Proof of Space-Time (PoST) was designed as a new primitive cryptographic proof of work (PoW) as proof of resource consumption and as a Sybil resilience system for unauthorized cryptocurrencies. It was launched in 2016 by Tal Moran and Ilan Orlov in the paper ‘ Simple Space-Time proof and logical storage tests.’ A PoST enables a prover to inform a verifier that several “space-time” resources have been spent: a certain amount of space allocated over a certain duration, during which space can not be used for anything else. The PoST requires considerably less energy than PoST because “difficulties” can be increased without further computational work by increasing the time during which space is allocated.
The PoST is a protocol for two steps. The prover commits itself to generate and store pseudorandom data, derived from a certain seed, during the first step (executed once). In the second phase, the execution process (periodically executed), the prover shows that they still have access to data at a certain stage.
Sadly, the protocol does not require a prover to prove that the data have been processed because instead, an adversary can only store the initial seed (which can be used for data regeneration). To overcome this problem, data generation requires a work of calculation that can be parameterized to greatly increase the cost of regenerating the data over and above the cost of saving it simply.
This leads to the concept of PoST as a trade-off between space-time and computer work, where a rational user often chooses using the less costly space-time Resource over computer work under reasonable cost assumptions (while at the same time a non-rational user has a greater cost and has no advantage). This means that a strategy does not allow a prover to spend time, but that when the parameters are set properly, the strategy will be much more costly.
For this reason, we can guarantee that rational users prefer to use the space-time resource with PoST is a crypto-monetary situation, in which benefit is the main motive of participation. Unless, however, the cost of initialization was lower than the cost of storing the data because of variations in the measurement power market price compared to the storage, it will be moved to PoW. To prevent this, the problem level can be calculated by using a market-based system, similar to nature to the difficulty adjustment of PoW-based cryptocurrencies like Bitcoin.
Proof-of-Capacity vs Proof-of-Space-Time
Proof of space-time differs from proof of functionality as PoST requires network users to show that they used a “space-time” tool, which means that over a span they controlled the network storage capacity.
This was called “fair” proof of space-time, by the developers of Proof of space-time, Tal Moran and Ilan Orlov, because the real storage costs are commensurate with the amount of storage capacity and time spent.
For example, the Dropbox cloud storage service charges a monthly subscription price based on the amount of storage that is used during that period. It will cost $10 to use 3 TB storage for 1 month and $20 to use 3 TB for 2 months.
The logical evidence of financial interest in the PoST network tackles two proof-of-capacity problems:
- Arbitrary amortized cost -Participants can produce arbitrary PoC proofs in a consensus framework that does not take time to reuse the same storage space to which their true costs.
- Misaligned incentives –A logical PoC program user would delete almost all data stored when processing costs are lower than data storage. It essentially turns PoC into a partial, resource-intensive, PoW system.
To allow public verification and to ensure that the data generated during the initialization phase is stored cheaper than regenerated, this data must involve PoW generated. The prover does not create one big PoW to avoid sending all data to the verifier; rather, it constructs a table with many entries where each entry is a PoW which can be independently verified.
- Initialization— the supplier carries out computational work that results in pseudorandom data, generated for a particular seed, arranged as table entries. The seed can be a public key to ensure that an opponent who does not possess the correct private key can not assert ownership of the same data.
- Execution— the Prover is facing a challenge not to be expected, reads (or recalculates) all the data and provides evidence to show that the data exists when the algorithm is invoked.
By restarting the initialization process, the execution phase can be repeated several times. The argument is important since work is required during the initialization stage whereas the execution process is energy efficient (i.e. it needs relatively few machine steps). Although PoST does not provide a single proof over PoW, using it to produce multiple such proofs enables the work needed during the initialization process to be amortized against all proofs, making the building energy efficient.
The iteration of the implementation process provides proof as an answer to a request obtained and at the end of the initialization step when the challenge is empty. It makes proof interactive between prover and verifier unless the problem is resolved (i.e. empty) or non-interactive during the initialization process.
The space-time resource time element is the time that elapses between successive generation and chaining stages of the PoST: start-up, or previous execution and the latest execution process. Contrary to the space dimension, the time element can not be checked publically (that is, according to the contents of the facts alone), but requires a verifier, to measure the time elapsed between phases. Nevertheless, by inserting proof of elapsed time (PoET) on the system it can be made non-interactive and publicly verifiable.
To generate a proof, the prover uses the data to create a Merkle tree with the sheets marked with the table entries. Each label of the leaf comprises a concatenated group of entries and each inner node label generates a hash function that is Salted with a challenge in linking its children’s labels. This forces the prover to devote himself to understanding the leaves at the time he produces the proof.
First, the verifier extracts the same pseudorandom set of indexes for 100 Merkle root entries, close to the prover, using the heuristic Fiat-Shamir. She then measures the root of the Merkle engagement openings to check that it matches the estimated root value. She then removes the selected entries (each of which includes a group of entries) from the proven sheets and verifies that the PoW is true for their respective indices and seed.
What is the effect of storage instead of POW ASICs on the environment?
Proof of Space-Time (PoST) is designed to allow millions of ordinary people with desktop computers to use existing disk space on their systems to mark themselves for participation in distributed consensus. With this kind of program being available to hundreds of millions of people around the world today and about 80 million new desktop PCs are sold every year. It is planned to use physical storage at the commodity levels such as hard drives and SSD drives. For any non-negligible environmental impacts to be produced by additional drives, worldwide drive demand will have to rise above current levels. As of 2019, around 640 million new drives have been produced and sold around the world.
One factor is the increased use of energy due to the home users leaving their PCs24x7 instead of shutting them down and starting them every day. This is about $7 a month and is insignificant compared with Bitcoin’s electricity costs. PCs will claim approximately $700 K of electricity cost per month. The current electricity costs of Bitcoin are about $440 million a month.
Deterministic existence of PoST
For a generation of the data to the Merkle tree commitment and opening, all PoST buildings, from the Partial-Hash IPoW, are deterministic: the number of necessary hash invocations is known in advance to any given space-time resource. It makes PoST distinct from PoW, where it is probabilistic to effectively generate a test. In comparison, PoST helps us to ensure that anyone who invests the necessary resources can provide valid evidence. Therefore PoST can be used to replace the lottery-based block-production mechanism (and thus rewards) in PoW with deterministic mechanisms and does not make the leadership election a mandatory part of the consensus protocol. This allows PoST to be used to build a crypto-currency protocol without ethnicity.