This week, we examine Peercoin. I'm not going to go into the threat model, because it has the same threat model as Bitcoin. It has a slightly different idea of what an "enemy" might be though.
In Bitcoin, we say that if an adversary has 51% of the mining power, then they win. The idea of one CPU giving you one vote is nice, but it ignores the fact that 51% of the mining power costs much less than 51% of the bitcoins would. Investing in mining gear suddenly looks profitable for a wealthy adversary. Peercoin wants to avoid this incentive by making the age of held coins determine the power of a vote.
Peercoin also intends to be more environmentally friendly than Bitcoin. Bitcoin mining has come to draw significant power. If Bitcoin had to mine the blocks to push the transaction volume of a large payment card processor, it would require immense banks of ASICs hashing guessing every day. We'd see centralization in mining power as it became more and more expensive to mine. These few actors would be playing the game of crypto lottery to coordinate together without trusting each other. Some would say this is at best a waste of electricity, and at worse that it undermines the goals of bitcoin.
Peercoin hopes to remove power and hardware as the consumed resource by making the external resource consumed into time itself. By relying on the stake of those holding coins in the network, Peercoin makes it expensive to act quickly and makes it difficult for any single identity to play too large a role in the system.
The idea of coin age has been known since the early days of Bitcoin. Coin age is a measurement of the amount of currency held, multiplied by the time since it was attained. Since a transaction consumes all of the input, sending the remainder back to the spender, this is akin to a measurement of the time since the coin was last changed.
An attacker who wants to acquire coins rapidly will likely have a problem with steadily acquiring coin age. To keep $1,000 in spendable coin age every day, you would need to acquire $1,000 in coin every day. You could only recycle the coin after it had aged 30 days, upon which the coin age is destroyed when it's used.
Coin age is truly the vote of the old money then. Those with the longest holdings of a coin are those who have the most investment in it's success, one reasons.
Proof of Stake via Coin Age
How does this coin age measurement allow one to implement a voting system for extending the blockchain?
Coin ages start being counted after the transaction making the coin amount is more than 30 days old. This has to do with checkpointing, as mentioned below. It allows nodes to deterministically agree on coin age through the checkpointing mechanism.
Peercoin has proof-of-work blocks, but most blocks won't be mined by proof-of-work. Proof-of-stake blocks will include a transaction in which the minter sends themselves their coins. These must have a coin age signifying they're greater than 30 days old.
Now this age goes into voting by acting as a "difficulty setting" for the hash target for a typical SHA-256, HashCash-style proof-of-work. This system allows someone spending more coin age to have the output of their hash-guess-lottery fall within a broader range and consider it success. This is probabilistically the same as giving the old money more lottery tickets for the same amount of money. After the work has been done, the worker needs to sign the block. This prevents the minter from using their same lowered difficulty to mine another block with the same parent. Nodes see the duplication and drop both, and the blockchain continues due to the signatures of honest nodes.
Peercoin further diverges from Bitcoin by creating a system which automatically scales the difficulty multiplier as the chain is built. In order to ensure that blocks are mined at an agreed-upon rate, the blocks contain a difficulty multiplier that can be adjusted. This continual changes allows the network to scale to sharp changes, in contrast with Bitcoin's periodic reassessments that can shock the mining economy.
Lastly, each transaction has a transaction fee which is destroyed. Furthermore, there are costs associated with everything that modifies the blockchain. This protects against attacks to fill the blockchain by making it expensive.
Minting is perhaps much less lucrative in Peercoin. There is a 1% return annually on the amount of coin that someone puts toward minting. It's not even guaranteed to be a profit. If two people mint the same block in a given timeframe, the one with the most coin age will win. When a transaction stakes it's coins, they are locked for 520 block confirmations over 3-4 days. These minting coins can't be used for day-to-day transactions, they have to be set aside. Merging transactions, spending them, or doing anything really will cause coin age to reset to zero. Minting more frequently doesn't even get you more. If you mint every 30 days, you'll be expected to make the same amount as if you minted annually.
Minting, unlike Bitcoin mining, is not like striking gold. Minting is akin to taking in your cash every now and then and asking to have it "upgraded" to account for inflation. This keeps people invested in the system, and keeps the power out of the hands of any one group of people. Lastly, it makes it unprofitable for someone to make a run on the system by making it expensive to mine multiple blocks. This makes attacks more expensive than the Bitcoin network, as long as it remains expensive to buy most Peercoin.