After a discussion I had with some people during a blockchain meet-up, I decided to write this article to clarify how the two consensus algorithms differ as there is still a lot of confusion, especially when it comes to dPoS (delegated Proof of Stake). Everyone at the meet-up had the impression that the consensus algorithm of dPoS was a variance of PoS.
The truth is that not only are the protocols completely different, but they also demand completely different chain architectures. And of course – like with every consensus algorithm – they both have their own pros and cons.
What is PoS?
Let’s start with PoS.
PoS has the quality of building blockchains without spending electricity or by using special hardware. It imitates the proof-of-work (PoW) structure. However, each node in the chain is a stake holder (that is, it owns some native coin of the chain) and tries to “win” the right to create the next block by using the balance it has in its public account(s).
This consensus architecture comes with a risky trade-off: security.
PoS security issues and vulnerabilities
The security issue occurs from the fact that in PoS protocol there is no mathematical proof inside the chain. As a consequence, anyone can spend low electricity and produce a whole new chain which is “valid” (that is, it follows the PoS protocol), starting from genesis block.
Peers and nodes already connected to the blockchain know that the above mentioned chain is invalid. But what about those who just joined the blockchain and happen to connect to the invalid chain? They have no way of knowing which chain is valid and which one is not.
One problem are the “short range attacks” (also known as “bribe attacks”). In this scenario, an attacker makes a large initial transaction and starts building an alternative chain. The alternative chain begins from and branches of the original chain one block prior to the one containing his payment. This way, the initial transaction will not even be included in the alternative chain. The new branch is kept secret and is only published when the attacker succeeds to produce a longer chain than the main chain. Now, the alternative chain is considered “valid” and accepted by all nodes since it is the longest one within the blockchain.
Another weakness and problem in the PoS consensus algorithm is the 50%+1 ownership attack. If a person, group, or entity controls more than half of the coins in the blockchain they can write anything to the chain, even altering its history. This attack is similar to PoW’s “democracy” attack (>50% of hashing power).
PoS security problems are a complex matter and would need an entire article of its own.
Since PoS is similar to PoW, there can be many nodes connected to the blockchain. PoS chains can be really decentralized (thousands of nodes with symmetric roles).
What is dPoS? How does is differ from PoS?
The first major difference is the consensus algorithm: stakeholders cannot directly create a new block. They delegate their rights and vote super-nodes. These nodes (also called “representatives”) are the only nodes in the chain with the ability to form a new block.
By having super-nodes, by default, the roles of nodes become asymmetric which means that all peers can read the entire chain, but only a small number actually have permission to write on it (creating a new block). This gives the following properties to the chain:
- Small number of nodes can form a new block
- Ability of very fast block creation. Can be even less than ten seconds
- Overcoming PoS security issues but having other security problems
- Higher TpS (Transactions per Second) as many people claim
Let’s analyze some of these characteristics a little closer.
Let’s start with finality (b). Finality means that no forks or copies can take place. The block is final and the chain can not have branches (forks). In theory, no confirmations are needed. This property is advertised as an advantage by dPoS evangelists. But finality can be a very dangerous thing. A chain that has finality can lose all its stored data (hashes) from a single attack called “blocking”, in which the attacker can change the whole chain by the time the next block is created.
dPoS has the ability to create new blocks at a very fast rate (c) since there are not many nodes; they “know” each other; and if they are located geographically in close proximity to one other (creating low latency), then a few seconds are enough to reach consensus and form a new block.
This is dPoS’ strongest point: fast block creation. And they can be crucial for certain applications that really need it (e.g. applications for financial institutions).
Speaking of security, lets examine (d). We cannot analyze everything in-depth as it would be too time consuming, but we can say that dPoS cannot suffer from a short or long range attack. It uses BFT (Byzantine Fault Tolerant) algorithm to reach consensus.
There are two big problems with BFT. The first is about security. We are going to refer to the second problem later (it is related with centralization). BFT are 2f+1 in the best scenario, meaning that someone who controls 33%+1 of the coins can attack the chain successfully. By successfully, we mean that he can changes the whole chain. Not just reverse some blocks, but change the entire chain! This is the finality property that we have mentioned above.
The mechanism is the following. When a malicious node has the ability to be the broadcaster, it broadcasts equally (to to different groups of nodes) two different snapshots. So 1/3 of nodes will receive snapshot “A” and the other 1/3 “ A’ ”. When the representatives ‘vote’ to reach consensus, the broadcaster votes A (or A’). This gives the attacker the majority of 66%+1, who can successfully form a new chain where every single block can be different from the original.
The other security problem is based on the fact that the nodes that can form a block are low in number. Someone can easily launch Denial of Service attacks to these nodes. In fact, not all nodes need to be target for this attack to be successful. If the attacker succeeds to bring down the nodes that represent the one-third of coin holders, then the chain stales; it is unable to produce the next block. No specially tools or equipments are needed to execute this type of attack. Having enough bandwidth is enough.
About throughput, translated to higher TpS (e), our opinion is that PoW and PoS can also achieve very high TpS if the block limit is high. The real problem is not TpS limit but the total size of the chain. A huge chain is practically useless when you take scalability into account. Unreasonable total size, compared to networking capabilities of current technology, prohibits the average user to use the chain and become a node (or even peer). Only the use of a trusted third third party can make the use of the chain possible.
But this leads to an almost complete centralized system. PoW, PoS, and dPos are equally hopeless in front of this problem. The only solution is that the total size must be kept reasonable in size and grow in pair with the growth of technology.
Finally, we must refer to the weakest point of dPoS. It is the small number of nodes. Why doesn’t dPoS use many nodes? Because of its consensus algorithm.
For BFT to work, all nodes must communicate between each other. The protocol tolerates network failures, of course, but the total tolerance cannot exceed 1/3. If network failures are over 1/3, the nodes will never reach consensus (network failures are a reality in our world).
If the nodes are n in number, the connection between them are n *(n-1). That means O(n^2) time.
It is now clear that for even a small number of n (100 or more) nodes, the networks becomes much slower (low creation time of blocks, low TpS).
Usually dPoS architectures uses around 20 nodes to stay able to reap the benefits of fast block creating and have high TpS capability.
Is having fewer nodes problematic?
Why is the number of nodes a problem? It creates security issues (e.g. DdoS as we have already discussed). Most importantly, having few nodes does not make it a true public chain.
The chain is actually a consortium chain – and in some extreme cases in which the nodes are under the control of the same entity – a private blockchain.
Technically, it still remains a blockchain. The problem is that it defeats the purpose of using the chain in real world situations. If it is centralized then there is not benefit for developers to create new applications. The application will remain centralized. In this case, the application chooses to use its own databases (concurrent or standalone), avoiding the extra costs and speed lose.
PoS vs dPoS summerized
Let us recapitulate:
- PoS can be used on decentralized chains. dPoS cannot.
- PoS and dPoS have security issues but of completely different nature.
- High TpS can be achieved by both PoS and dPoS but serious scalability issues arise.
- dPoS can give really fast block creation time (given that there are few nodes and close to each other). For PoS, it is impossible to achieve that time without lowering its security to unacceptable levels.
- dPoS has finality (no forking is possible). This is a good and a bad thing. PoS does not have this property.
Well, these are the important points. I hope I clarified the major differences between PoS and dPoS. As a conclusion, for a completely decentralized system, dPoS can not be used (unfortunately).