Blockchain is a classic example of a distributed system with no central source of truth. Like any distributed database, it cannot have consistency, availability, and partition tolerance simultaneously (following CAP theorem). Most of the blockchains ensure availability and are partition tolerant. But it is often possible for participating nodes to be in an inconsistent state. Each peer in the blockchain network can build up a different set of transaction histories leading to divergences called forks.
To achieve consensus among different copies of blockchain at each node in a trustless setup, without being fault-tolerant at the same time, has been a challenge for blockchain developers. Let’s delve into how blockchains achieve this.
One of the typical failures of a distributed system in an unreliable network is node failure, often represented by a thought experiment called “Byzantine Generals Problem.” According to it, some group of generals of a Byzantine army camped with their troops around an enemy city. One group in itself is not enough to defeat the city, so generals must agree upon a common battle plan.
These groups of armies are separated from each other and communicate through messengers. But while transferring the message, the messenger can be captured by the enemy. The message could be altered or lost forever. It may result in one general attacking while the others hold their grounds. On receiving a message, an acknowledgement is sent from receiving general to the sender, that messenger could get caught. However, there may be an infinite loop of sending acknowledgements back and forth to achieve consensus here. Neither general knows if the message has been received or not. Moreover, one or more of the generals can be a traitor and lie about their choice and try to confuse others. Similarly, the problem to find an algorithm to ensure that the loyal generals will reach an agreement represents the problem among different components of a distributed system to achieve a consensus on blockchain state.
This problem could be solved only if when more than two-thirds of the generals are loyal. The consensus is impossible to achieve if one-third or more of the generals are traitors.
A blockchain network experiences a lot of asynchronicity caused by messaging delays. There are no prior assumptions on the behavior of participating nodes.
Every blockchain employs a consensus mechanism to provide eventual consistency among nodes despite having malicious actors who would love to hack the system to get access to the wealth. The blockchain system is capable to tolerate the failures brought in by byzantine’s generals problem as long as the number of malicious nodes does not exceed a third of the honest nodes.
In Bitcoin (the original blockchain), Proof of Work provides the consensus. Many other blockchains like Ethereum, Litecoin, Dogecoin, Monero, etc also employ this protocol. Miners compete to create new blocks, mint new coins, and keep these rewards. This is a highly incentivized system for miners with nothing at stake to prevent any malicious behavior.
Proof of Work involves a computationally challenging puzzle that miners compete to solve. The annual energy consumption of Bitcoin alone is comparable to the power consumption of Chile. A Bitcoin single transaction has a carbon footprint equivalent to that of 720,232 VISA transactions.
To prevent this wasteful usage of electricity, many other consensus protocols have been suggested. Proof of Stake is one such protocol, first adopted by Peercoin.
Developed as an energy-saving alternative to PoW, Proof of Stake is adopted by many blockchains today. It introduces security deposits called stakes. Miners are replaced by the validators. They are selected based on their stakes to perform mining and add a new block.
The blockchains implementing this protocol consumes less energy. These have a stronger immunity to centralization (unlike mining pools in PoW) and lowers the hardware requirement barriers to mining. Typically the block size is larger, and the block time is much shorter, thus the transaction throughput is much higher.
PoS networks flip incentives from rewards for miners to penalties by slashing the stake to simulate the incentives of PoW. It is used as a mechanism for converging consensus among honest validators and a threat to dishonest validators.
Each node chooses the longest fork, with each block weighted by its block reward. Block rewards are proportional to the total amount of ether actively validating it. It ensures that the chains with more actively validating ether grow faster. So each node in the network adopts the blockchain on which the validators have the most value at stake. This can be thought of as the chain in which validators lose the least money.
PoS is adopted by various blockchains including Ethereum 2.0, Cardano, Sp8de, Tezos, Algorand, etc.
Ethereum is moving to the PoS consensus mechanism from PoW via a series of upgrades. Beacon chain introduced on Dec 1st, 2020, is the first addition to the Eth2.0 ecosystem. It brings staking to Ethereum.
