Author: Richard Red, Decred contributor.
Hybrid PoW/PoS Consensus
The blockchain consensus mechanism serves to ensure that participants agree on the current state of the blockchain network. The consensus mechanism determines who can add new blocks of transactions, and one of its main purposes is to ensure that the chain is not rewritten.
Consensus Proof of Work
Blockchains with Proof of Work consensus (like Bitcoin) can function solely because of miners who use hardware that effectively guesses the answers to mathematical problems. Each time a miner makes a correct guess, they can build a block that the network will accept. While miners can choose to mine any chain, the network will only accept the chain with the highest accumulated proof of work (i.e. the most hash or guess) as a legitimate chain. This means that miners are interested in mining the longest chain, and when they see a new block, they will try to find a solution that will allow them to build it, add it to the network and receive a reward.
The difficulty in rewriting a blockchain network is that it allows it to function as a ledger for recording financial transactions. When a transaction appears in a block that sends coins to a wallet, and multiple blocks have been built on top of that block (confirmation), it is unlikely that the block (and transaction) will be overwritten.
If an entity controls enough hashing power to beat the main chain, it can overwrite (or reorganize) the block chain using the “old” block instead of the last one. Here's a simplified account of this type of attack, also known as a 51% attack: an attacker performs an operation on block X, sending it to an exchange, and then begins mining a parallel chain privately (the blocks are not broadcast to the network). After the required number of confirmations are received, the attacker exchanges coins and withdraws them from the exchanger. When withdrawals are made, they release the parallel chain, and if it has more PoW (blocks) than the original, the network will accept it as the legitimate chain and version of the transaction history, and the original chain presented (including the attacker's deposit) will disappear. The attacker can then spend those coins again.
Since miners are the only ones who can directly add blocks to the chain of PoW-based cryptocurrencies, this gives them a greater role in running the network. To accept any changes agreed upon by the rules of the network, the changes will need to support a majority of the hash functions. “Soft forks” require enough miners to recognize the new set of rules so that users can make trades with the expectation that their transactions will be properly processed and included in blocks. “Hard forks” would split the network into two, and according to the generally accepted rule “the chain with the most PoW is the right chain to follow,” miners would decide which of them would be considered legitimate.
Proof of Stake
Proof of Stake is an alternative solution method related to who will be able to add new blocks and check the current state of the blockchain network. Instead of miners fighting to solve a problem in proof of stake, the next block creator is determined by some process based on the number of coins stored in wallets (or “stake”). This process trusts whoever has the most stake to make responsible decisions for the network.
Proof of Stake eliminates the need for energy-intensive mining, but the lack of significant energy costs creates another problem, sometimes called “nothing in stake.” In the case of a chain fork, PoS forgers (“forging” is usually used instead of “mining”) are rewarded for mining on both chains, since it costs very little to mine on the additional chain, and they can collect rewards on both chains. This is a problem for the network because it is initially assumed to consist of only one chain, and agreeing on the state of that single chain is the main purpose of this consensus mechanism.
Proof of Stake has an additional problem with token distribution. PoW miners have large costs (hardware, electricity) and they usually must sell a significant portion of the mined coins to cover these costs. As a result, many mined coins are available for purchase on the market rather than being hoarded by miners. Proof of Stake forgers have very low operating costs, so they don't feel the same pressure to sell those coins they get for maintaining the network. Forgers holding more coins tend to increase their share of circulating coins as they collect block rewards and fees from network users. This has been likened to feudalism, in which the network is actually owned and operated by coin owners and users pay them rent for using it. But there are also some restrictions and rules that limit direct participation in Proof of Stake.
Hybrid PoW/PoS
The goal of hybrid Proof of Work and Proof of Stake systems is to identify the strengths of the respective approaches and use them to balance each other's weaknesses. Decred is one of the few cryptocurrencies that takes PoW and PoS in their raw forms and combines them together to create a multi-factor or hybrid consensus mechanism.
“Masternode coins” are also, in a sense, hybrids in that they have one Proof of Work component that serves the same role as in Bitcoin, and an additional role for special nodes. Typically, there is a mandatory requirement that these special nodes hold a certain amount of currency to demonstrate that they can be trusted to act in the best interests of the network, which is similar to Proof of Stake. Dash is the original masternode and calls this model Proof of Service. This article is focused on hybrids with a Proof of Stake component and does not cover the many coins that emulate masternodes or Proof of Service.
Decred's PoW component works similarly to other PoW-based projects that use the Blake-256 hash function. The PoW component of Decred and the way it is woven into the chain is unique and deserves further explanation.
