i o b l o x

Below are overviews of various techniques associated with blockchain convergence: these techniques are variants of consensus algorithm by which a (typically cryptocurrency based) blockchain network aims to achieve settlement. Note that not all variants are covered here, this page will be updated over time, the most widely used described first:

1. Proof of Work (PoW)
2. Proof of Stake (PoS)
3. Others: RAFT, PBFT, Binary BFT, Async BFT, RPCA

Proof of Work (PoW)

The ability to to validate transactions and create new blocks (especially an unpermissioned cryptocurrency, such as Bitcoin) demands strict controls, to avoid the potential for double-spending or rewriting history. Proof of Work (PoW) is a blockchain consensus algorithm, implemented in Bitcoin by Satoshi Nakamoto in 2009. It was later adopted by Ethereum.

Note that in terms of PoW in blockchain this variant is known as a solution-verification protocol: there is an alternate form of PoW referred to as challenge-response which we do not discuss here.

In PoW an algorithm is used to decide which miner gets the ability to add a new block to the blockchain, a process to regulate control called 'mining. In order for nodes engaged in mining to enter their block of transactions into the blockchain they are required to provide unambiguous proof that they have solved a specific challenge (or puzzle). This proof is designed to be difficult to produce but easily validated. The puzzle is designed to be a computationally intensive, to ensure that 'work' is required to take part in mining. In PoW, miners must invest a significant amount of computational power in order to find a hash string which matches a given set of constraints.

As an analogy, guessing correctly the digit sequence to unlock a five digit combination lock is a proof to a challenge; hard to produce because of all the permutations, but easy to validate, since the lock is either in a closed or open state. Since the target combination could be any combination of the five digits, success will depend on how long you persist in attempting combinations, and how many permutations you can attempt within that time. In a PoW system therefore, the probability of mining a block is dependent on how much 'work' is done by the miner.

In Bitcoin, miners are required to find a hash such that there is a specified number of leading zeros at the beginning of the hash string. A miner must hash the new block and then iterate through a set of numbers (referred to as nonces). Since good cryptographic hash outputs cannot be predicted from the original data (in this case, the next block is the data) the miner must effectively iterate through all numbers (in any order) until it finds a new hash value which matches the constraints. Since there is a lower probability of having more consecutive leading zeros as a contiguous sequence, this 'prefix' size referred to as the level of difficulty, It is the difficulty that is the main controlling factor on the delays in block generation.

Note that under PoW, miners may potentially own none of the currency they are mining, and thus seek only to maximise their own profits. In order to double-spend, a miner must gain majority hash power, and spend a lot of money to gain control. Even then, the protocol still behave deterministically as only one chain can be considered valid (that said, SPV nodes might become confused; hence running full nodes is greatly encouraged). To rewrite history is even more prohibitively expensive. We can consider this a two-layer defence, even during an attack, behaviour is as expected, there should never be confusion about which chain is valid.

PoW is also resilient to network partitions: nodes automatically self-organise and eventually converge towards one single chain (the chain with the most accumulated PoW, and inherently more secure). This process is clearly wasteful, some chains will get deprecated during the process, but it works works deterministically and correctly.

PoW offers two key benefits in terms of security guarantees: (1) protecting the future: if there is a partition, it provides an objective automatic mechanism to resolve conflicts and converge the chain, without trusted third parties. (2) protecting the past: to gain control of majority hash rate requires an attacker to expend enormous amounts of time and money to rewrite history.

Implementations

Bitcoin uses a PoW technique based on Hashcash, using mining to regulate how new blocks are created and appended. The puzzle difficulty is dynamically adjusted to ensure a consistent settlement time. Ethereum and Bitcoin Cash also use PoW. PoW is also used by Ethereum.

Advantages

The main advantages of PoW are in resilience. PoW protects against network partitions, with inbuilt mechanisms to converge to a single chain after partitions in a deterministic manner. PoW protects against DDoS attacks: since PoW is computationally very expensive, an attack requires similar processing power to be effective. To compete with the entire network is financially infeasible and an attacker would gradually run out of cash.

