Jointly produced by Tongzhengtong Research Institute × FENBUSHI DIGITAL
Text: Song Shuangjie, CFA; Sun Hanru
Special Advisor: Bo Shen; Rin; JX
guide
Text: Song Shuangjie, CFA; Sun Hanru
Summary
Special Advisor: Bo Shen; Rin; JX
guide
Blockchain projects using PoS consensus lag behind projects using PoW consensus in terms of quantity and market value. Why is the progress of new PoS projects still not as expected on the basis of existing mature theories? Does the PoS consensus have enough advantages for people to accept it and have a place in the blockchain consensus field? Is "Staking Economy" the new development direction of blockchain in the future?
In a blockchain network based on the PoS consensus, all nodes that become "verifiers" can obtain the right to produce (or publish) blocks, and the probability depends on the "equity" they own. Compared with proof of work, the advantages of PoS consensus include reducing energy consumption, ensuring security, and reducing the risk of centralization."economics"The early PoS consensus faced a "no stake" crisis, and the blockchain was easily forked. The "Sword Holder" mechanism solves the disinterested attack on the previous PoS consensus by adding punishment measures to dishonest nodes. Mobile checkpoints and context-aware mechanisms prevent "long-range attacks" on PoS consensus.
According to the role and importance of rights and interests in the consensus economic model, we can divide PoS consensus into four types: pure PoS consensus, hybrid PoS consensus, DPoS and the concept of only rights and interests. Generally, only the first two are regarded as PoS consensus discussion. The "equity economy" represented by PoS is an economic system that is different from the PoW consensus. It generally adopts an inflationary economic model, and only mortgage tokens can participate in the network consensus process to obtain interest income. Due to the existence of inflation, the miser's strategy of "holding coins to increase" is no longer applicable to the new PoS consensus. All holders must participate in the network consensus process. Based on this demand, more financial application scenarios will emerge.
economics
Table of contents
safety. However, the PoS economic model also failed to solve the problems of monopoly and centralization.
In the long run, the blockchain network based on PoS consensus will develop to the same scale as the PoW consensus blockchain.
Risk warning: Centralization risk, technological progress is less than expected, and market volatility risk.
Table of contents
1 Proof of Stake, a brief history
2 Security "sword bearer" of proof of stake
2.1 The "tragedy of the commons" in the blockchain world
2.2 "Sword Holder" Mechanism
2.3 A new problem - "long-range attack"
3 Equity Economy——The Economic Concept of PoS Consensus
3.1 Types of PoS consensus
3.3 "Quantitative" the security of PoS from an economic point of view
text
3.4 Monopolies and cartels
3.5 Introduction to the Current Mainstream PoS Algorithms
4 The present and future of PoS
text
In 2012, Scott Nadal and Sunny King proposed PoS proof of rights in a paper, which is an alternative consensus to Satoshi Nakamoto's proof of work. The first Peercoin (Peercoin) that integrated the PoS concept into the consensus mechanism was launched in the same year. In the following years, some large blockchain projects such as Ethereum and Cosmos have proposed their own PoS solutions. But today, seven years later, the blockchain projects whose main network adopts PoS consensus (here does not include DPoS, PoW+PoS mixed consensus) lag behind projects adopting PoW consensus in terms of quantity and market value. Why is the progress of new PoS projects still not as expected on the basis of existing mature theories? Does the PoS consensus have enough advantages for people to accept it and have a place in the blockchain consensus field? Is "Staking Economy" the new development direction of blockchain in the future?
1 Proof of Stake, a Brief History
In the blockchain network based on PoS consensus, nodes no longer compete for bookkeeping rights through computing power, and the probability of obtaining bookkeeping rights depends on the amount of equity they own. The "stake" here can be the number of tokens held by the node, or it can be a function of the number of tokens. For example, the concept of "coin age" proposed by Peercoin mentioned below, the longer the node holds the pass, the more accumulated coin age. Compared with proof of work, the advantages of PoS consensus include reducing energy consumption, ensuring security, and reducing the risk of centralization.
