You need to know: Proof of Stake – what it is in simple words. Proof-of-Work and Proof-of-Stake: comparison

Proof of Stake is one of the two most common consensus algorithms in cryptocurrency systems. It is based on a special mechanism for proving work done.

The essence of the Proof of Stake algorithm

Proof of Stake (PoS) is a type of alternative consensus mechanism that was first implemented in the PPCoin platform in 2012. Today this project is known to users as PeerCoin. How Proof of Stake works is that the “share”, or Stake, is used as a resource that determines the node that will receive the right to receive the next block during mining.

When used at work PoS nodes perform hashing of information when searching for results that are less than a specified value. Moreover, the degree of complexity in each case is proportionally distributed and corresponds to the balance of a particular node. In other words, Proof of Stake algorithm takes into account the number of coins in your account. This indicates the possibility of generating subsequent blocks by the node with a larger balance. The definition of PoS as a work scheme for mining attracts users with a small amount system requirements, and also eliminates the possibility of wasting computing resources.

What is remarkable about the Proof of Stake algorithm?

Term Proof of Stake, translated from in English“proof of stake” means a special mechanism by which various digital currencies are agreed upon. The PoS definition is an alternative to the Proof of Work algorithm that is used in the Bitcoin platform. When considering the topic, what is Proof of Stake, it must be said that the main trump cards in the game for this algorithm are the absence of large expenses for performing calculations, as well as low throughput to be able to receive rewards for mining blocks.

How does Proof of Stake work?

The basis of the algorithm Proof of Stake storage of all completed transactions in Bitcoin and other altcoins is planned in a distributed database on the blockchain. The name of the blockchain itself appeared due to the system’s ability to collect transactions into special blocks, each of which refers to the previous one, connecting like a chain. Moreover, each node participating in the network has its own copy of the blockchain.

Synchronization of system nodes running on PoS, carried out through a peer-to-peer P2P network. Thanks to Proof of Stake implementation of cryptocurrency is ensured in conditions of high security and confidentiality in order to avoid hacker attacks and actions of fraudsters.

A system using the Proof of Stake method is usually based on the principles of decentralized governance in the absence of a single center, which does not allow fraudsters to know exactly which version of the blockchain is the true one. This is only possible with the use of very large computing power, which does not justify the potential benefits if successful.

The Bitcoin network is organized in such a way that ensuring effective security requires physically rare resources, represented by specialized equipment and significant energy resources. Such requirements make Bitcoin less efficient. PoS mining provides real opportunities for users to receive rewards from mining blocks when using available capacities and other resources. The features of Proof of Stake are that instead of using large computing power to successfully mine crypto, the user only needs to have a large share in the system itself, which guarantees receiving a fair reward for calculations with a probability directly proportional to the size of the share.

If you explain what is Proof of Stake, in simple words, then the definition of the principle of operation of the algorithm can be given as follows: the larger your share in the system, the more likely your mining will be successful, which affects the profitability of the event. The same applies to security, since Proof of Stake is not only mining, but also the safety of assets. If you have a decent amount of tokens stored in your system, then you will be the first to be interested in the absence of the possibility of hackers invading to steal your hard-earned money. In addition, to be able to attack, the fraudster must become the owner of an impressive share, which entails very high costs given the popularity of the network.

How is PoS different from PoW?

Delving deeper into the topic, what is Proof of Stake (PoS), it would be useful to conduct a comparative analysis of it with a competitor and another leader - Proof of Work algorithm. PoW-based cryptocurrencies are characterized by double spending. At the same time, this expenditure decreases with the growth of the volume of transactions performed on the network and depends on the computing power that hackers have at their disposal. To minimize the risk of double spending, users expect a specific number of transaction confirmations, and also use additional protection mechanisms to reduce risks.

Common types of attacks for the two algorithms are denial of service, or DoS, Sybil attack, or Sybil attack. The first is characterized by interruption normal operation network by overloading nodes. This often involves multiple transactions of very low value. The second of these attacks disrupts the system by creating multiple nodes that do not function correctly.

The degree of risk in these attacks depends on both the type of network negotiation and the granularity of the protocol. On this moment properties that could reduce the sensitivity of the PoS algorithm to attacks compared to PoW do not exist.

