Depth | PoS Consensus Mechanism and Design Philosophy

Guide

Blockchain projects using PoS consensus are behind the adoption of PoW-type consensus projects in terms of quantity and market capitalization. Why is the progress of the new PoS project still less than expected based on the existing mature theory? Does the PoS Consensus have enough advantages to allow people to accept it and have a place in the blockchain consensus area? Is “Staking Economy” a new development direction for the blockchain in the future?

Summary

In a blockchain network based on the PoS consensus, all nodes that become “verifiers” are able to obtain the right to produce (or publish) blocks, the probability of which depends on the “equity” they have. The advantages of the PoS Consensus include reducing energy consumption, ensuring safety, and reducing risk of centralization compared to workload.

The early PoS consensus faced a “no interest” crisis, and the blockchain was easy to fork. The "Swordkeeper" mechanism solves the previous PoS consensus's non-interested attacks by adding penalties to dishonest nodes. Mobile checkpoints and context-aware mechanisms can prevent "long-range attacks" against PoS consensus.

According to the role and importance of equity in the consensus economic model, we can divide the PoS consensus into pure PoS consensus, hybrid PoS consensus, DPoS and only equity concepts. Generally, only the first two are used as PoS. Consensus discussion. The “equity economy” represented by PoS is an economic system different from the PoW consensus. Generally, the economic model of inflation is adopted. Only the mortgage pass can participate in the network consensus process to obtain interest income. Due to the existence of inflation, the miser strategy of “holding the currency to rise” is no longer applicable to the new PoS consensus. All holders must participate in the network consensus process, and there will be more financial application scenarios based on this demand.

We can also analyze the security of PoS networks from an economic perspective. PoS is guaranteed to be no less than the "economic" security of proof of workload when the initial allocation is reasonable. However, the PoS economic model also failed to solve the problem of monopoly and centralization.

In the long run, the blockchain network based on the PoS consensus will grow to the same scale as the PoW consensus blockchain.

Risk warning: centralization risk, technical progress is less than expected, market fluctuation risk.

table of Contents

1 proof of equity, a brief history

2 Security of the certificate of entitlement

2.1 The “tragedy of the commons” in the blockchain world

2.2 "Swordkeeper" mechanism

2.3 New Issues – "Long Range Attack"

3 Equity Economy – The Economic Concept of PoS Consensus

3.1 PoS Consensus Type

3.2 Network in which all holders participate in consensus

3.3 “Quantifying” the security of PoS from an economic perspective

3.4 Monopoly and Cartel Organization

3.5 Introduction to the current mainstream PoS algorithm

4 PoS's present and future

text

In 2012, Scott Nadal and Sunny King presented a proof of PoS rights in a paper, which is an alternative consensus for the proof of Nakamoto's workload. The first Peercoin (point coin) that incorporated the PoS concept into the consensus mechanism was launched in the same year. In the following years, some large blockchain projects such as Ethereum and Cosmos proposed their own PoS solutions. But seven years later, the blockchain project using the PoS consensus (not including the DPoS and PoW+PoS hybrid consensus) in the main network is behind the adoption of the PoW consensus project in terms of quantity and market value. Why is the progress of the new PoS project still less than expected based on the existing mature theory? Does the PoS Consensus have enough advantages to allow people to accept it and have a place in the blockchain consensus area? Is “Staking Economy” a new development direction for the blockchain in the future?

1 proof of equity, a brief history

In a blockchain network based on PoS consensus, nodes no longer compete for billing rights through computational power, and the probability of obtaining billing rights depends on how much equity they have. The "stake" here can be the number of certificates held by the node, or it can be a function of the number of certificates. For example, the concept of "coin age" proposed by Peercoin mentioned below, the longer the node holds the certificate, the more the accumulated currency age. The advantages of the PoS Consensus include reducing energy consumption, ensuring safety, and reducing risk of centralization compared to workload.

Throughout the history of PoS, the development of PoS can be roughly divided into three stages.

