 # Proof of spending in block-chain systems

We introduce proof of spending in a block-chain system. In this system the probability for a node to create a legal block is proportional to the total amount of coins it has spent in history.

## Authors

##### This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

## 1 Introduction

In 2009, Satoshi Nakamoto [Na] introduced the notion of block-chain as well as the notion of proof of work into P2P cash systems, giving birth to the famous Bitcoin, which is the first P2P cash implemented in practise.

A cash system is a system in which nodes transfer coins to each other. A P2P cash system is a cash system in which transactions as well as datum built on transactions are broadcast to all nodes. A transaction is a collection of the following components: time of the blocktransaction, address of the payee, amount of payment, transaction fees, unspent transactions, the change, and signature of the payer.

A block-chain system is a P2P cash system where transactions are collected into blocks, where blocks are chained one after another, and where only the longest block-chain is considered to be the correct one.

A block in a block-chain system is a collection of the following components: time of the block, hash of the previous block, new transactions added to the block, address of the block creator, nonce such that the hash of the block begins with a number of zero bits.

Let be a natural number. A proof of work system with target difficulty is a block-chain system where block must satisfy satisfies the threshold:

 nlz(hash(B))≥D.

Here denotes the number of leading zero bits of .

The expected time for a CPU to find a POW block is And the expected time for CPUs to find a POW block is Therefore it is very difficult for the adversary to build the longest block-chain unless he has more CPUs than the honest party.

In 2011, the notion of proof of stake was posted in bitcoin forum by a user named Quantunmechanic. Various proof of stake systems were then formulated, see, e.g. [KN, BGM, NXT, Mi, BPS, DGKR, KRDO].

The simplest proof of stake system is the proof of balance system. A proof of balance system with target difficulty is a block-chain system where block chained after block-chain by node must satisfy the threshold:

 nlz(hash(B))≥D−log2(1+bal(A;C)),

where is the balance of node in block-chain .

The expected time for a party to find a POB block chained to block-chain is where is the balance of the party in block-chain . Suppose that the party transfers no coins to nodes outside the party, and assume that the transaction fees paid by the party in every block is a constant, say . Then the expected time for the party to build a long POB block-chain of length is where is the coins rewarded to a block creator. Thus, the expected time for a party without spending to build a long POB block-chain of length is It follows that, the adversary who never spends his coins can build a long block-chain secretely which in a long run, would outpace the block-chain maintained by the honest party. The same philosophy can be applied to attack other kinds of proof of stake systems, see, e.g. [Bu, Po].

In this paper we present a proof of spending system. In this system the expected time for a node to create a block is inverse proportional to the total amount of the coins it has spent in history. We shall see that, in the proof of spending system, the adversary trying to build a longest block-chain would earn nothing.

## 2 Proof of Spending

We now present a proof of spending system.

The proof of spending system with target difficulty is a block-chain system where block chained after block-chain by node must satisfy the threshold:

 nlz(hash(B))≥D−log2(1+spn(A;C)),

where is the total amount of coins spent by node in block-chain .

We call a block in a proof of spending system a PSP block. One can prove the following.

###### Lemma 2.1

The expected time for a party to find a PSP block chained after block-chain is where is the amount of coins spent by the party in block-chain .

We now prove the following.

###### Lemma 2.2

Suppose that a party is going to build a long PSP block-chain, and assume that no nodes outside the party would transfer coins to the party. Then the coins spent per block by the party is where is the amount of transaction fees per coin.

Proof. Suppose that the contrary is true. Let be the amount of coins spent per block by the party Then whenever the party produces a PSP block, the balance of the party decreases at least by . This would forbid the party to build a long block-chain, and thus contradicts to the assumption of the lemma. The lemma is proved.

We now prove the following.

###### Theorem 2.3

Suppose that the coins spent by a party in every block is , where is a positive constant. Then the expected time for the party to build a long PSP block-chain of length is

 ≈2DWR⋅FPCRwd⋅(γ+logL),

where is the Euler constant.

Proof. Since the coins spent by the party in the first blocks of the block-chain is , the expected time for the party to produce the -th block is So the expected time for the party to build a long block-chain of length is

 ≈2DWR⋅FPCRwdL∑i=11i
 ≈2DWR⋅FPCRwd⋅(γ+logL).

The theorem is proved.

Note that at the growing stages of the network, a proof of spending system is nearly a proof of work system, and hence is secure. After the network is grown up, the coins spent by the honest party in every block is . Suppose that the adversary wants to build a long PSP block-chain in shortest time. His best strategy is to transfer coins to himself in every block with . Therefore it is difficult for the adversary to built the longest block-chain alone.

## 3 Proof of Recent Spending

We now present a proof of recent spending system.

Let be a natural number. The proof of recent spending system with target difficulty and freshness is a block-chain system where block chained after block-chain by node must satisfy the threshold:

 nlz(hash(B))≥D−log2(1+spn(A;C[F])),

where is the last segment of of length , and is the total amount of coins spent by node in the chain segment .

We call a block in a proof of recent spending system a PRS block. As in the last section, we can prove the following two lemmas.

###### Lemma 3.1

The expected time for a party to find a PRS block chained after block-chain is where is the amount of coins spent by the party in chain segment .