Throughout the history of PoS, the development of PoS can be roughly divided into three stages.
The first stage is the PoW+PoS hybrid consensus represented by Peercoin. However, this type of early mixed consensus still requires the nodes participating in the block production to perform a certain amount of hash value calculation, that is, to produce blocks in a manner similar to the workload, except that the probability of each node finding a legal block through calculation is the same as that of the node. The equity held is related, that is, the producer is selected according to the equity, and the incentive method based on the equity is adopted. Peercoin did not fully achieve the goal of "reducing energy consumption".
The second stage is a pure PoS consensus represented by Nextcoin. This type of PoS consensus mechanism does not require or only require nodes to perform a small amount of hash value calculation, but uses a distributed and verifiable random number generation function to select block producers, and the incentive method is still related to the rights and interests held by the nodes. This type of PoS consensus consumes less energy than Proof-of-Work, but there is still a hidden danger that endangers network security that has not been completely resolved-Nothing at Stake attack (no stake attack).
The third stage is a new type of PoS consensus represented by Ethereum Casper. This type of consensus usually uses PoS as part of the consensus algorithm: blocks are produced in the form of PoW, and the finality of the consensus is confirmed by PoS at a certain interval of blocks; or blocks are produced in the form of PoS, using BFT algorithms Perform block verification. This type of PoS consensus is not based on the specific algorithm used. What they have in common is the implementation of "equity economy". Nodes can obtain block rewards according to the proportion of equity they hold by participating in the network consensus. Different from the early PoS, this type of consensus solves the "no stake" problem by adding economic penalties to dishonest nodes and enhances the security of the PoS consensus.
In addition, the "delegated" type (DelegatedPoS) consensus represented by BitShares and EOS is also well known to the public. However, in this type of consensus, rights and interests are only reflected in voting for "super nodes", and have nothing to do with economic models, incentives and punishments, so it is generally not discussed as a PoS consensus.
According to the process of blockchain production, PoS consensus can be divided into the following two categories:
"Chain" based PoS (Chain-based Proof of Stake). Similar to the principle of BTC PoW production block, the algorithm randomly selects a node to be responsible for the production block according to the rights and interests held by the node every certain period of time. This block must be appended to a legal block. When the fork occurs, pass The rules specified by the consensus algorithm select a chain as the consensus chain.
"Byzantine" PoS (BFT-style Proof of Stake). The algorithm randomly selects a node to publish a block according to the rights and interests held by the node every certain period of time, but whether this block is legal and can be attached to the consensus chain needs to be confirmed by a certain proportion of verifiers voting.
2 Safe "Sword Holder" of Proof of Stake
Different from the computing power competition in the PoW consensus, that is, by introducing scarce external resources and rewarding the computing power paid by the nodes with tokens to ensure the security of the blockchain network, PoS hopes to rely on the blockchain economic system Endogenous forces to solve security problems. The PoS consensus allocates block bookkeeping rights and network rewards according to "equity", and ensures the security of the consensus through a series of innovative solutions, and on this basis creates a unique "equity economy" in the blockchain world.
2.1 The "tragedy of the commons" in the blockchain world
The early PoS consensus faced a crisis of easy forks. Professor Harding described such a story in the article "Tragedy of the Commons": Some shepherds graze on a common grassland. Since the resources of the grassland are limited, when the number of sheep exceeds the capacity of the grassland, After carrying the maximum number, the total production value of the flock will drop. Consider a simple model consisting of two shepherds, assuming that the reasonable amount of grazing in the grassland is two, and each of the two shepherds has one sheep. At this time, the output value of each sheep is 1 unit, and each additional sheep, The total output value of the flock will decrease.
