Proof-of-Stake (PoS)

From CryptoWiki

(Redirected from Proof-of-Stake)

Basics

  • For a history on PoS, check here (14-9-2020).
  • First implemented by PeerCoin and Nxt in 2012 and 2013 respectively.
  • In general, a proof-of-stake algorithm looks as follows. There exists some set of coin holders that place their coins into a proof-of-stake mechanism and thereby become validators. Given a particular blockchain "head" (ie. the latest block in a blockchain), the algorithm randomly selects one of these validators (the randomness being weighted by deposit size, so a validator with 10000 coins has 10x the chance of a validator with 1000 coins) and assigns to them the right to create the next block. If that validator does not create a block within some period of time, then a secondary validator is selected that can create the block instead. Just like in proof-of-work, the "longest chain" is considered to be the canonical one.
  • From the Polkadot wiki (7-5-2021):

"Proof of Work (PoW) and Proof of Stake (PoS) have been inaccurately used as short hand to refer to consensus mechanisms of blockchains, but that does not capture the full picture. PoW is the method for agreeing on a block author and part of the fuller Nakamoto consensus that also encompasses a chain selection algorithm (longest chain rule in Bitcoin). Similarly, PoS is a set of rules for selecting the validator set and does not specify a chain selection rule or how a chain might reach finality. PoS algorithms have traditionally been paired with an algorithm for coming to Byzantine agreement between nodes."

  • Note that there are many deviations from this model. In earlier Peercoin-style algorithms, a different validator was assigned block creation rights every second. Sometimes, there is no explicit mechanism for "becoming a validator"; every coin holder is a potential validator, though if a coin holder is offline or uninterested in validating then they may well "skip their turn". In some algorithms, there is no notion of validator selection; instead, a traditional Byzantine-fault-tolerant consensus algorithm is used to get all validators to agree on the next block. The seed for the pseudorandom algorithm that chooses the next validator can also be chosen in different ways. However, the principle of using coins, deposited or otherwise, as a substitute for miners is invariably there.
  • Besides forging new blocks, some protocols also give Stakers the power to participate in governance of the protocol, according to their amount of staked coins. A bit more on that here.
  • Staking Stablecoins:

"So while (6-8-2019) you can’t actually “Stake” stablecoins by the proper definition, you can lock them up and earn interest on them in a very low risk high APR way.

Well known Proof of Stake projects

  • As of 9-2020 there are many proof of stake protocols around, most of them are so called 'ETH-killers', due to them being smart contract protocols and trying to take market share away from Ethereum while it is still developing ETH2.0 which supposedly solves its scaling issue and involves PoS Sharding. Some of these well known PoS competitors are: Cardano, Tezos, Polkadot, Cosmos and Algorand. Each having different variants of PoS consensus mechanisms.
  • Besides smart contract L1 protocols, there are now also plenty of network layer and L2 projects that use PoS. Some examples are StaFi, Skale, Ren and many others.

Liquid Staking

"Proof-of-Stake is becoming the prevalent way of securing decentralized networks. Proof-of-Stake has many advantages over the battle-tested Proof-of-Work, including faster block times and finality, lower operational costs, higher throughput, and a lower ecological impact. As a result, the vast majority of new blockchains rely on Proof-of-Stake for their security. In Proof-of-Stake networks, virtual assets are used as collateral to determine participants (“validators”) in the consensus process (“staking”). Since these assets serve to incentivize and enforce the correct behavior of validators, protocols may need to be able to confiscate or destroy them in case of misbehavior. So, Proof-of-Stake protocols escrow staked assets, which prevents them from being transferred or used in decentralized finance applications. Also, a delay ("unbonding period") is often enforced by protocols when one wants to stop participating to recover staked assets. Such restrictions impose economic costs on the holders of staked assets. As a consequence, solutions to circumvent the limitations on staked assets are being developed. Centralized exchanges can easily circumvent these limitations by pooling assets and allowing off-chain agreements to encumber these assets without relying on on-chain enforcement. A burgeoning field has arisen under the moniker of liquid staking, which is seeking to tokenize staked assets to remove restrictions on staked assets and to increase possibilities of how they can be used."

Differences with Liquidity Providing

"Staking is a slightly ambiguous term that can mean both things. In short, "staking" means locking up your assets in a smart contract. Generally, you stake your tokens in order to generate interest (yield) or to vote for the governance of a protocol.

