The blockchain is nothing short of a revolutionary idea that’s well thought out and enabled by modern technology. Leveraging on cryptography, peer-to-peer networking and incentivization by design, we now have means to send funds/value reliably on a worldwide scale to places where there is internet connection without the need of a central authority who handles your fund (i.e the bank).
“The blockchain is an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.”
Don & Alex Tapscott, authors of Blockchain Revolution (2016)
To have an open, distributed ledger shared and updated continuously by all users without having more than 100 million different versions, there must exist a way for all participants to agree unambiguously on certain rules that determine the legitimacy of one particular version of the ledger.
And this is where consensus algorithms are necessary. In essence, consensus is what allows a distributed system (the blockchain) to function properly as a decentralized peer-to-peer system without a central authority figure. A blockchain is comparable to a corporation with no leader or board members steering it – the consensus algorithm dictates and sets rules that all participants must follow in order to move forward.
So, why is a consensus mechanism essential in blockchain?
It facilitates agreement between the millions of users and gives everyone a clear picture on what to do, and what are the rewards/punishments for obeying with the rules. The need for a consensus mechanism for a decentralized system can be described with the Byzantine General’s Problem:
Imagine a city besieged and surrounded by the Byzantine army led by 5 different generals. All 5 generals surrounding the city have to formulate an attack plan and in its simplest form, it is merely between attacking and retreating. The generals are far apart from one another, and the only means of communication is via messengers (who may be spies, or be killed/replaced by enemy messengers). To further complicate matters, some generals may be malicious and can tamper with the votes.
Suppose the generals now cast votes to decide whether to attack or retreat and thus also informing the rest of their decision at the same time. This however presents a problem – if any of the generals are malicious/messenger gets replaced, some generals may be tricked into attacking. So, how can the Byzantine Generals ensure that their votes cannot be tampered with?
This problem is analogous to our decentralized peer-to-peer system – how can we ensure that all nodes (generals) are looking at information (votes) that is valid and not tampered with? For that, all nodes must agree with a certain set of rules and be able to assess information that arrives before adding anything to the chain. This is arguably the most important aspect of the blockchain – how do we ensure that all money is only spent once as intended, and that the transactions of thousands, if not millions or billions of users cannot be tampered with?
In today's article, we'll go through several different commonly applied consensus algorithms - Proof of Work (PoW), Proof o Stake (PoS) and Delegated Proof of Stake (DPoS):
Convert electrical energy into PoW cryptocurrencies!
Implementations: Bitcoin, Litecoin, Vertcoin, Ethereum and many more.
Pros: In use since 2009 – proven and stable, trustless, decentralized.
Cons: Energy intensive and unable to scale effectively on its own.
“Knock-knock”, “who’s there!?” (Image from Bitcoin Wiki)
Proof-of-work (PoW) is the first ever consensus algorithm that came to life through Bitcoin which was created by Satoshi Nakamoto to overcome the problem. Consider the following to see how PoW solves the problems that Byzantine Generals have:
- Suppose that the generals all agree that the messages they receive, when hashed must have “ABCD” as the last 4 letters. (A brief guide to hashing just in case you need it - click here!)
- Therefore, when a general sends his message (vote), he appends it with a nonce (a random number) and hashes it to conceal the information.
- However, it is extremely tedious work to find a nonce that will correspond to the set rules, therefore it becomes very difficult for malicious actors to append the message AND find a nonce that satisfies the conditions in a short amount of time.
In the case of modern cryptocurrency, the hashing part is taken care of by computers and is what is known as mining to the most of us.
Now you might think that it is easy to just pre-fabricate a message that has “ABCD” as the last 4 letters once hashed and add that in when time comes, but by design, blockchain adds another layer of security by stating that the new blocks must contain the previous block’s hash, which is near impossible to correctly guess ahead of time!
In PoW systems, it is possible to “beat” the system by having more than 51% of the network’s computational power (hashrate) – with that the user effectively has control over the network and they can then:
- Perform censorship to electively include/exclude certain transactions.
- Double spend their own money among other possibilities.
- Erase/amend past transactions.
However, in the third scenario an attacker is likely only able to alter the past few blocks (recall how exchanges usually require you to have x number of block confirmations before accepting your deposit?). Blocks further behind are safer from being tampered with compared to newly mined blocks.
And since the longest chain is considered the Main chain (or the “correct” one), another possible way of attack on the network is called “Selfish Mining”, described as follows:
- Miner X finds a block, but decides to not broadcast it and continue working on it.
- The other miners, unaware that a block has already been found by Miner X, continues to work to find the block the Miner X has found
- Miner X, now on a chain where he is the only participant, will see the difficulty lower and be able to mine easily and earning himself lots of coin in the process.
- Miner X then broadcasts the blocks out to the rest of the network and proceeds as if nothing has happened
But note that this can only happen if Miner X has a lot of computation power (>51% for good chance to succeed) because if Miner X finds blocks slower than the rest of the network, he cannot broadcast his chain as the longest (and thus correct) chain.
Proof of Stake (PoS)
Your crypto generates more for you - like bank interest!
Implementations: Peercoin, Decred, Ethereum's (Casper - WIP).
Pros: Much lesser electricity consumption relative to PoW.