Every shepherd faces two choices: add another sheep or maintain the status quo. If the shepherds are rational, adding one sheep will be the optimal strategy in both cases. However, when both shepherds choose to graze, the total output value of the grassland decreases. The enlightenment of the "tragedy of the commons" is that the unrestrained development and utilization of public resources by individuals will lead to the damage of the overall interests.
The early PoS consensus also faced a similar problem, that is, "rational fork". In the "chain"-based blockchain network, when a node finds two blocks of the same height, that is, when the network forks, the node faces two choices: 1. According to the consensus rules, select one of the nodes as the The main chain, on which new blocks are produced; Second, new blocks are produced on the two forked chains at the same time.
Blockchain is an intangible technology, and the ecology it carries is an important part of its value. In the case of the "tragedy of the commons", the abused grassland resources are limited. Although the blockchain ecology is still developing rapidly, unlimited forks will inevitably cause the division of blockchain developers, communities, and ecosystems , competition between forked chains reduces their overall value relative to no forks.
In the PoW consensus blockchain, such a choice is actually not valid. The computing power owned by the node is fixed. If the node allocates a part of the computing power to mine on the forked chain, it must first bear the risk that the forked chain will not have any value in the end, and the node will lose due to mining on the forked chain. And the reduced income on the main chain. If the value of the forked chain is recognized, other rational nodes will quickly switch their computing power to the forked chain, so as to achieve a balance of unit computing power gains on the two chains. If the ratio of the computing power of the node to the computing power of the entire network does not change, then it cannot obtain excess returns. The choice of a rational node is to continue mining on the chain that is most likely to become the main chain.
Under the PoS consensus, the blocks of the forked chain before the fork height are exactly the same as the original chain, so nodes also have the same number of tokens on the forked chain. In this way, corresponding rights and interests can continue to produce blocks on the forked chain, and the mining on the two chains does not affect each other, so rational nodes will acquiesce to the existence of the forked chain.
There is a view that if the holders of the certificate can foresee the harm caused by this split, they will refuse to produce blocks on the forked chain in order to protect their own interests. But in fact, most individuals in the group are short-sighted. If there are no other rules to restrict, few nodes will give up the rights and interests on the forked chain. This is also known as "Nothing-at-Stake".
2.2 "Sword Holder" Mechanism
The Ethereum Casper consensus applies the "Slashers" (Slashers, also translated as "Swordsman") mechanism, and introduces punitive measures into the consensus mechanism to solve the public tragedy of the previous PoS consensus. The core content of the protocol is that nodes participating in block production (called verifiers) need to pledge a certain amount of security deposit and stipulate a series of penalty conditions. When it is found that the node has taken the action listed in the penalty condition, the security deposit pledged by the node will be confiscated and the rights of the verifier will be withdrawn. The behaviors that will be punished usually include malicious behaviors such as producing blocks on two chains at the same time, not producing blocks at the latest height. The economic sanctions (Slashing) for nodes that exhibit possible malicious behaviors have changed the expected income of nodes digging and not digging when forked chains may appear, as long as nodes dig forked chains or launch attacks, they can obtain If the expected return is less than its mortgage deposit, then the choice of a rational node will be to abide by the rules and be an honest node, thereby resolving disinterested attacks.
The "Swordman" in the science fiction "Three-Body Problem" sent the coordinates of the Trisolaran galaxy when the Trisolaran fleet launched an attack on the earth, destroying the Trisolaran galaxy and the solar system, and is the key force for the earth to restrain the three-body attackers. The "sword-bearer" mechanism in the new generation of PoS consensus is also a sharp weapon to restrict potential attackers. By specifying reasonable punishment conditions and mortgage amounts, it can effectively enhance the ability of the consensus mechanism to resist various network attacks.
