Editor's note: Authors of this article: Wang Qiulin and Chongmu, edited and reprinted with authorization.
The consensus mechanism is one of the core technologies of the blockchain, no matter what stage of development it is, it should be the focus of our attention.
The consensus mechanism allows the distributed network to reliably handle the failure of one or more nodes. Failed nodes may exhibit an often overlooked type of behavior—that is, send conflicting information to other nodes in the system. With the consensus mechanism, all nodes can achieve consensus, thereby eliminating conflicting information and ensuring the consistency of node information status.
The earliest consensus mechanism adopted by the blockchain was PoW introduced by Bitcoin. Later, with the passage of time and technological development, Sunny King launched the PoS mechanism to solve the various shortcomings of PoW (the landing performance is Diancoin). Later, V God was inspired by this to create Ethereum, and BM developed DPoS on this basis. Until recently Sunny King came back and launched a new consensus mechanism SPoS. Next, I will take everyone to understand the development history of each consensus mechanism.
1. Satoshi Nakamoto’s Bitcoin and POW
POW, Proof Of Work (workload proof), was originally derived from the anti-spam HashCash algorithm. Cryptographer Dai Wei proposed the B-money design in 1998 by combining POW with signature transaction technology. This is the first time that the POW mechanism was proposed as a digital currency consensus mechanism, but B-money did not solve the well-known block chain. The "double spend" problem.
In 2008, Satoshi Nakamoto combined the essence of cryptography and decentralized technology, and published an epoch-making paper "btc: A Peer-to-Peer Electronic Cash System", proposing the data structure of BlockChain. Blockchain can establish a decentralized electronic transaction system without trust. In January 2009, the btc network was officially launched, and the version of the open source client was released, and Bitcoin was born.
Bitcoin adopts the POW consensus, which stipulates that while the miners are processing the transaction data (that is, hashing the data), they will continuously add a random number to the packaged transaction data and perform hash calculations to obtain the first 23 digits. The hash value of 0 is used as the nonce of the block. When a miner in the whole network hashes out the nonce, he will publish the block he has packaged. After receiving and verifying the block, other nodes will agree that the block has been received on the blockchain and continue. Packing and hashing of the next block.
Since it is difficult to obtain a nonce that meets the requirements, it is guaranteed that only a few legal proposals can appear in the system for a period of time. At the same time, these small number of legal proposals will be broadcast in the network, and the received users will continue to calculate based on the longest chain it thinks after verification. Therefore, although there may be a chain fork (Fork) in the system, there will eventually be a chain that will become the longest chain.
The Hash problem is irreversible. Therefore, there is no effective solution algorithm except for brute force calculation. Conversely, if a nonce that meets the requirements is obtained, it means that the corresponding computing power has been paid in probability. Whoever has more computing power has a higher probability of solving the problem first.When you master more than half of the computing power of the entire network, you can control the direction of the chain from a probability perspective. This is also the origin of the so-called 51% attack.
As the earliest blockchain currency, Bitcoin always has imperfections. Bitcoin sacrifices bookkeeping efficiency for transaction security and adopts the POW mechanism, but with the increase of nodes, the high energy consumption caused by mining is gradually exposed. Today, the energy consumed by the global Bitcoin network is almost equal to 2/3 of the power generated by the Three Gorges Dam.
Advantages of POW:
Decentralization, fair distribution of bookkeeping rights to other nodes. The amount of coins that a node can obtain depends on the effective work of its mining contribution. That is to say, the better the performance of the mining machine used by the node for mining, the more income will be distributed to the node. This is according to the node Proof of work to implement the distribution of coins.
The security is high, and it takes a huge cost to destroy the system. If you want to cheat, you must have the computing power to overwhelm the majority of people (51% attack). Because cheating has to pay a certain cost, cheaters will treat it with caution. In Bitcoin’s POW mechanism, since the probability of obtaining the calculation result is close to the proportion of the computing power, the cost of miner fraud is significantly higher than that of honest mining without mastering more than 51% of the computing power. Possibility to complete fraud (due to low probability).
Disadvantages of POW:
Mining causes a lot of waste of resources.At present, bitcoin has attracted most of the computing power in the world.This has transformed the mechanism of fair distribution of rewards based on computing power into a large investment in mining machine computing power, distorting the original design intention of Satoshi Nakamoto.
