost to working on several chains. Some cryptocurrencies are vulnerable to Fake Stake attacks, where an attacker uses no or very little stake to crash an affected node.
Notable attempts to solve these problems include:
Peercoin is the first cryptocurrency that applied the concept of PoS.[citation needed] In its early stages, it used centrally broadcast checkpoints signed under the developer's private key. No blockchain reorganization was allowed deeper than the last known checkpoints. Checkpoints are opt-in as of v0.6 and are not enforced now that the network has reached a suitable level of distribution.[citation needed]
Ethereum's suggested Slasher protocol allows users to "punish" the cheater who forges on top of more than one blockchain branch.[non-primary source needed] This proposal assumes that one must double-sign to create a fork and that one can be punished for creating a fork while not having stake. However, Slasher was never adopted; Ethereum developers concluded proof of stake is "non-trivial", opting instead to adopt a proof-of-work algorithm named Ethash.[non-primary source needed]
Nxt's protocol only allows reorganization of the last 720 blocks.[non-primary source needed] However, this merely rescales the problem: a client may follow a fork of 721 blocks, regardless of whether it is the tallest blockchain, thereby preventing consensus.
In April, payment processors BitInstant and Mt. Gox experienced processing delays due to insufficient capacity resulting in the bitcoin exchange rate dropping from $266 to $76 before returning to $160 within six hours. Bitcoin gained greater recognition when services such as OkCupid and Foodler began accepting it for payment.Once step (1) has taken place, after a few minutes some miner will include the transaction in a block, say block number 270. After about one hour, five more blocks will have been added to the chain after that block, with each of those blocks indirectly pointing to the transaction and thus 'confirming' it. At this point, the merchant will accept the payment as finalized and deliver the product; since we are assuming this is a digital good, delivery is instant. Now, the attacker creates another transaction sending the 100 BTC to himself. If the attacker simply releases it into the wild, the transaction will not be processed; miners will attempt to run APPLY(S,TX) and notice that TX consumes a UTXO which is no longer in the state. So instead, the attacker creates a 'fork' of the blockchain, starting by mining another version of block 270 pointing to the same block 269 as a parent but with the new transaction in place of the old one. Because the block data is different, this requires redoing the proof of work. Furthermore, the attacker's new version of block 270 has a different hash, so the original blocks 271 to 275 do not 'point' to it; thus, the original chain and the attacker's new chain are completely separate. The rule is that in a fork the longest blockchain is taken to be the truth, and so legitimate miners will work on the 275 chain while the attacker alone is working on the 270 chain. In order for the attacker to make his blockchain the longest, he would need to have more computational power than the rest of the network combined in order to catch up (hence, '51% attack').покер bitcoin bitcoin hashrate bitcoin биткоин claymore monero bitcoin today