Proof-of-Stake Longest Chain Protocols Revisited
The Nakamoto longest chain protocol has served Bitcoin well in its decade long existence. It is remarkably simple and uses only basic cryptographic primitives, but its proof-of-work framework is energy wasting. Proof-of-stake (PoS) protocols are an energy efficient alternative; however they are significantly complicated and promise weaker security guarantees. An effort to mimic the Nakamoto protocol directly in the PoS setting is made in [10] with security shown only for a class of purely private attacks. In this paper we demonstrate a new, and fatal, attack on the protocol of [10]. This attack motivates the design of a new family of Nakamoto-style longest chain PoS protocols, with a formal proof of their security against all possible attacks in a general security model.
READ FULL TEXT