2.3 A new problem - "long-range attack"
The chain-based PoS consensus is more complicated in how to determine the finality of the consensus. PoS abandons the concept of "taking the chain with the largest cumulative workload as the main chain". In the PoS network where nodes can join or exit freely, the change of deposit is dynamic, and the verifier needs to obtain the latest information of other verifiers in order to Determine which blocks are truly valid. Different from the PoW network, judging whether the block is legal only depends on a few objective information: the legality of the transaction, whether the hash of the block header meets the requirements, and judging that the main chain adopts the determined principle of the longest chain. PoS also needs to consider the possibility of "long-range attack" sex.
"Long-range attack" is the most threatening form of attack in the PoS consensus. When a node withdraws its mortgage, although it no longer has the right to verify the subsequent blocks, it can still recover the block before the mortgage is withdrawn. roll, and since it is no longer penalized by forfeiting deposits, the attacker can bribe these nodes to collect enough "ghost" deposits (which have already been withdrawn) to reconstruct an attack chain long enough to attempt to replace The blocks that these nodes have verified during their time as validators.
One solution strategy is to move checkpoints. That is, checkpoints are set every certain block interval, and only blocks after the checkpoint may be reorganized. The interval between checkpoints is generally less than the required minimum deposit deposit time, so as to ensure that blocks with sufficient probability are verified by nodes that have paid deposits. Another solution strategy is "Context-Aware transactions". When constructing a transaction, record the hash value of the previous block or several blocks in the transaction, so that a transaction can be associated with a specific block branch, and forged transactions on the forked chain become difficulty.
3.1 Types of PoS consensus"Finality"According to the different roles played by Stake in the consensus economic model, we can subdivide PoS into the above categories.
In the latter two consensus mechanisms, equity does not play a decisive role in the consensus process, so it is generally not discussed as a PoS consensus. The difference between them and the previous two PoS consensus lies in whether the economic incentives of the network are distributed according to the stakes owned by the nodes. Although some PoS consensus also elects a limited number of verifiers to participate in the consensus process by voting, this election is realized by "delegating" the pass to the verifier through the smart contract. The verifier does not have the right to use the delegated tokens, and the block rewards obtained by the verifier are distributed to their owners according to the number of tokens. In the DPoS consensus, block rewards are only allocated to super nodes and a certain number of candidate nodes.
The difference between pure PoS and hybrid PoS consensus is whether the process of selecting validators is related to the stake they hold. The probability of selecting a block producer in the corresponding PoW consensus is related to its computing power. The hybrid PoS consensus generally provides the blockchain with PoS
Finality
Verification, while the production of blocks and the selection of verifiers are done in other ways. If the probability of a node obtaining bookkeeping rights is related to its mortgaged rights, then this type of consensus can be considered a pure PoS consensus.
The pure PoS defined in this way cannot include other consensus algorithms. In fact, most PoS consensuses use BFT algorithms to vote on blocks. For example, the basic algorithm of Tendermint is PoS+pBFT, the basic algorithm of Proof of Activity is PoS+PoW, and the basic algorithm of Casper FFG is PoW+PoS+BFT. The future development trend of PoS will also be a hybrid consensus.
3.2 All holders participate in the consensus network
The PoS consensus can be summarized as: equity holders vote for the block they think is legal, and are willing to bear the risk of losing the deposit due to cheating. In a blockchain economic system, token holders can be roughly divided into the following types: individual investors, institutional investors, foundations, and project developers. Ways for these token holders to store tokens include: personal custody of private keys (including offline wallet services), exchanges, and custodians. In the traditional PoS consensus, interest income can be obtained automatically only by holding tokens. Therefore, individual and institutional investors are usually unwilling to lock their tokens to participate in the consensus process, resulting in low network security.
In the PoS consensus that adds a penalty mechanism, only the mortgage token participates in the network consensus process to obtain interest income. Due to the existence of inflation, the miser's strategy of "holding coins to increase" is no longer applicable to the new PoS consensus, and all holders must participate in the consensus process to obtain block rewards. The existence of the penalty mechanism greatly increases the cost of running a professional consensus node, making it difficult for individual investors to afford the expenses.
