Proof of Stake

CSC595/686-D: (The Real) Blockchain

by: burt rosenberg
at: university of miami

Lecture 8

Proof of Stake

The consensus protocols for blockchains have two components. One component solves the consensus problem as was classically presented: given a distributed system of computers, run a protocol at the end of which all right-thinking computers agree on a value, despite interference and misdirection from some small number of wrong-thinking computers.

In Bitcoin, the miners compete in a lottery to add to a blockchain, the miners agree that the longest chain is the consensus chain.

But that is not all, because miners might try to cheat the competition somehow, and therefore their entry into the lottery must cost work, the work to find the winning number in the lottery, and the miner must provide along with the solution a self-evident Proof of Work to attest to the work done finding the solution.

The system works but is expensive. The more the miners work, the harder the puzzles get in order to keep the blockchain growing at about 10 minutes a block. As miners are successful and they are paid, they take the money and buy more hardware, investing in specialized hardware, to advantage them in the lottery. So, in the end, equivalent to Proof of Work, miners are providing a Proof of Investment. The solved hash is indeed a proof of the many trials needed to find the solution, but that ends up being correlated to the money spent to enter the game with advantaged hardware.

New blockchains are addressing the high cost in Proof of Work, but going directly to the proof of investment, otherwise said "Proof of Stake". Proof of Stake consensus algorithms also have a Byzantine Agreement part, but the consensus protocol entitles a miner to mine by the miner providing Proof of Stake (an investment in the system), and the relative amounts of stake will give the miner a proportional right to add new blocks to the blockchain.

Tendermint was one of the earliest alt coins to use Proof of Stake. By providing a stake, a player in the Tendermint protocol becomes a Validator. The protocol goes in heights, each height is the adding of a block, and in each height, by several rounds — as many rounds as needed to get consensus.

Each Validator publishes it public key, and all statements between the Validators is signed.

Each round consists of these stages,

1. Proposal, a single Validator is entitled to propose a value;
2. Pre-vote, Validators choose between the proposed value and a locked value it might be holding, due to a previous round;
3. Pre-commit, a Validator can either vote for a value, if it sees a super-majority of pre-votes for that value, or vote to go on to the next stage (because it does not think a good value exists); and a Validator pre-commits to a value it also locks that value.
4. Commit, a Validator seeing a super-majority of pre-commits can commit the value; once having done so, it moves on the the next height;

The Validator that can propose is chosen using a cryptographic hash function, and rotates through all the Validators each round. This way, less than 1/3 of the Proposals will be faulty.

Once a Validator locks a value, having seen 2*f+1 votes, at least f+1 of those votes are from honest Validators, leaving only 2f Validators to propose another value. Hence no other value will be pre-voted unless the locked Validator also participates in the pre-vote for the new value. This can occur of the locked Validator decides to unlock, because it sees that the algorithm is not reaching consensus on the value it has locked. If the Validator has committed, then it is no longer in the rounds so the value committed must eventually be the consensus value.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

author: burton rosenberg
created: 18 mar 2019
update: 25 mar 2019