A Proof-of-Stake Protocol v 2.0
-
I do not believe them, but this is a very good idea. In order to develop our own PROOF-OF-STAKE the next step, a good reference.
Pavel Vasin,www.blackcoin.co
Abstractâ€"The current Proof of Stake protocol has several potential security issues: coin age can be abused by malicious nodes to gain significant network weight to perform a successful double spend. Additionally, due to coin age, honest nodes can abuse the system by staking only on a periodical basis. This does not secure the network. Lastly: in the current system all components of a stake of proof are predictable enough to allow pre-computation of future proof-of-stakes. In this paper a system is proposed to solve said issues.
I. INTRODUCTION
Currently in the crypto currency community it is common understanding that Proof-of-Stake has yet to prove its security,economic value, and overall energy efficiency over time.BlackCoin was originally created as an experiment to prove that the concept of Proof-Of-Stake is valid; insisting it has real world applications in the future of crypto currencies. For the past 120 days BlackCoin has proven to be a secure system for the 15-20 million dollars market cap that the system currently proudly maintains. As we expect the BlackCoin ecosystem to grow in the future, we want to ensure that the Proof-of-Stake system is as secure as it can be. This is why we will be introducing PoS Protocol v2.0, also known as PoS 2.0. In the future we will continue to expand and reinforce the new system to ensure that attack vectors get closed before they can be abused maliciously.
This paper is organized as follows. Section II explains the benefits of the Proof-of-Stake concept. In Section III we describe the flaws of the current implementation which are then addressed in Section IV. Finally we give a summary in Section V.
II. PROOF-OF-STAKE
Consensus in a decentralized digital currency like Bitcoin [1] is achieved by requiring generated blocks to contain a proof that the node which generated the block solved a computational hard task. Unfortunately the concept of the Proof-of-Work (PoW) based system tends to lean towards eventual selfdestruction [2].Proof-of-stake (PoS) aims to replace the way of achieving consensus in a distributed system; instead of solving the Proofof-Work, the node which generates a block has to provide a proof that it has access to a certain amount of coins before being accepted by the network. Generating a block involves sending coins to oneself, which proves the ownership. The required amount of coins (also called target) is specified by the network through a difficulty adjustment process similar to PoW that ensures an approximate, constant block time.
As in PoW, the block generation process will be rewarded through transaction fees and a supply model specified by the underlying protocol; which can also be seen as interest rate by common definition. The initial distribution of the currency is usually obtained through a period of PoW mining.
A. Related work
The first PoS based currency was PeerCoin [3] which is still in a period of PoW mining. Further development of the PeerCoin PoS protocol lead to NovaCoin [4] which uses a hybrid PoS / PoW system.BlackCoin is the first crypto currency that uses a pure PoS based protocol which is based on the development of the above described projects.
III. SECURITY ISSUES IN POS
Besides the clear advantage of PoS over PoW as a method used to establish consensus on the network, there exist problems that have yet to be solved that can greatly improve network security.
A. Coin Age
In the PeerCoin protocol block generation is based on coin age which is a factor that increases the weight of unspent coins linearly over time; the proof that has to be provided together with a new block and has to satisfy the following condition: proofhash:
The proof hash corresponds to the hash of an obfuscation sum that depends on a stake modifier, the unspent output, and the current time.With this system it is possible for an attacker to save up enough coin age to become the node with the highest weight on the network. If the attack were to be malicious the attacker could then fork the blockchain and perform a double-spend.After this is done however, a second double-spend would require the attacker to save up coin age again, as the stake resets when the block was generated. It is worth mentioning that this situation is highly improbable and that the incentive is questionable (saving enough coin age to be the highest weight on the network would either take a lot of time or a lot of coins, and thus money, to make
this happen. Next to that, performing such an attack would probably devalue the system itself so it wouldn’t be profitable to do the attack in the long run.)
Another problem with coin age are greedy honest nodes. These are nodes that have no malicious intent but they keep their coins off the network and only stake every once in a while to get their stake reward. The current system actually encourages abusive behaviour of these nodes by keeping their node offline until it accumulates enough coin age to get the reward in a short period of time and then shut down the node again.