Need to wait for multiple confirmations, network performance is too low. The consensus period of the Bitcoin blockchain is long (10 minutes), and the upper limit of transactions per second is now 7 transactions, which is not suitable for commercial applications (the average transaction volume per second of Visa is tens of thousands, and the peak value of Alipay is close to 90,000)
The centralized computing power of the POW consensus algorithm has gradually deviated from the original decentralization track. It can be seen from the dispute over Bitcoin expansion that large mining pools with high computing power are the masters, and those who hold coins have no right to participate in the decision. Bitcoin is about to lose its "decentralized" label.
Pow still has many shortcomings. Is there a better solution to some of these problems? And look at Pos.
2. Peercoin and POS of Sunny king
After Bitcoin, many blockchain currencies imitating Bitcoin also appeared, such as Litecoin, etc., but these currencies all adopted the POW mechanism with low efficiency and high energy consumption. There has been no revolutionary innovation in the blockchain field for a long time.
Until 2012, Sunny King released Peercoin (Peercoin, also known as PPCoin, PPC), and proposed the POS consensus mechanism for the first time in Peercoin, which changed the history of POW, and Peercoin was also the first to adopt POS The blockchain currency of the world has been recorded in history. The Ethereum and EOS that have appeared since then are just the continuation of Sunny King's ideas, not to mention other public chains.
POS, Proof of Stake (equity certification mechanism), is an upgraded consensus mechanism of POW. POS determines the accounting rights and rewards according to the proportion and time of each node's tokens; the difficulty of mining is reduced proportionally, thereby speeding up the speed of finding random numbers, so POS does not require a lot of computing power to maintain network security.
Simply put: the more you hold, the more you get.
POS tries to solve the situation where a lot of resources are wasted in the POW mechanism. This mechanism determines the probability of the node obtaining the bookkeeping right by calculating the percentage of the currency held by the node to the total currency and the age of the currency. Among them, the currency age = the number of coins held * the time elapsed for holding these coins. Once the coins are transferred, the coin age involved in the coins transferred by the user will return to zero.
In the POW mechanism, it often takes a lot of electricity and time to find a nonce that meets the conditions. therefore,In order to make each block be generated faster, the POS mechanism removes the process of exhaustive nonce, and then adopts the following faster algorithm:
SHA256(SHA256(Bprev),A,t)≤balance(A)m
H some hash function
t is the UTC timestamp
Bprev refers to the previous block
balance(A) represents the account balance of account A
The m on the right side of the equation is a fixed real number, and the only parameter that can be adjusted continuously is t. Therefore, when the balance(A) is larger, the probability of finding a reasonable t is larger. In the network, there are generally restrictions on the range of t. For example, the time stamp that can be tried cannot exceed 1 hour of the standard time stamp. That is to say, a node can try 7200 times to find a qualified t. can be waived. Therefore, in PoS, the more balance an account has, the easier it is to find the next block under the same computing power.
From the above description, it can be seen that the difficulty of obtaining node bookkeeping rights is inversely proportional to the rights and interests held by nodes. Compared with POW, the POS consensus has reduced the resource consumption caused by mathematical operations to a certain extent, and the performance of block generation has also been improved accordingly. However, it is still based on hash operations to compete for bookkeeping rights, which is weak in supervision. The consensus mechanism has the same fault tolerance as POW.
Advantages of POS:
1) To a certain extent, the time to reach a consensus is shortened.
2) There is no need to consume a lot of energy for mining.
3) Of course, POS can also prevent cheating, because if a person who holds more than 51% of the equity cheats, it is equivalent to cheating himself, because a person will not kill his own money.
4) Prevent the centralization of computing power from causing evil in miners.
Disadvantages of POS:
1) Mining is still required, which essentially does not solve the pain points of commercial applications;
2) All confirmations are just a probabilistic expression, not a deterministic matter, and there may be other attack effects in theory.
3) In extreme cases, it will lead to centralized results. The security of the POS mechanism is guaranteed by the shareholders themselves, and the working principle is the binding of interests. In this mode, people who do not hold POS cannot pose a threat to POS. The security of POS depends on the holder and has nothing to do with any other factors. Although POS solves the energy consumption problem of POW,Full node confirmation will hinder the efficiency of block confirmation, and the longer the time, the easier it is to produce the Matthew effect, that is, people who hold more coins will get more coin rewards, thereby increasing the gap between the rich and the poor. In the end, more than 50% of the centralized nodes will be generated, and the passive evolution will result in unexpected centralization.
4) Malicious node verifiers can put their coins on the fork chain to promote hard fork without any loss. This problem is also called "no stake ("nothing at stake")” problem (under the pow mechanism, miners’ forks need to consume computing power resources, so this situation will not occur).
Pos has pioneered a new consensus, with strong innovation but not perfect. Let's see how Casper evolves?
