As the core of blockchain technology, the consensus algorithm directly affects the security, stability, and decentralisation of the blockchain and numerous other important characteristics. Choosing an appropriate consensus algorithm for different scenarios is currently a challenge in the implementation of blockchain applications. This paper classifies the improvement schemes of proof of stake (PoS) into three categories: PoS-based consensus algorithms, PoS- and PoW-based consensus algorithms, and PoS- and BFT-based consensus algorithms. First, the study introduces the PoS and PoS consensus algorithm variants and then summarises the core ideas, effects, advantages, and disadvantages of these algorithms. Subsequently, the performances of the improved algorithms are compared. Finally, the main improved methods are summarised, and the most common network security attacks are discussed. The study lays a foundation for the main improvement directions of PoS in the future, hoping to provide a reference for researchers to help them select and design consensus algorithms in different application scenarios while also helping the evolution of consensus algorithms and the implementation of blockchain applications.

1. Introduction

Bitcoin [1] and Ethereum [2] achieve consensus among participants who do not trust each other, and blockchain has attracted the attention of the public [35]. Inspired by Bitcoin and cryptography, blockchain has emerged, evolved, and spread in several fields [610], such as finance [11], health [12], administration [13], industry [14], agriculture [15], smart cities [16, 17], and Internet-of-Things networks [18, 19]. Blockchain is a new type of technology that is integrated with a variety of computer technologies, such as distributed storage, peer-to-peer (P2P) networking, consistency verification, consensus algorithms, and cryptography. In this technology, blockchain data structures are used to verify and store data; consensus algorithms generate and update data; cryptography ensures the security of data transmission and access; and smart contracts composed of automated script codes program and manipulate data to realise trusted data management in an incompletely trusted environment. The consensus algorithm is the core of the blockchain and directly affects the efficiency, security, and stability of the entire system. Therefore, it is necessary to study consensus algorithms if blockchain technology is to become more widely used in the future.

The consensus algorithm ensures the safe and stable operation and consistency of the system. As the core of blockchain technology, the consensus algorithm stipulates the process of nodes keeping accounts by competition, that is, generates new blocks and then obtains a transaction fee [20].

The proof of stake (PoS) [21] was first proposed in July 2011 by a digital currency enthusiast at the Bitcoin Forum. However, the first implementation of PoS was in Peercoin (PPC), released by Sunny King in August 2012. PPC combines the two consensus algorithms of proof of work (PoW) and PoS. In the initial stage, PoW mining was used to distribute tokens relatively fairly to miners. Later, as the difficulty of mining increased, the system was mainly maintained by the PoS consensus algorithm. To a certain extent, PoS solves the problem of wasted power in PoW count and shortens the time to reach a consensus; therefore, following Bitcoin, many competing coins have adopted the PoS consensus algorithm [22]. PoS obtains the bookkeeping right from the node with the highest equity, rather than from the node with the highest computing power in the system. Equity is reflected in the ownership of a specific amount of currency by a node, which is called currency age.

Unlike the computational power of PoW, PoS is realised by comparing the “coin age,” which is determined by the amount of currency held by the node and the time of depositing the currency. PoS reduces the difficulty of computer hash calculations according to the size relation of the coin age and weight, alleviating resource waste to a certain extent.

2. Consensus Classification

2.1. Consensus Algorithm Based on PoS

To solve the problems of long-range attacks and nothing-at-stake attacks caused by forks, researchers have successfully developed improved algorithms based on PoS, such as Ouroboros, Sleepy Consensus, Snow White, and Delegated Proof of Stake (DPoS) [23]. The improved features in these algorithms are classified into three categories: (i) consensus algorithms to improve the enthusiasm for voting, (ii) consensus algorithms to guarantee the security of consensus in dynamic scenarios, and (iii) consensus algorithms to improve the efficiency of verification.

2.1.1. Improved Voting Motivation

Kiayias et al. proposed the Ouroboros algorithm in 2017. To encourage stakeholders to stay online and perform transaction verification and block production, they used a new reward mechanism to encourage nodes to join the blockchain to drive the PoS consensus process, making the behaviour of honest nodes in the chain approximate the Nash equilibrium, thereby effectively preventing block interception, selfish mining, and other attacks [21]. The existence of rational nodes is fully considered in the design of the incentive mechanisms. The transaction fees of multiple blocks are input into the pool and allocated to the corresponding nodes according to the contribution of the participating nodes [24]. This was the first PoS-based blockchain protocol with strict security guarantees.

