Proof of Work & Proof of Stake Explained
Last Updated: 1st November 2018
Hashcash and Proof of Work
Proof of work (PoW) is the process of producing a cryptographic hash that, when an input of any given length is run through a cryptographic hash function, an output of a fixed length is formed. Proof of work in current blockchain systems historically originate from its use in Hashcash. Hashcash was conceived by Adam Back, and is a proof of work system that was designed to limit email spam and denial-of-service attacks. Hashcash came in the form of a software plugin that inserted a ‘X-Hashcash:’ into the email header section of an email layout:
From: Someone <firstname.lastname@example.org>
To: Adam Back <email@example.com>
Subject: test hashcash
Date: Thu, 26 Jun 2003 11:59:59 +0000
In order to send the email, Hashcash requires the sender to compute proof of work calculations on what is effectively the recipient’s email address, which in this case is: ‘firstname.lastname@example.org’. The email address, along with some accompanying data, forms the below input:
This string of data is then used as an input for a cryptographic hash function, which at this point was Secure Hash Algorithm 1 (SHA-1). Running this input produces an output of:
The correct hash is found when it contains a defined number of leading zero bits, as is shown above. However, arriving to a correct cryptographic hash usually requires that the input data is repeatedly hashed, with slight variations made to the input data each time it is hashed. The computing power required to generate a correct hash using Hashcash is minimal for the sending of legitimate emails, as normal users do not send that many emails in the first place. However, spam emailers will find it more difficult to generate the required proof for the sending of mass emails, as it requires considerably more computational resources. This proof of work setup in Hashcash operates extremely similarly to the proof of work system that can be found in cryptocurrencies such as Bitcoin.
Proof of Work in Cryptocurrency Systems
Proof of work in Bitcoin (and other proof of work cryptocurrencies) function as a tool that is used to process blocks of transactions and add them to the blockchain. In other words, proof of work is utilized for block generation. The process of generating correct proofs in order to add a block to the blockchain is known as ‘mining’ and the individuals that participate in the mining process are known as ‘miners’. Just like Hashcash, miners must take data from a block header as an input, and repeatedly run it through a cryptographic hash function, which in this case for Bitcoin, is Secure Hash Algorithm 256 (SHA-256). Miners hash slight variations of the input data by including an arbitrary number (a nonce) each time the input data is ran through the cryptographic hash function. Similarly to Hashcash, the correct hash is found when a defined number of leading zero bits is found. Producing a correct hash value in cryptocurrency proof of work systems is a probabilistically low activity that requires the generation of a considerable number of hashes before a valid hash is arrived at. However, possessing higher computing power will translate to an increased likelihood of generating a valid hash, due to the individual being able to simply generate more hashes.
Proof of work cryptocurrency systems also include what is known as a network difficulty feature. Network difficulty is a measure of how difficult it is to find a hash below a target hash. A target hash is simply the number that the header of a hashed block must be equal or less than. For Bitcoin, the network difficulty is adjusted every 2016 blocks, based on the time it took to find the previous 2016 blocks. Discovering 2016 blocks is estimated to take approximately two weeks. So, if the previous 2016 blocks are found in less than two weeks, then the network difficulty is increased. Conversely, if the previous 2016 blocks took more than two weeks to find, the network difficulty is reduced. Network difficulty is dynamically adjusted to maintain a constant rate at which new blocks are generated, which for Bitcoin is one block every ten minutes.
With proof of work mining, miners are competing amongst themselves to find a correct hash value and gain the right to add a block to the blockchain. In exchange for committing the computational resources necessary to run numerous proofs, miners are rewarded with cryptocurrency e.g. bitcoins, which is known as a block reward. Other nodes on the network also verify that the miner has found the correct hash before the block is added to the chain. Cryptocurrency proof of work systems are constructed in such a manner that correct hashes are difficult to find, in that they are time-consuming and costly to produce, but they are also easily verifiable.
Proof of Stake
Proof of stake presents itself as taking a novel approach with regard to block generation on a blockchain. With proof of work, as previously mentioned, miners who find the correct hash are allowed to generate new blocks and are rewarded for doing so. However, with proof of stake systems, individuals that are chosen to generate a block, also known as validators, depend on a different set of criteria. This criteria differs depending on the proof of stake system, but largely speaking, a validator is chosen to generate a new block based on their economic stake in the network. A validator’s economic stake can include:
Relative value: The relative value of coins held in the validator’s wallet, which is equal to: the total value of coins in the validator’s wallet divided by the total value of coins on the network. Validators are selected to generate a new block with a probability that is proportional to the amount of coins that the validator possesses. Thus, the more coins a validator houses in his wallet, the increased likelihood of being selected to generate a block.
Coin age: Some proof of stake systems also take into account the length of time that a validator has held coins in their wallet, with this criteria being referred to as ‘coin age’. Coin age is defined as the coin amount multiplied by the number of days that the coins have been held in a wallet. Therefore, a validator possessing a large holding of coins over a lengthy time-period is more likely to be selected to generate a new block.
With proof of stake, a validator generates a new block by sending a special type of transaction that locks up their deposit. This deposit (or stake) serves as collateral for the block generation process. If the validator attempts to cheat the system and validate fraudulent transactions, then their deposit is slashed. Validators that correctly validate blocks of transactions are returned their deposit and also collect the transaction fee for the validation process.
Nothing at Stake Problem
The nothing at stake problem is one that is particular to proof of stake systems. The problem describes an event in which two blocks are produced at the same time, which results in two competing blockchains. In this scenario, validators are incentivized to form blocks on top of both competing chains just to be sure that they are backing the chain that will eventually win out. However, the problem here is that if it is presumed that validators are economically rational, then convergence of the two chains might not occur, and one chain may never win out. This is because staking does not induce the convergence of competing systems, since the same stake can be applied to multiple competing chains, which results in a risk-free way of validators to increase their rewards. This is in contrast to proof of work systems, where splitting one’s computing power across competing chains would not be a lucrative option. This is because computing proofs in proof of work systems require energy, a finite and financially costly real-world resource. Thus, the same tactic of forming blocks on competing blockchains in a proof of work system would not be economical.
The nothing at stake problem can be overcome through the use of a ‘slashing’ strategy. This solution involves penalizing validators that simultaneously form blocks on multiple chains. Penalization can be in the form of slashing a validator’s deposit that they have served up as collateral.
Proof of stake is presented as being a superior block generating mechanism to proof of work because of reasons primarily pertaining to energy consumption. Operating proof of work systems such as Bitcoin requires a tremendous amount of energy. It is estimated that roughly 6.5 million U.S. households could be powered by the energy that is consumed operating Bitcoin. Instead of consuming electricity to produce countless hashes for the right to generate a block, as is required in proof of work systems, validators in proof of stake systems are selected for block generation based on their economic stake in the network, which is a system that requires considerably less computing resources to operate.