Sunny King 是 PoS 的发明人,也是点点币 (PeerCoin) 和质数币 (PrimeCoin) 的创始人。在介绍 PoS 源码之前,先说下自己对 PeerCoin 的白皮书 部分内容的理解。
有错误的地方,欢迎留言指正。
introduction
We have since formalized a design where proof-of-stake is used to build the security model of a peer-to-peer crypto currency and part of its minting process, whereas proof-of-work mainly facilitates the initial art of the minting process and gradually reduces its significance.
在 peercoin 内,重新定义了 coin age (币龄),我们知道在比特币里,币龄会影响到矿工打包的优先级,但是也仅仅如此,没有其他用处。但是在 peercoin 的 PoS 内,币龄很重要,影响挖矿的难度和奖励。
1
2
3
4
5
6
7
//这个是验证 hash 的代码,这里的 bnTargetPerCoinDay 就是难度值,bnCoinDayWeight 是币龄
//所以币龄越大,难度就越低
CBigNum(hashProofOfStake) > bnCoinDayWeight * bnTargetPerCoinDay
//这个计算奖励(也可以说是利息)的代码,nCoinAge 是币龄,nRewardCoinYear 是一个固定的数
//所以币龄越大,挖矿奖励就越高。每年可以得到 1% 的奖励(利息)。
int64 nSubsidy = nCoinAge * 33 / (365 * 33 + 8) * nRewardCoinYear;
另外在 peercoin 内,同时使用了 PoW 和 PoS,PoW 主要是用于链的初始阶段,为了生成一定量的初始币,有了币才有币龄,才能进行 PoS,往后会被逐渐被 PoS 取代掉。
以太坊不也是这样么,现在还是 PoW,也在考虑替换成 PoS。
Coin Age
In order to facilitate the computation of coin age, we introduced a timestamp field into each transaction. Block timestamp and transaction timestamp related protocols are strengthened to secure the computation of coin age.
不只是 block 有时间戳,transaction 也有时间戳,这里面提高的提高币龄计算的安全性。
在 CoinStake 交易体内的时间戳,一是记录挖矿的时间,二是这个时间是可以在 60 秒范围内变动的,达到 PoW 中 nonce 的作用,挖矿的过程,其实是不断更改时间戳,其实在 PoW 中,由于现在难度越来越高,计算速度越来越快,nonce 的值很快就计算完了,如果还是没有合适的值,现在的做法有两种,一种是更改 CoinBase 中的 extern_nonce,一种是在一定范围内更改时间戳,跟这个做法是类似的。
在普通的交易体内,这个时间戳是为了更方便的计算币龄,因为普通交易体的币龄也是有用的,虽然不能给矿工增加奖励,但是可以提高整个块的币龄得分,在有竞争块的时候,币龄得分是选择的依据。
Block Generation under Proof-of-Stake
The proof-of-stake in the new type of blocks is a special transaction called coinstake (named after Bitcoin’s special transaction coinbase). In the coinstake transaction block owner pays himself thereby consuming his coin age, while gaining the privilege of generating a block for the network and minting for proof-of-stake. The first input of coinstake is called kernel and is required to meet certain hash target protocol, thus making the generation of proof-of-stake blocks a stochastic process similar to proof-of-work blocks. However an important difference is that the hashing operation is done over a limited search space (more specifically one hash per unspent wallet-output per second) instead of an unlimited search space as in proof-of-work, thus no significant consumption of energy is involved.
PoS 用 coinstake 代替了 coinbase,coinstake 包含的内容如下图:
这个图里面,可以看到输入包含了两部分,一个是 kernel input,一个是 stake input 组,其实都是未花费的币,但是有所区别:
kernel input,这个是特殊的 stake input,它的 hash 需要满足难度目标,是的,不是所有 stake 的币都可以加速挖矿,而是只有一个可以,这个反映了 PeerCoin 鼓励大额交易的思想。与 PoW 的主要区别是,PoW 的 hash 是从一个类似无限空间计算出来的(nonce, extern_nonce),而 PoS 是在一个有限的空间:
每次取出所有未花费的交易中的一个,然后计算有限的次数,这个次数是:上次计算到这次计算的间隔,每 1 秒可以计算一次,每次计算,时间戳减 1,然后检查 hash 值。所以这里是“每个未花费的交易每秒可以计算一次”。
stake input,这个就是普通的未花费的币,虽然不能加速挖矿,但是可以增加奖励。
coinstake 的输出是矿工自己,将币支付给自己,消耗掉了币龄,得到了奖励。
Minting based on Proof-of-Stake
A mint rate of 1 cent per coin-year consumed is chosen to give rise to a low future inflation rate.
