Multiple Voting in POS Cannot be Detected and It Weakens SecurityA POS blockchain can be less secure than POW because of multiple voting of some miners - there is a group of miners in POS that does not exist in POW, the selfish or rational miners.
Most POS system work by selecting one miner stochastically each time to sign and add one block, based the recent blockchain history, a miner’s stake data, and the current time (in seconds). The probability a miner is selected is proportional to the stake shares of the miner (in most cases stake is the number of coins a miner owns). In case of a fork, the branch with the most stakes is the winner, which is similar to POW in that the branch with the most hash power wins.
In case of an attack, there are three groups of miners in POS. One group is the above mentioned selfish miners. They will vote on any braches they can to optimize reward, since it does not cost much to do so. The two other groups are the attackers and the honest or altruistic miners. The attacker will always vote on his own branch and the honest miners will always follow the rules to vote on just the main branch. The breaking point is when both branches have equal amount of stakes
Attacker% + Selfish Miner% = Honest Miner% + Selfish Miner% or
Attacker% = Honest Miner%
also
Honest Miner% + Attacker% + Selfish Miner% = 100%
These give us the stake percentage an attacker needs to control in order to succeed
Attacker% = (100% - Selfish Miner%) / 2
In POW Selfish Miner% = 0, so it takes at least 50%, or majority, to attack the blockchain. In POS, however, it all depends on the percentage of selfish miners. It only takes 25% to attack successfully if there are 50% selfish miners. You can argue that there will not be a high percentage of selfish miners because doing so will destroy the value of their stakes, therefore against their interest, but technically there is nothing in POS that can prevent the selfish miners from existing. This is the essence of the so called “nothing at stake” attack. Multiple voting by the selfish miners weakens the security of POS and turns the “51% attack” to less than 51%.
There have been proposals to penalize multiple voting. The difficulty, however, is that it is easy to multiple vote and avoid being detected. In case of a fork, for example, a miner with a 10% of total stakes in the system has a probability of 10% to be selected on each branch. He can sign 1 out 10 blocks on average on each branch. As shown in Fig. 1, double voting can only be detected if the miner voted on both branches at the same block height. This only happens with a probability of 10% x 10% = 1%. In 200 blocks (100 each branch) a selfish miner will gets a chance to double sign 20 of them (10 on each branch) with only 1 block getting detected (overlapped in the 2 branches). All he needs to do is to not to sign that 1 block and he still gets to sign 19 of them. He can do even better by spreading his stakes. For example, ten 1% stakes still get the same 10% probability of double signing 20 blocks out of 200. The chance of being detected is now reduced to 1% x 1% x 10 = 0.1%. The hard problem is really how to detect multiple voting, which the current POS fails.
http://intocrypto.com/images/fork.pngFig. 1. Multiple voting cannot be detected (it is not against the rules either) if a miner signs blocks in 2 branches at different heights.
Pool of StakeIn order to solve the POS weakness described above and also not to burn valuable resources like POW, we propose a new way of building blockchain. Like POS intangible stake is used in our system.
- Miners are grouped into multiple stake pools. A pool is formed by a leading “representative stake” and other stakes joining the pool. The joining process is like paying one’s stake to the representative so a stake can join only one pool at a time. Stakes have the rights to leave a pool at any time. A pool’s stake is the sum of all the stakes joined.
- One pool is selected based the recent history (or take turns) to propose transactions to be included in a block. All pools can sign the proposed transactions using their representative’s private keys to create a block. The block with the most stakes signed is the winner in a fixed time period (like 10 minutes). All the pools signed the winning block share the reward coins based the pool’s stake amount. The proposing pool can get extra reward.
- To control the total number of pools in the system the number of signatures is capped in one block and the pools with more stakes should be included first. To make the stakes spread more evenly among the pools the maximum award a pool can get can be capped as well, for example, at maximum of 5% of total coins rewarded for a block. This way a pool with 10% stake will earn the same amount of coins as a 5% stake pool. 5% will leave the pool since they can earn more reward somewhere else.
- A pool will be disbanded if it is caught double signing on blocks at the same height. The representative’s stake in the pool is destroyed permanently. Other stakes can form a new pool or join other pools.
- Like other systems, the blockchain with the most stakes is the consensus.
- Although this is not necessary, a separate cryptocurrency can be introduced into the system to represent shares of stake in the system and the reward coin can be in a different currency. This way the miner stakes are kept stable and the reward coins can be spent without affecting the stake shares. The total amount of stakes in the system can be capped. Once all the stakes are distributed no more new stakes can be issued. The number of coins rewarded for one block can be fixed forever or based on a target inflation rate.
We name our new system Proof of Representation (POR). The major differences of POR from POS include 1) Miners can join pools to form a hierarchal structure. Only pools or stakes with enough shares get a chance to sign blocks. 2) All stakes represented by pools vote at every block height instead of just one or some miners representing minority stakes. As a result, multiple voting can be detected in our new system. This is crucial to the security of blockchain without burning valuable physical resources.
POR has some advantages over POW as well. For details please see
http://intocrypto.com/por.pdfThoughts?