Cross-post from bitcointalk: https://bitcointalk.org/index.php?topic=430683.0
Apologies for the long background, this started as more of a brain dump… In view of the seemingly inherent incentives that PoW provides for mining centralization, I’ve been thinking about proof-of-stake. It seems that the biggest objection to using PoS is that nobody has solved the so-called “nothing at stake” problem, summarized here by gmaxwell:
“In PoW when you attempt to mine you must expend energy and so you should only mine on a consensus which is likely to be the surviving one if you want your work to not be wasted. In PoS the same is not true, and an optimally rational PoS minter will attempt to concurrently mine all forks which he does not hate.”
The idea here is that the rational PoS minter is better off minting on every chain that has a reasonable chance of becoming the “master” chain. Thus, there is no incentive to achieve consensus on a master chain, as minters will continue to build on multiple chains with equal effort (since minting effort is not a resource constraint). In PoW this problem does not exist because miners have a limited resource (hashing power) which they would only rationally allocate to the chain with the highest probably of becoming the master.
Another way of framing the “nothing at stake” problem is that there is no mechanism for preventing “double minting”. In other words, if there was a way to ensure that each minter could only allocate their coinstake to a single chain, miners would always rationally choose the one with the highest probability of success and the “nothing at stake” problem would be solved. I’ve been thinking about a mechanism of punishing minters for attempting to mint with the same coinstake on more than one chain. In order to do this, each minter would have to be aware of orphaned chains. Recently, there was an interesting proposal for modifying Bitcoin’s PoW algorithm to include orphaned chains:
https://bitcointalk.org/index.php?topic=359582.0
While the idea was originally proposed to allow for faster transaction processing, it appears (?) that such a block tree could be applied to a PoS system in order to dissuade people from double minting. In Peercoin, after minting a new block, a 520-block maturity window is required before your balance and block reward are returned. Using the block tree implementation, I assume that double minters could be identified during such a maturity window, and that their block reward could be burned (?) or they could be otherwise penalized for minting on multiple chains. Of course sometimes this happens inadvertently, but I assume the protocol could easily put limits on the minimum acceptable time between attempts so that regularly occurring orphans are not confused with intentional double minting.
Please understand that I have a very superficial understanding of the Bitcoin protocol and would appreciate your patience if I am way off base. Thanks!
