Loki

Loki is becoming Oxen! Check out our announcement blog, or head over to oxen.io for a glimpse at the future of the Loki Project! Note: All posts, other information, and download links on loki.network are up-to-date and relevant. For any queries, you can find us on Telegram or contact us via email.
consensus, Blockchain consensus mechanisms: Proof of Work, Proof of Stake, and hybrid mechanisms

Blockchain consensus mechanisms: Proof of Work, Proof of Stake, and hybrid mechanisms

What’s a consensus mechanism?

Every computer network needs a way to ensure that all connected devices are in agreement about the state of the network: whether data is valid, where and how it should be sorted, etc. For centralised networks, reaching this consensus is easy: the central server dictates the correct state of the network to all other connected devices. For decentralised networks, though, reaching consensus is more challenging. Because there’s no central authority, decentralised networks need a secure alternative method of reaching consensus.

This becomes especially important for decentralised blockchain networks: nodes on the network need to agree on the state of the blockchain and on the order of transactions to prevent people from double-spending cryptocurrency or otherwise manipulating the network.

How do consensus mechanisms help the blockchain?

Consensus mechanisms provide ‘fault-tolerance’ to decentralised networks: making sure that every node’s records are in agreement with those of every other node. If a node’s records differ from the majority (a ‘fault’), the node might have made an error or it may be acting maliciously. Consensus mechanisms allow the network to ignore contributions from faulty nodes.

Consensus mechanisms also provide one of the biggest benefits of decentralised blockchain networks: they make them ‘trustless’. When you use a centralised network, you’re placing your trust in the central server and its administrators to make the correct decisions. But when you use a decentralised network, the nodes on the network work together to make decisions using a consensus mechanism. You don’t need to place your trust in a central entity to maintain the blockchain ledger.

There are several different consensus mechanisms, and each has its own strengths and weaknesses. Here, we’ll focus on the three most popular consensus mechanisms: Proof of Work (PoW), Proof of Stake (PoS), and hybrid PoW-PoS.

Proof of Work consensus mechanism

Proof of Work: How does it work?

Proof of Work consensus mechanisms use a process known as ‘mining’, where miners (special nodes on the network) compete against each other to solve complex mathematical puzzles, and are rewarded for solving them. While these puzzles are difficult to solve, and require a lot of computational power, it’s easy for the network to verify whether a solution is correct.

When a mining node begins working on a puzzle, the miner gathers a bunch of unconfirmed cryptocurrency transactions together, forming them into a block. When it successfully solves the puzzle, the mining node broadcasts their block to the network. At this point, the block includes the set of unconfirmed transactions, the solution to the puzzle, and a cryptographic link to the previous block in the blockchain.

All other miners on the network must then come to a consensus about whether this new block contains a valid solution to the puzzle. If the network decides that the solution is valid, then the block will be added to the blockchain, validating the crypto transactions contained within. The miner that publishes the block receives a reward in the form of cryptocurrency (which is where the term “mining” comes from), and miners begin working on a fresh puzzle.

Who uses Proof of Work?

Proof of Work was made famous by Bitcoin, the first (and most popular) cryptocurrency. Bitcoin’s PoW implementation was based on ideas originally published by Cynthia Dwork and Moni Naor in 1993. Many other cryptocurrencies also use PoW-based consensus mechanisms, including Ethereum and Monero.

Security benefits of Proof of Work

To talk about the security benefits of PoW, we need to address the goals of an attack on a blockchain. When a malicious actor attacks a blockchain, the goal is often to ‘rewrite history’ by validating invalid transactions. Alternatively, the attacker may want to block legitimate transactions from being validated.

Because mining is effectively a race against all other miners to solve puzzles, successful block mining requires a lot of computational power (“hash power”), and miners often need specialised and expensive hardware to be able to compete. The more miners on the network, the more hash power any single miner needs if they want to reliably mine and win blocks. And to maintain a consistent rate of blocks being published to the network, PoW mining algorithms (the mathematical algorithms which produce the puzzles for miners to solve) will increase the puzzles’ difficulty as the total network hash power increases.

This difficulty scaling, combined with the competitive aspect of mining, means that an attacker would need an enormous amount of computing power to manipulate the blockchain. The attacker would typically need to control more than 50% of the network’s hash power. This type of attack is known as a 51% attack. Accruing such a huge amount of hash power would be incredibly expensive, which puts up a significant financial barrier for would-be attackers.

Proof of Work: The flaws

A major drawback of PoW consensus mechanisms is the excessive energy consumption of PoW-based networks. Such networks require huge amounts of computational power to function — and the hash power required to mine is constantly increasing. A single crypto mining computer can consume thousands (even tens of thousands) of watts, and these computers are often running 24/7. This electricity consumption is expensive, wasteful, and often unsustainable.

Another potential issue is selfish mining. Selfish mining involves a group of miners colluding to mine blocks and strategically withhold them from the blockchain, increasing their mining profits. Other miners are incentivised to work with the selfish miners in order to increase their profits. As the group of selfish miners grows, the mining of blocks becomes increasingly centralised, undermining the decentralised nature of most Proof of Work blockchains.

