A (fast) information to blockchain consensus protocols


We hear a lot about how public blockchains will change the world, but in order to work on a global scale, a common public ledger needs a functional, efficient and secure consensus algorithm.

A consensus algorithm, like Bitcoin’s proof of work (the one we hear about the most), does two things: it ensures that the next block on a blockchain is the only version of the truth, and it prevents powerful adversaries from derailing the system and successfully fork the chain.

As proof of the work, miners compete to add the next block (a series of transactions) to the chain by trying to solve an extremely difficult cryptographic puzzle. The first to solve the puzzle wins the lottery. As a reward for his efforts, the miner receives 12.5 newly minted bitcoins – and a small transaction fee.

While Bitcoin is a masterpiece in itself, Bitcoin’s proof of work isn’t entirely perfect.

Common criticisms are that it requires enormous amounts of computing power, that it doesn’t scale well (it takes around 10 to 60 minutes to confirm the transaction), and that most of the mining industry is centralized in areas of the world where electricity is cheap.

Bitcoin developer Satoshi Nakamoto made us aware of the potential of the blockchain, but that doesn’t mean we can’t look any further for faster, less centralized, and more energy-efficient consensus algorithms to carry us into the future.

While this is not an exhaustive list, below are some of the alternative approaches that exist.

Proof of commitment

The most common alternative to proof of work is proof of deployment.

In this type of consensus algorithm, a “validator” invests in the system’s coins rather than investing in expensive computer equipment to mine blocks.

Note the term validator. This is due to the fact that no coin creation (mining) exists to prove its use. Instead, all coins exist from day one, and validators (also called stakeholders because they are involved in the system) are paid exclusively in transaction fees.

As proof of wagering, your chance of being selected to create the next block depends on the percentage of coins in the system that you own (or set aside for wagering). A validator with 300 coins is selected three times as often as someone with 100 coins.

As soon as a validator creates a block, this block still has to be transferred to the blockchain. Different proof-of-stake systems differ in how they handle it. In Tendermint, for example, every node in the system must deregister a block until a majority is achieved, while in other systems a random group of signers is selected.

Now we are facing a problem. What’s to stop a validator from creating two blocks and charging two sets of transaction fees? And what’s supposed to keep a signatory from signing these two blocks? This has been referred to as the “nothing at stake” problem. A participant with nothing to lose has no reason not to misbehave.

In the burgeoning field of “cryptoeconomics”, blockchain engineers are looking for ways to address this and other problems. One answer is to require a validator to lock their currency in some sort of virtual vault.

If the verifier tries to double-sign or fork the system, these coins will be slit open.

Peercoin was the first coin to introduce evidence of engagement, followed by Blackcoin and NXT. Ethereum currently relies on proof of work, but plans to transition to proof of deployment in early 2018.

Proof of activity

To avoid hyperinflation (what happens when too much currency floods the system), Bitcoin only ever produces 21 million bitcoins. That means that the Bitcoin block bonus subsidy will end at some point and Bitcoin miners will only receive transaction fees.

Some have speculated that this could lead to security problems arising from a “common tragedy” in which people act in their own interest and corrupt the system. Therefore, a proof of activity was created as an alternative incentive structure for Bitcoin. Proof of activity is a hybrid approach that combines both proof of work and proof of deployment.

As evidence of the activity, mining begins the traditional way, with miners trying to solve a cryptographic puzzle. Depending on the implementation, the mined blocks do not contain any transactions (they are more like templates) so the winning block only contains a header and the miner’s reward address.

At this point, the system switches to the proof of deployment. Based on the information in the header, a random group of validators is chosen to sign the new block. The more coins a validator has in the system, the more likely he or she will be selected. The template becomes a full-fledged pad as soon as all reviewers sign it.

If some of the selected validators are not available to complete the block, the next winning block will be selected, a new group of validators selected, and so on until a block receives the correct number of signatures. The fees are shared between the miner and the examiners who de-registered the block.

The critique of Proof of Activity is the same as that of both Proof of Work (too much energy is needed to mine blocks) and Proof of Dedication (there is nothing that could stop a validator from double-signing).

Decred is currently the only coin that uses a variation in evidence of activity.

Fire detection

With proof of incineration, instead of putting money into expensive computing devices, you “burn” coins by sending them to an address where they are irretrievable. By wagering your coins on the never-never landing, you receive a lifetime privilege to mine based on a random selection process on the system.

Depending on how the burn detection is implemented, miners can burn the local currency or the currency of an alternative chain like Bitcoin. The more coins you burn, the greater the chance that you will be selected to mine the next block.

Over time, your stake in the system will decrease, so you may want to burn more coins to increase your chances of getting selected in the lottery. (This mimics the Bitcoin mining process, where you have to continually invest in more modern computing devices to keep hashing performance going.)

While the detection of burns is an interesting alternative to the detection of work, the protocol is an unnecessary waste of resources. Another point of criticism is that the mining power simply goes to those who are willing to burn more money.

The only coin that uses proof of burn is Slimcoin, a cryptocurrency based on Peercoin. It uses a combination of proof of work, proof of deployment and proof of combustion, but is currently only semi-active.

Proof of capacity

As we’ve seen, most of these alternative protocols use some sort of pay-to-play scheme. The proof of capacity is no different, but here you “pay” with hard disk space. The more hard drive space you have, the better your chance of mining the next block and getting the block reward.

Before mining in a proof-of-capacity system, the algorithm generates large amounts of data called “plots” that are stored on your hard drive. The more lots you have, the better your chance of finding the next block in the chain.

By investing in terabytes of hard drive space, you get a better chance of creating duplicate blocks and branching the system. But with the capacity to be proven, we still have the problem that nothing is at stake to scare off bad actors.

Variations in the proof of capacity include proof of storage and space. Burstcoin is the only cryptocurrency that uses a proof of capacity.

Evidence of the elapsed time

Chip maker Intel has developed its own alternative consensus protocol known as evidence of elapsed time. This system works in a similar way to a proof of work, but uses far less electricity.

Instead of letting participants solve a cryptographic puzzle, the algorithm uses a Trusted Execution Environment (TEE) like SGX to ensure that blocks are created in random lottery, but without the work required.

Intel’s approach is based on a guaranteed latency provided by the TEE. According to Intel, the Poof-of-Elapsed-Time algorithm scales to thousands of nodes and runs efficiently on any Intel processor that supports SGX.

The only problem with this protocol is that you have to put your trust in Intel – and not trust in third parties, which we wanted to get away from with public blockchains?

Gumballs image via Shutterstock


Melinda Martin