There is another type of attack called Selfish mining, or selfish mining. To use it, the fraudster publishes blocks selectively, which provokes a waste of power of other network users. Since PoS matching does not involve expensive resources in the block creation process, this technique is not effective for the algorithm. There is also no official confirmation of the effectiveness of Selfish mining for PoW.

The degree of risk in PoW negotiation can be predicted because the overall hashing power of the system can be taken into account. PoS is not characterized by the presence of a “health condition”, which is manifested in the following:

• with an even distribution of cryptocurrency between participants, attacks based on network forks are possible;
• If there are large shares of users, there is a possibility of network disruption by applying censorship to transactions.

Pros and cons of Proof of Stake

Application Proof algorithm of Stake provides the user with both advantages and disadvantages of operation. Among the advantages of PoS it is necessary to note:

• necessity large volumes assets for organizing an effective attack, which makes it economically unprofitable;
• if a hacker has a significant number of coins in the system, his funds are also at risk, since this violates the stability of the crypt.

Disadvantages of Proof of Stake are manifested in the following:

• the algorithm promotes the concentration of large volumes of assets in the hands of one participant, which contradicts the principles of decentralized management;
• when forming a user group with an impressive number of assets, there is a possibility that it will dictate its own rules of the game.

From the list of problems it is also worth highlighting Nothing-at-Stake, or an empty stake - it reduces the apparent stability of Proof of Stake and contributes to a drop in the algorithm’s rating among network users. A hacker can create a false fork by spending imaginary resources. If this activity is supported by other participants, this may result in double spending of assets and rejection of specific transactions.

• Translation

We continue to translate cool articles from the Bytecoin.org website. Today - “Alternatives for Proof of Work, Part 1: Proof of Stake” by Ray Patterson.
Also read the translation " Brief history evolution of proof-of-work in cryptocurrencies": and .

Criticism of Proof of Work

As we all remember, Proof of Work was born back in 1993 in a family of cryptographers; his parents predicted a career for him as an anti-DoS and anti-spam defender. However, in 2008, he received a tempting offer from an anonymous person with a Japanese accent: to become the basis for a distributed timestamp server. The scheme seemed simple: network nodes “vote” for their version of the transaction history, investing their power in calculating “rare” hashes. The version that receives the most votes is accepted by other nodes as the reference version.

An important point was to ensure a large total network capacity: to protect against a potential attacker with his potential 51% of resources. However, the original concept of PoW involved small tasks that the client must complete in order to gain access to the server's resources. Within the framework of this DoS protection model, even small client capacities will not interfere with the fair use of the resource, and large ones were simply not required. Therefore, the motivation for the work of miners was realized simply: “in kind”, bitcoins, i.e. actually money.

And that changed everything. In the world of cryptocurrencies, PoW has become a monster, devouring electricity in the race for mining profitability. Serious claims appeared around 2012, when the total power of the Bitcoin network “overtook” the most powerful supercomputer in the world in terms of performance. “A waste of energy!” - screams were heard from all sides. The timid protests of defenders regarding protection from a 51% attack and the energy appetite of bank terminals were ignored, fortunately, the first alternative was already on the horizon - Proof of Stake.

Proof of Stake

It came to light as an idea in one of the posts on bitcointalk back in 2011. The first implementation was released a year later, in 2012, in the PPCoin cryptocurrency (now called PeerCoin). Subsequently, similar protocols appeared in other projects, more on them later.

PoS has different incarnations, but one common idea: a limited resource that needs to be voted on can be found not only in outside world(burnt iron and electricity), but inside the system itself are the digital coins themselves. Owners of coins - holders (stakeholders) - do not spend them during voting, of course, but block them for a while, and this is how limitation is achieved. Obviously, although the computer must be turned on for mining, it does not need to do any serious calculations.

How does PPCoin work?