Liquidity Providers "stake" their assets into pools in order to collect fees from the trades made by other users on the network.

Stakers earn fees primarily through block rewards, and are not necessarily exposed to market risks.

Liquidity providers earn returns from fees, proportional to the amount they stake. If you stake 100 tokens in an exchange pool that has a total of 1,000 tokens, you will own a 10% share of that pool. If an exchange charges a 0.3% fee to make a trade, you will collect 10% of that 0.3% fee. So, if a $10,000 trade is made, you will earn $3. LPs are exposed to market risks, and a large divergence in asset value can cause a loss of overall funds."

The Benefits:

- No need to consume large quantities of electricity in order to secure a blockchain.

- Because of the lack of high electricity consumption, there is not as much need to issue as many new coins in order to motivate participants to keep participating in the network. It may theoretically even be possible to have negative net issuance, where a portion of transaction fees is "burned" and so the supply goes down over time.

- Possibly reduced vulnerability to selfish-mining attacks through "co-operative game theory", though proof of work can also do this to some extent.

- Reduced centralization risks, as economies of scale are much less of an issue. $10 million of coins will get you exactly 10 times higher returns than $1 million of coins, without any additional disproportionate gains because at the higher level you can afford better mass-production equipment.

- Ability to use economic penalties to make various forms of 51% attacks vastly more expensive to carry out than proof of work - to paraphrase Vlad Zamfir, "it's as though your ASIC farm burned down if you participated in a 51% attack".

"Like PoW, PoS solves the Byzantine Generals Problem - albeit through a different means. It empowers the distributed and un-coordinated Generals to come to an agreement despite communication not being instantaneous and with potentially contradictory signals being sent:

  • The Generals become validators by depositing their assets
  • The pre-set algorithm selects a General to become a validator for the next block, which the General creates
  • Another General is subsequently chosen to become a validator and references/builds upon the previous block to form a growing chain. As a result it becomes clear which chain most Generals are contributing to
  • The Generals know how quickly each block takes to be created under the PoS consensus algorithm and so after a period of time will be able to know if enough of the other Generals are working on the same chain to be able to make a successful attack

This solves the Byzantine Generals Problem in a more efficient and environmentally friendly manner, eradicating the high energy and hardware costs associated with PoW. Through doing so it also removes the economies of scale the largest miners in PoW profit from. PoS gives all users an equal chance, proportional to their holdings, to receive a reward. As PoS allows small stakes the same participation rights as the largest, it should lead to a more decentralized network.

Furthermore, PoS ties validators to the network by incentivizing them. Whereas miners may mine Bitcoin and immediately dispose of it, or switch to mining something more profitable, PoS ensures that validators lock their funds up for a set period of time for the use of the network. Additionally, dishonest actions put their stake in jeopardy. This further allies a validator to the network they are securing."

"..let’s reflect on why staking matters. Seeing as we’re largely operating in a distributed ecosystem where influence is spread across a global scale, staking provides:

  1. Security - The more capital staked in any given product or service, the more secure it becomes due to a larger amount of capital needed to game the system.
  2. Scalability - While Proof-of-Work has served as a solid foundation, it’s largely recognized that Proof-of-Stake will drastically increase throughput, further increasing the opportunity for any public blockchain-based application to reach a mainstream audience.
  3. Decentralization - Staking is inherently permissionless, meaning that you don’t have to *ask* anyone to stake your assets. While we are likely to see large providers aggregate a significant majority of staked capital, the notion that anyone can contribute to the validation of a network is pretty powerful.
  4. Accessibility - With staking, rewards become accessible to non-technical users. As tools continue to advance, it’s likely the staking will become easier to navigate for beginners.
  5. Novelty - Different products can leverage unique schemas to incentivize their community to participate. At the end of the day, staking is the clearest illustration of putting skin in the game."