To participate in the Proof of Stake Decred, holders must temporarily lock their DCR to purchase tickets. The price for an individual ticket is set by a market mechanism, through which the system strives for a certain number of live tickets (40,960), if the target number is greater than the price, the price increases, if less, it decreases. When someone buys a ticket, the DCR they use is locked (meaning they can't spend it) until their ticket is pseudo-randomly called for a vote or until its time expires, approximately 142 days. This provides an opportunity cost to PoS, designed to ensure that PoS voters have a skin in the game and act solely in the best interests of the network.
PoS participants (also called voters or stakeholders) play three different roles: voting for the block, voting for changes to the consensus rules, and voting for management at the project level using the Politeia Proposal System. The first of these, “block voting,” is the way in which PoS voters participate most directly in maintaining consensus.
Voting for blocks
When a PoW miner finds a valid block, it broadcasts it to the network, but in order for that block to be considered valid, it must include votes from at least 3 - 5 randomly selected tickets. PoS voters keep their wallets open and ready to vote when their tickets are called (or they engage Voting Service Providers to vote on their behalf). When a PoS ticket is called for voting and votes, its owner receives a reward.
When tickets are raised, they vote to accept or reject the previous block's normal transactions. Nodes in the network will not recognize a new block as valid until it contains at least 3 votes. If a majority of voting requests reject the previous block's transactions, they are returned to the memory pool. These recurring transactions include rewards for PoW miners, but not PoS voters.
Thus, PoS voters have the power to deprive miners of rewards without affecting their own rewards. This limits the ability of PoW miners to veto changes to the consensus rules of the network that are voted on by stakeholders. In fact, PoS voters can reject any miner action they don't like by adopting a "no" voting policy; when malicious or inefficient behavior is detected, they prevent PoW miners from writing transactions and receiving rewards.
This level of PoS verification significantly increases the security of the network and its resistance to most attacks. A common method of conducting a double-spending majority attack is to rewrite the blockchain by secretly extracting an alternative chain, then releasing it after a certain period of time and taking advantage of the invalidation of transactions on the “old” chain (i.e., doubling the resource spend). Because Decred blocks require input from randomly selected tickets to be considered valid and cannot be created by PoW miners until they have received permission, miners cannot mine in secret unless they also control a significant proportion of live tickets (see . these articles).
The hybrid PoW/PoS design significantly increases the cost of attacking the network, since there are two separate systems that the attacker must bypass. The PoS component, in particular, is configured in such a way that tickets can be received but rather slowly. In each block/interval, you can buy a limited number of tickets, and buying the maximum number of them leads to a sharp increase in price. Additionally, once these tickets are purchased, the funds used to purchase them will be time-limited, exposing the attacker to devaluation of the locked coins resulting from the attack.
Requiring each block to be voted on by randomly selected stakeholders means that the blockchain must be available to all participants as it is mined, increasing the security of the network. Decred's hybrid system was designed to also give stakeholders power over PoW miners.
Voting to change consensus
Decred decided from the very beginning to make PoS stakeholders the dominant decision-making force in blockchain governance. Consensus rules include an update ratification procedure, whereby any change to the network's consensus rules can only be applied after it has gone through the voting process. Changes can only be made if they receive approval from at least 75% of the voting tickets. This process begins when a certain percentage of miners (95%) and voters (75%) run updated software with hidden rule changes. If a proposal receives 75% support after the 4 week voting period, it is accepted, otherwise it is rejected, and if it does not have any of the majority voting, a re-vote begins. If the proposal is accepted, the rule change will take effect within a month.
Project management: Politeia
Block rewards in Decred are distributed among PoW miners (60%), PoS voters (30%) and the Treasury (10%) to fund the development of open source software that aligns with the project's goals. Ticket holders have the right to vote on how this fund should be spent, what features should be added, and set policy using the Politeia platform.
Conclusion
Since PoS voters receive 30% of the block reward, they cannot maintain their relative share of the circulating DCR by simply staking. The majority of newly created DCR is sent to PoW miners in exchange for the role they play in securing the network and mitigating the “nothing in stake” problem in PoS systems. Miners typically must sell a significant portion of the rewards they receive to cover their operating costs, ensuring that there is a sufficient supply of DCR in the market.
The Decred blockchain presents a unique architecture and is one of the most notable examples of a hybrid PoW/PoS system. Just as PoS consensus projects are a broad group with significant differences within, future projects that use hybrid PoW/PoS approaches will also be unique and will not necessarily follow the Decred framework.