So, the miner’s resource is his coins (unspent, of course). More precisely, unspent transaction outputs, each of which corresponds to a certain number of coins. Mining occurs as follows:

1. We select your output, which was received at least 30 days ago.
2. We form a Kernel structure, which includes: deterministic data from the output (time of the block in which it appeared, its number inside the block, etc.), current time etc. nStakeModifier (periodically recalculated block of pseudo-random bits).
3. We hash the Kernel and compare the resulting value with the current goal, which depends on the current complexity of the network (higher complexity - lower goal), the “age” of the output (higher age - higher goal) and its amount (more coins - higher goal).
4. If the hash turns out to be greater than the target, we return to step 1 and take the next output.
5. If the output turned out to be “successful”, we spend it in a coinbase transaction (sending it to ourselves), add the reward for the block and commissions from the included transactions and sign the entire block with the key that was associated with the spent output.
6. Voila, the block is ready. Let's start looking for the next one.

Notes:

• Block verification is deterministic: the current time is taken from the block header, the output data is taken from the blockchain, nStakeModifier is also uniquely calculated for each block.
• The output must be “old” so that an attacker cannot, by transferring money between their wallets, get a “good” output that immediately allows them to find the block.
• nStakeModifier is calculated based on the latest blocks and is therefore unpredictable. This makes mining even more unpredictable (and more resistant to possible attacks).
• The current Timestamp in step 2 can vary within wide limits: plus or minus an hour. Therefore, in fact, for each output, you can check 7200 hashes, and not just one.
• The “age” goal multiplier is limited to 90 days. Otherwise, an attacker could, with only a few VERY old coins, generate several blocks in a row with a high probability.

In essence, the PoS mining process is the same lottery as in PoW. However, you don’t need to “pay” for a ticket with your power: the search for options occurs in a very limited space of your own outputs and does not depend on the speed of the CPU. Your chances are only affected by your total number of coins and the current network difficulty.

Thanks to this we get the following profit:

1. Let's save energy. There is no arguing here, although for PoW you can use “ useful work"(see Primecoin) or ASIC-resistant functions (Cuckoo Cycle, CryptoNigh, Ethash etc.), which would limit the mining area to personal PCs.
2. No endless “arms race”: now the total hashrate is limited not by Moore’s rule and the laws of thermodynamics, but by the total number of coins in the wallets of participants. On the other hand, in such a model it is difficult to understand whether a large percentage of resources are in honest hands?
3. The attack becomes more expensive. If I want to buy 51% of the coins, the market will react with a rapid rise in price. Besides, what is the point of attacking a network if all my resources are invested in the virtual coins of this network?

Everything seems great: we have actually replaced physical work some kind of virtual resource. But isn't that exactly where the problem lies?

Criticism of Proof of Stake

Answer the question: how much is the money spent? If someone approaches you and offers to buy private keys from you, from which you have already spent all the money, what price will you agree on? Since these keys are no longer worth anything and no one needs them, I assume that any offer will suit you: it’s money out of nothing!

Now imagine that for some moment X in the past it turns out that 50% (or more) of all coins were on the keys purchased by the attacker now. For simplicity, we can assume that moment X is the time immediately after the creation of the second block, and someone bought the keys of both blocks, i.e. If he had returned to the past, he would have owned 100% of the entire money supply.

In fact, he doesn't need to physically go back in time. From now on, he can “rewrite the entire history of the blockchain” by mining with these old coins! Moreover, receiving a reward for each new block, and increasing your capital. He doesn't even have to create transactions (although he can just transfer money to himself).

At some point, its alternative chain will catch up with the real one and even surpass it in the number of blocks. The entire network will switch to it, because there are no syntactic differences between them. But the main difference will be that in one of them more than half of the coins will still belong to the attacker. This is how, by selling “dead souls”, you can easily lose the “living ones”.

Such a specific attack, of course, can be fought. PeerCoin, for example, uses the practice of regular checkpoints: blocks signed with the developer’s key, “deeper” than which it is prohibited to rebuild the blockchain. But this is a private solution that does not eliminate more common problem– Nothing on stake.

The problem is that mining—voting—costs nothing and does not require any physical effort. If, for example, at some point two blocks appear at the same height (chain fork), then both versions of the chain can be mined simultaneously. With PoW, this is impossible in principle for obvious reasons: every verified hash of chain A is an unverified hash of chain B. PoS, on the other hand, allows you to search through all “parallel worlds” at once, and at any height (i.e., including past).

