Is there an alternative to “proof of work”? Study Casper


We can say that the search for alternatives the concept of “Proof of Work” has become the cryptocurrency environment in the analogue search of the Holy Grail. We have repeatedly published materials on this topic. Project Ethereum in the last couple of years provides an interesting source of technological innovation. Perhaps they have something to say about this? In the development strategy of this project plays a special role in the upcoming transition to the variant of Proof of Stake system, codenamed Casper. It’s time to figure out what this thing is.

Casper — orientirueshsya at the worst possible economic analysis

There are various factors that need to be taken into account when we are talking about the concept of digital currency based on blockchain technology that has the potential of wide application. In the case of Ethereum, the worst possible economic analysis is the only true way to perform consensus protocols designed for public consensus.

Like any other digital currency based on blockchain, there is always the possibility of network attacks. For Ethereum in its current implementation, the attack may occur in a variety of ways, including collusion of nodes of malicious behavior. Each attacker has a certain “attack budget”. The task is to make a spending budget on attack so unprofitable as possible.

Casper — a project designed to achieve this task. The main goal is ensuring maximum protection from Byzantine failures (when the system is active and can manifest itself in different ways, including malicious). At the same time, Kasper will demotivate any attack vector against the network Ethereum, making bribery of a large number of nodes with the aim of undermining the whole Protocol is too expensive for attackers.

But Casper is more than just the security of the Ethereum Protocol. The project is designed in such a way that would be friendly to easy customers. It is believed that this new environment will provide a positive experience of developers and users of DApp.

Call Casper the “friendly Ghost” because it is an adaptation of the principles of the Protocol consensus Proof-of-Work to Proof-of-Stake. GHOST (eng.: a Ghost) is the abbreviation for Greedy Heaviest-Observed Sub-Tree (Greedy Most Weighty-Known Child-Trees).

But what about PoS?

One of the oldest alternative mechanisms for consensus is “proof of stake” (Proof-of-Stake, PoS). The idea is quite simple: the probability to create a new block and get the corresponding reward proportionate share of ownership of the user (and not the amount of computing power as in PoW). That is, the holder of the currency that has, say, 20% of the total number of coins in circulation, can create a new block with a probability of 20%. To emphasize the difference from PoW mining, PoS systems, the process of creating new blocks is usually called mintinga (“chasing”).

The rationale for the consistency algorithm of the confirmation of share is as follows: users with the greatest stakes in the system over all are interested in maintaining network security. Since they are most affected if the reputation and value of crypto-currencies will fall as a result of the attacks. To conduct a successful attack, the attacker needs to acquire a large part of the currency, and it would be prohibitively expensive if the system will be quite popular.

And although the “proof of stake” is a cost-effective way to protect network security, there are serious questions that need to be addressed. First of all, there is the problem of “nothing at stake” (at stake is not worth anything). Roughly speaking, the nodes of mistery can sign all versions of the blocks, including fraudulent, and nothing happens. This means that the normal modes are PoS are unable to reach Byzantine consensus. In addition, the fact that the nodes with tokens are not cost-effective, undermines confidence in the system through the proliferation of fraud. Some of the problems that traditional PoS systems have been described in this work researchers BitFury.

PoS is based on the collateral may solve at least the problem of “nothing at stake” because it will require the publication of information about the behavior of the node in the consensus Protocol. This will apply severe penalties to sites that have become known for their annoying behavior in the maintenance of Byzantine consensus. More importantly, achieving consensus will be easy for all, except criminals, attacking system.

The second problem with PoS is the concept of “attack from distance”. Attackers can control the old keys, which can then be used to create competing versions of events. In the presence of a sufficient number of keys under their control, a group of attackers may attempt to rewrite the transaction history over a long period, making the fork the Ethereum blockchain.

Fortunately, developers have already come up with a concept to solve this problem by changing the authentication model the state of the consensus. Thus, the consensus involves signatures from the nodes balance (share) which is currently non-zero. This solution is more secure as authentication is based on current information, not stale data.

How does Casper

Casper is the economic consensus Protocol based on the security Deposit. This means that the nodes, the so-called “bond validators (validator)” should place a Deposit (this is called “bonding”) in order to maintain consensus through production units. Built into the Protocol, the possibility of direct control of such deposits is the main way to influence the amount of remuneration received by the validators. In particular, if the validator will produce something that Casper deem “unacceptable”, his Deposit will be forfeited along with the right of further participation of the validator in the consensus process.

The use of security deposits eliminates the problem of “no risk” — when the behave badly for the intruder. Have a Deposit at stake, and there is an objective evaluation method of behavior, the result of which have invested validators will lose this Deposit if they behave unacceptably.

Of great importance is the fact that the signature of the validator is economically significant in each moment of time as long as the validator places a Deposit. This means that customers can count only on the signature of validators, which are known that they have placed a Deposit in real time. Therefore, when customers pump out and check the condition of consensus, the verification includes only those validators, which at the time of inspection, there is a Deposit.

On the other hand, if you take a consensus-based Proof-of-Work, the chain validation ends with the Genesis-block – while you are aware of the Genesis block, you can check the consensus up to the current block. In Casper, you can check the consensus if you are aware of the list of validators that host the Deposit at the current time. If the client does not know the current list of validators with a Deposit, he should check the list of off-grid (relative to Casper). The limitation that must be verified consensus, solves the problem of the “attack from afar” by imposing mandatory requirements of the comparison/validation of consensus on information currently available.