The first stage is a PoW+PoS hybrid consensus represented by Peercoin. However, such early mixed consensus still requires nodes participating in block production to perform a certain amount of hash value calculation, that is, to produce blocks in a similar workload, except that each node finds the probability and node of the legal block by calculation. The equity held is related to the choice of producers based on equity and the use of equity-based incentives. Peercoin did not fully realize the goal of “reducing energy consumption”.

The second phase is a pure PoS consensus represented by Nextcoin. This type of PoS consensus mechanism does not require or require a small amount of hash value calculation by the node, but uses a distributed, verifiable random number generation function to select the block producer. The incentive method is still related to the equity held by the node. This type of PoS consensus proves that it consumes less energy than the workload, but there is still a hidden danger that jeopardizes cybersecurity – Nothing at Stake attack (no attack).

The third stage is the new PoS consensus represented by Ethereum Casper. This kind of consensus usually uses PoS as part of the consensus algorithm: the block is produced in PoW mode, and the finality of the consensus is confirmed by PoS method every time a certain number of blocks are separated; or the block is produced by PoS, and the BFT algorithm is used. Perform block verification. This kind of PoS consensus is not based on the specific algorithm adopted. Their common point is to implement the “equity economy”. The nodes can obtain block rewards according to the proportion of holding equity by participating in the network consensus. Different from the early PoS, this kind of consensus solves the problem of “no interest” by adding economic punishment to dishonest nodes, and enhances the security of the PoS consensus.

In addition, the "DelegatedPoS" consensus represented by BitShares and EOS is also well known to the public. However, in this kind of consensus, the interest is only reflected in the voting "super node", but has nothing to do with the economic model and incentive punishment, so it is generally not discussed as a PoS consensus.

According to the process of blockchain production, the PoS consensus can be divided into the following two categories:

Based on the Chain-based PoS (Chain-based Proof of Stake). Similar to the principle of BTC PoW production block, the algorithm randomly selects a node to be responsible for the production block according to the equity held by the node at a certain time. This block must be attached to a legal block, and when the fork is generated, it passes. The rules specified by the consensus algorithm select a chain as the consensus chain.

"By-style Proof of Stake". The algorithm randomly selects a node to issue a block according to the equity held by the node at a certain time, but whether the block is legal and can be attached to the consensus chain requires a certain percentage of the verifier to vote for confirmation.

2 Security of the certificate of entitlement

Competing with the computing power in the PoW consensus, that is, by introducing scarce external resources and rewarding the computing power of the nodes to ensure the security of the blockchain network is different, PoS hopes to rely on the blockchain economic system. Endogenous forces to solve security problems. The PoS Consensus allocates block credits and network rewards according to “Equity” and guarantees the security of consensus through a series of innovative solutions, and on this basis, it has created a unique “equity economy” in the blockchain world.

2.1 The “tragedy of the commons” in the blockchain world

The early PoS consensus faced a crisis that was prone to forks. Professor Harding described the story in the article "Tragedy of the commons": some shepherds graze on a public grassland, because the resources of the grassland are limited, so when the number of flocks exceeds the grassland After the maximum number of bearers, the total output value of the flock will decrease. Consider a simple model consisting of two shepherds, assuming that the grassland has a reasonable grazing amount of two, and the two shepherds each have a sheep. At this time, the output value of each sheep is one unit, and for each additional sheep, The total output value of the flock will decrease.

Each shepherd faces two choices: adding a sheep or maintaining the status quo. If the shepherd is rational, then adding a sheep will be the best strategy in both cases, but when both shepherds choose to graze, the total value of the grassland declines. The revelation of the "tragedy of the commons" is that the uncontrolled development and utilization of public resources by individuals will lead to the damage of the overall interests.

The early PoS consensus also faced a similar problem, namely "rational fork." In a blockchain network based on "chain", when a node finds two blocks of the same height, that is, when the network appears to fork, the node faces two choices: First, according to the consensus rule, select one of the nodes as The main chain, on the basis of the production of new blocks; Second, the production of new blocks on both forks.

As an intangible technology, blockchain is an important part of its value. In the example of “tragedy of the commons”, the abused grassland resources are limited. Although the blockchain ecology is still developing rapidly, unrestricted forks will inevitably result in the fragmentation of blockchain developers, communities and ecosystems. The competition between the forked chains will reduce their overall value relative to the absence of forks.