To address the problems of inactive voting in DPoS and insufficient timely processing of malicious nodes, the authors in [2527] proposed an improvement plan based on an incentive mechanism. In [25], two core schemes were proposed: a voting incentive mechanism and a checkpoint protocol. Through the voting incentive mechanism, token holders are encouraged to vote actively, and 101 relatively fair nodes are selected. In cooperation with the checkpoint protocol, malicious nodes are deleted in a timely manner by mutual inspection among the 101 nodes, thus improving efficiency. The introduction of a voting reward incentivises the nodes to vote, and the introduction of a reporting reward significantly increases the proportion of nodes that take the initiative to report. In addition, the resistance of ordinary nodes to the bribery of malicious nodes is enhanced, and the probability of malicious nodes becoming “agent nodes” is reduced, thus guaranteeing network security. Fu and Li [27] proposed an improvement scheme based on reward and credit mechanisms. In response to the low enthusiasm of nodes to vote in DPoS and to reduce the probability of malicious nodes being elected as representative nodes, the incentive mechanism suggests that the transaction fees earned by nodes be shared with their supporters, and the strategy of the node Shapley value plus the time factor be accordingly designed to redistribute the revenue. The combination of credit mechanism and punishment makes it more difficult for malicious nodes to become representative nodes.

2.1.2. Improved Dynamic Usability

In 2017, researchers at Cornell University developed a new algorithm called Sleepy Consensus [28]. This algorithm proves that the traditional consensus algorithm cannot guarantee the security of the consensus in a dynamic scenario (when a large number of nodes are offline). However, in an actual case, only a few nodes are online and participate in the consensus process. Thus, the Sleepy Consensus algorithm requires only the number of honest nodes online to exceed the number of failed nodes to guarantee security and robustness [21]. In the same year, David et al. presented the “Ouroboros Praos” for the first time, which provided security against fully adaptive corruption in a semisynchronous setting. The incentive system of Ouroboros Praos is the same as that of Ouroboros, but it improves the election method of block producers. The public verifiable identity of block producers in Ouroboros is improved to match that of block producers identified in private. Other nodes cannot judge the identity of block producers in this round before the block producers successfully generate new blocks, which effectively prevents block producers from possible bribery attacks or distributed denial-of-service (DDoS) attacks. In 2018, Badertscher et al. proposed a PoS blockchain protocol combinable with dynamic availability, called Ouroboros Genesis [29], which is designed to bootstrap the process when a new node joins the network and solves long-term attacks on PoS. Genesis retains the part of Ouroboros Praos [30] that uses a verifiable random function (VRF) to randomly select block producers and modifies according to the longest chain principle. It allows parties to safely join (or rejoin) the protocol execution using only the Genesis block information and captures the setting of dynamic availability. All parties are allowed to join or leave the system at will and can stay offline for a long time. In 2019, Kerber et al. proposed the first formal analysis of a blockchain protocol based on PoS privacy protection called Ouroboros Crypsinous [31]. This protocol ensures the consistency and activity of privacy, such that privacy is independent of any other protocol running during classification implementation. It can resist adaptive attacks owing to the subtlety of its design. In 2019, Daian et al. presented Snow White [32]. Snow White proposed a reconfigurable consensus algorithm suitable for PoS, whereby the nodes can join and exit the network randomly. The reconfiguration interval is short and prevents adversaries from later posterior corruption attacks.

2.1.3. Improved Validation Efficiency

In August 2013, the Bitshares [23] project proposed DPoS. The idea of this design is similar to the “board of directors’ decision making.” The share rights held by each node in the system are equivalent to a single ballot. The ballot holders vote for their trusted representatives, and a “board of directors” is formed according to the voting results and the willingness of the nodes. The “board of directors” takes turns to package and settle transactions and sign (produce) new blocks. Compared to PoS, DPoS provides higher security in a short time and can verify transactions in seconds. If the PoW and PoS consensus methods are the accounting methods of “power competition” and “equity competition,” respectively, then DPoS can be called the accounting method of “democratic centralism.” It not only can solve the problem of PoW waste energy and joint mining, which poses a threat to the decentralisation of the system, but also can compensate for the disadvantage caused by participants, with bookkeeping interests in PoS, who may not want to participate in bookkeeping [22]. EOS [33] proposed a consensus algorithm based on the Byzantine fault-tolerant algorithm + DPoS (BFT-DPoS) in the “EOSIO Technical White Paper” released on 16 March 2018. EOS uses the BFT-DPoS protocol to make the block interval reach 0.5 s, which greatly shortens the time delay of cross-link communication and greatly increases the number of confirmed transactions per unit time. If such a mechanism is successfully implemented in future versions of EOS, it will undoubtedly be a solid step toward supporting innumerable users of blockchain technology.