It requires users to stake exactly 32 ethers to become a validator via a registration contract deployed on the current Ethereum blockchain. Validators are responsible for the same thing as miners in proof of work. They order transactions and create new blocks so that all nodes can agree on the state of the network. So far, more than 90,000 validators are registered.
Mainnet (current PoW blockchain) will merge with the beacon chain in Phase 1.5 (estimated 2022) of the Eth2.0 upgrade.
You can check the deposit contract for the Eth2.0 beacon chain here. Please note that the stake once deposited on the beacon chain cannot be turned back into PoW because there is no deregistration contract, only validator-exit functionality which can only withdraw ether to a shard in the PoS blockchain.
Registered validators on the beacon chain will be picked by a randomizer known as RANDAO+Verifiable Delay Function (VDF) to make a committee. They will be responsible for building the next block for a specific shard or two.
A validator will lose part of their stake periodically over time if they go offline. The validator can also lose stake for misbehaving - claiming that a transaction is valid when it isn't. This slashing of the stake will be controlled by an algorithm called Slasher. To withdraw the remaining ethers, a validator has to wait for several months.
To propose a block, the validator will combine the data from its designated shard(s) with the Beacon Chain data. It will store the list of validators and attestations. Attestations are confirmed and validator-signed hashes that reference the current state of a given shard. whenever a shard's data changes, that change is reported to the beacon chain by validators. This lets shards track each other's changes through the beacon chain, enabling communication between them.
Many blockchains other than Ethereum have been build with the PoS consensus mechanism. Following are some of the widely implemented PoS-based protocols:
Ouroboros: It is a pure stake-based protocol that employs a dynamic committee selected based on their stake distribution. The protocol divides time into epochs. In each epoch, the committee members participate in a multi-party computation to select the leaders and become the committee members in the next epoch. Each epoch is divided into slots. For each slot, a slot leader is selected (by a random lottery called Follow The Satoshi) from the above-selected leaders to create the next block based upon its stake. Ouroboros has been adopted by several cryptocurrencies, such as Cardano and Sp8de.
Chains-of-Activity: This protocol is a combination of Proof of Work and Proof of Stake. It involves miners competing to create a block (like PoW) and claim a reward. The block does not hold any transactions but only header information and the mining reward address. This header information is used to select a random group of validators. The selected validator has to make a deposit before creating a block. The block reward can be claimed by the leader if the block is created properly, and the deposit will be confiscated in cases of malicious behavior. The cryptocurrency Tezos is designed partially based on the CoA protocol.
Casper: It employs a dynamic committee, which votes via a Byzantine-Fault-Tolerance (BFT) protocol. To join the committee, a validator has to deposit to gain voting right proportional to that deposit, which will be slashed for malicious behaviors. Casper is proven to be secure as long as 2/3rd of the voting power is controlled by honest validators in a partially synchronous network. By incorporating a withdrawal delay, i.e., the validator has to wait for a long period of time before the deposit can be withdrawn. Ethereum adopts this PoS protocol.
Algorand: This protocol uses a cryptographic sortition mechanism to select the leader and committee members based on the stake distribution. The node’s chance to be selected as a block proposer is directly proportional to its stake amount. The committee is responsible for voting blocks that will be added to the chain in each round, meaning that the block is immediately finalized. Several cryptocurrencies, including Algorand and Arcblock, have adopted Algorand.
Tendermint: The protocol employs the BFT voting protocol for block confirming. In Tendermint, the validators gain the right to vote by making a deposit. A proposer is selected from the validators based on their voting right to propose a block and include transactions in each round via a deterministic round-robin selection scheme. The validators vote to confirm the proposed blocks in Tendermint, and thus blocks and transactions are immediately finalized. Currently, Tendermint has several applications in practice, such as BigchainDB, a blockchain database; Ethermint, a cryptocurrency network; and Cosmos.
The adoption of PoS provides several advantages to the blockchain ecosystem. But it comes with its own set of security issues. Network synchrony is one of the crucial points to ensure protocol safety. Even though many blockchains are actively using some variant of PoS, but its real potential could only unfold with Eth2.0.