In PoS it is much easier for you to carry out a double-spend attack. It is enough to always mine two versions of the following block: one with a transaction transferring your money to the seller (who does not wait for N confirmations), and the other with a transfer transferring it to you. If it happens that you find both blocks, then you send the first one to the seller (and receive your goods), and the second one to everyone else. With a high probability, the second version of the chain will be continued, and the money will return to you.

The problem with PoS is that it benefits you to mine several alternative branches at once. You can simply do it for free, with a non-zero chance of success, which means you increase your expected income. PoW does not allow you to do such pranks, and therefore you only mine in one branch (which is your choice). As a result, in the PoW model, consensus is reached sooner or later, but in pure PoS it is no longer possible to predict convergence.

If you are interested in this problem, then details can be found

To be honest, I didn’t see anything close to practical implementations in the comments.
There are currently two main currencies that support PoS: Novacoin and PeerCoin.

The first is deflationary, the second is inflationary, but the differences from each other do not end there. This does not apply to this issue, so they suggest searching the Internet specifically for these currencies. I know Novacoin more and can tell you more about its implementation of a hybrid architecture.

When the currency was launched, coins were first mined only using PoW, so that there would be no situation where the developer initially had money and allegedly distributed it to whomever he wanted. The first coins were mined “the old fashioned way” with video cards. When the first coins matured up to 30 days, PoS mining was already connected. The main emission and transactions are carried out through PoS for energy efficiency and, in my opinion (developers’ opinions may differ), so that the coins go not so much to PoW miners, who immediately dump coins on exchanges, but to PoS miners interested in the development of the currency, who keep their money in Novacoin. for one PoW block (regular mining power) there are 3 PoS blocks. The hybrid approach is used not only to release the first coins, but also to improve security. Bitcoin and other PoW systems are vulnerable to a 51% PoW attack: someone who gains control of most of the power can attack the network with a double spread, etc. The situation is similar in a pure PoS system: although it looks somewhat unlikely, but if it is found in clean system If a person has gained control over 51% of the entire currency, then theoretically he can also attack. Hybrid architecture radically changes these situations: theoretically, in order to attack a network, you must simultaneously own power and money, which sounds impossible in an established currency. In addition to security, a huge advantage is the energy efficiency of such a currency: most transactions are carried out using PoS mining, which does not require spending on mining equipment and electricity: a regular wallet with coins running in the background is enough.
Novacoin’s self-regulation is designed in such a way that mining in an established currency ceases to be a means of enriching the rich: the difficulty increases, and if it grows, the reward for the block falls. Restrictions on the reward from above (currently 10 coins) create a leveling factor: 100 coins or 1000 at the entrance will not make more than 10 coins at a time. In general, the system is not as simple and stupid as described in the comments above. At the same time, there is no situation, as in Bitcoin, when mining is really beneficial only to wealthy equipment manufacturers, owners of pools and owners of mining data centers that appear in China and Sweden.

Anyone familiar enough with Bitcoin probably understands that it is a revolutionary achievement created by a legendary, forward-looking individual or group of individuals. At first glance, this is a revolutionary technology that allows you to send money without the participation of any central authority. You don't need someone to issue your money, it just exists - kind of like gold.

However, anyone who has had the time to look a little deeper into Bitcoin's design will have noticed that the technology goes far beyond money. The bottom line is that Bitcoin is the first decentralized database in history, and value transfer is one of the many natural uses for Bitcoin.

But the blockchain can store a much wider range of data. Projects like Counterparty, Tether and Mastercoin leverage the decentralized nature of the Bitcoin blockchain for a wide range of financial transactions, including trading and crowdfunding.

Second-generation crypto platforms, such as NXT, Ethereum, Bitshares, offer functionality that goes far beyond financial transactions. This functionality is integrated into the core of the system, rather than built on top of it. The second generation of crypto platforms emphasizes the central nature of the distributed database of the blockchain. The main idea behind the blockchain is to create a decentralized database, the operation of which cannot be disrupted by any individual market player, and which is used to store arbitrary data.

This article offers a short introductory description existing methods creating and securing such databases, without going into technical details and focusing on the big picture.

