A peer-to-peer crypto-currency design derived from Satoshi Nakamoto's Bitcoin. Proof-of-stake replaces proof-of-work to provide most of the network security. Under this hybrid design proof-of-work mainly provides initial minting and is largely non-essential in the long run. Security level of the network is not dependent on energy consumption in the long term thus providing an energy efficient and more cost-competitive peer-to-peer crypto-currency. Proof-of-stake is based on coin age and generated by each node via a hashing scheme bearing similarity to Bitcoin's but over limited search space. Block chain history and transaction settlement are further protected by a centrally broadcasted checkpoint mechanism.
Checkpoint: Protection of History One of the disadvantages of using total consumed coin age to determine main chain is that it lowers the cost of attack on the entire block chain of history. Even though Bitcoin has relatively strong protection over the history Nakamoto still introduced checkpoints in 2010 as a mechanism to solidify the block chain history, preventing any possible changes to the part of block chain earlier than the checkpoint. Another concern is that the cost of double-spending attack may have been lowered as well, as attacker may just need to accumulate certain amount of coin age and force reorganization of the block chain. To make commerce practical under such a system, we decided to introduce an additional form of checkpoints that are broadcasted centrally, at much shorter intervals such as a few times daily, to serve to freeze block chain and finalize transactions. This new type of checkpoint is broadcasted similar to Bitcoins alert system.
id: 312698a6692a1a44c89d8b13afbf9b6b - page: 4
Laurie (2011) has argued that Bitcoin has not completely solved the distributed concensus problem as the mechanism for checkpointing is not distributed. We attempted to design a practical distributed checkpointing protocol but found it difficult to secure against network split attack. Although the broadcasted checkpointing mechanism is a form of centralization, we consider it acceptable before a distributed solution is available.
id: e1044c38987d5d83873f606e58f45320 - page: 4
Another technical reason entails the use of centrally broadcasted checkpointing. In order to defend against a type of denial-of-service attack coinstake kernel must be verified before a proof-of-stake block can be accepted into the local database (block tree) of each node. Due to Bitcoin nodes data model (transaction index specifically) a deadline of checkpointing is needed to ensure all nodes capability of verifying connection of each coinstake kernel before accepting a block into the block tree. Because of the above practical considerations we decided not to modify nodes data model but use central checkpointing instead. Our solution is to modify the coin age computation to require a minimum age, such as one month, below which the coin age is computed as zero. Then the central checkpointing is used to ensure all nodes can agree upon past transactions older than one month thus allowing the verification of coinstake kernel connection as a kernel requires non-zero coin age thus must use
id: e6815434a89b610278a3a206cc946813 - page: 4
Block Signatures and Duplicate Stake Protocol Each block must be signed by its owner to prevent the same proof-of-stake from being copied and used by attackers. A duplicate-stake protocol is designed to defend against an attacker using a single proofof-stake to generate a multitude of blocks as a denial-of-service attack. Each node collects the (kernel, timestamp) pair of all coinstake transactions it has seen. If a received block contains a duplicate pair as another previously received block, we ignore such duplicate-stake block until a successor block is received as an orphan block.
id: c2c5720edf1989b40e861a015d020677 - page: 4