[TL;DR]
Peercoin is awesome because of PoS! It is the future of crypto coins! Get Peercoins! The devil takes the hindmost!
[/TL;DR]
Full version:
I tried to explain Peercoin, especially PoS, to someone and found out that I don’t really understand how it works. And unfortunately I’m not good enough in coding to look in the source code for answers…
It might be helful (not only for satisfying my curiosity) if there is an explanation of how it works to which one can refer. I think an ELI5 explanation (for which a thread was created but never really finished) would be good as not anyone wants to understand things in detail. But a more detailed explanation might be useful, too.
How can you convince someone without being able to explain how it works? I rather want to persuade people from Peercin than to cajole them…
The Peercoin whitepaper says:
The proof-of-stake in the new type of blocks is a special transaction called coinstake (named after Bitcoin’s special transaction coinbase). In the coinstake transaction block owner pays himself thereby consuming his coin age, while gaining the privilege of generating a block for the network and minting for proof-of-stake. The first input of coinstake is called kernel and is required to meet certain hash target protocol, thus making the generation of proof-of-stake blocks a stochastic process similar to proof-of-work blocks. However an important difference is that the hashing operation is done over a limited search space (more specifically one hash per unspent wallet-output per second) instead of an unlimited search space as in proof-of-work, thus no significant consumption of energy is involved.
[...]
Minting based on Proof-of-Stake
A new minting process is introduced for proof-of stake blocks in addition to Bitcoin’s proof-of-work minting. Proof-of-stake block mints coins based on the consumed coin age in the coinstake transaction. A mint rate of 1 cent per coin-year consumed is chosen to give rise to a low future inflation rate. Even though we kept proof-of-work as part of the minting proc ess to facilitate initial minting, it is conceivable that in a pure proof-of-stake system initial minting can be seeded completely in genesis block via a process similar to stock market initial public offer (IPO).
What really doesn’t explain how it works - at least not to me…
Here is what I (mis)understand (the result of grubbing lots of threads):
PoS minting uses coin-age to secure the block chain.
Coin-age is aggregated over time for unspent coins. It is determined by a timestamp that is saved together with the transaction.
For PoS you invest coin-age (can you say: you put it at stake? Or does this rather mean to risk them? In fact the only thing you risk losing is the coin-age…) whereas you invest hashing power for PoW.
Coin-age is consumed when generating a PoS block with this particular coin-age. Minimum coin-age for generating PoS blocks is one month (30 days? I bet it is a number of seconds ).
The involved coins (the ones that are put at stake) are increased by the reward for putting them at stake (1% per coin-year?), transition to the status “immature” and mature after 520 blocks (as “generated” coins).
The coin-age counter is set to 0 for received coins. Is it 0 for generated coins as well (I bet so)?
Is there a maximum of coin-age that can be aggregated? I think so, because being involved in the PoS process needs to be incentivized. It is welcome to have a Peercoin client running with parts of the Peercoins at stake.
If the coin-age would be unlimited, it could be possible to attack the network with a small share of Peercoins which have had aged for aeons (just like Futurama-Fry’s 93 Cents on the bank account growing to Billions over time; ok, the metaphor doesn’t really work, but you know what I mean ).
So I assume the coin-age that can be aggregated is limited; but to which value (useful to know if you don’t want to lose a part of the possible PoS minting)?
Is the chance of generating a PoS block in a linear relation to the aggregated coin-age (up to the maximum if that exists)?
From the whitepaper I understand PoS as stochastical process. How can that be brought in line with the “hashing operation […] over a limited search space”, which sounds like generate hashing power by aggregating coin-age but not very stochastically.
As a stochastical process I explained it to myself as taking part in a raffle; total coin-age correlates to the number of raffle tickes in that analogy. In difference to most real-life raffles you don’t have to buy new tickets for each round of raffle, but once you won the lottery (PoS block solved -> coin-age consumed) your tickets are invalidated from taking part in coming raffles; you trade them for the win. But I have no clue about that “hashing operation over a limited search space” thing if it comes to lottery…
PoS consumes few energy because it operates in a “limited search space” (ok, I still don’t understand that, but it is in difference to PoW). I can confirm that PoS needs only few energy by having tested peercoind on a RaspberryPi. I was able to stake-mint without having more than some percent (roughly 20%) of CPU load, which is not much considering the total CPU power of a RaspberryPi.
PoS makes attacks of the blockchain less attractive than attacks on “PoW only” coins because you need a large share of all coins to make a successful PoS attack (which would work like a 51% PoW attack?). Gathering this large share is costly (unless max. coin-age is unlimited) and a successful attack renders those coins worthless or at least much less valuable.
The average generation time of a block in the Peercoin network is 10 minutes regardless of the type of block (PoW/PoS). This means the difficulty is not only based on the hashing power for doing the PoW but the coin-age taking part of the PoS process as well. What number of blocks is used to calibrate the difficulty?
The Peercoin network is intended to transition from a mainly PoW driven network to a mainly (or completely?) PoS driven network.
How is the block spacing determined once it is mainly PoS?
Is the difficulty then derived from the total of “one hash per unspent wallet-output per second” of all running Peercoin clients? How does the difficulty regulate the chance for generating PoS blocks?
What happens if lots of clients start PoS minting with age-old coins bringing lots of coin-age into play? Is this treated like lots of miners joining the PoW process?
I’m deeply sorry if this post confuses more than it helps understanding PoS. But I hope that somewhen, after having received lots of helpful answers, this might be useful enough to be integrated in peercoin.net.