The Problem With Proof of Stake

Without a central authority like Visa or Paypal, decentralized cryptocurrency networks need a way to make sure that users don’t spend the same money twice.

Enter the consensus mechanism, a system that allows the computers in a crypto network to decide which transactions are legitimate. The two main consensus mechanisms used by most cryptocurrencies today are “proof of work” and “proof of stake.” Both are essential components of blockchain technology and security.

Proof of work is often cast as the older of the two mechanisms, and is used by Bitcoin, Ethereum 1.0 and others. Proof of stake is claimed as newer, and powers Ethereum 2.0, Cardano, Tezos and other cryptocurrencies. But there is evidence such as Wei Dai’s B-Money paper that staking systems were known about and rejected by the original Satoshi Team.

Proof of stake has recently been touted, without much backing, as the greener, more secure consensus mechanism. But what’s the other side of the coin?

“Proof-of-stake is frequently proposed as a mechanism for distributed consensus in non-Bitcoin cryptocurrencies. However, this idea appears to be fundamentally flawed,” Blockstream Director of Research Andrew Poelstra wrote in a 2014 mathematical paper.

So how does it work? With proof of stake, the network secures itself through the commitment of a stake, which is a certain amount of capital in the form of the network’s own tokens. While proof of work requires miners to solve cryptographic puzzles, proof of stake requires validators to simply hold and stake tokens.

Proof of stake uses cryptographic signatures to prove that the user has vested interest in the system and has theoretically paid a cost at some point in the past in order to obtain tokens.

The problem Poelstra identifies with this is that coins bonded against a stake signature only exist within the blockchain to which those coins belong, meaning that if the blockchain can be created by one party, that party can then create multiple blockchains and select the one which favors the party.

“We showed that by depending only on resources within the system, proof of stake cannot be used to form a distributed consensus, since it depends on the very history it is trying to form to enforce loss of value,” Poelstra wrote.

Poelstra argues that it is impossible for a user to rely on proof of stake to claim that a particular block is valid, because that stake depends on previous stakes within the blockchain, which are based on nothing.

In an interview with Cointelegraph, Decred project lead Jake Yocom-Piatt says pure proof of stake is reversible, which means that its history can be changed. Poelstra has a similar argument.

“Because there is no universal time (and to new users, no universal history), there is no way to differentiate users who are ‘now’ holding the currency from users who ‘were’ holding the currency,” Poelstra wrote.

On the other hand, proof of work history can be mathematically verified and it can only be counterfeited “by recreating its entire mining history.”

Proof of work is the superior consensus mechanism because it is fair and secure, particularly in its incentives to secure each transaction. Its energy consumption is too often blown out of proportion, as miners today primarily rely on renewable energy or energy that would’ve otherwise been wasted.

A network built on a proof-of-work consensus mechanism is one that will ultimately thrive.

Disclaimer: This content is intended for informational purposes only. It is not financial, legal, or tax advice, and is not guaranteed to be correct, complete or up-to-date. Always consult with a licensed professional.