Pros and Cons according to Delphi Digital

"Benefits 

  1. Much more energy efficient than PoW mining 
  2. No need for specialized ASIC hardware in order to participate in running the network 
  3. Penalties for not following the protocol can be established where bad actors have their stake slashed 
  4. Should improve network decentralization

ETH locked up for staking should reduce velocity to a degree Enables ETH to be a yield producing asset if staked 

Concerns 

  1. Unproven/limited track record relative to PoW 
  2. Network security driven by the value of ETH where a price trending lower could spark a negative feedback loop 
  3. Risk in the transition from PoW to PoS; Ethereum needs to upgrade to an entirely new consensus algorithm 
  4. "Unfair" economic model; allocate new funds in proportion to existing holdings 
  5. Discouragement attacks"

Critiques on PoS

"Proof-of-stake is incredibly popular in the altcoin world. It's almost unconditionally popular. It falls back to traditional byzantine fault tolerance models. In proof-of-stake, you see 51% assumptions. Normally things fall away from incentive compatibility. I'm just going to say there's many issues.

In 2012 and 2013 a lot of bitcoin developers did a deeper dive into proof-of-stake and identified a bunch of issues that transcend any particular issues. Like holding on to your keys after you spend your coins, that's a fundamental issue. Andrew wrote two papers about the fundamental challenges with proof-of-stake. I think it's fair to say since 2013 none of those issues have been addressed by proof-of-stake proposals.

Unfortunately, there are so many ways to approach proof-of-stake paradigms that it's hard to talk through because once you dismantle any implementation everyone is like "well yeah that was the broken one". At some point, I hope there's a proof-of-stake implementation that everyone likes and we can attack it directly. But it's just too much.

https://download.wpsoftware.net/bitcoin/pos.pdf

https://download.wpsoftware.net/bitcoin/alts.pdf

https://download.wpsoftware.net/bitcoin/asic-faq.pdf "

"Firstly, although PoS is theoretically more democratic (as it gives all users an equal chance to participate, and avoids economies-of-scale issues that PoW suffers from) it will suffer from the same issue – decentralized networks edging towards centralization. The biggest holders will receive the most rewards, and therefore grow larger, creating a vicious cycle in which the big get bigger and the small get increasingly diluted.

As these large interests accumulate, it is likely they will then begin to collude rather than compete. This may lead to these owners making changes that benefit them over the needs of others. Because your funds are “locked” when staked, it is likely that only a minority of network users will participate in staking and thus receive rewards, this accumulation of power could be pronounced. This lack of participation also means that a 51% attack on the network only requires a malicious actor to possess 51% of the amount being staked, not the total supply.

Proponents argue that the network could be forked in the event of an attack, and the attacker’s staked amount destroyed. The idea is that unlike PoW (where an attacker need solely buy enough mining equipment to take over the network and could redirect said equipment to another PoW system after the attack), with PoS an attacker would have to buy 51% of the total staked supply every attack. However, this relies heavily on an attacker not having the resources or the determination to be willing to make these sacrifices, and that the forked network could survive the loss of confidence an attack would bring.

Many PoS networks also require validators to possess a minimum (usually significant) amount of the asset to be able to stake. As the majority of users will not possess enough, staking pools will spring up as mining pools did before them, leading to further centralization.

PoS is also potentially vulnerable to the ‘nothing at stake’ problem, where validators have nothing to lose by voting for multiple forks of the network. Through this, a validator would gain stakes in two chains. The value retained by the Bitcoin and Ethereum forks Bitcoin Cash and Ethereum Classic highlights the motivation to do this. Whereas a miner on a PoW system such as Bitcoin could only dedicate 100% of their resources to one network at a time, PoS enables validators to easily validate both chains.

PoS remains in relative infancy, but project teams have already begun to try improving upon it, merging the good parts of PoS (energy efficiency, allying users to the network) with other means of achieving consensus."

"Staking tokens today are making a step towards providing nuance. Staking tokens allow people to have different weights in their voting. Someone holding more staking tokens can have more votes or more influential votes than someone with fewer staking tokens. In some systems, such as Augur, this can make a lot of sense. Staking tokens are held by experts who can decide how much to stake on a particular decision, and their return on the stake depends on the correctness of their prediction. In a system where tokens can be earned but not bought, this makes sense.

However, in a system where tokens can be purchased, someone with a bad reputation could hold more tokens than someone with a good reputation. Steem is fundamentally flawed in this way. There’s no differentiation between tokens purchased and tokens earned. Furthermore, there’s no cumulative measure of tokens earned; just tokens held."