The results of the comparative analysis based on the PoS consensus algorithm are listed in Table 1.

2.2. Hybrid Consensus Algorithm Based on PoS and PoW

In the consensus algorithm based on PoS and PoW, the problems solved by the related improved algorithms primarily include forks, nothing-at-stake attacks, and “the rich get richer” in PoS. The solutions to the corresponding problems mainly include introducing reward and punishment mechanisms and setting an upper limit. The reward and punishment mechanism generally involves a node paying a certain deposit before reaching consensus. If the node is found to be malicious, the deposit is confiscated. The setting of an upper limit aims to limit the coin age to prevent the right of a node in PoS from becoming too large, which can lead to that node becoming the “dominant one.” The following section introduces the reward and punishment mechanisms and the setting of the upper limit of the consensus algorithm.

2.2.1. Incentive and Punishment Mechanism

Casper is a protocol used by Ethereum during the serenity phase. It was introduced in 2015 as an improved PoS mechanism and security-deposit-based economic consensus protocol. There are currently two versions of Casper: Casper the Friendly Ghost (CTFG), proposed by Vlad Zamfir in 2015 [34], and Casper Friendly Finality Gadget (CFFG) [35], proposed by Vitalik Buterin and Virgial Griffith in 2015. The former is a clear PoS consensus, whereas the latter is an organic combination of PoW and PoS consensus. CTFG is a chain-based PoS design, whereas CFFG combines a chain-based PoS design and a Byzantine fault-tolerant PoS [24]. Casper offers appropriate tools and regulations to readjust participant incentives [36, 37]. A salient feature of Casper is that each node must pay a certain amount of deposit before participating in block generation and consensus. In this way, malicious nodes risk forfeiting their deposits, thus damaging economic interests. Casper resists nothing-at-stake attacks but reduces the enthusiasm of many nodes to participate in block verification [38]. Casper the Friendly Ghost (CTFG), proposed by Vlad Zamjir in 2015, is one of the versions of Casper. It is a chain-based PoS design and is also based on the security and identity verification of the deposit. The issue of “nothing-at-stake” is addressed by the “betting” mechanism of the margin. In the case of incentive agreements, CTFG treats the consensus process as a cooperative game, ensuring that each node maximises its benefits in an alliance composed of 100% consensus nodes against attacks by most coalitions. In 2015, Buterin and Griffith proposed that Casper Friendly Finality Gadget (CFFG) [35] is a consensus algorithm that combines PoW and PoS. Similar to Casper, in CFFG, each node must pay a deposit to become a verifier, and each checkpoint must go through two rounds of validation before the final validation is completed. Each round of Casper needs to obtain more than one-third of the coin age verification of the entire network to determine the final result, and the CFFG needs to obtain more than two-thirds of the validators’ legal votes. The main purpose of the betting mechanism in CFFG is to solve the problem of “nothing-at-stake” that the PoS consensus may face. To keep the nodes fully online, Ethereum adopted a penalty mechanism for offline nodes to maintain network security [24].

Proof of activity (PoA) was presented by Bentov et al. in 2014. The PoA protocol combines PoW and PoS and is an extension of the Bitcoin protocol. In the PoA protocol, the transaction rewards obtained by the stakeholders who generate the block are shared with the rest of the stakeholders and miners who generate empty block headers. Online miners can obtain a profit even if they do not mine, which encourages them to stay online and is conducive to the healthy operation of the currency. However, no specific scheme is provided for the income distribution of each node [39]. In 2016, PoA designers proposed the chain of activity (CoA) [40] protocol, which uses the idea of PoA to improve the PoS mechanism and overcome the bifurcation problem of PoS to a certain extent. The CoA execution process is similar to an online lottery in which all stakeholders draw prizes according to the CoA protocol. The distribution of rewards is the same as that of the original algorithm, and the benefits are shared by others. However, the specific distribution scheme of each person’s benefits is not clear.

Duong et al. [41] proposed the 2-hop consensus algorithm in 2017. This is the first study to use the power of virtual resources to construct provably secure open blockchains. This is also the first attempt to combine physical and virtual resources to build a practical open blockchain with provable security. In the 2-hop protocol, the authors proposed a rigorous framework suitable for analysing more blockchain protocols. The 2-hop design can be viewed as a natural extension of Nakamoto’s 1-hop design via a PoW mechanism (i.e., the second hop is deterministic and always true). The 2-hop design can also be viewed as a PoS scheme that uses a PoW chain as the biased random beacon.