B. Blockchain Precomputation and Long Range Attacks
At the time of writing of this paper there is no known solution for secure timestamping in a largely distributed network.The current block timestamp rules give an attacker a degree of freedom in choosing the proof hash described in Eq. 1 and therefore increase the probability of a successful attempt to fork from several blocks in the past.In addition, the current stake modifier doesn’t obfuscate the hash function enough to prevent the attacker from precomputing future proofs. An individual who is seeking to maliciously attack the network would therefore be able to calculate the next interval for the future proof-of-stake solutions, allowing that individual to generate a few blocks in a row and execute a malicious attack that could harm the network.
IV. CHANGES IN THE PROTOCOL
In the following we will describe the changes in the BlackCoin protocol that address the problems described in the previous section.
A. Taking the Coin Age out of the equation.
The most secure way to perform a Proof of Stake system is by having as many nodes online as possible. The more nodes that are staking, the less possibility for security issues like 51% attacks, and the faster the actual network will perform transactions through these nodes. Thus, taking out the coin age will require all nodes to be online more to get their stake reward. Saving up coin age is no longer a possibility with the new system that calculates the chance of staking as follows: proofhash: (2) .Note that the system in Eq. 2 will not change the actual stake reward.
B. Changing the Stake Modifier
In order to mitigate the possibility of the pre-computation attack, the stake modifier will be changed at every modifier interval â€" to better obfuscate any calculations that would be made to pinpoint the time for the next proof-of-stake.
C. Block Timestamp Rules
Appropriate changes have been made to the block timestamps to work more efficiently with PoS. The expected block time was increased from original 60 seconds to match the granularity. Note that it is assumed that nodes have an external source of time, and if the internal time of a node deviates too much from the general consensus then there is a high probability that blocks generated by this node will get orphaned.
The proposed changes below outline the modifications to the block timestamp rules.
Bitcoin
Past limit: median time of last 11 blocks
Future limit: +2 hours
Granularity: 1 second
Expected block time: 10 minutes
Blackcoin (New rules)
Past limit: time of last block
Future limit: +15 seconds
Granularity: 16 seconds
Expected block time: 64 seconds
D. Hash Function
The original NovaCoin protocol called for the use of â€Scrypt†[5] as its Proof-Of-Work; also being used as the block hash. However there are some issues with that previous implementation. Using Scrypt offers no real advantage to Proof-Of-Stake; and is far slower than some alternatives. Since BlackCoin is no longer in PoW phase, the only major change would have to occur in the algorithm for determining the block hash. Therefore the block hash has been changed back to SHA256d. To reflect this the block version has been increased to version 7.
V. SUMMARY
The proposed changes are intended to improve security in BlackCoin’s PoS protocol and were made with optimization in mind. With the new protocol possible attack vectors are reduced to a minimum and the incentive to support the network by having a full node running continuously is clearly increased. This will allow BlackCoin and PoS to continue to scale for mass adoption while plugging and mitigating potential risks.
VI. ACKNOWLEDGEMENTS
Many thanks to Rob ’Soepkip’ Schins, Maarten Visser,
Steven ’McKie’ McKie, and Patrick Doetsch for helping out with the write up of the protocol v2 changes.
-
Nice read but seems quite offtopic right now when Neoscrypt is finishing.
-
Nice read but seems quite offtopic right now when Neoscrypt is finishing.
I was thinking, 6 months later, the FTC will is what, what are the challenges facing.
-
I’m not sure how successful POS has been with POW I can mine and benefit without having to hold any coins. This makes it fair where as to me POS seems to reward the rich.
-
If I interpret this http://bitcoinmagazine.com/6528/what-proof-of-stake-is-and-why-it-matters/ right, it depends how POS is implemented.
If it can be designed to be independent of the number of coins somebody owns, it would not reward the rich.
-
Taking coin age out of the equation makes whales even richer and attacks even easier. Pure PoS isn’t secure very much as it is now, and they may screw up it big time. Their current best innovation is how to instamine nearly all of a coin in 5 days.
It’s unclear to me why Balthazar has chosen Scrypt for NVC as both block hash and PoW hash. The 1st part wasn’t necessary. However reverting any or both to SHA-256 isn’t much better because it’s an outdated and not very fast hash function.