矿工手里的币,每年增加 1%,当然不是自己就增加的,而是必须要通过挖矿,消耗掉币龄,获取奖励的方式。
这里每个 COIN 的单位是 1000000,每个 CENT 是 10000,每币年的奖励是一个 CENT,所以是 1% 。
Main Chain Protocol
The protocol for determining which competing block chain wins as main chain has been switched over to use consumed coin age. Here every transaction in a block contributes its consumed coin age to the score of the block. The block chain with highest total consumed coin age is chosen as main chain.
决定 block 获胜的条件变成了,根据每个 block 的币龄得分,币龄得分来自两个部分:
- 矿工消耗掉的币龄
- block 中所有 transaticon 消耗掉的币龄
Checkpoint: Protection of History
为了防止整链攻击和双花攻击,PoS 也使用 checkpoint 机制,也是中心化的,但是是每天多次广播,来冻结区块链,防止篡改。
Our solution is to modify the coin age computation to require a minimum age, such as one month, below which the coin age is computed as zero.
为了防止拒绝服务攻击,PoS 对币龄有限制,所有币龄必须要至少大于一个月,否则就是 0 .
Block Signatures and Duplicate Stake Protocol
A duplicate-stake protocol is designed to defend against an attacker using a single proofof-stake to generate a multitude of blocks as a denial-of-service attack. Each node collects the (kernel, timestamp) pair of all coinstake transactions it has seen. If a received block contains a duplicate pair as another previously received block, we ignore such duplicate-stake block until a successor block is received as an orphan block.
对于重复的块(kernel 和 时间戳相同),节点会选择忽略。
Other Considerations
We modified the proof-of-work mint rate to be not determined by block height (time) but instead determined by difficulty. When mining difficulty goes up, proof-of-work mint rate is lowered. A relatively smooth curve is chosen as opposed to Bitcoin’s step functions, to avoid artificially shocking the market. More specifically, a continuous curve is chosen such that each 16x raise of mining difficulty halves the block mint amount.
挖矿的奖励现在不是随区块高度(时间)变化,而是随难度变化,难度越高,奖励越少,这样会使曲线平滑,16倍的难度提升,奖励减半。
在比特币里,难度提高,奖励是没有变化的(在每 4 年的衰减期之内),因为难度提高使每个块的产出时间维持稳定,矿工其实并没有从提升设备中收益太多,但是由于公地悲剧,挖矿的成本还是在不断飙升(设备、电力)。而奖励随难度变化也无法解决这个问题,所以这里就只是为了平滑曲线而已。
Babaioff et al. (2011) studied the effect of transaction fee and argued that transaction fee is an incentive to not cooperate between miners. Under our system this attack is exacerbated so we no longer give transaction fees to block owner. We decided to destroy transaction fees instead. This removes the incentive to not acknowledge other minter’s blocks. It also serves as a deflationary force to counter the inflationary force from the roof-of-stake minting.
这里讨论的是交易费的影响,交易费被认为是导致矿工之间不合作的原因,所以 peercoin 中不再将交易费给矿工,而是直接消耗掉(并不是不再需要交易费),一是解决了矿工之间不合作的问题,二是会产生遏制通货膨胀。
一些我的想法
在写这篇文章的时候,我已经看过了源码,我有个疑问就是“矿工是否会越来越少”,有这个想法是因为:
- 矿工挖矿无法收到手续费。
- 在以后纯 PoS 的时候,挖矿也没有奖励。
- 矿工手中的币产生的利息,激励着矿工挖矿,但是挖矿很快,币龄消耗得也很快,而且币龄有最小时间限制,那么就是挖过矿之后,很久才能再从挖矿中获得收益。
那么是什么激励矿工在没有收益的情况下,继续挖矿,将其他人的交易打包到区块链呢?
我能想到的原因是:
- 矿工会为了自己币不贬值,而自愿无报酬挖矿。但是不是很有说服力(连我自己都说服不了),因为这个和“公地悲剧”是一样的,普通人都不会看很远,都关注眼前的利益,既然挖矿没有收益还费电,那么为啥要挖呢?谁又会考虑到以后都不挖矿导致的币贬值呢?
- 矿工基数很大,大到就算矿工只在自己会有收益的时候才挖矿,网络上也一直有矿工在挖矿。
参考
https://peercoin.net/assets/paper/peercoin-paper.pdf