2.2.2. Setting of an Upper Limit

In April 2014, Larry Ren proposed a consensus algorithm for proof-of-stake velocity (PoSV) in a white paper on ReddCoin, aiming to address the problem that coin age is a linear function of time in PoS, to eliminate the phenomenon of currency holders hoarding coins. In the first stage of the PoSV algorithm, PoW is used to realise token allocation, whereas in the second stage, PoSV is used to maintain long-term network security. PoSV modifies the linear function of the coin age and time in PoS into an exponential decay function, and the growth rate of the coin age decreases with time and finally approaches zero. Therefore, the coin age of the new currency grows faster than that of the old currency until it reaches the upper threshold, which mitigates the phenomenon of currency hoarding by coin holders to a certain extent [22]. PoSV was proposed as an alternative to PoW and PoS to improve the security of P2P networks and confirm ReddCoin transactions. Proof of burn (PoB) was proposed in 2014 as a distributed consensus approach in which one cryptocurrency can be burned to create another. The subtlety of this version is that simulation of the mining platform and dependence on external randomness at low bit rates are not necessary. The PoB competes for the right to produce new blocks by burning tokens. In PoB, over time, the share of nodes in the system may decrease, driving nodes to burn tokens to obtain more mining opportunities. However, this causes a waste of token resources, and the mining ability is gradually controlled by those who have more resources and are willing to burn tokens [42]. Slimcoin [20] is an alternative cryptocurrency based on Peercoin, which uses PoB as part of the consistency algorithm as well as an alternative mining approach. In addition, Stewart’s version of PoB is an attempted protocol that can be used in cryptocurrency to continuously generate blockchain or to mine [43].

Wu et al. proposed an improved blockchain consensus algorithm called proof of work and stake (PoWaS) in January 2020. PoWaS reduces the difficulty of hash calculation and sets the maximum difficulty value, the effective holding time, and the upper limit of the coin age, adjusting the credit value according to the behaviour of nodes, to finally introduce a competitive waiting time. The value of pStake is calculated according to the time, coin age, and credit value spent looking for random numbers. The calculation of pStake strengthens the impact of credit value on the competition to obtain accounting rights by reducing the proportion of equity and calculation power while increasing the proportion of credit value. PoWaS can reduce computing power waste, accelerate block output speed, and balance the competition for accounting rights [44]; however, there is still room for improvement in the stability and availability of block output speed.

The results of the comparative analysis of the hybrid consensus algorithm based on PoS and PoW are presented in Table 2.

2.3. Hybrid Consensus Algorithm Based on PoS and BFT

In the consensus algorithm based on PoS and BFT, the related improved algorithms include the strategy of combining PoS and BFT and the scheme of integrating a VRF on this basis, as analysed in this section.

2.3.1. Consensus Algorithm Based on PoS and BFT

Delegated Byzantine fault tolerance (dBFT) is a consensus algorithm adopted by NEO [45], which combines the delegated voting system, PoS, and practical BFT (PBFT) and is a consensus protocol for realising large-scale participation by delegated voting. This is equivalent to the people’s congress system, and the bookkeeper is equivalent to the deputies of the people’s congress. The deputies of the people’s congress negotiate and decide on government affairs by the people’s congress. dBFT can confirm newly generated blocks immediately; therefore, it is characterised by speed and good scalability. The generation speed of new blocks can reach 15–20 s, and the measured throughput can reach 1000 transactions per second (TPS). However, in the NEO project, six of the seven current consensus nodes are controlled by the project party. Therefore, there are also disadvantages, such as the limited number of consensus nodes and the very high degree of centralisation [46]. Tendermint [47], proposed by Gilad in 2014, implemented the first PBFT-based PoS consensus algorithm using blocks, hash links, dynamic validator sets, and a circular leader election. Based on the counting of votes by a node, a weight is assigned to each vote, and the problem of nothing-at-stake is solved by paying a deposit. Inspired by this, the BA protocol in Algorand [47, 48] and CFFG protocol in Ethereum were proposed successively [34]. Tendermint is a Byzantine fault-tolerant consensus algorithm that is robust against double-spending attacks and can withstand up to one-third of the saboteurs in a network. Tendermint was applied to the CITA project [46]. Owing to its complex consensus algorithm, Tendermint does not have a corresponding real-world trust model. In 2016, Miller et al. introduced improvements to Tendermint and presented an alternative, HoneyBadgerBFT, which is the first practical asynchronous BFT protocol to guarantee liveness without making any timing assumptions. Their solution is based on a novel atomic broadcast protocol that achieves optimal asymptotic efficiency. Miller et al. presented an implementation and experimental results to show that their system can achieve throughput of tens of thousands of TPS and can scale to over 100 nodes on a wide area network (WAN). Unlike the alternatives, HoneyBadgerBFT does not consider the underlying network. Miller et al. conducted BFT experiments over Tor without the need to tune any parameters.