###### Lemma 3.2

Suppose that a party is going to build a long PRS block-chain, and assume that no nodes outside the party would transfer coins to the party. Then the coins spent per block by the party is where is the amount of transaction fees per coin.

We now prove the following.

###### Theorem 3.3

Suppose that the coins spent by a party in every block is , where is a positive constant. Then the expected time for the party to build a long PRS block-chain of length is

 ≈2DF⋅FPCRwd⋅1WR⋅L.

Proof. We have, when is long,

 spn(A,C[E])=F⋅RwdFPC⋅WR.

So, when is large, the expected time for the party to produce the -th block is

 ≈2DF⋅FPCRwd⋅1WR.

So the expected time for the party to build a long block-chain of length is

 ≈2DF⋅FPCRwd⋅1WR⋅L.

The theorem is proved.

Suppose that the adversary wants to build a long PRS block-chain alone in shortest time. His best strategy is to transfer coins to himself in every block with close to 1. The transaction fees he must pay in very block is . So he earns per block. As the time for him to create a block is

 ≈2DF⋅FPCRwd⋅1WR,

his earning, per unit time, is

 ≈F2D⋅Rwd2FPC⋅WR(1−WR),

which is very small. It follows that the proof of recent spending system is secure, and is very secure if

 F2D⋅Rwd2FPC

is small.

## 4 Spending of Old Coins

We now present a proof of spending of old coins system.

We begin with the definition of coin age. The age of coin in a block chain is defined to be the length from the last transaction of the coin to the end of the block chain. The age of coin in block-chain is denoted as .

Let be a natural number. The proof of spending of old coins system with target difficulty and experience is a block-chain system where block chained after block-chain by node must satisfy the threshold:

 nlz(hash(B))≥D−log2(1+spn(A;C,E)),

where is the total amount of coins of age at least spent by node in the block-chain .

We call a block in a proof of spending of old coins system a PSO block. As in the last section, we can prove the following two lemmas.

###### Lemma 4.1

The expected time for a party to find a PSO block chained after block-chain is where is the amount of coins of age at least spent by the party in block-chain .

###### Lemma 4.2

Suppose that a party is going to build a long PSO block-chain, and assume that no nodes outside the party would transfer coins to the party. Then the coins spent per block by the party is where is the amount of transaction fees per coin.

We now prove the following.

###### Theorem 4.3

Suppose that the coins spent by a party in every block is , where is a positive constant. Then the expected time for the party to build a long PSO block-chain of length is

 ≈2D⋅FPCRwd⋅1WR⋅logL.

Proof. We have, when is long,

 spn(A;C,E)≈len(C)⋅RwdFPC⋅WR,

where is the length of . So the expected time for the party to build a block-chain of length is

 ≈L∑i=12Di⋅FPCRwd⋅1WR
 ≈2D⋅FPCRwd⋅1WR⋅logL.

The theorem is proved.

Suppose that the adversary wants to build a long PRS block-chain alone in shortest time. His best strategy is to transfer coins to himself in every block with close to 1. His balance must be greater than . If , where is the coins of the network, then the balance of the adversary must be greater than . It follows that the proof of spending of old coins is secure if is large.

## 5 Recent Spending of Old Coins

We now present a proof of recent spending of old coins system.

The proof of recent spending of old coins system with target difficulty , freshness and experience is a block-chain system where block chained after block-chain by node must satisfy the threshold:

 nlz(hash(B))≥D−log2(1+spn(A;C[F],E)),

where is the total amount of coins of age at least spent by node in the segment .

We call a block in a proof of spending of old coins system a RSO block. As in the last section, we can prove the following two lemmas.

###### Lemma 5.1

The expected time for a party to find a RSO block chained after block-chain is where is the amount of coins of age at least spent by the party in segment .

###### Lemma 5.2

Suppose that a party is going to build a long RSO block-chain, and assume that no nodes outside the party would transfer coins to the party. Then the coins spent per block by the party is where is the amount of transaction fees per coin.

We now prove the following.

###### Theorem 5.3

Suppose that the coins spent by a party in every block is , where is a positive constant. Then the expected time for the party to build a long RSO block-chain of length is

 ≈2DF⋅FPCRwd⋅1WR⋅L.

Proof. We have, when is long,

 spn(A;C,E[F])≈F⋅RwdFPC⋅WR.

So the expected time for the party to build a block-chain of length is

 ≈2DF⋅FPCRwd⋅1WR⋅L.

The theorem is proved.

Suppose that the adversary wants to build a long PRS block-chain alone in shortest time. His best strategy is to transfer coins to himself in every block with close to 1. His balance must be greater than . If , where is the coins of the network, then the balance of the adversary must be greater than . The transaction fees he must pay in very block is . So he earns per block. As the time for him to create a block is

 ≈2DF⋅FPCRwd⋅1WR,

his earning, per unit time, is

 ≈F2D⋅Rwd2FPC⋅WR(1−WR),

which is very small. It follows that the proof of recent spending system is secure, and is very secure if

 F2D⋅Rwd2FPC

is small. It follows that the proof of spending of old coins is secure if is large.

## 6 Conclusion

We have proposed two block-chain systems: proof of spending and proof of recent spending. The proof of spending system is more efficient, and the proof of recent spending system is more secure.