Decentralized blockchain database

Let's take a constructive approach. So, we need a decentralized database that can be accessed and modified by all nodes participating in the network. The database must be consistent (all nodes see exactly the same version of the database), accessible (nodes can write to and read from the database at any time), and partition-resistant (if one node goes down, it does not affect the database in any way). database). However, according to the CAP theorem, such a database cannot exist. You can achieve two of the three properties, but not all at once. We can't combine availability or partition tolerance, so we'll have to live with the fact that different nodes may see from time to time different versions blockchain, usually called forks.

But we still need to find some kind of recipe to restore the consistency of the entire system, so that all system nodes have a single version of the blockchain. This is where the beauty of blockchain begins. A decentralized blockchain is not just a random database; all records are formed into blocks and organized in a linear order. Each next block, is known to reference its predecessor. Nodes must have some power to be able to add records to the database, while the writing process of the database itself must use certain resources to keep the nodes running. By forcing nodes to “pay” something for the opportunity to write to the database, we achieve two goals at once: protection from spam nodes that pollute the network, and - at the same time - solving the problem of choosing the “right” database, in case of doubt. As you know, preference is given to a database with a large number of blocks. In theory, more resources were spent on building such a database, and accordingly, it will be considered correct.

In addition to all of the above, we need to protect the network from centralization, which may arise if a single node has resources that significantly exceed the resources of the rest of the network. After all, if such a maximally efficient node appears, it can actually determine what can be stored in the database and what cannot.

To summarize, the process of building a database looks like this:
— nodes send their data to a decentralized network for further processing;
— nodes generate data to be added to blocks and try to add already generated blocks to the database;
— the database with the largest number of blocks is considered “correct”; all nodes refer to it when adding new blocks.

Now let’s look at exactly what “resources” can be used to make the process of writing to the blockchain “complicated”, so much so that one node will not be able to control the network unless its resources exceed the total resources of the rest of the network.

Blockchain Security

Since we are dealing with computer networks, our choice of "resource" is relatively obvious - computer power in its purest form. To add a block to the blockchain, a node must solve certain computational tasks that make it much more difficult for a single node to control the network. This short description the concept of Proof-of-Work (proof of work) - basically implying the ability of a node to verify that the miner (which is the node adding a new block to the blockchain) has actually completed the calculations.

In Bitcoin, nodes iterate in an order called "one-shot". This involves trying to find a hash of the block header (the part of the blockchain that contains a link to the previous block, and contains the summed value of the transactions included in the block) that will match the current difficulty level.

These calculations can only be done interactively, and the difficulty is set to such a level that it is truly difficult. At the same time, checking the calculation results remains simple. Nodes can always verify that the miner has found the correct value.

Proof-of-work of Bitcoin gave birth to a whole new mining industry and became an impetus for the development of specialized equipment. As you know, the resources spent on hashing Bitcoin blocks are enormous and far exceed the capacity of the largest supercomputers.

However, the results of miners' calculations have no value outside the Bitcoin ecosystem, which makes many wonder if all these resources could be used in a more useful direction. This is, of course, a reason for a separate discussion, although ensuring the security of the Bitcoin network is already a fairly noble goal. In any case, some other possibilities should be considered.

Proof-of-stake

Bitcoin is, first and foremost, a decentralized system of financial transactions. The Bitcoin blockchain can be used for other things, but it is clear that it was designed to be “better money.”

Nodes send each other blockchain tokens (a specific value associated with transaction inputs and outputs), which effectively creates the Bitcoin balance of the receiving node (in reality, the Bitcoin database does not contain any balances, but instead contains transaction inputs and outputs). This gave Sunnyking, the creator of the Peercoin cryptocurrency, the idea to use “stake,” a value locked in transaction outputs, as a resource that determines which node gets to mine the next block. In the proof-of-stake approach, nodes also try to hash data in search of a result less than a certain value, but in this case the difficulty is distributed proportionally and in accordance with the balance of that node. In other words - in accordance with the number of coins (tokens) in your account. Thus, a node with a larger balance has a greater chance of generating the next block. And since it is unlikely that a particular node is not so interested in having a larger balance than the rest of the network, this scheme looks quite attractive, primarily because of the small requirements for computing resources, and also because there is no situation of “wasted” computer power.