In the PoW consensus blockchain, such a choice is actually not true. The power possessed by the node is fixed. If the node allocates a part of the computing power to mine on the bifurcation chain, then the risk of the fork chain ultimately does not have any value, the node will lose because of mining on the bifurcation chain. And the reduction in the main chain. If the value of the bifurcation chain is recognized, then other rational nodes will quickly switch the computational power to the bifurcation chain, thereby achieving a balance of unit computing power on both chains. If the power of the node does not change in the proportion of the total network computing power, then it can not obtain excess returns. The choice of a rational node is to continue mining on the chain most likely to become the main chain.

Under the PoS consensus, the block of the bifurcation chain before the bifurcation height is exactly the same as the original chain, so the nodes also have the same number of passes on the bifurcation chain. Therefore, there is a corresponding interest to continue to produce blocks on the bifurcation chain, and the mining on the two chains does not affect each other, so the rational nodes will acquiesce to the existence of the bifurcation chain.

There is a view that if holders of the pass can foresee the harm caused by such a split, they will refuse to produce blocks on the fork chain in order to protect their own interests. But in fact, most of the individuals in the group are short-sighted. If there are no other rules to limit them, few nodes will give up the rights in the forked chain. This is also known as the "Nothing-at-Stake."

2.2 "Swordkeeper" mechanism

The Ethereum Casper Consensus applied the “Slashers” (translated “Swordsman”) mechanism to introduce punitive measures in the consensus mechanism to resolve the public tragedy of the previous PoS consensus. The core content of the agreement is that the nodes participating in the block production (called the verifier) ​​need to mortgage a certain margin and specify a series of penalties. After the node is found to have taken the action listed in the penalty condition, the node mortgage will be forfeited and the certifier's rights will be withdrawn. The behavior that will be punished usually involves the simultaneous production of blocks on both chains and the production of blocks at the latest height. Slashing the nodes that exhibit possible malicious behavior changes the expected benefits of the node excavating and not digging in the possible bifurcation chain, as long as the node digs the fork chain or launches the attack behavior. The expected return is less than the margin of its mortgage, then the rational node's choice will be to follow the rules and be an honest node, thus eliminating the no-sense attack.

The "Swordman" in the science fiction "Three-body" sends the three-body galaxies coordinates when the three-body fleet attacks the Earth, destroying the three-body galaxies and the solar system, and is the key force for the Earth's three-body attackers. The "master sword" mechanism in the new generation PoS consensus is also a weapon to restrict potential attackers. By stipulating reasonable penalties and mortgage amounts, it can effectively enhance the ability of the consensus mechanism to resist various types of cyber attacks.

2.3 New Issues – "Long Range Attack"

Chain-based PoS consensus is more complex in determining how ultimately the consensus is finalized. PoS discards the concept of “the chain with the largest cumulative workload as the main chain”. In a PoS network where nodes can join or quit freely, the change of the mortgage is dynamic, and the verifier needs to obtain the latest other certifier information. Determine which blocks are really valid. Different from the PoW network, whether the block is legal or not depends on only a few objective information: whether the transaction legality, the block header hash meets the requirements, and the main chain adopts the determined longest chain principle. PoS also needs to consider the possibility of “long-range attack”. Sex.

"Long-range attack" is the most threatening form of attack in the PoS consensus. When a node reclaims his mortgage, although it no longer has the right to verify the block, it can still return the block before the mortgage is recovered. Rolling, and because it is no longer subject to a confiscation of the deposit, the attacker can bribe these nodes, collect enough "ghost" deposits (the mortgages have been reclaimed), reconstruct a long enough attack chain, try to replace The blocks that these nodes have verified during the verifier.

One solution strategy is to move checkpoints . That is, checkpoints are set at regular intervals, and only the blocks after the checkpoint may be reorganized. The interval between checkpoints is generally less than the minimum required mortgage time, so that blocks with sufficient probability are verified by the nodes that have paid the mortgage. Another solution strategy is " Context-Aware transactions". When constructing a transaction, the hash value of the previous or previous blocks is recorded in the transaction, so that a transaction can be associated with a particular block branch, and the forgery transaction on the forked chain becomes difficult.