"While staking models has become quite commonplace in many crypto-economic systems, almost all of them rely on the notion of issuing rewards in the protocol’s native asset.
This inherently limits value-accrual narratives as parties such as validators will ultimately need to liquidate their rewards to cover expenses at some point in time, creating an immense amount of sell pressure within largely illiquid assets and nascent ecosystems.
Instead, let’s consider schemas which:

  1. Offer rewards in an exogenous asset (ETH, BTC, DAI, etc.)
  2. Are not reliant on the native asset for rewarding work
  3. Establish clear-cut value accrual mechanisms to mitigate sell pressure"

The post does go on to say there are a bunch of projects (like 0x and REN) that have utilized this,

Possible attacks on PoS

"Ethereum is not the first protocol to attempt to use proof of stake (PoS) as a consensus method. Peercoin implemented PoS in 2013 and other projects implemented their own versions of PoS not too long after (PIVXReddcoin, etc). These projects hoped that PoS would eliminate the problems associated with energy intensive mining while maintaining the high levels of security and decentralization required of a cryptocurrency network.

The PoS community was enthusiastic about their new consensus method, but skeptics were quick to cite two theoretical security issues facing PoS; the long range attack and the nothing at stake problem.

What is the Stake in Proof of Stake?

When I first learned about proof of stake, I thought that “stake” referred to the security deposits that validators (aka PoS miners) had to submit before they were allowed to propose and validate blocks. This is true for Ethereum’s planned PoS upgrade, but the first blockchain projects implementing PoS did not require a security deposit.

In early versions of PoS, you only needed to own tokens in order to be eligible to be a validator (aka PoS miner). Holding tokens in your wallet was your stake. If validators attacked the network, nothing happened to their “staked” coins.

If No Security Deposit, Why Call It Stake?

So here is why they still call it stake. The idea was that if you owned a PoS network’s token, you had an interest in the success of that network. The more of the token you owned, the more you had “at stake” if the network was attacked. This is because, if the network was successfully attacked, the value of your tokens was likely to significantly drop.

Under this logic, it made sense to grant validation rights proportional to the amount of stake you had in the network. For instance, if your staked tokens represent 10% of all tokens that are collectively staked by validators, you can expect to propose and validate ~ 10% of all blocks. With 10% stake, you are allowed to have more influence over the network compared to people with less stake because, theoretically, you have more to lose if you disrupt the network."

Has it happened and what is ETH doing to prevent it

Nothing at Stake

  • From this blog (2018):

"The nothing at stake theory is the assumption that in early versions of PoS, every validator will build on every fork when a fork takes place. After researching for any evidence or even mention of the nothing at stake problem actually occurring, I could not find anything. Either way, Ethereum’s Casper aims to take the potential of the nothing at stake theory seriously. In order to reduce the likelihood that validators builds on all forks, validators will be penalized by losing a portion or all of their security deposit. It seems likely that penalizing validators through security deposits will keep this theory an impossibility."

Centralisation Over Time

"In proof of stake, if you have some coin you can stake that coin and get more of that coin. In proof of work, you can always earn more coins, but you need some outside resource to do so. Hence, one could argue that over the long term, proof of stake coin distributions risk becoming more and more concentrated.

The main response to this that I see is simply that in PoS, the rewards in general (and hence validator revenues) will be quite low; in eth2, we are expecting annual validator rewards to equal ~0.5-2% of the total ETH supply. And the more validators are staking, the lower interest rates get. Hence, it would likely take over a century for the level of concentration to double, and on such time scales other pressures (people wanting to spend their money, distributing their money to charity or among their children, etc.) are likely to dominate."

Weak Subjectivity

"See here for the original intro to the concept of "weak subjectivity". Essentially, the first time a node comes online, and any subsequent time a node comes online after being offline for a very long duration (ie. multiple months), that node must find some third-party source to determine the correct head of the chain. This could be their friend, it could be exchanges and block explorer sites, the client developers themselves, or many other actors. PoW does not have this requirement.

However, arguably this is a very weak requirement; in fact, users need to trust client developers and/or "the community" to about this extent already. At the very least, users need to trust someone (usually client developers) to tell them what the protocol is and what any updates to the protocol have been. This is unavoidable in any software application. Hence, the marginal additional trust requirement that PoS imposes is still quite low."

Verus's sollutions

"Removing any incentive to attempt cheating, making it a losing proposition. This, combined with a new “Chain Power” rule which will replace “Chain Work”, presents the PoW+PoS blockchain."