At first glance, PoS looks more a good decision than PoW, but in reality it’s not that simple. PoW, in addition to consuming a huge amount of energy, also has significant shortcomings. Bitcoin miners are organized into mining pools, and the pool operator can theoretically control most of the network's computing power. From this point of view, decentralization is lost, and one large player can control the entire network.

However, PoW also has its advantages. PoW miners consume a lot of electricity, a resource that is external from the network's point of view. PoS miners use an internal resource – the balances of their accounts. This helps them spend much less external resources on computing.

This is the root of the famous Nothing-at-Stake problem, which makes PoS systems inherently unstable in the eyes of many cryptocurrency enthusiasts. An attacker may try to fork the blockchain, i.e. create a longer alternative chain by spending “non-existent” resources. Moreover, other miners can support it, since they also do not consume “genuine” resources. Through a fork, an attacker can reject certain transactions and carry out “double spending” attacks (pay merchants, receive goods, fork the blockchain and replace a payment to the merchant with a payment to own account in an alternative blockchain).

The Nothing-at-Stake problem manifests itself in all vectors of attacks on PoS systems. Conventionally, attacks can be divided into two categories: short-range and long-range. In the case of short-range attacks, most of the last blocks are replaced; in a long-range attack, the attacker goes deeper, trying to replace the entire network history. He can reach the genesis block.

Melee attacks

Let's look at melee attacks first. The attacker attempts to fork most of the latest blocks, starting from the block that precedes them. The goal of these actions is to build a chain of blocks that will be longer than the currently existing one. Other mining nodes, seeing the attacker's activity, may be incentivized to help him because it won't cost them anything: the computational cost is minimal, and mining on two different blockchains increases their chances of ending up on the correct blockchain.

It is worth noting that in practice everything is not as simple as it looks in theory, since most of the network will continue to mine on the main chain and needs good coordination and consistency on the part of the attackers. Theoretically, however, such an attack is quite possible.

The classic strategy for preventing melee attacks is to eliminate malicious nodes. The advantage of a PoS system over a PoW system is its greater determinism. Typically, a node's chance of generating the next block in a PoS system depends on the node's address, its balance, current difficulty, and timestamp. The search space is limited by the number of seconds between adjacent blocks (since this is the only parameter that changes). Thus, it becomes possible to predict the next mining node (or, as it is commonly called in PoS, forging) and impose sanctions on it by rejecting its version of the blockchain. This is how NXT, one of the first second-generation cryptocurrencies, was developed.

Another approach is to require miners to contribute a certain number of network tokens before starting work. When a node sees that a miner has signed two competing blocks on two competing blockchains with its public key, it reports this and the miner's collateral is confiscated. This is exactly the approach that will be used in the Ethereum protocol, and so far it has not been implemented in any of the cryptocurrencies.

Most existing cryptocurrencies still use centralized control points, and developers periodically have to confirm correct version blockchain. This doesn’t look quite right from the point of view of the decentralized nature of cryptocurrencies, but let’s not forget about the questions that Bitcoin has regarding centralized pools. Gigahash, the largest Bitcoin mining pool, has voluntarily agreed to control no more than 50% of the network, although it is capable of more.

Ranged attacks

Now let's look at ranged attacks. This is where things get serious for PoS, at least in theory. By delving into the depths of the blockchain, the attacker attempts to replace the entire transaction history. Since the computational effort for PoS systems is much more modest, in theory he could start with an old block and arrange transactions in such a way that he would be able to create a longer blockchain than the existing one. He may even try to buy personal keys from old accounts that had balances some time ago and use them to fake a fork.

This can be prevented by limiting the depth at which network nodes can accept a new fork. For example, in the case of NXT, if the fork started more than 720 blocks ago, network nodes will not accept it. However, in order to reject a fork, a node must have a copy of the current blockchain, which the new fork that has just joined does not have.

There is currently no “theoretical” way to prevent an attacker from “feeding” his fork to a new node. An attacker can successfully impose his subjective view on the history of the network. Therefore, some centralization seems inevitable at this point, since trusted nodes must provide the current blockchain to the new participant. This is called “weak subjectivity” and seems to be an almost inevitable measure for existing PoS theories.