3 Equity Economy – The Economic Concept of PoS Consensus

3.1 PoS Consensus Type

Depending on the role of Stake in the consensus economic model, we can subdivide PoS into the above categories.

In the latter two consensus mechanisms, equity does not play a decisive role in the consensus process, so it is generally not discussed as a PoS consensus. The difference between them and the first two PoS consensuses is whether the economic incentives of the network are allocated according to the equity owned by the nodes. Some PoS consensuses are also voted to elect a limited number of verifiers to participate in the consensus process, but such elections are “trusted” to the verifier by smart contracts. The verifier does not have the right to use the entrusted certificate, and the block reward obtained by the verifier is allocated to its owner in the number of passes. In the DPoS consensus, block rewards are only assigned to super nodes and a certain number of candidate nodes.

The difference between pure PoS and hybrid PoS consensus is whether the process of selecting a verifier is related to the equity it holds. The probability of selecting a block producer in the PoW consensus is related to its computational power. Hybrid PoS consensus generally provides a "final" test for blockchains through PoS, while block production and verifier selection are done in other ways. If the probability that a node obtains a billing right is related to its mortgaged equity, then such consensus can be considered a pure PoS consensus.

The pure PoS defined in this way cannot contain other consensus algorithms. In fact, most PoS consensus uses the BFT class algorithm to complete the voting on the block. For example, the basic algorithm of Tendermint is PoS+pBFT, the basic algorithm of Proof of Activity is PoS+PoW, and the basic algorithm of Casper FFG is PoW+PoS+BFT. The future development trend of PoS will also be a hybrid consensus.

3.2 Network in which all holders participate in consensus

The PoS consensus can be summarized as follows: Equity holders pass the pass to the block they believe to be legal and are willing to bear the margin risk of losing the mortgage due to the discovery of cheating. In a blockchain economy system, holders of certificates can be broadly classified into the following types: individual investors, institutional investors, foundations, and project developers. These pass holders store the pass: personal custodial keys (including offline wallet services), exchanges, and custodians. In the traditional PoS consensus, interest income can be automatically obtained only by holding a pass, so individual and institutional investors are often reluctant to lock in their own pass to participate in the consensus process, resulting in low network security.

In the PoS consensus of joining the penalty mechanism, only the mortgage pass can participate in the network consensus process to obtain interest income. Due to the existence of inflation, the miser strategy of “holding the currency to rise” no longer applies to the new PoS consensus, and all holders must participate in the consensus process to obtain block rewards. The existence of a penalty mechanism greatly increases the cost of running a professional consensus node, and it is difficult for individual investors to bear the expenses.

If the PoS network does not support smart contracts like delegated functions, then a specialized agency that verifies the verification will be generated. The individual investor entrusts a professional verifier node to act as a mortgage certificate, and pays a certain management fee to obtain interest income. The network economy participants who are suitable for this business include digital clearing houses, wallets, etc. Coinbase has planned to implement equity mortgage services for Tezos users, and estimates that the annual passive income of investors is about 8%. A 20% management fee is charged.

If an individual investor participates in the new PoS equity economy, the following risks are worthy of further consideration: the opportunity cost of the mortgage pass, the expected rate of return, the professional ability and commission charge of the entrusted mortgage institution, the expertise required to build the verification node and cost.

The new PoS Consensus encourages all pass holders to participate in the consensus process and maintain network security. This security has some differences compared to PoW.

3.3 “Quantifying” the security of PoS from an economic perspective

The security of the blockchain network is the basis of all its applications and performance indicators. The PoS consensus that introduces the “swordkeeper” mechanism should be able to provide security comparable to PoW. The concept of fault tolerance is slightly different from the security mechanism. The fault tolerance of the consensus is usually the theoretical value derived by the algorithm. The network security is also affected by a series of factors such as the actual operation of the network, the economic model, and the size of the node. I hope to find a quantifiable indicator to measure the security of the blockchain network.