Cons: Vulnerable to 51% ownership attack; On a full PoS system, you can only buy from existing users.
The more money (“weight”) you hold, the more influential you are in the network. (Image from Bitcoin Wiki)
Proof-of-Stake (PoS) was first adopted in Peercoin back in 2014 as a way to tackle the main issue surrounding Proof-of-Work (PoW) cryptocurrencies – energy usage. As of June 2018, processing one transaction in Bitcoin consumes enough electricity to power nearly 34 U.S household for a day! In contrast, PoS requires virtually no extra power usage on top of regular computer usage unlike PoW to generate new blocks and stamp transactions.
In PoS based blockchains, the creator of a new block is chosen in a deterministic way based on the wealth of the user, also known as the “stake” of a user. To illustrate that, consider a simplified coin ecosystem with 100 coins in circulation and a new block is found every minute, with 1 coin going to the creator. To further simplify matters, we only have two users: Alan and Bob with 80 and 20 coins respectively.
The cost to propagate/maintain the network is significantly lesser compared to PoW, which is great but the PoS system is not without its flaws. The network costs nearly nothing tangible (unlike electricity power for PoW) which brings us to one of the major issues with PoS called the “Nothing at Stake” problem.10 blocks later, Alan will most likely have 88 coins, while Bob has 22 coins. In this system, all the user needs to do is to leave their coins staked on the network (and not spend it!) to receive their rewards, similar to keeping your money in fixed deposit.
In PoS, a user may stake on two different chains as there are no immediate economic penalties for a user to vote on two different chains – this can potentially lead to a network that rarely achieves consensus and is constantly forking. In fact, this is possibly the most profitable route for any user as they get to maximize their staking gains with no losses. Compared to PoW, there are no economic benefits for a user to vote on two different chains since they’d have to spread their computational power. In this regard, Ethereum’s Casper has been looking into penalizing bad actors. But there are also potential downsides to this – how would the algorithm know in the event of a fork, that one chain is the “right” chain?
Another flaw of PoS is that, if staking the coin is a profitable thing to do, why would anyone want to spend the coin? The design of this algorithm inherently causes hoarding, which is counterintuitive for a currency system but may otherwise be useful for coins that have alternative uses other than to be spent.
Finally, if a user has more than 51% of all of the coins staked, they essentially have a monopoly over the network and the only way to break the monopoly is if the user is willing to sell some of his/her holdings.
Delegated Proof-of-Stake (DPoS)
Similar to PoS, but now you vote for “Representatives” who do the staking!
Implementations: Ark, Steem, EOS and BitShares among many others.
Pros: Cheap and fast transactions, energy efficient, scalable to a certain extent.
Cons: Partially centralized (from having selected delegates), attack vectors clear and actionable
Delegated Proof-of-Stake (DPoS) is largely similar in name with Proof-of-Stake, but varies fundamentally in terms of implementation. In DPoS, network participants do not stake directly with their own funds, but instead vote for a select group of users which are known as the “Delegates” to validate transactions/stamp blocks. The biggest upside of this design would be its high throughput as there are less validator nodes to pass a transaction through.
Choosing your delegates to stake for you. (Image credit: GIPHY)
DPoS is seen as a form of democracy, and rightfully so. Individual participants in the network utilize their coins/tokens to nominate delegates to serve the network on their behalf. The delegates are responsible to validate transactions, secure the network and broadcast network information.
The incentive mechanism in DPoS is somewhat two-tiered - Delegates receive rewards from the network by design and can then pass on the reward to those who have voted for them. To see how this works – consider the following example which was referenced from the Ark Ecosystem Project:
- User Alex has 50 tokens.
- Alex can vote for as many delegates as he wants to (up to 50), but the more delegate he votes for, the less weight he has on each delegate.
- As each delegate forges new blocks, Alex receives his portion of tokens as an incentive to him for voting.
In such a system, users are able to cast their vote on delegates who perform their duties properly, and with that keep bad actors in check.
Of course, there are many ways to design a DPoS system, so we have multiple “flavors” of DPoS right now but fundamentally they are similar – participants vote for delegates who can then forge the new blocks and propagate the network forward.
In DPoS, the biggest upside is higher throughput from having to broadcast transactions through less validators (nodes). However, that also becomes one of the major downsides of it – when you are able to identify your “authority” entities, the network is no longer truly decentralized and cartels can also be formed. Additionally, it can possibly suffer from what plagues many democratic system – voter apathy. What if the token holders themselves choose to not vote and only users who have a significant enough stake vote in their best interests?
Also, since the validators are known entities, it is likely that they can be subject to Distributed Denial of Service (DDoS) attacks. While it is unlikely that many validators can be attacked at once to cripple the network, it is still an attack vector for the network – over a long period of time there is a possibility that all “good” actors can be slowly flushed out of the pool and be replaced by cartels.
To be continued
That's it for Part 1 of CoinGecko's guide to various cryptocurrency's consensus algorithms! I hope you've had as much reading this as I have enjoyed writing it. Stay tuned for Part 2 where a few more other consensus algorithms are covered.
Jin is a Market Research Analyst at CoinGecko. In his free time, Jin enjoys messing with crypto related stuffs on a slightly technical side and generally learns about crypto as he munches on snacks. Follow the author on Twitter @jin_8315