Blockhain is obviously a chain of linked blocks with transaction data in them, so that each block references all previous blocks before it and the chain is unbroken. However, theoretically it is possible to create an infinite number of such linked blockchains for any given cryptocurrency. It is the consensus mechanism (e.g. Proof-of-work) that allows us to distinguish a valid from an invalid blockchain. In this article, we will discuss the difference between the two most popular consensus mechanisms. Both of them are essentially lotteries that enable one of many participants to write a block i.e. a chapter in the history of transactions. The key is that the next winner of that lottery (and author of the next chapter) cannot be predicted, so that everyone will try in earnest to win. At the same time, once that unpredictable winner is selected, everyone can easily verify that no cheating took place. Then each block (or chapter) is linked together with previous chapters to create an unbroken history that is very difficult to revise. The problem with any decentralized system is that with nobody in charge, any participant can try to create their own version of history that favors themselves. And this is where the concept of work or stake comes in. It assures the randomness of the selection of the author of the chapter with accumulating work or stake, such that rewriting history becomes exponentially difficult.
Mechanics of the Lottery
The winner of the lottery must prove that they won it fair and square by producing a solution to a puzzle that doesn’t have any shortcuts outside of work/stake. If someone has a solution, that means they played by the rules and won that lottery according to the rules and it is easy to measure how much work/stake went into the lottery. That is really the crux of consensus.
How does work/stake assure that unpredictable selection of the leader is fair and agreed upon by the players?
In Proof-of-Work the puzzle being solved can be thought of as throwing dice. Let’s say we are throwing a fair dice and we need to get a certain number of ones in a row. Obviously, to get one once, it will take on average six tries with a fair dice. To get two ones in a row will take, on average, 36 tries. To get three ones will take 216 tries and so on. So, we can increase difficulty if there are too many people playing the game to keep the time between winning blocks relatively stable. Only winners of the dice throwing contest are allowed to write history. So, over time the longest chain with most ‘work’ assures us that a given number of calculations (throws of dice) were performed. That is why it is very very difficult to recalculate and change history, all that work has to be redone for every block and that could be an immense amount of calculation. Difficulty is calculated based on aggregate ‘dice throwing’ power (number of dice throws required to win over time) thrown at the system. In order to cheat and overpower the system, someone would have to invest an incredible amount of resources.
Of course, throwing dice is just an example for simplicity of exposition. In reality, crypto miners solve a problem by calculating what is called a hash function. This function with unpredictable result needs to be recalculated many times to obtain a number with a certain number of zeros at the beginning. This is an equivalent of throwing dice using computing power.
Proof-of-stake takes a different approach to picking a winner. It is far more complex and less rigorous. Throwing dice like mining could be too much effort (just think of trying to hit difficulty of ten or twenty ones in a row). How about we find some other way to pick our lottery winner who will write the next chapter? This is where Proof-of-Stake comes in. It starts with the idea of replacing repeating dice throws (or hash functions) as our source of randomness with something we already observe. Let’s say there are three players who are part of writing the transaction history and our goal is to choose one winner to write the next chapter randomly, so that the winner cannot be anticipated. But we don’t want to perform all that brute force work. First, those three players all must have balances of our cryptocurrency, this is the ‘stake’ in the Proof-of-Stake. It is easy to verify that in a cryptocurrency setting. Our random winner, as in mining, should be easily verifiable by everyone. We could try to look for some way to select a winner based on something resembling randomness that is already produced from the normal operation of our blockchain. Assume that all names of all senders and recipients of transactions during the past 24 hours are recorded and we can easily calculate how many times letters ‘a’ , ‘o’, ‘n’ appeared in the names of senders and receivers. In English language those letters have relatively similar frequencies (about 7%). We say that one of three players would win the lottery when their assigned letter multiplied by the number of staked coins is highest.
Lottery Tickets: Highest amount lottery ticket wins
[Coins stake by player #1] * [# of times ‘a’ appeared in 24 hrs transaction transcript]
[Coins stake by player #2] * [# of times ‘b’ appeared in 24 hrs transaction transcript]
[Coins stake by player #3] * [# of times ‘c’ appeared in 24 hrs transaction transcript]
Higher number of coins staked increase the chances of winning. This is because we want to incentive players to stake more coins, so that someone else could not just buy a small amount of coins and rewrite the blockchain with their small stake.
