On Defining Proof of Stake
The current definition of Proof of Stake is too broad and generic to be useful. It does not imply any information about the security or insecurity of a platform. This definition does a disservice to all parties—the users, the systems, the experts—because instead of discussions addressing the issues, we spend our time bike-shedding and making untrue assumptions about system properties.
By Rick Carback, December 18, 2018.
The current definition of Proof of Stake is too broad and generic to be useful. It does not imply any information about the security or insecurity of a platform. This definition does a disservice to all parties—the users, the systems, the experts—because instead of discussions addressing the issues, we spend our time bike-shedding and making untrue assumptions about system properties.
After a back-and-forth on Twitter, I feel compelled to build on that conversation and attempt to critique the current definition of Proof of Stake (PoS). I welcome conversation and feedback from community members to help further refine the definition from here.
The Current Definition
Ignoring the “PoS is anything not PoW” trolls, most high-level definitions of PoS are minor variations on the following:
PoS refers to the entire class of mechanisms whereby the amount of cryptocurrency you hold determines the extent to which you can participate in consensus.
In my mind, there are 3 main problems with this definition:
Problem 1: The primary problem is that it is so high-level that it can only be valid within the narrow context of the protocol and therefore ignores very real externalities.
Nobody means this, but this extremely high-level definition implies that Proof of Work (PoW) could be considered a subset of PoS because—while it is possible to have all of the hashrate and 0 tokens—in practice you can use your tokens to buy hashrate and thus influence in the consensus mechanism. The only way for this high-level definition to work is to assume that Bitcoin and other PoW coins are not money and cannot be used to buy hashrate. I am sure the audience currently reading views this assumption to be as wildly untrue as I do.
Problem 2: The definition makes no distinction between systems with different properties.
My litmus test to illustrate this would be: if you replace stake with fiat, do the properties of the system look similar? If this is true, then calling the system PoS before it uses fiat and not calling it PoS after it uses fiat, despite the same properties being true, is a distinction without meaning.
Problem 3 : Systems with similar non-stake mechanisms end up getting unfairly grouped together.
PeerCoin provides interest based on a percentage of a user’s stake, choosing from competing chains based on coin age.
Ouroboros uses stake as a weight to select the next block producer using a secure multiparty coin-flip. Similarly, Algorand assigns weights to users proportionally to the monetary value they have in the system for selection from their verifiable random function.
Dash requires that a node have stake to become a master node, and makes payouts in exchange for services provided by these master nodes.
Avalanche requires stake for node eligibility, but its consensus protocol leverages intelligent random sampling to determine state.
In systems like Steem and EOS, users vote for block producers with their stake.
In summary, when someone calls a platform PoS, it doesn’t tell you anything other than that they used the word stake somewhere. The platforms I listed are only a small sample of what is out there, with different models, different crypto, different security properties, and different performance. Putting everything under one oversimplified banner is confusing at best. We are getting triggered by the color of the woodshed out back, and not focusing on what matters.
Towards a Better Definition
Let’s start with the definition I was working from , as it’s clearly not refined enough either:
The age or amount of stake is an input to the consensus mechanism.
With the exception of Dash and Avalanche, this describes all the systems mentioned in my 3rd point above. Two papers emerged from the discussion of those systems which offered with their own definitions. One from Bitfury :
Instead of mining power, the probability to create a block and receive the associated reward is proportional to a user’s ownership stake in the system.
and one discussing Chain of Authority (CoA):
Mechanisms that give the decision-making power regarding the continuation of the ledger history to entities who possess coins within the system.
Bitfury’s definition excludes age and deposit mechanisms. In that sense, it is the most specific. I would like to further distinguish based on the selection mechanism (e.g., VRF v. VDF v. other mechanism), but I will stop myself here. If you have clout in this community and interested in working on useful definitions, please let me know.
Is Praxxis PoS or PoW?
Neither. There is no “Proof of” in Praxxis.
The words “Proof of” are nowhere in our design, but we are taking this one step further by using the term “bonded deposit” instead of “stake” in all of our documentation. We define that in terms of an amount in coins, but replacing it with a bonded deposit in USD, ETH, or BTC would be acceptable for purposes of the property we are trying to achieve with this term: you have “skin in the game” to lose when you violate the protocol, and the amount does not give you more or less influence in the consensus in Praxxis.
As far as I know, the design of Praxxis is divergent from other platforms. We are the only platform using a multiparty-like computation through a mix network protocol. We are using hash-based ownership (hash-based digital signatures) for transaction processing. We will release more information when we publish the white paper.