## Proof of Work vs. Proof of Stake

### Blockchain

A blockchain is a distributed, digital ledger in which transactions made are recorded chronologically and publicly.

In more general terms, it's a public database where new data are stored in a container called a block and are added to an immutable chain (hence blockchain) with data added in the past. In the case of Bitcoin and cryptocurrencies, these data are groups of transactions. However, the data can be of any type.

In a blockchain, each block is stored with a timestamp and, optionally, an index. To help ensure integrity throughout the blockchain, each block has a self-identifying hash. This hash is a cryptographic hash of the block's index, timestamp, payload (or data) and the hash of the previous block's hash. The payload quite literally be anything.

Cryptoassets have a mechanism that verifies the validity of information being added to the ledger. This gurantees consensus within the blockchain network by ensuring that the next block being added represents the most current transactions on the network, eliminating double spending and invalid data entries in the blockchain.

In addition to solving [double spending problem](https://en.wikipedia.org/wiki/Double-spending) and denying invalid data entries, consensus mechanisms keep the network intact through constant [forking](https://en.wikipedia.org/wiki/Fork_(software_development)).

***

### Proof-of-Work (PoW)

A `Proof-of-Work` algorithm is essentially an algorithm that generates an item that is difficult to create but easy to verify. The item is called the ___proof___ and, as it sounds, it is proof that a **computer** performed a certain amount of work.

The concept was invented by [Cynthia Dwork](https://en.wikipedia.org/wiki/Cynthis-Dwork) and [Moni Naor](https://en.wikipedia.org/wiki/Moni-naor) in a article in 1993. One of the earliest examples of PoW was used to give value to a currency in the shell money of the Solomon Islands. Essentially, PoW is an economic measure that deters denial of service attacks amongst other service abuses on a network by making it _obstructively uproductive_ for the spammer without preventing legitimate users from sending their messages. That is to say, a genuine user should not encounter any difficulties when using the network but a user with the intent of sending spam would have to expend a considerable amount of computing power to send out many emails at once.

There are two classes of PoW protocols.

#### 1. Challenge-response

The challenge-response protocol assumes a direct interactive link between the service requester (the client) and the service provider (the server). The following steps outline how this link works:

>- The client requests for a service from the server.
>- The server chooses a challenge for the client. The server can choose an item (instantaneously) in a set with a property.
>- The client then finds the relevant response in the set and sends it to the server.
>- The server receives the response and verifies it before granting the client access.

The difficulty of the challenge can be adjusted based on the load being experienced by the server.

#### 2. Solution-verification

On the other hand, solution-verification protocols do not assume a direct interactive link between the client and the server. This results in interesting properties possessed by the problem:

    1. _the problem must be self-imposed before a solution is sought by the requester_
    2. _the server must check both the problem choice and the found solution_

The majority of such schemes are unbounded probabilistic iterative procedures.

>- The sender computes the problem and solves it.
>- The problem is then sent to the receiver which verifies it.


Bitcoin is a PoW cryptocurrency that is based on the [Hashcash](https://en.wikipedia.org/wiki/Hashcash) PoW. Double-spending protection in Bitcoin is provided by _a decentralized P2P protocol_ for tracking transfers of coins, rather than the hardware trusted computing function used by RPoW (Reusable Proof-of-Work). Bitcoin has better trustworthiness because it is protected by computation and mined using the Hashcash PoW function by individual miners and verified by the decentralized nodes in the P2P Bitcoin network.

The difficulty is periodically adjusted to keep the block time around a target time.

***

### Proof-of-Stake (PoS)

A `Proof-of-Stake` algorithm is a type of algorithm by which a cryptocurrency blockchain network aims to achieve distributed consensus. The next block is chosen through combinations of random selection and wealth or age (_i.e., the stake_). 

PoS must have a way of defining the next valid block in any blockchain. Selection by account balance would result in (undesirable) centralization, as the single richest member would have a permanent advantage. There are several approaches that exist:

#### 1. Randomized Block Selection

Randomized block selection uses a  formula that looks for the lowest has value in combination with the size of the stake to determine the next generator. Since stakes are public, each node can predict - with reasonable accuracy - which account will next win the right to forge a block. Examples of cryptocurrencies that use this approach are [Nxt](https://en.wikipedia.org/wiki/Nxt) and BlackCoin.

#### 2. Coin Age-based Selection

[Peercoin](https://en.wikipedia.org/wiki/Peercoin)'s PoS system combines randomization with the concept of "coin age", a number derived from the product of the number of coins multiplied by the number of days the coins have been held.

Coins that have been unspent for at least 30 days begin competing for the next block. Older and larger sets of coins have a greater probability of signing the next block. However, one a stake of coins has been used to sign a block, it must start over with zero "coin age" and thus wait at least 30 more days before signing another block. 

The probability of finding the next block reaches a maximum of 90 days in order to prevent very old or very large collections of stakes from dominating the blockchain.


This process secures the network and gradually produces new coins over time without consuming significant computational power.

##### Advantages

   - PoS currencies can be more energy efficient than currencies based on PoW algorithms.
   - Incentives differ between two systems of block generation. Under PoW, miners may potentially own none of the currency they are mininig and thus seek to maximize their profits. However, under PoS, those "guarding" the coins always own the coins, although several cryptocurrencies do allow or enforce the lending of stake power to other nodes.
    
There is a criticism of PoS that it may not be ideal for a distributed consensus protocol. One issue that arises is the "nothing-at-stake" problem, wherein block generators have nothing to lose by voting for multiple blockchain histories, thereby preventing consensus from being achieved because there is little cost to working on several chains as compared to PoW.

Many have attempted to solve these problems:

  - [Peercoin](https://en.wikipedia.org/wiki/Peercoin) is the first crytocurrency that applied the concept of PoS. In its early stages, it used centrally broadcast checkpoints signed under the developer's private key. No blockchain reorganization was allowed deeper than the last known checkpoints. Checkpoints are opt-in as of v0.6 and are not enforced now that the network has reached a suitable level of distribution.
  - [Ethereum](https://en.wikipedia.org/wiki/Ethereum)'s suggested Slasher protocol allows user to "punish" the cheater who forges on top of more than one blockchain branch. This protocol assuems that one must double-sign to create a fork and that one can be punished for creating a fork while not having stake. However, Slasher was never adopted; Ethereum developers concluded PoS is "non-trivial", opting instead to adopt a PoW algorithm called Ethash. It is planned to be replaced by a different PoS protocol called "Casper".
  - [Nxt](https://en.wikipedia.org/wiki/Nxt)'s protocol only allows reorganization of the last 720 blocks. However, this merely resscales the problem: a client may follow a fork of 721 blocks, regardless of whether it is the tallest blockchain, thereby preventing consensus.
  - Hybrind "proof-of-burn" and PoS. Proof-of-Burn (PoB) blocks act as checkpoints, have higher rewards, contain no transactions, are more secure, and anchor both to each other and to the PoS chain but are more expensive.
  - [Decred](https://en.wikipedia.org/Decred)'s hybrind PoW and PoS, in which PoS is an extension dependent on the PoW timestamping, based on the "Proof-of-Activity" proposal, which aims to solve the nothing-at-stake problem by having PoW miners mining blocks and PoS acting as a second authentication mechanism.
    
Statistical simulations have shown that simultaneous forging on several chains is possible, even profitable. But PoS advocates believe that most described attack scenarios are impossible or so unpredictable as to be only theoretical.