2.3.2. Consensus Algorithm Based on PoS, BFT, and VRF

The ontology project combines PoS, BFT, and VRF with the proposed VBFT [49] (Byzantine consensus algorithm based on VRFs), which realises fast consensus in the network. Each block determines the output of VRF. The VRF determines the sequence of consensus nodes, assigns priority according to the node sequence, determines the block priority by node priority weighting, and finally votes for the block with the highest priority to solve fork problems. The block producer, verification node, and confirmation node, which can resist malicious attacks and have a high degree of decentralisation and security, are randomly selected in VBFT. In 2017, Gilad et al. combined PoS, BFT, and VRF to propose the Algorand [50] consensus algorithm, which realises the rapid consensus of synchronous networks. This mechanism is equivalent to a multicommittee system that includes a block-producing node committee and verification node committee. It randomly selects block and verification nodes, which can resist malicious attacks and effectively prevent the verification power from being concentrated in the hands of some users. Algorand has a high degree of decentralisation and can guarantee security and activity during synchronisation. Kokoris-Kogias et al. [51] combined VRF, PoS, BFT, and a lock mechanism to propose the OmniLedger consensus algorithm, which realises the atomicity of cross-shard transactions from the perspective of the unspent transaction output (UTXO), whereby each shard chain has and maintains its own UTXO. It ensures security and correctness by using a bias-resistant public-randomness protocol to choose large statistically representative shards that process transactions and by introducing an efficient cross-shard commit protocol that atomically handles transactions affecting multiple shards. OmniLedger uses PoS to select verification nodes and VRF to allocate these nodes to the shard chains. Each shard chain uses a BFT to reach an agreement and uses a lock mechanism to ensure the atomicity and correctness of cross-shard chain operations. There is no corresponding real-world trust model to OmniLedger because of the complexity of its mechanism. Abraham et al. [52] combined the VRF, PoS, and notarisation systems to propose the Dfinity consensus algorithm. Dfinity uses the Boneh–Lynn–Shacham (BLS) threshold signature to construct a VRF (called a beacon) and outputs a data stream that changes over time. Dfinity is equivalent to a notarisation system, and the proposal can be considered credible after being certified by any legal notary. Byzantine nodes cannot secretly establish and maintain authenticated chains; therefore, there are no security threats such as double-spending attacks, selfish mining attacks, long-range attacks, and nonhazardous attacks, but there are adaptive attacks.

The results of the comparative analysis of the hybrid consensus algorithm based on PoS and BFT are presented in Table 3.

3. Consensus Comparison

The second section identifies and analyses the improved algorithms based on PoS. These algorithms have different design emphasis, and their advantages and disadvantages are presented in this section through comparisons and analyses from the perspectives of Byzantine fault tolerance, block generation speed, and throughput.

3.1. Fault Tolerance

As a reference for algorithm security, fault tolerance refers to the tolerance value of the consensus algorithm for nodes that have non-Byzantine faults in the system (crash fault tolerance) and the tolerance value of nodes that have Byzantine faults (Byzantine fault tolerance). The Byzantine fault tolerance of the nodes in the algorithm was compared to analyse security, and the results follow the following order: PoS = DPoS = Sleepy Consensus = Ouroboros = Casper = 2-hop = PoA = PoB = PoSV = PoS = DPoS = 50% > EOS = dBFT = Tendermint = HoneyBadger = 33.33%. The Byzantine fault tolerance of each algorithm is illustrated in Figure 1.