3. The difficult consensus mechanism of Eth and Casper
Since V God released the Eth white paper "Ethereum: A Next-Generation Cryptocurrency and Decentralized Application Platform" in January 2014, more and more people use Eth, and many people have released various smart contracts on Eth. The operation of smart contracts has brought great pressure to the Eth network based on the POW mechanism. The Eth network is constantly congested and the price of Gas is high. As a result, the network confirmation time is greatly extended and the DAPP operating cost is soaring. With the growth of users and the increase of DAPP, the entire Ethereum network has gradually fallen into trouble.
In order to improve the operating efficiency of Eth, V God, the founder of Eth, plans to introduce an improved version of the POS consensus in Ethereum, and gradually replace the currently used POW consensus. This improved version of POS is called Casper.
Casper is a security-deposit based economic consensus protocol (security-deposit based economic consensus protocol). It is a consensus mechanism that Ethereum plans to adopt in the future. It is a branch extension of POS and aims to solve the problem of disinterestedness in POS. ("nothing at stake", i.e. validators break network security at no cost by voting for multiple conflicting blocks at a given height).
Nodes in the Casper protocol, called "bonded validators", must first pay a deposit (this step is called a lock deposit,"bonding") can participate in block generation and consensus formation. Block production is a process that happens independently of everything else: validators collect transactions, and when it's their turn to produce a block, they produce a block, sign it, and send it to the network. The Casper consensus protocol constrains validator behavior through direct control over these deposits.
Specifically, if a validator does anything that Casper considers "invalid", his security deposit will be fined, and the right to generate blocks and participate in the consensus will also be cancelled.The introduction of the margin solves the"disinterested matter", that is, the problem that the cost of doing bad things is very low in the classic POS protocol. There is now a price, and validators who are objectively proven to have done something wrong will pay that price.
It is easy to see that the validator's signature is economically meaningful only if his signature is currently bonded. This means that clients can only rely on the signatures of validators they know to lock the deposit. Thus when a client receives and authenticates consensus data, the consensus-approved chain must originate from the block of the validator currently locking the bond.
In the POW protocol, the consensus-approved chain originates from the genesis block—as long as you know the data of the genesis block, you can identify the consensus-approved chain. Here, as long as you know the validators currently locking the deposit, you can identify the consensus-approved chain. Clients that do not know the list of validators currently locking their deposit must first obtain this list through another channel.This restriction solves the "long range attack" problem by requiring everyone to authenticate consensus with current information.
The validator list changes as the validator deposit is continuously locked, slashed, and unlocked. If a client goes offline for too long, its validator list becomes stale and cannot be used to authenticate consensus. If the client is online often, it can keep in sync with the latest validator list, but the problem is that before the first sync, the client still needs to get the latest validator list for the locked deposit from other channels.
This property of "needing to identify consensus from other channels at least once" is exactly what V God calls "weak subjectivity". In our context, information is called "objective" if it can be verified within the agreement, and "subjective" if it must rely on means outside the agreement to be verifiable. In weakly subjectivity consensus protocols, the fork selection rules are stateful, so clients must initialize (and sometimes update) this state in order to identify consensus. Here, this state is used to identify the validators currently locking the bond (or more precisely, a cryptographic hash of the current list of validators).
On August 31, 2018, 14 core developers of the Ethereum network decided to postpone the development of Casper for 12 months through a video call.
Advantages of Casper:
The system can quickly punish the malicious behavior of nodes, thereby avoiding harmless attacks.
Help Ethereum greatly improve the efficiency of consensus, and make Ethereum different from Bitcoin in terms of the fundamental consensus mechanism.
Disadvantages of Casper:
The design is more complex and more prone to loopholes
4. BM's EOS and DPOS consensus mechanism
Due to the extremely low operating efficiency of Bitcoin's POW mechanism, Daniel Larimer (BM) decided to introduce a new consensus mechanism in the blockchain technology - DPOS, based on the combination of POS technology, to replace the extremely slow transaction speed POW. In February 2014, BM released Bitshares (also known as BTS, bit shares), which adopted DPOS technology for the first time. But Bitshares has caused a series of problems because of immature technology.
Later, Ethereum, known as Blockchain 2.0, could hardly support a huge decentralized business application ecosystem. Then, BM decided to use Ethereum as the opponent to establish a blockchain operating system EOS. This new system incorporates BM's understanding and summary of blockchain technology, and uses the improved DPOS consensus mechanism.
DPOS, Delegated Proof of Stake (Delegated Proof of Stake), is a new consensus algorithm based on POW and POS. It can not only solve the problem of excessive energy consumption of POW, but also avoid the biased problem of "trust balance" that may arise under the distribution of POS rights.