If the PoS network does not support smart contracts with similar entrustment functions, then there will be specialized verification agencies. Individual investors entrust professional validator nodes to mortgage tokens on their behalf, and pay a certain management fee to obtain interest income. Network economic participants suitable for this business include digital token exchanges, wallets, etc. Coinbase currently plans to implement equity mortgage services for Tezos users, and estimates that the annual passive income of investors is about 8%. A 20% management fee is charged.
If individual investors participate in the new PoS equity economy, the following risks are worthy of in-depth consideration: the opportunity cost of mortgage tokens, the expected rate of return, the professional capabilities and commission collection of entrusted mortgage institutions, the professional knowledge and expertise required for self-built verification nodes cost.
The new PoS consensus encourages all token holders to participate in the consensus process and maintain network security, which is somewhat different from PoW.
3.3 "Quantitative" the security of PoS from an economic point of view
The security of the blockchain network is the basis of all its applications and performance indicators. The PoS consensus that introduces the "sword holder" mechanism should be able to provide security comparable to PoW. The concept of security is slightly different from the fault tolerance of the consensus mechanism. The fault tolerance of the consensus is usually a theoretical value derived through an algorithm, while network security is also affected by a series of factors such as the actual operation of the network, the economic model, and the scale of nodes. We I hope to find a quantifiable indicator to measure the security of the blockchain network.
From the perspective of economic benefits, if the benefits of attacking a system are higher than the cost of attacking it, then similar attacks are worth trying. On the contrary, if the cost of attacking a system is higher than the benefit that can be obtained, it is uneconomical for the attacker, and such a system is "economically secure". For example, the US-Mexico border wall, the drug trade, illegal immigration, and even human trafficking in the US-Mexico border area can bring huge profits, and the cost of breaking through the border wall (such as building tunnels) is not worth mentioning, so " "Border Wall" is an example of economic insecurity.
Modern cryptography is an example of an application that can keep personal data "economically secure". Even for symmetric encryption, which is widely used in daily life, its security is very high if human factors such as website database leaks and plaintext storage passwords are not considered. The cost of trying to crack an ordinary user's password is often higher than the value of the user's account itself. The asymmetric encryption technology based on the blockchain can resist the computing power attacks of all computers in the world.
In the PoW consensus, the security of the network is guaranteed by sufficient computing power, and nodes will only participate in mining if they have sufficient economic incentives, that is, the marginal cost of running a node is less than the marginal revenue. Since there is no penalty for malicious nodes in the PoW network, the maximum loss borne by malicious nodes is the possible block rewards. If the attacker launches a 51% attack, then it needs to master at least 51% of the computing power, and if the attacker wants to roll back the transaction before N blocks, assuming that the attacker has 60% of the computing power of the entire network, then only need to After 3N block heights, he can dig out an attack chain longer than the original chain, so his attack cost is about 60% of the total rewards of 3N blocks. Therefore, the attack cost of the PoW network can be quantified. We can estimate the security of the network through parameters such as the computing power of the entire network, the rental price of computing power, the manufacturing cost of mining machines, and the growth rate of network difficulty.
In the PoS consensus that includes the Slasher protocol, malicious nodes launching attacks will not only lose possible interest income, but also lose the mortgage deposit. The meaning of a block being confirmed by N% is: if the block does not become the final consensus, then the verifier will lose N% of the total deposit of the entire network. Assuming that in the PoS consensus blockchain, the attacker wants to launch a similar attack, then he needs to mortgage a certain proportion of tokens, which varies depending on the specific consensus algorithm. In the "chain"-based PoS consensus, it is generally necessary to mortgage 51% of the total tokens to launch a similar attack, and the attack cost paid is the same number of tokens, and a relatively small loss of interest income.