From an economic point of view, if an attacking a system can achieve a higher return than the cost of attacking it, a similar attack is worth trying. Conversely, if the cost of attacking a system is higher than the gains that can be made, it is not cost-effective for an attacker. Such a system is "economically secure." For example, the border wall of the United States and Mexico, the drug trade, illegal smuggling, and even human trafficking in the US-Mexico border area can bring huge profits. The cost of relatively breaking the border wall (such as building tunnels) is not worth mentioning, so " The border wall is an example of economic insecurity.

Modern cryptography is an example of an application that guarantees the "economic security" of personal data. Even if it is a symmetric encryption that is used in daily life, its security is very high if it does not consider human resources such as website database leakage and plaintext storage password. Trying to crack the password of an ordinary user is often more expensive than the value of the user account itself. The asymmetric encryption technology based on the blockchain is more resistant to the computing power of all computers in the world.

In the PoW consensus, the security of the network relies on sufficient computing power, and the node will participate in the mining only if there is sufficient economic incentive, that is, the marginal cost of the running node is less than the marginal benefit. Since the PoW network does not have penalties for malicious nodes, the biggest loss that a malicious node bears is a possible block reward. If the attacker launches a 51% attack, then it needs to master at least 51% of the power, and if the attacker wants to roll back the transactions before the N block, assuming the attacker has 60% of the total network power, then only need to After 3N block heights, he can dig a longer attack chain than the original chain, so his attack cost is about 60% of the total reward of 3N blocks. Therefore, the attack cost of the PoW network can be quantified. We can estimate the security of the network through parameters such as the whole network computing power, the computing lease price, the mining machine manufacturing cost, and the network difficulty growth rate.

In the PoS consensus that includes the Slasher protocol, a malicious node launching an attack not only loses possible interest income, but also loses the margin of the mortgage. The meaning of a block that is N% confirmed is that if the block does not become the final consensus, then the verifier will lose N% of the total net mortgage. Assuming that in the PoS consensus blockchain, the attacker wishes to launch a similar attack, then he needs to mortgage a certain percentage of the pass, which varies depending on the specific consensus algorithm. In the "chain"-based PoS consensus, 51% of the total amount of mortgage certificates is generally required to launch a similar attack, and the attack cost is the same amount of pass and the interest income of the relatively small loss.

It is also difficult to obtain a 51% circulation certificate. On the one hand, if the pass is purchased through the secondary market, then a large-scale acquisition will inevitably push up the price increase and increase the attack cost of the attacker; on the other hand, there is already a fairly large-scale certificate in the mortgage lock-up period. The number of vouchers that Cosmos has mortgaged is 73.9 million, accounting for 39% of the total supply; the number of vouchers that Tezos has mortgaged is 530 million, accounting for 81% of the total supply; and the number of vouchers that Decred has mortgaged is 4.55 million. It accounts for 48% of the total supply. If the initial allocation of the pass is reasonable, it is very difficult for a single attacker to perform a similar attack.

If an attacker in a PoW network only wants to rewrite transactions in the last few blocks, it only needs to pay several times the cost of the block reward, depending on the amount of computing power it has, as long as the possible gains exceed the attack. Cost, then the network is in an unsafe state. However, once an attacker has mastered 51% of the circulation certificate in the PoS network, the damage caused to the network security is permanent.

The PoW Consensus introduces external resources to provide security for the network, and the value of the resource itself creates a certain threshold for the attack behavior, while the PoS consensus relies on the value and punishment mechanism of the pass in the network to prevent the attack behavior. The PoS Equity Proof can guarantee that “economic security” is not weaker than the proof of workload when the initial allocation is reasonable.

3.4 Monopoly and Cartel Organization

“Economic security” does not mean that the blockchain network is absolutely safe. On the one hand, there are attackers who “do not pay the price”. If the attacker wants to destroy the blockchain network without any cost, then no human intervention (community forced rollback attack chain, etc.) is considered. Currently, no blockchain network can resist similar. s attack. On the other hand, oligopoly is a problem that any economic form faces.