The "D" in DPoS is "Delegated", which means authorization and delegation; the main difference between DPoS and PoS is that all token holders elect several representatives, and the representatives participate in bookkeeping.
EOS defines democratically selected representatives as block verifiers in the blockchain network. The term "representative" can be used equately with "block verifier". EOS stipulates that 21 representatives act as master nodes in the network, create new blocks, sign and verify transactions. These representatives are "authorized firms" voted on by EOS token holders. The design of 21 "delegators" is because too many delegators (such as 101 used by BTS) will distract the attention of EOS token holders and weaken the decision-making power of token holders.
Using the EOS.IO software, the block takes 126 blocks as a round (there are 21 producers, and each producer can produce 6 blocks in a three-second time slice, with an average of one block every 0.5 seconds). At the beginning of each round, 21 block producers are selected by voting of token holders. Selected producers produce blocks in an agreed-upon order, which is agreed upon by 15 or more producers.
In theory, this can greatly improve system performance, but it also brings network delay problems: The confirmation time of 0.5 seconds will cause the next block producer to produce the next block before receiving the previous block producer's block, then the next block producer will ignore the previous block, resulting in block Block chain fork (two blocks with the same block height). For example: Chinese witnesses may be followed by American witnesses. The network delay between China and the United States is sometimes as high as 300ms. blocks will be skipped.
In order to solve this problem, BM changed the original random order of block production to the order of block production determined by the witnesses after negotiation, so that witnesses with low network connection delays can produce adjacent blocks. For example: the witnesses in Japan are followed by witnesses in China, followed by witnesses in Russia, followed by witnesses in Britain, and followed by witnesses in the United States. This greatly reduces network latency between witnesses. This makes a block generation speed of 0.5 seconds theoretically possible.
If a producer misses a block and does not produce any blocks within 24 hours, the producer will be removed. These "down" producers are not rejoined until they notify the blockchain in time that they intend to produce blocks again. By not arranging unreliable nodes and minimizing missed block creation, the entire network can run more smoothly.
DPOS advantages:
It can minimize the energy consumption for maintaining network operation and manage the operation of the entire chain in a low-cost way, which largely solves the energy consumption problem of POW.
Faster block generation speed, achieving an average block generation speed of 0.5 seconds, greatly improving the operating efficiency and throughput of the system.
A more "decentralized" management method disperses the decision-making power of the blockchain network operation to each node in the entire network, which largely avoids the "holding" phenomenon that POS is prone to being manipulated by dealers. The emergence of the DPOS consensus mechanism will counteract the negative effects of "centralization" by implementing "democracy" on the blockchain, and improve the efficiency of network operation and maintenance with the "weak centralization" method that is publicly elected.
DPOS disadvantages:
Shareholders are not very motivated to vote. The vast majority of shareholders (90%+) never participate in voting. That's because voting takes time, energy, and skills that most investors lack.
The implementation is complicated, there are many intermediate steps, and there are many difficulties in dealing with bad nodes. Community elections cannot effectively prevent the emergence of some sabotage nodes in a timely manner, causing potential security risks to the network.
Although Dpos is very efficient, its shortcomings should not be underestimated.
5. Sunny King's new SPOS consensus mechanism
With the explosion of the blockchain, many geniuses in the world have invented various deformed POS on the basis of Sunny King. But these are just some small modifications for POS, and there are various problems of their own, which cannot support the large-scale high-performance commercial-grade blockchain in the future.
Sunny King is also constantly reflecting on the imperfections of POS. While others are struggling to improve POS, Sunny King has recently returned with the results of his many years of reflection: this result is the next version of POS, this version Or it can create a new era and support the future blockchain economy.
This new version of POS has higher performance and security and is a next-generation consensus mechanism called SPOS.
SPOS, supernode proof-of-stake (supernode proof-of-stake mechanism), will be introduced in the blockchain data cloud project VEE.
A major feature of SPOS is the use of a fixed block time. The system has 60 nodes, 15 of which are master nodes and 45 are standby nodes. Each node has extremely high computing performance and network bandwidth, so that the entire system has extremely high throughput and operating efficiency.
The whole system has 60 coin slots, and each coin slot represents the authority to produce blocks within a fixed period of time within one minute. When the system is working, each slot produces blocks in sequence (by the node that obtains the ownership of the coin slot).
Each node can compete for the right to use each minting slot. Since each node corresponds to a VEE account, and each account can be bound to 9 wallet addresses, one of the addresses is used to compete for one slot during competition, and one address can only compete for one slot, so each node Up to 9 coin slots can be occupied at the same time, which prevents a node from occupying all the coin slots.