3.2. Block Time

The time it takes for a transaction to be packaged into a block and recorded in the blockchain is a performance indicator of whether a block is efficient. In this section, the algorithms are compared regarding the speed of reaching consensus (i.e., block time) and analysed with respect to efficiency. The results of the comparison show the following order: EOS > DPoS > VBFT > Dfinity = dBFT > OmniLedger > PoS. Compared with the original PoS algorithm, the improved algorithm significantly improves block generation time. VBFT consensus nodes execute the BFT consensus with low resource consumption and faster block generation; however, the scalability of VBFT decreases with an increase in consensus nodes [46]. Dfinity uses VRF to generate proposers, which improves the security of the system; however, communication via broadcast is time complex. The block generation speeds for each algorithm are displayed in Table 4 and Figure 2.

3.3. Throughput

Transaction throughput is defined as the number of TPS in the blockchain, which is a key index for measuring the performance of a system. The scalability of the network is one of the key factors to consider in blockchain design and can often be determined from the throughput. The faster the block generation speed of the algorithm used in the actual system, the greater the transaction throughput and the higher the performance efficiency of the algorithm:where represents the total transaction volume per unit time t and represents the time interval between the creation of a transaction and the confirmation of the block. The results of the throughput comparison yield the following order: DPoS > OmniLedger > HoneyBadger = VBFT > PoS = dBFT = Dfinity > Algorithm > Snow White > EOS. Compared to the throughput of the original algorithm, the throughputs of most of the improved algorithms were significantly enhanced. The block generation speed and throughput performance of the DPoS in the experimental environment were better than those of the other algorithms. The throughput of a few improved algorithms decreased in comparison with that of the original algorithm, whereas some improved algorithms maintained the throughput of the original algorithm. Snow White sacrifices high throughput so that nodes can randomly join and exit the network and to ensure fairness of the transaction fee distribution. Algorand sacrifices high throughput to ensure rapid consensus of the synchronisation network and a high degree of decentralisation. Although EOS theoretically reached million-level TPS, its actual throughput was not ideal because the process of electing witnesses consumed a large amount of the resources. The throughputs of the improved algorithms are presented in Table 5 and Figure 3.

4. Discussion and Challenges

In this section, the improvement methods of the consensus algorithms are discussed, followed by some of the challenges faced by blockchain.

4.1. Improvement Methods

Through a study of the PoS algorithm, it was determined that the improvement in the PoS algorithm is mainly obtained by focusing on how to select the block producers, distribute the block rewards, incentivise nodes to participate in the consensus, impose sanctions on lazy or malicious nodes, and prevent excessive concentration of power. The details of these processes are as follows.

4.1.1. Selection of the Block Producer

First, the election of blockmakers, which can be through direct or indirect election, is considered. Some protocols directly select a node from all the nodes as the producer of the new block, and some protocols select multiple nodes from all the nodes to form a node set. A node is selected from this set as the block producer.

Second, the election method of block producers is considered for two situations. The first is the situation in which block producers are elected directly from all nodes. The main election methods are capable of competition, and those with greater abilities are elected as block producers. For example, PoW is a competition for computing power; PoS is a competition for stakes; PoB is a competition for burning tokens; and PoWaS is a competition for pStake (pStake is calculated according to the time, coin age, and credit value spent looking for random numbers). The election of block producers through competition can easily lead to a dominant situation in the blockchain. For example, a node with a large stake in the PoS has a greater chance of producing a new block. After a block reward is received, the stake of the node becomes larger, which leads to the problem of “the rich get richer.” The same problem also arises with PoW and PoB. The second situation is the indirect selection of blocks from a set of nodes. There are three ways to elect a block producer in the set: vote to elect the block producer, take turns as the block producer, and randomly designate a node as the block producer.(i)The voting method to generate block producers in the set is similar to the committee mechanism. Decisions are made by committee members to vote for the resolution, and some innovative protocols assign different weights to the votes. For example, the EOS block sequence is determined based on the network resources of each node, and this order is valid only when the consent of at least 15 block producers is obtained. dBFT generates a new block by consensus by running the BFT algorithm through a collection of bookkeepers. VBPT is similar to the block-producing election of Dfinity.(ii)The manner in which the nodes in the set take turns as block producers is also similar to the committee mechanism. For example, the collective “board of directors” in the DPoS takes turns to package and settle transactions and sign (produce) new blocks according to the established schedule.(iii)The block producers are elected by VRF. For example, the consensus of the Ouroboros and Ouroboros series uses random numbers to select block producers randomly in each round. The CoA randomly selects a node from the set of stakeholders as a block producer, and Algorand randomly elects block producers and verification nodes. Electing block producers in a random manner can resist malicious attacks and provide a high degree of decentralisation and security.