What we would like to draw attention to is a certain similarity between the PoS and PoW systems in matters of security. Both approaches rely on the goodwill and integrity of the developers.

Many POS systems were forked by developers to “rewind” history after successful attacks on the blockchain or even simply the exchange of large amounts of cryptocurrency, the origin of which raised questions.

Disputes between supporters of both systems have been going on for many years, but the nature of these disputes is more theoretical. Practice shows that the role of the developer in security matters is still very high.

Personally, I believe that the most secure solution for future cryptocurrencies will be some kind of mixture of PoS and PoW systems. Moreover, this is already the most common approach. Many cryptocurrencies have a PoW stage, where the currency is released by paying miners in new coins, and a PoS stage, which occurs after all the currency has been released.

Most serious cryptocurrencies will probably not abandon PoW – the Nothing-at-Stake mentality is firmly in the heads of cryptocurrency experts. However, PoS systems will always be easier to implement and just as reliable from a security point of view as PoW systems.

Sasha Ivanov specially for ForkLog

Found an error in the text? Select it and press CTRL+ENTER

Subscribe to Forklog news

Proof-of-Work and Proof-of-Stake are consensus algorithms that are used to validate new blocks of the network, as well as adding transactions to them. Accordingly, the operating principle of these systems directly affects miners, who decrypt blocks 24/7. What is the difference between the two algorithms and which one is more profitable from a mining point of view? Let's consider their principles of operation, and also make a comparative description.

Proof-of-Work: operating principle

Proof-of-Work, or PoW, as it is called for short, is translated from English as “proof of work.” Actually, the name of the algorithm itself contains the principle of its operation. It allows the network to verify that the miner has actually done all the work of calculating the SHA-256 or Scrypt function that is the basis of cryptocurrencies.

The essence of PoW is as follows:

• The miner must solve a complex problem that only sufficiently powerful computers can do.
• The result obtained during the solution should be easily verified.

If we talk about the proof-of-work algorithm, specifically in the context of cryptocurrencies, it allows nodes (you can find out what nodes are and how they work in) to check the work of miners, as well as the reliability of their calculations.

This mechanism stimulates the miner community to constantly upgrade their mining equipment, because the complexity of the network is constantly increasing, thus, the total computing power in the Bitcoin network already in 2012 exceeded that of the most modern supercomputer.

It is worth noting that the need for modernization from the point of view of miners is not so much an advantage as a disadvantage. After all, constant updating of equipment requires large financial costs, which knocks some players out of the market.

Proof-of-Stake: principlework

Until 2012, PoW was the only algorithm used in cryptocurrencies, but a competitor appeared on the horizon. It became the Proof-of-Stake algorithm, or PoS, which translated from English means “checking the stake.” The structure of its operation is fundamentally different from “proof of stake.” If in the first algorithm to increase priority in the network, computing power, then in the case of PoS – main role plays the number of coins in the wallet.

That is, in order to increase your chances of being the first to decrypt a block, you need to keep as much a large number of coins of the cryptocurrency you are mining. On the one hand, this approach is very beneficial for miners, because they no longer need to update their equipment, waste a large amount of electricity, and attacking the network becomes almost impossible. But it also has its drawbacks. For example, if one of the users or a united group manages to concentrate a large share of all coins in their hands, then they will be able to control the network.

Proof-of-Work and Proof-of-Stake: whose side is the community on?

The Proof-of-Work and Proof-of-Stake algorithms (or Proof-of-work and Proof-of-stake) have long been the basis for serious disputes between miners. Some argue that proof of work is more fair, others that proof of stake. It is impossible to give any definite answer.

In addition, today a hybrid version that combines both algorithms is quite often used. When a coin is emitted, the network operates on Proof-of-Work, and when the emission is completed, on Proof-of-Stake. This is quite logical. After all, active participation at the stage of testing the work allows you to accumulate a sufficient number of coins in order to “organically” wedge into a new stage of testing shares.

Despite the novelty and passionate discussions of the PoS system, most major cryptocurrencies are not ready to abandon the Proof-of-Work algorithm. Perhaps this will happen in the future, but this is not observed now. Proof-of-Work and Proof-of-Stake remain competitors.