When the SPOS system is running, each node actually produces blocks in turn, which can minimize the impact of the sporadic failure of a node on the entire system.
Since the nodes on each slot need to produce blocks according to time, the time synchronization between each node is very important, so the Network Time Protocol (NTP) is adopted to ensure that each node can produce blocks in order. piece.
NTP is a protocol used to synchronize computer time. It can synchronize the computer with its server or clock source (such as quartz clock, GPS, etc.), and it can provide high-precision time correction (on LAN and standard The difference is less than 1 millisecond, tens of milliseconds on the WAN), and can prevent malicious protocol attacks by encrypted confirmation. The purpose of NTP is to provide an accurate and robust time service in the chaotic Internet environment.
Nodes can initiate a competition for the right to use a coin slot at any time, but in order to prevent the competition mechanism from being abused, the system will charge a higher amount of competition fees as a deterrent. When a node as a challenger initiates a competition application to the owner of the right to use a coin slot, the SPOS protocol will compare the stake of the challenger's account on the coin slot with that of the challenged mining node on the coin slot The equity (stake) of the account, and then decide the winner of the competition, and give the right to use the coin slot to the winning party.
Although the winner of the competition wins the competition through more stakes, the liquidity of these stakes can still be guaranteed, and minting nodes can then transfer out stakes from their own account addresses.
Even from the point of view of the POS protocol, the competition of transferring the same stake to different addresses and coin slots at the same time is prohibited, which is tantamount to a double-spend attack.
However, due to the liquidity of the rights and interests, some nodes quickly transfer the rights and interests from one address to other addresses for the competition of other minting slots in order to compete for the ownership of the minting slot, thus forming a busy contention attack (busy contention attack).
In order to prevent this attack, the cumulative mean value of the balance over time is used as the measure of the balance of the address account in the competition for the minting slot. If the rights and interests are allowed to flow quickly, the cumulative mean value of the address account will drop significantly over time, thereby greatly reducing the competitiveness of the address account in the face of challenges, so that when the node launches a busy competition attack, it will lead to Outgoing address accounts can easily lose minting rights, thereby preventing nodes from launching such attacks.
Users can lend their own equity (stake) to the node. When the node obtains income through block generation, it can distribute dividends to the lender of the equity in proportion. Although the account balance of the node is calculated with the leased rights and interests included, the node account has no right to use/transfer this part of the rights and interests, and the lender of the rights and interests can withdraw these lent rights and interests at any time.
If the number of leased equity on a node increases, then since the income of a single node is fixed, the increase in the total equity will inevitably lead to a decrease in the dividend rate, thereby curbing the increase in leased equity, thus forming an internal self-regulation mechanism.
This system looks more centralized in design, but King has also designed a mechanism to ensure the security of the network, ensuring that each supernode (supernode) has equal power, and preventing a node from being too powerful.
If POW is compared to an old and slow steam locomotive, then SPOS is a high-speed and comfortable modern high-speed rail, and a next-generation blockchain consensus mechanism.
We summarize some of the SPOS mechanisms:
SPOS super nodes produce blocks in a fixed order;
Start the main network with 15 super nodes, and as the network grows, the number of super nodes will increase to 30-60;
The interval between blocks is fixed, which brings better and stable delay;
60 coin slots representing 60 seconds of a minute;
The snatch/release mechanism also makes the competition for minting rights fairer (compared to DPOS, which is the number of coins, coins can be voted repeatedly on multiple nodes, etc.);
The minting average algorithm MAB can support better liquidity of currency rights, prevent coins from running to one place, maintain decentralization, and protect network security;
The benefits brought by the SPOS mechanism:
SPOS is the underlying structure designed for high-performance blockchain;
The fixed block interval design brings high throughput and more stable blockchain network (the high throughput of other networks cannot guarantee stability, and ultimately cannot support high-performance business operation);
The design of cold coinage ensures the more secure performance of the blockchain;
The design of the economic system encourages the ecosystem to continuously invest in upgrading super nodes, which ensures that the operating effect of the system will continue to improve;
The biggest focus of blockchain technology is consensus. We see the continuous advancement of consensus technology, which is also a manifestation of the geek spirit.
Note: The main author of this article: Wang Qiulin, an early blockchain technology developer, developed a variety of blockchain games, and worked in research and development for a well-known Tokyo software company.
Content outline: Chongmu, blockchain developer, technology ecology researcher, founder of the game Bull, founder of dll.io.