Issues with Proof of Work

The PoW concept has a number issues. In Bitcoin's implementation for example a huge amount of computing power (i.e. electricity) is wasted in generating random guesses. This has lead to various distortions, such as large scale bitmining operations in places like China and Iceland (where energy prices may be lower). Mining operations have rapidly evolved to used high speed ASICs, with even dedicated variations in chip design to suit accelerated low cost hashing. Bitcoin mining groups have formed to pool resources. There has been debate about changing the PoW puzzle to more elegant and beneficial, however in the case of Bitcoin such a change looks unlikely in the near term.

Mining (together with unpermissioned access) creates scalability obstacles in terms of the amount of time required to 'settle' on a new block. In Bitcoin this is around 10 minutes.

A 51% attack is possible where an attacker might have sufficient computational power to control the entire network and tamper with new blocks.

Further, if PoW continues this may lead to a scenario called tragedy of the commons. For example with Bitcoin, eventually no more mining bounties will be awarded, and miners will received only transaction fees. Since it is pretty inexpensive for miners to include transactions in a block, they are likely to accept any fee, regardless how low, which will gradually lead to users paying less fees, and miners to earn less money. This would lead to fewer miners willing to mine Bitcoins, so the network difficulty will decrease and the Bitcoin network will be more susceptible to 51% attacks.

The PoW system used by Bitcoin and other cryptocurrencies fails to create an incentive for miners to hold onto the coins awarded to them for mining. Miners typically sell their coins within a few weeks, sometime instantly. This constant selling causes constant downward pressure on the Bitcoin price.

There are fears that PoW systems can lead to low network security, due to the Tragedy of the Commons. This has led to some coins adopting a PoS system. A tragedy of the commons for Bitcoin results where payouts becomes smaller and smaller for Bitcoin miners, so there is less incentive to avoid a 51% attack. The POS systems makes any 51% attack more expensive. Someone trying to doublespend and destroy faith in the network would have to own a majority of the coins, and the attacker would suffer from his actions.

Proof of Stake (PoS)

The intention of PoS is to create an alternate way of regulating block creation without the inherently resource-intensive problem of mining, and inherent scaling issues. In contrast to PoW-based blochains (such as bitcoin), which use use mining, PoS does not require a work-related proof to a puzzle. PoS requires that a node simply demonstrates ownership of proportion of token value. In PoS-based blockchains the mechanism to define the next valid block are related to token value held by each validator (effectively miner) node. Here the nodes guarding the coins always own the coins (although several cryptocurrencies allow or enforce the lending of staking power to other nodes). In PoS, validator nodes must stake their tokens (or currency balance) in order to be eligible to be selected as the next block creator.

Clearly, control of the block creation process cannot be naively determined solely by account balance; since would result in is richest members having a permanent advantage. The validator that places the largest stake normally has the highest probability of being chosen as the leader, and creating the next block. The selection process typically use some form of weighted probability to favour of higher value stakeholders. Some implementations use random selection, typically combined with wealth or age (i.e. the stake). Many PoS blockchains, have protocols to prevent a situation where a validator with 51% of the wealth exhibits too much control: for example coinage, where time based properties can be used to reduce the probability of being elected as the leader to often. In PoS, if a validator is discovered to be cheating, or tampers with a block, it will lose its entire stake. This is considered to be sufficient incentive to behave honestly.

It is important that miners are incentivised to maintain a relatively high overall proportion staked; since control depends on the amount of coins or tokens in circulation and the proportion staked. For example: if there are 1000 coins in circulation, but only 100 coins staked, an attacker would only need 101 staked coins to perform the attack.

POS systems do not generally work in isolation – without mining it may be hard to create a community around a coin. PoS encourages hoarding that is great for speculation but not for currency, which is supposed to be used. Due to the price volatility and speculation people are hoarding their coins. People fear that the hoarding of bitcoins will lead to a deflationary spiral causing the Bitcoin price to plummet and ultimately signal the death of the currency. For these reasons most coins that adopt POS use a hybrid system with both POS and POW.