Note, that with this simple rule we simulated the verifiable lottery just like in mining, but with no effort expanded, naturally using information from our transaction history. In Proof-of-Stake currencies the number analogous to the number of ‘a’, ‘o’, ‘n’ is called the Stake Modifier. The 24 hours to calculated the Modifier is called the Selection Interval. It represents the source of randomness that replaces the physical properties of the dice i.e. the computer processor calculating repeatedly the hash function. There are two main criticisms of Proof-of-Stake.
Nothing-at-Stake
Nothing-at-stake argument is a theoretical argument stemming from a simple observation. Crypto miners expand energy and their computers are busy throwing dice at a particular blockchain. If they try to mine another blockchain, then they have to reduce their dice throwing capacity on the original blockchain. The hash that they use as the proxy for dice throwing depends on the transactions in the block and those are different from one blockchain to another. However, POS doesn’t require any resources. The stake of coins is simply used to calculate the lottery tickets observing some basic facts about quasi-random numbers that we derived from the operation of the blockchain. So, a staker could try his luck at multiple blockchains without incurring any effort or computation (because the computation is trivial). The staker could fish in many ponds simultaneously and win coins on many different blockchains with the same stake. This would promote fragmentation and ultimate destruction of a cryptocurrency. There are a number of problems with this highly theoretical argument. This problem has not been observed in practice. In addition, for someone to cause major mischief, they would have to own many coins in a given cryptocurrency i.e. a high stake. Whether this problem is real, fragmenting or destroying that cryptocurrency and their own stake hardly can be described as nothing-at-stake for the staker.
But some thinking on this would actually suggest that the situation is the opposite. Owning a significant stake in a cryptocurrency would allow one to act maliciously and harm that cryptocurrency and own stake. But this would not allow the staker to transfer this harming ability to any other blockchain. Whereas, in the Proof-of-Work most algorithms are very similar (only so many ways to throw dice). So, if there was a large pool of dice throwing power one could rent for some time, POW cryptocurrencies can be attacked with … well, nothing-at-stake. And that is precisely what we observed throughout 2018. Even relatively established coins such as Bitcoin Gold, Zencash, Ethereum Classic lost millions to 51% attacks, attacks when someone controls most of the hashing power on the network and can actually reverse transactions. Hashing power is mostly transferable from one blockchain to another and is now easy to rent.
When some cryptocurrencies create mining algorithms that are different enough to prevent using rented power, they then take themselves out of the economies of scale in miner production and are more vulnerable to attack because there are too few ‘dice throwers’ to defend the network. In short, mining has produced the ultimate nothing-at-stake problem. This is not to say that mining is inferior. I strongly believe that there needs to be at least one mining cryptocurrency (maybe at most one as well). I believe that Bitcoin could play such a role. Perhaps privacy coins such as Monero that provide an extremely valuable service, but cannot be secured with POS also need mining algorithms. But the rest of the crypto space needs to use a combination of POS and some method of piggybacking on the Bitcoin mining power. Money needs to be medium of exchange, store of value and unit of account. Crypto needs to become medium of exchange before it can become store of value. Assuming that lasting store of value state can be achieved by Bitcoin due simply to its limited supply are misguided. My strong belief is that the only way for cryptocurrencies to become money is to innovate to the point where blockchain platforms create their own value, value that springs from the platform itself. For example, any social network creates value that can be monetized by advertising to users. Once blockchain/crypto platforms can create value to be exchanged, then they will become de facto medium of exchange. Otherwise, governments can suffocate cryptocurrencies (and are doing that already) by declaring them assets and making any conversion to fiat money a taxable event.
However, if crypto is exchanged for value directly, it attains characteristics of money without triggering those tax obligations. If enough blockchain platforms can achieve this medium of exchange status, then Bitcoin can become both the settlement layer for them and unit of account. The result will be that Bitcoin will attain lasting store of value state as the indispensable backbone of the cryptocurrency ecosystem. An ecosystem that naturally generates value. These systems almost certainly will have to use a variation of POS consensus, both because of its relative efficiency and because any system using POW can now be attacked for pennies.