On Defining Proof of Stake

Richard Carback
December 18, 2018

The current definition of Proof of Stake is too broad and generic to be useful. It does not imply any information about the security or insecurity of a platform. This definition does a disservice to all parties—the users, the systems, the experts—because instead of discussions addressing the issues, we spend our time bike-shedding and making untrue assumptions about system properties.

After a back-and-forth on Twitter about some of the details in Elixxir’s technical brief, I feel compelled to build on that conversation and attempt to critique the current definition of Proof of Stake (PoS). As this is my first time publicly participating in this community, I welcome conversation and feedback from community members to help further refine the definition from here. I haven’t received any takers so far, but I’m hoping that will change and I am grateful for the initial critique.

The Current Definition

Ignoring the “PoS is anything not PoW” trolls, most high-level definitions of PoS are minor variations on the following:

“PoS refers to the entire class of mechanisms whereby the amount of cryptocurrency you hold determines the extent to which you can participate in consensus.”

In my mind, there are 3 main problems with this definition:

Problem 1: The primary problem is that it is so high-level that it can only be valid within the narrow context of the protocol and therefore ignores very real externalities.

  • Nobody means this, but this extremely high-level definition implies that Proof of Work (PoW) could be considered a subset of PoS because—while it is possible to have all of the hashrate and 0 tokens—in practice you can use your tokens to buy hashrate and thus influence in the consensus mechanism. The only way for this high-level definition to work is to assume that Bitcoin and other PoW coins are not money and cannot be used to buy hashrate. I am sure the audience currently reading views this assumption to be as wildly untrue as I do.

Problem 2: The definition makes no distinction between systems with different properties.

  • My litmus test to illustrate this would be: if you replace stake with fiat, do the properties of the system look similar? If this is true, then calling the system PoS before it uses fiat and not calling it PoS after it uses fiat, despite the same properties being true, is a distinction without meaning.

Problem 3: Systems with similar non-stake mechanisms end up getting unfairly grouped together.

  • PeerCoin provides interest based on a percentage of a user’s stake, choosing from competing chains based on coin age.
  • Ouroboros uses stake as a weight to select the next block producer using a secure multiparty coin-flip. Similarly, Algorand assigns weights to users proportionally to the monetary value they have in the system for selection from their verifiable random function.
  • Dash requires that a node have stake to become a master node, and makes payouts in exchange for services provided by these master nodes.
  • Avalanche requires stake for node eligibility, but its consensus protocol leverages intelligent random sampling to determine state.
  • In systems like Steem and EOS, users vote for block producers with their stake.

In summary, when someone calls a platform PoS, it doesn’t tell you anything other than that they used the word stake somewhere. The platforms I listed are only a small sample of what is out there, with different models, different crypto, different security properties, and different performance. Putting everything under one oversimplified banner is confusing at best. We are getting triggered by the color of the woodshed out back, and not focusing on what matters.

Towards a Better Definition

Let’s start with the definition I was working from, as it’s clearly not refined enough either:

The age or amount of stake is an input to the consensus mechanism.

With the exception of Dash and Avalanche, this describes all the systems mentioned in my 3rd point above.  Two papers emerged from the discussion of those systems which offered with their own definitions. One from Bitfury:

Instead of mining power, the probability to create a block and receive the associated reward is proportional to a user’s ownership stake in the system.

and one discussing Chain of Authority (CoA):

Mechanisms that give the decision-making power regarding the continuation of the ledger history to entities who possess coins within the system.

Bitfury’s definition excludes age and deposit mechanisms. In that sense, it is the most specific. I would like to further distinguish based on the selection mechanism (e.g., VRF v. VDF v. other mechanism), but I will stop myself here. If you have clout in this community and interested in working on useful definitions, please let me know.

Is Elixxir PoS or PoW?

Neither. There is no “Proof of” in Elixxir.

Folks out there assumed the worst and went straight to the bikeshed after reading the word “stake” in our Technical Brief. The words “Proof of” are nowhere in the Elixxir Technical Brief by design, but we are taking this one step further by replacing the term “stake” with “bonded deposit” in all of our documentation. We defined that in terms of a number of tokens, but replacing it with a bonded deposit in USD, ETH, or BTC would be acceptable for purposes of the property we are trying to achieve with this term: you have “skin in the game” to lose when you violate the protocol, and the amount does not give you more or less influence in the consensus in Elixxir.

As far as I know, the design of Elixxir is divergent from other platforms. We are the only platform using a multiparty-like computation through a mixed network protocol. We are providing messaging along with transaction processing; We are using hash-based ownership (hash-based digital signatures); and more. For more details, check out the technical brief. We will release more information when we publish the white paper.