Implementations

Bitcoin has yet to implement it, and although this has been discussed for some time, seems unlikely to transition even to a hybrid system in the near future. NXT, BlackCoin, Peercoin and various 'altcoins' implement some version of PoS. NXT and BlackCoin use randomisation to predict the next generator node by using a formula that finds the lowest hash value in combination with the size of the stake. Since the stakes are public, each node can predict (with reasonable accuracy) which account will be next to win the right to create a new block. Peercoin combines randomisation with the concept of coin age, a number derived from the product of the number of coins, multiplied by the number of days the coins have been held.

Advantages with PoS

PoS is much less wasteful of energy resources than PoW and is therefore much more environment-friendly. The validation process is more deterministic, essentially a constant amount of computation. It can therefore scale much better; settlement time can be greatly reduced. In PoS, any node can technically become a validator (even a personal laptop).

Issues with Proof of Stake

PoS protocols may be more fragile than first appear, and critics argue that they are not an ideal option for a distributed consensus protocol: (1) any validator with 51% of the wealth effectively owns more of the blockchain, and decentralisation is rendered futile if a single node always creates the blocks. In practice with a large enough community it unlikely that a node would own 51% of the total value, and variations on validator node selection can mitigate this somewhat. (2) the nothing-at-stake problem, where block generators have nothing to lose by voting for multiple blockchain histories, thereby preventing consensus, since there is little cost to working on several chains (unlike PoW based systems), (3) some cryptocurrencies are vulnerable to Fake Stake attacks, where an attacker uses no or very little stake to crash an affected node, (4) PoS protocols have questionable resilience to deal with worst-case scenarios (so-called 'black swan' events, such as network failures and partitions, (5) stolen/purchased private keys, especially relating to high value (high stake) accounts

During a partition or major outage for example, PoS nodes have no way to differentiate which chain is more appropriate if chains develop in isolation. Convergence is non-deterministic and impossible to automate without introducing arbitrary rules that increase the attack surface. A split could become permanent, as some PoS protocols make it impossible to go back too far into the past. PoS protocol designers often go to great lengths to punish misbehaving actors. What they do not consider is the possibility that all nodes act honestly and there is a legitimate partition.

In PoS the proportion of coins or tokens held by a user is equivalent to mining hash power in PoW, and this presents some interesting distortions, and new attack surfaces. It is quite likely that we will see wealth distribution in cryptocurrency following power laws (a very small proportion holding most of the coin value). In PoS this represents a potential vulnerability, since the accounts of wealthy PoS stake holders offer an attractive target for cybercriminals. The private keys to these accounts might be stolen or compromised: as a result of social engineering for example. In appropriating these keys the attacker avoids raising the currency value during the attack. PoS designers often assume that buying or renting coins on the open market is the sole way to obtain majority control, and incorrectly conclude that the cost of attacking a PoS currency is determined by its market value. Stealing private keys avoids this altogether and greatly reduces the cost of attack.

In contrast to PoW, gaining majority stake in PoS offers unlimited power, and you can double-spend without spending extra money, unlike in PoW If the protocol doesn’t have checkpoints you can rewrite history, If the protocol does have checkpoints (e.g. Ethereum's Casper) you can cause irreconcilable chain splits.

There are a number of techniques used by Peercoin, Ethereum and others to mitigate some of these issues, and this continues to be a dynamic area of research.

Hybrid PoW-PoS Concensus Systems

Neither PoS or PoW are perfect, and many coin based blockchains are experimenting with hybrid systems to create and efficient mining community, with reduced hoarding and reduced downward pressure on coin value. As we discussed above, PoS alone has a number of inherent weaknesses, whilst PoW introduces resource wastage and scaling issues. Whereas Bitcoin continues to experience downward pressure from miners who sell their coins, with resulting price volatility, in a hybrid system miners can be rewarded for retaining a percentage of their coins, reducing volatility. It is also important to note that almost all altcoins that are mined are sold for fiat currency or bitcoins. Cryptocurrencies that are weaker than Bitcoin risk being mined and dumped, repeatedly destroying coin value.