A (Short) Guide to Blockchain Consensus Protocols

gum-candy-e1488486608975
4 March 2017

We hear plenty of talk of how public blockchains are going to change the world, but to function on a global scale, a shared public ledger needs a functional, efficient and secure consensus algorithm.

A consensus algorithm, like bitcoin’s proof of work (the one we hear about most often), does two things: it ensures that the next block in a blockchain is the one and only version of the truth, and it keeps powerful adversaries from derailing the system and successfully forking the chain.

In proof of work, miners compete to add the next block (a set of transactions) in the chain by racing to solve a extremely difficult cryptographic puzzle. The first to solve the puzzle, wins the lottery. As a reward for his or her efforts, the miner receives 12.5 newly minted bitcoins – and a small transaction fee.

Yet, although a masterpiece in its own right, bitcoin’s proof of work isn’t quite perfect.

Common criticisms include that it requires enormous amounts of computational energy, that it does not scale well (transaction confirmation takes about 10-60 minutes) and that the majority of mining is centralized in areas of the world where electricity is cheap.

Bitcoin creator Satoshi Nakamoto woke us up to the potential of the blockchain, but that doesn’t mean we can’t keep searching for faster, less centralized and more energy-efficient consensus algorithms to carry us into the future.

While not a comprehensive list, the following are a few of the alternative approaches being kicked around out there.

Proof of stake

The most common alternative to proof of work is proof of stake.

In this type of consensus algorithm, instead of investing in expensive computer equipment in a race to mine blocks, a ‘validator’ invests in the coins of the system.

Note the term validator. That’s because no coin creation (mining) exists in proof of stake. Instead, all the coins exist from day one, and validators (also called stakeholders, because they hold a stake in the system) are paid strictly in transaction fees.

In proof of stake, your chance of being picked to create the next block depends on the fraction of coins in the system you own (or set aside for staking). A validator with 300 coins will be three times as likely to be chosen as someone with 100 coins.

Once a validator creates a block, that block still needs to be committed to the blockchain. Different proof-of-stake systems vary in how they handle this. In Tendermint, for example, every node in the system has to sign off on a block until a majority vote is reached, while in other systems, a random group of signers is chosen.

Now, we run into a problem. What is to discourage a validator from creating two blocks and claiming two sets of transaction fees? And what is to discourage a signer from signing both of those blocks? This has been called the ‘nothing-at-stake‘ problem. A participant with nothing to lose has no reason not to behave badly.

In the burgeoning field of ‘crypto-economics‘, blockchain engineers are exploring ways to tackle this and other problems. One answer is to require a validator to lock their currency in a type of virtual vault.

If the validator tries to double sign or fork the system, those coins are slashed.

Peercoin was the first coin to implement proof of stake, followed by blackcoin and NXT. Ethereum currently relies on proof of work, but is planning a move to proof of stake in early 2018.

Proof of activity

To avoid hyperinflation (what happens when too much of a currency floods the system) bitcoin will only ever produce 21m bitcoins. That means, at some point, the bitcoin block reward subsidy will end and bitcoin miners will only receive transaction fees.

Some have speculated this might cause security issues resulting from a ‘tragedy of the commons‘, where people act in self-interest and spoil the system. So, proof of activity was created as an alternative incentive structure for bitcoin. Proof of activity is a hybrid approach that combines both proof of work and proof of stake.

In proof of activity, mining kicks off in a traditional proof-of-work fashion, with miners racing to solve a cryptographic puzzle. Depending on the implementation, blocks mined do not contain any transactions (they are more like templates), so the winning block will only contain a header and the miner’s reward address.

At this point, the system switches to proof of stake. Based on information in the header, a random group of validators is chosen to sign the new block. The more coins in the system a validator owns, the more likely he or she is to be chosen. The template becomes a full-fledged block as soon as all of the validators sign it.

If some of the selected validators are not available to complete the block, then the next winning block is selected, a new group of validators is chosen, and so on, until a block receives the correct amount of signatures. Fees are split between the miner and the validators who signed off on the block.

Criticisms of proof of activity are the same as for both proof of work (too much energy is required to mine blocks) and proof of stake (there is nothing to deter a validator from double signing).

Decred is the only coin right now using a variation of proof of activity.

Proof of burn

With proof of burn, instead of pouring money into expensive computer equipment, you ‘burn’ coins by sending them to an address where they are irretrievable. By committing your coins to never-never land, you earn a lifetime privilege to mine on the system based on a random selection process.

Depending on how proof of burn is implemented, miners may burn the native currency or the currency of an alternative chain, like bitcoin. The more coins you burn, the better chance you have of being selected to mine the next block.

Over time, your stake in the system decays, so eventually you will want to burn more coins to increase your odds of being selected in the lottery. (This mimics bitcoin’s mining process, where you have to continually invest in more modern computing equipment to maintain hashing power.)

While proof of burn is an interesting alternative to proof of work, the protocol still wastes resources needlessly. Another criticism is that mining power simply goes to those who are willing to burn more money.

The only coin that uses proof of burn is slimcoin, a cryptocurrency based on peercoin. It uses a combination of proof of work, proof of stake and proof of burn, but is only semi-active at this time.

Proof of capacity

As we’ve seen, most of these alternative protocols employ some type of pay-to-play scheme. Proof of capacity is no different, but here you ‘pay’ with hard drive space. The more hard drive space you have, the better your chance of mining the next block and earning the block reward.

Prior to mining in a proof-of-capacity system, the algorithm generates large data sets known as ‘plots’, which you store on your hard drive. The more plots you have, the better your chance of finding the next block in the chain.

By investing in terabytes of hard drive space, you buy yourself a better chance to create duplicate blocks and fork the system. But with proof of capacity, we still have the problem of nothing at stake to deter bad actors.

Variations of proof of capacity include proof of storage and proof of space. Burstcoin is the only cryptocurrency to use a form of proof of capacity.

Proof of elapsed time

Chipmaker Intel has come up with its own alternative consensus protocol called proof of elapsed time. This system works similarly to proof of work, but consumes far less electricity.

Further, instead of having participants solve a cryptographic puzzle, the algorithm uses a trusted execution environment (TEE) – such as SGX – to ensure blocks get produced in a random lottery fashion, but without the required work.

Intel’s approach is based on a guaranteed wait time provided through the TEE. According to Intel, the poof-of-elapsed-time algorithm scales to thousands of nodes and will run efficiently on any Intel processor that supports SGX.

The one problem with this protocol is it requires you to put your trust in Intel – and isn’t putting trust in third parties what we were trying to get away from with public blockchains?

Gumballs image via Shutterstock