Proof of Stake and Tezos

PoW is Energy Inefficient

  • Bitcoin uses 73.12T Wh to maintain its network per year.
  • Which is 3.6B USD/y.
  • Equivalent with the electricity consumption of Austria.
  • Equivalent with the consumption of 6.7M households in US.

Risk of Centralization

Miners tend to concentrate:

  • PoW is less profitable in regions with higher electricity fee.
  • Concentration of mining powers, i.e. mining pools, makes PoW more efficient.

Centralization damages the network security.

Incentive Misalignment of PoW

Stakeholders and miners are largely different, and their incentives are different.

  • Most of the token owners are not miners,
    miners are not obliged to keep their positions in PoW.
  • Miners want to maximize their mining rewards. This may work against the interests of token owners.

Proof of Stake (PoS)

PoS: Another Solution to Sybil Attack:

Block mining right based not on computation power but on the stake (how much you have)
The past stake in the DB is fixed. Sybil attack is prevented.
Mining right is assigned only to long-term stakeholders.
51% attack is still possible, but you need to own half of the token supply for enough long.

PoS: Eco-Friendly + Decentralization

  • No competition of solving puzzles:
    Mining → “Baking”
  • No special hardware required:
  • No concentration for efficiency required.
Raspberry PI 3, 2watts
for Tezos
Antminer S9, 1350watts for Bitcoin

PoS: Aligned Incentives

Miners ⊂ Stakeholders

You have to hold your position long enough
to participate the consensus.

Mining right is delegatable.

You can participate the network by delegating your right to get some of rewards, not risking your stake.

Possible Attacks to PoS

Double spending by branching with past stake:

  • Nothing at stake attacks
  • Long range attacks

      💰︎ Exchange the stake with goods
    ⤴︎
→🎁→🎁→📦→📦→💢
  ↘︎ Branch using the past stake
   🎁→🎁→🎁→🎁→🎁→🎁 Make the above chain inactive

Tezos Consensus

Countermeasures against the attacks.

  • For nothing at stake attacks
    • Endorsement
    • Security deposit
  • For nothing at stake attack
    • Checkpoints

Endorsement

Based on Nakamoto Consensus with endorsement. For each block level \(i\), 32 endorsers are chosen:

  • Each endorse one block \(B_{ij}\) of \(B_{i1},..,B_{in}\) and sign.
  • Branches with more endorsements win.

\(.. → S_{n-1} \stackrel{👪\\B_{n}}→ S_{n}\stackrel{👪\\B_{n+1}}→ .. \stackrel{👪\\B_{n+6}}→ S_{n+6}\)👪

 \(\color{gray}{↘︎S'_{n-1} \underset{B'_{n}\\👿}→ S'_{n}\underset{B'_{n+1}\\👿}→ .. \underset{B'_{n+6}\\👿}→ S'_{n+6}\underset{B'_{n+7}\\👿}→ S'_{n+7}\underset{B'_{n+8}\\👿}→ S'_{n+8}}\)👿

The attacker must control much more accounts.

Security Deposit

Security deposit for mining and endorsement.

  • Branching attempt is punished by slashing the deposit and rewards.
    • Double minings/endorsements in the same level
  • Deposit is returned when reorg becomes impossible (15 days)

\(.. \stackrel{B_{n-1}}→ S_{n-1} \stackrel{B_{n}}→ S_{n} \stackrel{👿\\B_{n+1}}→ S_{n+1} \stackrel{B_{n+2}}→ ..\)
               ↕︎ Branching attempt by the same validator is punished.
         \(\underset{B'_{n+1}\\👿}↘︎ S'_{n+1} \underset{B'_{n+2}}→ ..\)

Checkpoints

Record block hashes \(H(B)\) periodically outside of the chain:

https://www.news.com
Tezos’s block hash at \(n\) is \(H(B_n)\), BKveMfA..

\(.. → S → .. → .. → .. \stackrel{👍\\B_n}→ S_n → .. → .. → .. → S\) 😊

      \(~~~~\color{gray}{\underset{👿}↘︎.. → .. → .. \underset{👎B'_n}→ S_n' → .. → .. → .. → S''}\)

PoS and Tezos

  • PoW has energy inefficiency and incentive unalignment
  • PoS: Mining right proportional to the stake against Sybil attack
    • Eco friendly
    • Incentive is aligned
  • Attack against PoS: Branching by past stake and solutions in Tezos (and other protocols):
    • Endorsements
    • Security deposit to prevent intentional branching
    • Checkpoints