Proof-of-Archival-Storage (PoAS) consensus maintains the honest majority assumption and permissionless nature of Nakamoto consensus without the massive electricity cost of mining.
Decoupled execution keeps farming lightweight and resistant to pooling, while the farmer storage network allows the blockchain to "bloat" massively without becoming centralized.
Block decoupling and data-availability sampling allow for vertical scaling, while our unique separation of consensus and computation provide for horizontal scaling at log(n) overhead to executors.
PoW or "one-CPU-one-vote" is simple, secure, and permissionless, but it comes at a high cost in electricity that is not environmentally sustainable and leads to centralized, or pooled, mining.
PoS or "one-coin-one-vote" employs a system of virtual mining based on one's wealth. While eco-friendly, PoS is not fair or permissionless, instead encouraging a system whereby the rich only get richer.
PoC or "one-disk-one-vote" replaces mining with storage-intensive farming. In theory, PoC is secure, eco-friendly, and fair, but in practice, most designs devolve back to PoW or PoS models.
To begin, farmers write millions of tiny (4kb) pieces to their free disk space under an hourglass scheme. Each piece is encoded with a time-asymmetric permutation based on SLOTH. A tag is computed over each piece and stored within a Binary Search Tree (BST). Unlike Chia plotting does not require (or destroy SSDs) and is up to 10x faster. Unlike Filecoin, farmers do not have to stake coins proportional to their disk space. This allows anyone in the world to quickly and easily pledge their free space and participate in consensus.
Following Ouroboros, we construct a secure randomness beacon from the blockchain history itself. At each slot, all farmers search their BST for any tag close enough to the challenge to satisfy the difficulty setting. They may then compile the tag and corresponding encoding into a Proof-of-Replication (PoR) and produce the next block in the chain. Anyone may then cheaply verify the proof by inverting the encoding with the farmer's public key and checking the tag. This allows farming to be lightweight in terms of the storage and compute overhead required.
To prevent simulation attacks, the challenge is re-used over many consecutive timeslots. To prevent grinding attacks we segregate PoRs from the block content while basing the randomness solely on the PoRs. To prevent compression attacks we require farmers to periodically re-commit to their BSTs. To prevent long-range attacks, bribing attacks, and space-time trade-off attacks we employ a simple Proof-of-Time (PoT) based on AES-256. For a full analysis read our article on Securing Spartan.
Farmers may choose between using their storage to either a) retain the chain state and history or b) to maximize their plot size and return on investment.
As the chain grows, farmers will always choose the latter, at best becoming light clients, while at worst choosing to join a farming pool run by a trusted operator.
If no one stores the history, nodes may only sync from centralized providers. If no one maintains the state, we must rely on trusted third-parties for our balance.
To incentivize farmers to retain the history we extend Spartan proof-of-space consensus into a proof-of-storage of the history of the blockchain itself. Under proof-of-archival-storage (PoAS) consensus, each farmer stores as many provably unique segments of the chain history as their disk space allows. The more pieces of the history a farmer stores, the more likely they are to be elected to produce a new block. To ensure farmers store as many unique pieces as possible we enforce a maximum plot size while discouraging sybil farming under multiple identities.
Farmers store the history collectively, forming a distributed storage network which ensures the history is always available to download. To provide for proper load balancing and consistent replication, each farmer is incentivized to store pieces closest to its randomly assigned node id. To prevent the history from being lost, blocks are erasure coded into both source and parity pieces. To allow for efficient retrievals, farmers join a simplified Kademlia DHT. Importantly, this allows clients to embed data within a transaction, and later recover that portion of the history from the DHT, creating a scalable immutable object store.
To relieve farmers of the burden of maintaining the state and preforming redundant computation, we apply the classic technique in distributed systems of decoupling consensus and computation. Farmers are solely responsible for ordering transactions, while a separate class of executor nodes maintain the state and compute the transitions for each new block. To ensure executors remain accountable for their actions, we employ a system of staked deposits, verifiable computation, and non-interactive fraud proofs.
One way to scale throughput is to increase the block size, but this leads to longer propagation times and a higher honest fork rate, reducing security.
Another technique is to scale-out with multiple chains or shards, but existing designs are insecure against an adaptive adversary who may target a single shard.
Both methods result in faster growth of the chain state and history, leading to blockchain bloat and centralization under a handful of powerful nodes.
By employing a virtual beacon chain we eliminate the bottleneck of a single main chain and support up to 2^16 shards. Farmers rotate shards each block while executors may stake on as many different shards as they choose, following the Free2Shard design.
Subspace extends the Taiji fast confirmation protocol for PoC consensus, allowing farmers to achieve nearly deterministic finality within three blocks, reducing the confirmation latency of new transactions from minutes to seconds, without relying on executors.
The future is multi-chain and it's clear that users prefer AMMs over centralized exchanges. Subspace provides the layer one scalability needed to bridge numerous chains while allowing for trustless, low-latency, and high-throughput asset exchange.
Since the history may grow far beyond the storage capacity of any single farmer, yet is still priced efficiently, Subspace is uniquely able to provide cheap, permanent dApp storage, while still making the data available to a global execution layer.
By decoupling execution and storage, then scaling each individually, Subspace allows for a much wider array of layer two constructions, limited only by the protocol designers imagination.