Objective:

This writeup (Part I) provides a high-level summary of the main ideas presented in the following paper:



Our Motivation

Cryptocurrencies like Bitcoin have demonstrated remarkable success. These protocols operate on large peer-to-peer networks using proof‐of‐work (PoW), yielding a trustworthy, append‐only, always‐available public ledger. This ledger underlies global payment systems (e.g., Bitcoin) and global computing platforms (e.g., Ethereum).

From PoW to PoS.

In Bitcoin, consensus is achieved through a PoW mechanism. Specifically, the participant who discovers a valid solution (a random nonce) to the hash-based PoW puzzle becomes the block producer for generating the next block.

PoW‐based consensus requires vast computing power. Replacing computational security with “stake” (i.e., coins) offers an environmentally friendly alternative. In a proof‐of‐stake (PoS) protocol, participants prove ownership of a certain number of coins; only those with valid proofs participate in extending the blockchain. To mine a block, a PoS participant solves a hash‐based puzzle whose “context” typically derives from recent blocks—often just the hash of the latest block on the longest chain. This context (a source of biased randomness), combined with stake information and the current round number, determines eligibility. Unlike PoW, solving a PoS puzzle is computationally trivial.

From ad hoc to rigorous designs.

Early PoS designs—much like Bitcoin’s original PoW design—were largely ad hoc. More recent work has adopted a formal cryptographic approach: security properties are rigorously defined, and protocols are analyzed under precise adversarial models. Garay et al. (Eurocrypt 2015) and Pass et al. (Eurocrypt 2017) analyzed Bitcoin in this framework, showing that it satisfies properties such as common prefix, chain growth, and chain quality under a semi‐synchronous network model. PoS protocols have been similarly studied in Snow White (FC 2019), Ouroboros Praos (Eurocrypt 2018), and Genesis (CCS 2018). However, many of these protocols remain vulnerable to attacks stemming from predictability.

(Un)predictability.

A protocol is predictable if some players can foresee their right to generate a block before it occurs. As Brown‐Cohen et al. (EC 2019) observed, predictability enables attackers in incentive‐driven scenarios. For example:

Both attacks undermine fairness and deter honest participation. Thus, a PoS protocol must minimize predictability—ideally achieving best‐possible unpredictability, where players learn only their immediate eligibility and nothing about future rounds. This property is essential for preserving fairness and incentivizing honest behavior.