Proof-of-stake (PoS) is a distributed consensus algorithm that's based on validators (i.e. miners) in a network having an ownership stake in it that gives them an economic incentive to behave honestly so as not to devalue the network and their stake in it. Unlike in proof-of-work based systems, it is not computationally costly for validators to add new blocks to the end of a PoS blockchain.
The nothing-at-stake problem is a theoretical security hole in proof-of-stake systems. The problem can occur anytime there is a fork in the blockchain, either because of a malicious action or accidentally when two honest validators propose blocks simultaneously.
Whenever a fork occurs, it's in the best self-interest of all of the miners to continue mining both chains. There are two reasons for this:
- There is no cost to mining, so mining both chains doesn't impact a miner's bottom line.
- If miners continue mining only one fork and one of the other forks becomes longer, the miners will not profit from any of the time they spent mining the shorter chain. In other words, mining all of the forks ensures that the miner will get their reward no matter which fork wins.
This could potentially make double-spend attacks more feasible. An attacker who wants to attempt a double-spend could do so by creating a fork in the blockchain one block before they spent some coins. If the attacker only mines their fork while all of the other miners act in their best self-interest and mine both forks, then the attacker's fork would eventually become the longest chain even if the attacker only has a small stake in the network.
There are a few ways that an exploit of a nothing-at-stake security issue might fail:
- Some miners might recognize that a fork is malicious and chose not to mine on it to preserve the integrity of the network
- Some miners might act altruistically and only mine 1 chain at a time even if doing so is less profitable
- Standard mining software will not come with the ability to mine all forks, so miners would need to modify their validation software in order to do so.
However, it is a best practice to assume that miners will always seek profit and act in their own economic interest, so these possibilities are not considered adequate from a network security standpoint.
Rather than having a rudimentary PoS system where people can participate as validators simply by possessing some amount of the network token in a wallet, Casper is what's known as a security-deposit based economic consensus protocol.
This means that nodes who wish to validate transactions must place a security deposit in order to do so. If a validator then produces anything invalid, a portion or all of their deposit is forfeited along with their ability to continue participating in consensus. The security-deposit therefor attaches a cost to being dishonest and makes it in the best economic interest of all of the miners to behave honestly.
Introducing Casper "the Friendly Ghost"
Nothing At Stake Explained In 4 Minutes
August 12, 2015
Understanding Proof of Stake: The Nothing at Stake Theory
- Proof-of-stakeProof-of-stake (PoS) is a system in which a network (e.g., a cryptocurrency blockchain) aims to achieve distributed consensus.
- EthereumEthereum is an open-source, public, distributed blockchain computing platform featuring smart contract (scripting) functionality, which facilitates online contractual agreements.
- Casper (proof of stake)Casper is proof of stake based consensus algorithm in development primarily for the Ethereum blockchain.
- Proof-of-workA proof-of-work (PoW) system (or protocol or function) is an economic measure to deter DOS attacks and other abuses (e.g., spam) on a network by requiring some work from the service requester, usually meaning processing time.