Proof of Work vs Proof of Stake

Consensus methods are one of the most debated subjects in the blockchain ecosystem. All blockchain consensus-building approaches are deemed effective if they are able to solve the popular Byzantine General’s Problem, a complex problem dealing with computer networking over an unreliable means of communication.

Proof of Work (PoW) became the first consensus mechanism to establish Byzantine Fault Tolerance for a blockchain. PoW is a battle-tested, researched and technically proven means of securing a blockchain, but it isn’t perfect. Many people doubt the sustainability of a PoW chain, due to the energy consumption and ASIC centralization. Currently, the Bitcoin Blockchain consumes roughly the same amount of electricity annually as the entire country of Chile.

Apart from the extortionate levels of energy the Bitcoin blockchain consumes, many worry that ASIC hardware manufacturing has become extremely centralized and that the large mining farms hold too much power over the network. Currently, more than 51% of hashrate in the Bitcoin network is provided by three large mining pools.

Why not Proof of Stake?

PoW consensus models are the core solution to the problem of trust in systems dealing with unknown adversaries and imperfect information distribution. So why can’t Proof of Stake (PoS) become the next king of consensus mechanisms?

The research dedicated to PoS is legitimate and for a good cause. PoS is considered faster, cheaper and efficient. However, the primary goal of blockchain protocols should NOT be efficiency in itself. Speed must come on the background of decentralization.

VISA and Mastercard are efficient. PayPal is efficient. Efficiency is something that we have already achieved. Decentralization, however, is still the goal and remains a moving target.

Defining what decentralization means and implementing it will create (and is creating) a spectrum of blockchain projects. At æternity, we believe that the ones that have the best chance to succeed will be those which consider the Bitcoin network the standard for decentralization and try to improve on it.

Moreover, there are a number of issues with PoS that might ultimately make it inferior to PoW consensus.

The “Rich Get Richer” Problem

In some of the most popular implementations of PoS, users are only allowed to participate in consensus building if they stake a certain amount of cryptocurrency. This number varies from protocol to protocol. The suggested amount in Ethereum is ~1000 ETH. That means that only users with ~1000 ETH (or $410 000 at current prices) will be able to mine and receive rewards.

This effectively divides users into two groups — those who can become richer by receiving network rewards and those whose ETH balances remain unchanged. In other words — “the rich get richer, the poor stay poor.”

Perhaps this is not that different from PoW, where only financially well-off users can engage in mining activities. However, the other issue with PoS is that the rich get proportionally richer. A large forger (miners in Ethereum’s PoS) will become richer than a small one, since they will earn a larger percent of each new block.

The “Nothing at Stake” Problem

In Proof of Stake, a validator could create infinite versions of the truth, and propose them as an addendum to the chain. This is known as the “Nothing at Stake” problem, wherein the validator could publish different things, vote on different blocks, and collect rewards regardless of whether they are voting for more than one thing at one time.

To address the “Nothing at Stake” problem, Ethereum’s Proof of Stake solution has enacted a repercussive punishment tool known as “Slasher” that slashes a validator’s stake if they misbehave, but this solution is not bulletproof.

Because of the way it is designed and implemented, Slasher could theoretically be forked away from the blockchain, and the vulnerability would persist on the forked chain.

“Long Range” Attacks (Weak Subjectivity)

These types of attacks refer to the “Nothing at Stake” problem above. In a protocol where an attacker can propose unlimited different versions of the present, they might also be able to create alternative pasts. By doing that they can effectively create “different chain realities”. Without getting into the details, this means that users who have not mined for a prolonged amount of time (depending on the protocol implementation of PoS, usually a certain number of blocks) cannot be sure if they are following the “right” chain. The same is true for validators who start forging blocks for the first time. They do not have a way of knowing which “chain reality” is the correct one. All PoS systems suffer from this flaw.

Assuming everything operated correctly on a Proof of Stake chain, it is also mathematically proven that it is impossible to find the true history of transactions without an additional source of trust. If there is always to be a source of trust needed for a blockchain, that dissolves the meaning of a blockchain in the first place.

What is æternity doing to solve the consensus issue?

Æternity is going about the consensus issue in a different manner. Instead of trying for the largely theoretical and untested Proof of Stake consensus model, æternity is using a modified Proof of Work consensus mechanism. As mentioned, Proof of Work comes with its own set of relevant issues, including massive energy consumption, hardware limitations, and decentralization issues imposed by mining farms.

To address this, æternity is using the Bitcoin-NG consensus algorithm paired with the Cuckoo Cycle hashing algorithm.

Bitcoin-NG is a new consensus algorithm. It can be based on Proof of Work and uses a chain of blocks with the most work done to resolve conflicts and reduce on-chain confirmation latency. The algorithm features a temporary leader that is elected randomly using Proof of Work. That leader confirms all the events that will happen until the next miner solves the crypto-puzzle, effectively verifying transactions in real-time.

Cuckoo Cycle is the algorithm used for Proof of Work. The algorithm is a more egalitarian means of Proof of Work that minimizes performance-per-dollar differences across hardware architectures and makes mining on commodity hardware cost-effective. This is to be achieved by making main memory latency a bottleneck since DRAM latencies have remained relatively stable while CPU-speed and memory bandwidth vary highly across hardware architecture and process technology.

Cuckoo Cycle is a novel graph-theoretic Proof of Work design that combines scalable memory requirements with instant verifiability. Also, it is the first design where the memory latency dominates the runtime. Barring any unforeseen memory-time trade-offs, it makes for a near-ideal memory bound Proof of Work whose cost-effectiveness on commodity hardware could greatly benefit decentralization of mining.

An interesting feature of Cuckoo Cycle is that it is not cost-effective to make ASICs. Nonetheless, ASICs are nearly impossible to avoid, so at some point in time an ASIC for Cuckoo Cycle will become available. What is great, however, is that even when that happens, hardware manufacturers will not have an advantage on creating ASICs over common users. No need for sophisticated GPUs and designs, no company or companies guarding the technology.

Thanks to Cuckoo Cycle, designing, creating and manufacturing ASICs (once they become available) will be much easier and open to anyone.

What does this mean?

Not only is the chain secured by Proof of Work consensus, but it is fast. When compared with Bitcoin’s 10-minute block times, æternity blockchain will have a quick 3-minute block time for Key blocks which provide overall verification of Micro blocks and a block time of around 3 seconds for Micro blocks which verify transactions. All this is enabled by Bitcoin-NG. On top of fast blocks, the blockchain is secured by a far more decentralized community of miners.