ZadeNor AI
Back to Blog
Web3 & Blockchain

Slasher: A Punitive Proof-of-Stake Algorithm

November 29, 2025
5 min
2,346 views
By ZadeNor AI Team
Slasher: A Punitive Proof-of-Stake Algorithm

Slasher: A Punitive Proof-of-Stake Algorithm

The Flaw in Proof of Stake: A 51% Attack

Proof of stake mining has been a topic of interest in the cryptocurrency community for a long time. The first proof-of-stake based coin, PPCoin, was released by Sunny King in 2012, and has consistently remained among the top five alternative currencies by monetary base since then. Proof of stake has a number of advantages over proof of work as a mining method. Firstly, proof of stake is much more environmentally friendly; while proof of work requires miners to effectively burn computational power on useless calculations to secure the network, proof of stake effectively simulates the burning, so no real-world energy or resources are ever actually wasted.

Centralization Concerns

However, proof of stake, as implemented in nearly every currency so far, has one fundamental flaw: as one prominent Bitcoin developer put it, “there’s nothing at stake”. The meaning of the statement becomes clear when we attempt to analyze what exactly is going on in the event of an attempted 51% attack, the situation that any kind of proof-of-work like mechanism is intended to prevent. In a 51% attack, an attacker A sends a transaction from A to B, waits for the transaction to be confirmed in block K1 (with parent K), collects a product from B, and then immediately creates another block K2 on top of K – with a transaction sending the same bitcoins but this time from A to A. At that point, there are two blockchains, one from block K1 and another from block K2. If B can add blocks on top of K2 faster than the entire legitimate network can create blocks on top of K1, the K2 blockchain will win – and it will be as if the payment from A to B had never happened.

The Problem with Proof of Stake

In the case of proof of stake, it doesn’t take computational power to create a work – instead, it takes money. In PPCoin, every “coin” has a chance per second of becoming the lucky coin that has the right to create a new valid block, so the more coins you have the faster you can create new blocks in the long run. Thus, a successful 51% attack, in theory, requires not having more computing power than the legitimate network, but more money than the legitimate network. But here we see the difference between proof of work and proof of stake: in proof of work, a miner can only mine on one fork at a time, so the legitimate network will support the legitimate blockchain and not an attacker’s blockchain. In proof of stake, however, as soon as a fork happens miners will have money in both forks at the same time, and so miners will be able to mine on both.

The Solution: Slasher

Some have theorized that the above argument is a deathblow to all proof of stake, at least without a proof of work component assisting it. And in a context where every chain is only aware of itself, this is indeed provably true. However, there is actually one clever way to get around the issue, and one which has so far been underexplored: make the chain aware of other chains. Then, if a miner is caught mining on two chains at the same time, that miner can be penalized. The following proposal, however, outlines an algorithm, which we are calling Slasher to express its harshly punitive nature, for avoiding this proposal.

How Slasher Works

Blocks are mined with proof of work. However, we make one modification. When creating a block K, a miner must include the value H(n) for some random n generated by the miner. The miner must claim the reward by releasing a transaction uncovering n between block K+100 and K+900. The proof of work reward is very low, ideally encouraging energy usage equal to about 1% of that of Bitcoin. The target block time is 30 seconds.

Signing Privileges

Suppose the total money supply is M, and n[i] is the n value at block i. At block K+1000, an address A with balance B gains a “signing privilege” if sha256(n[K] + n[K+1] + ... + n[K+99] + A) <2^256 * 64 * B / M. Essentially, an address has a chance of gaining a signing privilege proportional to the amount of money that it has, and on average 64 signing privileges will be assigned each block.

Signing the Block

At block K+2000, miners with signing privileges from block K have the opportunity to sign the block. The number of signatures is what determines the total length of one blockchain versus another. A signature awards the signer a reward that is substantially larger than the proof of work reward, and this reward will unlock by block K+3000.

Penalizing Cheaters

Suppose that a user detects two signatures made by address A on two distinct blocks with height K+2000. That node can then publish a transaction containing those two signatures, and if that transaction is included before block K+3000 it destroys the reward for that signature and sends 33% to the user that ratted the cheater out.

Conclusion

The use of 100 pre-committed random numbers is an idea taken from provably fair gambling protocols; the idea is that powerful miners have no way of attempting to create many blocks and publishing only those that assign their own stake a signing privilege, since they do not know what any of the other random data used to determine the stakeholder is when they create their blocks. The system is not purely proof-of-stake; some minimal proof-of-work will be required to maintain a time interval between blocks. However, a 51% attack on the proof of work would be essentially inconsequential, as proof of stake signing is the sole deciding factor in which blockchain wins. Furthermore, the energy usage from proof of work can be made to be 95-99% lower, resolving the environmental concern with proof of work.

Implications

The implications of Slasher are significant. It provides a way to make proof of stake more secure, while still maintaining the benefits of proof of work. It also provides a way to make the blockchain more decentralized, by allowing anyone to participate in the mining process. This could lead to a more secure and more decentralized blockchain, which is a major step forward for the cryptocurrency community.

Source: https://blog.ethereum.org/en/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm

Source: https://blog.ethereum.org/en/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm

About the Author

ZadeNor AI Team is a leading expert in WEB3 & BLOCKCHAIN, contributing to cutting-edge research and development in the field.

Share this article

TwitterLinkedInFacebookWhatsAppRedditEmail

Related Posts

The Ethereum Foundation's Commitment to DeFi

The Ethereum Foundation's Commitment to DeFi

DeFi isn't a speculative bet on the future. It's the inevitable evolution of finance, driven by a fundamental truth: financial autonomy is a right, not a privilege. And it's been a critical driver of Ethereum's growth and adoption. We want to see DeFi thrive, but we're opinionated about what...

275
5 min
Sepolia Post-Merge Upgrade Announcement

Sepolia Post-Merge Upgrade Announcement

The Sepolia testnet will undergo a post-merge execution layer (EL) upgrade at block 1735371, expected on August 17, 2022 The upgrade will cause EL clients on the network to disconnect from peers which have not transitioned to proof-of-stake. It does not add additional functionality beyond this. Sepolia node operators must...

441
5 min
Shipping an L1 zkEVM #2: The Security Foundations

Shipping an L1 zkEVM #2: The Security Foundations

Thanks to Arantxa Zapico, Benedikt Wagner, and Dmitry Khovratovich from the EF cryptography team for their contributions, and to Ladislaus, Kev, Alex, and Marius for the careful review and feedback. The zkEVM ecosystem has been sprinting for a year. And it worked! We crossed the finish line for real-time...

226
5 min