-
I think I should add bandwidth services . In addition, the share of POW will gradually decrease, increasing the share of POS
-
POS, all it screams at me.
Centralisation, no liquidity, controlled access to that market. it’s the complete opposite of what FTC is trying to achieve is it not?
Please, tell me FTC has no plans on going POS?
Likes of PPC, part POS, sure, that’s fine, but full? wouldn’t touch that blockchain with a barge pole
-
I kind of agree POS does not really agree with me.
-
POS, all it screams at me.
Centralisation, no liquidity, controlled access to that market. it’s the complete opposite of what FTC is trying to achieve is it not?
Please, tell me FTC has no plans on going POS?
Likes of PPC, part POS, sure, that’s fine, but full? wouldn’t touch that blockchain with a barge pole
I think you misunderstood what I meant.
My goal is to find suitable for our development path, not stop there, and not copied.
In my mind is Proof-of-Service , not Proof-of-Stake . I called it S2S (Service to Service).
The following three cases:
-
A man had graphics card , he can mine feathercoin .as we are now.
-
A man have not graphics card ,he have some money,he can buy some feathercoin , and use the FTC mine.
-
A man have not graphics card ,he have not money too,he can open his feathercoin wallet and provide P2P services with his bandwidth.
Of the three cases FTC can be achieved.
We love all others, they too love us all .
-
-
That’s an interesting idea lizhi. I think in the very long term this may be a good goal!
-
Interesting.
-
Not only an interesting, This is our roadmap for future development. We will get rid of bitcoin and exceed bitcoin. This is the meaning of our existence. Feathercoin does not exist as a single copy . Happily, we are one step ahead, time is the key. Time is money.
-
Be careful with big statements like that Lizhi, I might just get my way in Scotland and create the first Gvt chain, blow you ALL out of the water O:-)
Partial POS, sure, I don’t mind that. I understand your looking down the road and it’s still called pos no matter if you put a skirt on it and cal it “fluffys day out” ^-^
-
We have a fair mining for 1.25 years. After 6 to 9 months, we will have the ability to start POS. But before that we have many things to do. Upgrade to 0.9.2, adding the multisignature Technology. To design UI interface Wallet .
-
I think you misunderstood what I meant.
My goal is to find suitable for our development path, not stop there, and not copied.
In my mind is Proof-of-Service , not Proof-of-Stake . I called it S2S (Service to Service).
The following three cases:
-
A man had graphics card , he can mine feathercoin .as we are now.
-
A man have not graphics card ,he have some money,he can buy some feathercoin , and use the FTC mine.
-
A man have not graphics card ,he have not money too,he can open his feathercoin wallet and provide P2P services with his bandwidth.
Of the three cases FTC can be achieved.
We love all others, they too love us all .
Please told me POS is not a long term plan. Even a mixed POW and POS will prevent people spending the coin. You can compare the PPC and FTC transaction on average.
If POS is the long term plan, I would have to re-valuate the potential of FTC .
-
-
This will be determined by the market,If prices fall below the electricity costs,POS will improve our ability to survive.I recommend using a PoW in the first 4 years, The first five years of the start, will use PoS.
But this is not the only.If prices continue to fall, PoS is a good choice.
-
This will be determined by the market,If prices fall below the electricity costs,POS will improve our ability to survive.I recommend using a PoW in the first 4 years, The first five years of the start, will use PoS.
But this is not the only.If prices continue to fall, PoS is a good choice.
Assume the electricity cost you are talking is $0.04 . You means price below that will make FTC change to POS for a while (or forever) . Or you means change to POS as a temp solution???
what happen in NXT is already make people concern about POS. I can only said POS is more centralize when compare with POW. And honestly I don’t thinks is a good choice.!
By the way change to POS is already a decision??
-
Not a decision yet, don’t even think its worked its way to a full discussion yet.
Only the change to Neoscrypt is set in stone at the moment and even that the date hasn’t been set yet.
-
No , It is not a decision, only discuss.
But I think the miners will not bear the loss,so We need to make early preparations.