It is also difficult to obtain 51% of the circulating tokens. On the one hand, if the tokens are purchased through the secondary market, large-scale acquisitions will inevitably increase the price and increase the attack cost of the attacker; on the other hand, a considerable number of tokens are already in the mortgage lock-up period. Cosmos has mortgaged 73.9 million tokens, accounting for 39% of the total supply; Tezos has mortgaged 530 million tokens, accounting for 81% of the total supply; Decred has mortgaged 4.55 million tokens, 48% of the total supply. If the initial allocation of tokens is reasonable, it is very difficult for a single attacker to carry out a similar attack.
If the attacker in the PoW network only wants to rewrite the transactions in the last few blocks, he only needs to pay several times the cost of the block reward, which depends on the computing power he has, as long as the possible income exceeds his attack cost, then the network falls into an unsafe state. However, once an attacker in the PoS network has mastered 51% of the circulating tokens, the damage to network security will be permanent.
The PoW consensus introduces external resources to provide security for the network, and the value of this resource itself creates a certain threshold for attacks, while the PoS consensus relies on the value and punishment mechanism of the tokens in the network to prevent attacks. Proof of PoS rights and interests can guarantee the "economic security" not weaker than proof of work under the condition of reasonable initial distribution.
3.4 Monopolies and cartels
"Economic security" does not mean that the blockchain network is absolutely secure. On the one hand, there are "regardless of cost" attackers. If an attacker wants to destroy the blockchain network at any cost, regardless of human intervention (community forced rollback of the attack chain, etc.), currently no blockchain network can resist similar attacks. s attack. On the other hand, oligopoly is a problem faced by any economic form.
In the PoW network, there are problems of centralization of computing power and monopoly of mining machine manufacturers. On the one hand, people are worried that large mining pools will concentrate too much computing power, and on the other hand, they are also worried that specialized mining machine manufacturers will monopolize from the source with technology Production of mining machines. Due to the existence of economies of scale, operators who invest large-scale funds to manufacture mining machines or establish mining farms have lower costs than small and medium-sized operators, so they are more competitive in the PoW computing power competition model, and it is easier to form a monopoly.
Although the PoS consensus mechanism avoids the problems of centralization of computing power and mining machines, it also creates a new form of monopoly. Some nodes holding a large number of tokens may spontaneously organize into a validator alliance. They do not need to do anything that may confiscate their deposits. As long as their deposits exceed 51%, then it will have a negative impact on the governance and community on the chain. have absolute right to speak. Such alliances, if they have sufficient execution power, can refuse to include any transaction they do not wish to include. These potential monopolies may be early project investors, exchanges, or even the project itself. If a similar attack occurs, it can only rely on "community consensus" to force a fork. Therefore, for PoS projects, the initial distribution plan of the token and a certain degree of liquidity and market value are very important.
From the perspective of decentralization, PoS does not have obvious advantages over PoW.
3.5 Introduction to the Current Mainstream PoS Algorithms
Cosmos Network is an operable and scalable blockchain Internet based on the Tendermint consensus algorithm. Tendermint is a PoS adaptation of Practical Byzantine Fault Tolerance (pBFT). The network pseudo-randomly selects a node as a producer to release a block according to the amount of equity held by the node with a corresponding probability, but the confirmation and finality verification of the block is still completed through the pBFT algorithm.
Casper CBC is a PoS adapted version of the workload proof GHOST protocol. CCBC is a pure PoS consensus that pays more attention to economic security and prevents the emergence of cartel organizations by designing reasonable incentive and punishment rules."long range attack"The present and future of 4PoS
And other new problems, so more complex mechanisms have to be designed to ensure network security, which increases development costs and potential security vulnerabilities, and the development progress of large PoS networks is not as good as expected.
Note:
Due to some reasons, some nouns in this article are not very accurate, mainly such as: general certificate, digital certificate, digital currency, currency, token, crowdsale, etc. If readers have any questions, they can call or write to discuss together.
This article was originally created by TokenRoll Research Institute (ID: TokenRoll). Unauthorized reprinting is prohibited. For reprint, please reply to keywords in the background【Reprint】