This mode of election is relatively fair and can prevent the problem of one-party dominance to a certain extent; however, it also has some disadvantages. In theory, DPoS has excellent throughput; however, the throughput of EOS applications is not ideal, and the block generation relies on 21 witnesses; therefore, decentralisation is not good; dBFT is close to being completely centralised in the NEO project. The resource consumption of the VBPT is low; however, its scalability deteriorates with an increase in the number of nodes. Dfinity uses broadcasting to communicate during the consensus process, which leads to high time complexity while improving system security. Algorand performs well in terms of decentralisation, security, and resource consumption but has high communication overhead with at least six rounds of communication.

4.1.2. Allocation of Block Rewards

Some protocols clarify how rewards should be distributed, whereas others do not specify the distribution method for block rewards (PoA and CoA only indicate that rewards are shared with n potential block producers, but specific plans are not provided).

There are two main types of reward-allocation schemes: First, the reward is exclusive to the block producer. In general, the ability competition agreement and reward are exclusive to block producers such as PoS, PoA, and PoB. Second, the reward is shared with the block producer and others, such as Ouroboros and Ouroboros Praos, who allocate transaction fees to participating nodes according to the amount they contribute, whereas Casper rewards according to the amount of money the verifiers place.

The exclusive allocation of a block reward leads to the concentration of power in the blockchain network. The equal allocation of a block reward is obviously unfair to nodes with different contribution levels, and the allocation of reward according to the “bet” also leads to concentration of power to some extent. Thus, the questions of allocating the reward more reasonably, that is, how to allocate the reward according to the contribution of each node and how to define the measurement index of contribution, are also key issues in the design of reward allocation in the consensus algorithm.

4.1.3. Incentive and Punishment Mechanism

Generating a new block in the blockchain requires agreement among the online nodes. The reward mechanism is primarily intended to encourage inert nodes (nodes that are not online or those that are not actively participating in the consensus) to actively participate in the consensus. The penalty mechanism is mainly intended to punish malicious nodes (nodes that violate consensus rules, compromise consensus security, or do not actively participate in consensus). The reward and punishment mechanisms aim to reach a consensus in a healthy manner. For example, to encourage nodes to stay online, Ouroboros places the transaction fees of multiple blocks into the pool and allocates transaction fees according to the contribution of the participating nodes. PoWaS rewards and penalises according to the credit value upgrade mechanism of the node to promote active competition for the right of bookkeeping by the node. The Casper series and Tendermint protocols impose sanctions on malicious nodes by paying a deposit, which can be forfeited through ownership. CoA penalises nodes for “inaction” through the “three times” blacklisting rule. If the nodes fail to produce blocks three consecutive times, they are blacklisted; however, they can be removed from the blacklist after resuming normal block production.

The original intention of designing the reward and punishment mechanism is to ensure the healthy operation of the consensus algorithm, motivate nodes to actively reach consensus, and punish malicious nodes to guarantee that the consensus algorithm operates under safe conditions. However, controlling the punishment strategy and scale is challenging. Malicious nodes should be punished while not allowing some inert nodes to go unpunished for not participating in the consensus, not mining, or even quitting the network. Therefore, the adaptation and optimisation of the reward and punishment mechanisms are also problems that researchers need to consider.

4.1.4. Setting an Upper Limit

The aim here is mainly to prevent the problem of excessive concentration of power, which could lead to “the rich getting richer” and other problems. PoSV uses an exponential decay function to decrease the growth rate of the coin age over time, which eventually tends toward zero. Setting an upper threshold for coin age alleviates the phenomenon of hoarding coins to a certain extent. PoWaS sets the upper limit for the effective holding time and coin age. If the upper limit is exceeded, the coin age and effective holding time will stop growing, thereby preventing the problems of unlimited growth of currency age and the “the rich getting richer.” Setting an upper limit prevents the problem of excessive concentration of power but sacrifices block speed and stability in performance.

The above four aspects are the main improvement points summarised in this study of the PoS algorithm. The core problem is the selection of block producers and distribution of block rewards. The incentive and punishment mechanism and the setting of an upper limit somewhat answer the first two questions, that is, to elect block producers more reasonably and allocate block rewards more equitably.

In summary, the main improvement directions of the PoS-improved algorithm are outlined in Figure 4 for clarification.

4.2. Blockchain Consensus Attacks

In this section, the most common network security attacks that theoretically threaten almost all consensus algorithms [54] are discussed. When designing a consensus algorithm, more attention should be paid to possible attacks on different blockchain types.