In the PoW network, there is a problem of centralization of computing power and monopoly of mining machine manufacturers. On the one hand, people worry that large mining pools have concentrated too much computing power, and on the other hand, they are worried that specialized mining machine manufacturers will monopolize technology from the source. Production of mining machines. Due to the existence of economies of scale, operators who invest large-scale funds to manufacture mining machines or build mines have lower costs than small and medium-sized operators. Therefore, they are more competitive in the PoW computing competition model and are more likely to form monopolies.

Although the PoS consensus mechanism avoids the problem of computing power and mining machine centralization, it also generates a new form of monopoly. Some nodes that hold a large number of certificates may spontaneously organize into a verifier alliance. They do not need to make any behavior that may be forfeited. As long as their mortgage exceeds 51%, then the governance and community of the chain And so on, have absolute right to speak. If such alliances have sufficient execution, they can refuse to package any transactions they do not wish to package. These potential monopolists may be investors in the early stages of the project, the exchange, and even the project itself. If a similar attack occurs, then the “community consensus” can only be used to force the fork. Therefore, for the PoS project, the initial allocation of the certificate and the certain liquidity and market capitalization are very important.

From a non-centralized perspective, PoS does not have the obvious advantage of PoW.

3.5 Introduction to the current mainstream PoS algorithm

The Cosmos Network is an operational, scalable blockchain Internet built on the Tendermint consensus algorithm. Tendermint is a PoS adaptation of Practical Byzantine Fault Tolerance (pBFT). The network pseudo-randomly selects a node as a producer to issue a block according to the number of shares held by the node, but the block confirmation and final verification are still completed by the pBFT algorithm.

Casper FFG is a hybrid consensus between PoW and PoS. It is led by VitalikButerin and is designed to allow Ethereum to securely transition from PoW to PoS consensus. The node mortgages certain ETHs as verifiers. The role of the verifier is to vote on the finality of the blocks after the last inspection when the blockchain produced by PoW reaches a certain height, and according to the number of ETHs mortgaged. Get paid. After confirming that the final block cannot be changed, CFFG combines the ideas of PoW, PoS, and BFT consensus. On the basis of PoW, PoS checkpoints are set at a certain number of blocks to provide finality for the previous block. Increased security of consensus.

Casper CBC is a PoS adapted version of the GHOST protocol for Workload Certification. CCBC is a pure PoS consensus that focuses more on economic security and prevents the development of cartel organizations by designing reasonable incentive and penalty rules.

4 PoS's present and future

The difference between Proof of Stake and other consensus algorithms lies more in economic concepts and incentive models than in technology and consensus algorithms. The concept of equity can be reflected in the right to governance, voting rights, the right to receive interest income, and the right to verify the block.

The current PoS consensus can still guarantee that the security of the PoW network is not weaker by introducing the penalty rules for dishonest nodes on the basis of a large reduction in energy consumption. However, PoS abandoned the idea that the workload proved simple and easy: the chain with the largest workload is the consensus chain, and it also brings new problems such as "long-range attack", so it has to design more complicated mechanisms to ensure network security. Increased development costs and potential security vulnerabilities, and the development progress of large-scale PoS networks is less than expected.

The PoS consensus generally adopts the economic model of inflation, which provides interest income to the holders of the certificate, which is more in line with the real economy than the deflationary economic model, but the PoS economic model also fails to solve the problem of monopoly and centralization. The “equity economy” represented by PoS is an economic system different from the PoW consensus. On this basis, there will be more financial application scenarios. In the long run, the blockchain network based on the PoS consensus will be very large. Development potential.

Note:

For some reasons, some of the nouns in this article are not very accurate, such as: pass, digital pass, digital currency, currency, token, Crowdsale, etc. If you have any questions, you can call us to discuss.

This article is original for the General Research Institute (ID: TokenRoll). Unauthorized reproduction is prohibited. Reprint, please reply to the background keywords [reproduced]

General Information Institute × FENBUSHI DIGITAL

Text: Song Shuangjie, CFA; Sun Hanru

Special Advisor: Shen Bo; Rin; JX