A list of validators changes over time, as they place and withdraw their deposits, are recognized as validators and lose the right to be. Therefore, if clients did not come to the network for far too long, the list of validators will be obsolete and will not be suitable for authentication of consensus.

In case, if customers appear online often enough to see how updated the list of validators, such customers will have the ability to update its list of validators. But even in this case, the client will have to start with the current list of validators bongiovanni at the moment, and therefore he will have to verify the authenticity of the list of off-grid means at least once, the first time. The current list of validators can be accessed from torrents by type of order, as now available to date copy of the blockchain the Bitcoin.

The property “grid check at least once” Vitalik Buterin calls “weak subjectivity”. In this context, information is “objective” if it can be verified in a way determined by the Protocol. On the other hand, information is “subjective”, if should be checked by means outside the Protocol. In weakly subjective consensus protocols, tracked the selection rule a fork, and customers need to initialize (and possibly update) the information, which was used as rules for selecting a fork, with the purpose of checking consensus. In our case, this entails identifying the current validators with the actual Deposit (or, more precisely, a cryptographic hash of the list of validators).

Gambling on consensus

Casper makes validators to bet more of their margin Deposit on something that will tilt the consensus process. Moreover, the process itself of consensus “occurs” as a result of bets: validators are forced to bid their deposits in accordance with the expectation of how others will make bets with their deposits. If the bet proves correct, they get their Deposit together with the Commission, and the possible issue of new tokens moreover. On the other hand, if they don’t come to an agreement quickly, you will get less than their Deposit. Consequently, after repeated rounds of this game, the stakes validators together.

If the validator is put on are less likely to block, despite the fact that there are more likely, the validator will be severely punished. Through this mechanism is achieved to ensure that the secondary rate will never be voted on, at least, as long as there are enough representative base validators involved in the process.

The consensus on the basis of the PoW is a similar scheme bids: miners are betting that their unit will be part of the most powerful chain. If a miner suddenly wins – he gets the tokens. But if the evidence is insufficient – miners fall the expenditure for electricity without any compensation from the network. The economic cost of such PoW-rates increase linearly, depending on the number of confirmations received (of generations), while in Casper, validators can coordinate the location of the exponentially growing parts of its margin relative to the blocks, thereby quickly ensuring maximum safety.

“Block” the consensus (of the order of inclusion of transactions in the block)

Validators can bet on blocks of any height (that is, each block number), by assigning it a probability, and publish it as a bet. By means of an iterative rates, validators choose exactly one block at each height, and this process determines the order in which transactions are included in blocks. It is noteworthy that

  • if you ever placed bets with a total probability above 100% at a time for a certain height
  • or, if in a similar situation, the cumulative probability below 0%
  • or, if you bet on the wrong block above 0%

the Casper holds a penalty margin of validators participating in betting.

Resistance to censorship

One of the greatest risks of consensus protocols is the formation of coalitions, which pursue the goal of profit maximization at the expense of those parties in the coalition are not included.

For example, if the income validators Kasper shall consist of payments for transactions, the majority included in the coalition, could censor the remaining units in order to earn a higher percentage of transaction fees. In addition, an attacker could bribe the nodes to exclude transactions to/from a certain address – and it could happen as long as most of the nodes act rationally — they could censor blocks generated by nodes, which include those transactions in blocks.

To resist the attacks carried out by the majority coalition, Casper, considers the process of consensus as a cooperative game, and ensures the maximum profit to each node, provided that the coalition is 100% of the nodes in the consensus (at least as long as they are for the most part, are rewarded in accordance with how it provides for the Protocol).

More specifically Casper punishes validators that do not create blocks in the order prescribed by the Protocol. The Protocol is aware of the possibility of deviation from this order and, accordingly, keeps the transaction fees and deposits to such validators. In addition to this, the income from correctly bets on the units – linear (or super-linear) as a function of the number of validators involved in a particular altitude of a consensus game.

What is Casper in non-economic terms?

Casper is consistent in the end, the Protocol consensus-based blockchain. Casper appreciates the accessibility of higher integrity (see CAP theorem). The system is always available and consistent, whenever possible. It is resistant to unpredictable delivery time of the message, as the nodes come to a consensus through a reorganization transaction, after the detainees message is eventually received.

In the end, its fault tolerance is 50%, meaning that the fork created by the rating of more than 50% of correct nodes is more preferable than any other fork created by the remaining, potentially malicious validators. It should be noted that customers cannot be sure that any given fork, created with the participation of 51% of the validators will not be canceled, because clients can’t know whether some of these nodes are Byzantine. Therefore, customers can examine the block is completed only if it involved the vast majority of validators (or margin).


Casper and the above-described concept of work-based PoS, with a high probability will be included in the Serenity following the release of Ethereum. Currently, the Protocol architect Vlad Zamfir (Zamfir Vlad) comes to a consensus on the details of Kasper with acne Baleriny. In the nearest plans of the simulation of the Protocol, writing informal and formal specification, formal health check, and then the implementation of Casper.

Although, in his article Vlad calls for patience and noted that the phase of research and development may take unpredictably long time.

According to the materials: Digitalmoneytimes, Etherium Blog

A full translation of the article about Casper blog Vlad Zamfir: here

Subscribe to new videos of our channel!

Leave A Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.