4.2.1. Double-Spending Attack

A double-spending attack on the blockchain occurs when a node tries to spend a sum of money twice. The attacker first creates a normal transaction in the block of the main chain, then creates a deceptive transaction after a certain period of time, and publishes the deceptive transaction in the block of the fork chain to fork off from there. The attacker continues to mine on the Internet until the length of the fork chain exceeds the main chain. At this time, it broadcasts to the entire network, and once other nodes find out that there is a longer chain in the network, all of them switch to this fork chain, whereby the forked chain becomes the main chain; the previous normal transaction is rolled back, and the double-spending attack succeeds.

Although different consensus algorithms attempt to mitigate this vulnerability and have different mechanisms to address this issue, the double-spending attack cannot be completely avoided in blockchain systems; theoretically, it can happen at any time [55, 56]. To solve this problem, we can start by solving the time problem, preventing the attacker’s malicious fork from becoming the longest main chain, and solving it through timestamp or nonce.

4.2.2. 51% Attack

From a theoretical perspective, 51% attacks are possible. When an attacker can control more than 50% of the power (such as mining power or verification power) in the blockchain, he/she can perform malicious activities [57]. Let us assume that a certain node has sufficiently strong computing power (more than half of the total computing power of the nodes in the entire network). If the node is mining on the forked chain, the growth rate of the forked chain will be greater than that of the main chain. At this point, if the node wants to roll back the transaction in the main chain, it only needs to publish the fork chain. Nodes with insufficient computing power can organise multiple nodes to launch 51% attacks through bribery.

In comparison, Sayeed and Marco-Gisbert [58] pointed out that the PoW, PoS, and DPoS algorithms are vulnerable to 51% attacks. In the PoA algorithm, attackers launching 51% attacks need to own more than half of the property and computing power in the blockchain network simultaneously, which increases the cost of attacks, preventing 51% attacks to a certain extent.

4.2.3. Sybil Attack

A Sybil attack is an attack that acts on a P2P network. In the blockchain, the attacker uses a single node to forge multiple identities to obtain voting rights and the ability to verify blocks or even broadcast a fake message to the blockchain network, thereby weakening the redundancy of the network and allowing the monitoring of normal activities of the network to interfere.

Although Sybil attacks are difficult to detect, some preventive methods have been developed. For example, PoB increases the cost of creating nodes by burning tokens to reduce the risk of attack. The PoW determines the voting rights of each user according to multiple parameters to defend against Sybil attacks [59].

4.2.4. Selfish Mining

Selfish mining is a strategy aimed at the Bitcoin PoW mechanism blockchain. Its purpose is not to destroy the operating mechanism of Bitcoin but to obtain additional rewards and make honest miners perform invalid calculations. Simply, when a block is discovered, the selfish miner does not announce but continues digging or alternatively waits for an opportunity before making the announcement or delays it deliberately. Therefore, it is possible to construct a private branch that selfish miners control, thus causing the chain to fork. This strategy reduces the speed of network verification of blocks while weakening the profitability of honest miners. Prior to difficulty adjustment, it also has an adverse effect on selfish miners. A selfish mining attack is an attack on the difficulty adjustment algorithm [60], which can be mitigated by introducing orphan blocks to the difficulty adjustment formula.

5. Conclusion

In the field of information technology, the consensus algorithm for blockchains has attracted increasing attention from researchers. This study examines PoS-improved algorithms and classifies them into three major categories. By introducing the basic concepts of the algorithm, the study summarises the improvement strategy, improvement effect, advantages, and disadvantages of four more algorithms, concentrating on improvement points and analysing and summarising them. The improvements in the algorithm are intended to solve the problem of electing block producers, allocating block rewards reasonably, and improving consensus efficiency while ensuring privacy and security. The question is how to ensure that the blockchain remains decentralised while running the consensus without violating the previous conditions? Improvements to the algorithm should consider this point.

Blockchain technology has been applied in many fields, and an increasing number of researchers are focusing on the implementation of blockchain applications. Security and privacy issues in the process of application implementation remain major challenges. Based on the improved method in this paper, the plan is to design a consensus algorithm based on an incentive mechanism to distribute block rewards reasonably while preventing network security issues facing the blockchain.

Data Availability

Data are available upon request.

Conflicts of Interest

The authors declare no conflicts of interest regarding the publication of this paper.


This work was supported by the National Natural Science Foundation of China (Grant no. 61862007) and the Innovation Project of Guangxi Minzu University Graduate Education (gxun-chxps202081).