Proof of Stake consensus mechanism

Proof of Stake: How does it work?

In a Proof of Stake consensus system, nodes which stake (hold) cryptocurrency are randomly selected to create and publish new blocks, and the nodes are rewarded for doing so. 

Whereas in a Proof of Work system, nodes receive rewards at a rate based on their computational power (i.e. how often they can solve puzzles and thus publish blocks), in Proof of Stake, nodes receive rewards at a rate based on the proportion of coins they stake. If a node holds 3% of the available cryptocurrency, that node will theoretically be picked to mine a block 3% of the time.

Once a node has been selected to create a block, a set of other nodes (validators) will be chosen to validate the new block. Once these validators have verified the block’s legitimacy, the block will be published to the blockchain.

Who uses Proof of Stake?

Proof of Stake was first implemented by Peercoin, which launched in 2012. PoS has since seen wide adoption by other cryptocurrencies wishing to avoid the energy inefficiency issues faced by PoW mining algorithms. PoS has been adopted by a number of other cryptos, including NEO and Stellar.

Security benefits of Proof of Stake

In a PoS-based blockchain, an attacker would need to control more than 50% of the total cryptocurrency token supply in order to carry out a 51% attack (allowing them to publish fake or invalid transactions, re-order the blockchain, etc.).

Acquiring this much of the total supply can be extremely expensive — and in some PoS-based blockchains, it may be completely impossible. When crypto tokens are staked by nodes, they are removed from the marketplace and cannot be bought. If more than 50% of the total cryptocurrency supply for a given blockchain network is staked, a 51% attack becomes almost impossible. If a blockchain network can reach such a lockup ratio, it effectively becomes impervious to 51%-type attacks.

Proof of Stake: The flaws

Just like PoW, PoS is vulnerable to 51%-type attacks (though PoS is typically only vulnerable if less than 50% of the total token supply is staked). If a single actor is able to control more than 50% of the cryptocurrency, they will be able to manipulate the blockchain ledger by creating a large number of malicious nodes and using them to validate false transactions or block legitimate transactions.

While 51% attacks become more difficult the more crypto is staked, they are not impossible. If an attacker was able to convince someone who held a large amount of crypto to sell or otherwise give up their crypto to the attacker, the attacker could tip the scales enough to perpetrate a 51% attack.

Another type of attack on a PoS system is a long range attack. Because PoS systems require very little computing power to create new blocks (relative to PoW systems), it’s theoretically possible for an attacker to create an alternative version of the entire blockchain, based off the same first block (‘genesis block’) as the legitimate blockchain. This is extremely difficult in PoW systems due to the enormous power required to mine blocks. But under PoS, this process takes comparatively little effort. 

To conduct a long range attack, an attacker needs access to the keys (unique identifiers) that were used to sign old blocks on the blockchain. If the attacker gets access to these keys, they can use them to sign blocks in their own altered blockchain, then present this alternative blockchain to new nodes joining the network. The new node sees the alternative blockchain as legitimate, and accepts it as valid.

PoS-based blockchains implement a range of additional security measures, such as checkpointing and key-evolving cryptography, to prevent long range attacks.

Hybrid Proof of Work and Proof of Stake consensus mechanism

Hybrid PoW-PoS: How does it work?

In a hybrid PoW-PoS system, miners create blocks (using the above PoW mining algorithm system), and randomly-selected quorums (groups) of nodes then validate them. These quorums also engage in checkpointing, which secures the blockchain by permanently preventing blocks older than x (with x being a value set by the blockchain project) from being reorganised.

Who uses hybrid PoW-PoS?

Hybrid PoW-PoS systems are comparatively rare; Loki and Decred are two current implementations of such a system (though Loki will be switching to a pure Proof of Stake consensus mechanism, which will eliminate mining from the Loki ecosystem, reducing the environmental footprint of the Loki blockchain).

Security benefits of hybrid PoW-PoS

Hybrid PoW-PoS consensus mechanisms mitigate certain issues found in PoW and PoS mechanisms. Hybrid PoW-PoS blockchains are less vulnerable to long-range attacks compared to pure PoS blockchains, as block production is still gated by computational power, just as in a pure PoW system.

Hybrid PoW-PoS: The flaws

While hybrid systems allow PoW and PoS to complement each others’ weaknesses, there are some downsides of both that are left unsolved. Most notably, because hybrid PoW-PoS systems still require miners, the issues of electricity consumption, hardware cost, and environmental impact are still present.

So which is safer: Proof of Work, Proof of Stake/Service, or a hybrid system?

PoW, PoS, and hybrid systems are all effective methods of securing a blockchain. Regardless of which consensus mechanism is used, there is a significant cost to any attempted 51% attack.

Attacking a PoW system requires a huge amount of computational power. Attacking a PoS system requires purchasing more than 50% of the total token supply.

These are both massively costly undertakings. Ultimately, however, Proof of Stake/Service blockchains can be considered more secure, because if more than 50% of the token supply is staked, a 51% attack becomes extremely difficult, whereas it will always be theoretically possible (if extremely expensive) to acquire the mining power necessary to attack a PoW or hybrid blockchain.