Coming Soon
by Jude Nelson on June 14, 2021
Several common misconceptions of Stacks are that it’s a sidechain, a merge-mined chain, a proof-of-stake chain, or a layer-2 system. None of these are true. The Stacks blockchain is a layer-1 blockchain, which uses a novel and unique mining protocol called proof-of-transfer (PoX). A PoX blockchain runs in parallel to another blockchain (Bitcoin in Stacks’ case), which it uses as a reliable broadcast medium for its block headers. Stacks miners perform their own leader election using the stored metadata, and implement a variant of Nakamoto consensus independent of Bitcoin by selecting a winning block with a probability proportional to how much BTC was spent to record it on the Bitcoin chain.

What makes Stacks different from these other approaches?
  • Stacks is NOT a PoS chain. The act of block production requires an extrinsic expenditure — it is not tied to owning the native token, as would be required in PoS. The only way to produce blocks in the Stacks chain is to transfer Bitcoin to a predetermined randomized list of Bitcoin addresses. Moreover, the Stacks blockchain can fork, and there exists a protocol to rank forks by quality independent of the set of miners and the tokens they hold. These two properties further distinguish it from PoS chains, which cannot fork due to the inability to identify a canonical fork without trusting a 3rd party to decree a particular fork as valid. The ability to fork allows the Stacks blockchain to survive failure modes that would crash a PoS chain.
  • Stacks is NOT a sidechain, for two key reasons. First, the history of all Stacks blocks produced is recorded to Bitcoin. This means that the act of producing a private Stacks fork is at least as hard as reorging the Bitcoin chain. This in turn makes it so attacks on the chain that rely on creating private forks (such as selfish mining and double-spending) are much harder to carry out profitably, since all honest participants can see the attack coming before it happens and have a chance to apply countermeasures. Sidechains offer no such security benefit. Second, the Stacks blockchain has its own token; it does not represent pegged Bitcoin. This means that the safety of the canonical fork of the Stacks blockchain is underpinned by its entire token economy’s value, whereas the safety of a sidechain’s canonical fork is underpinned only by whatever system-specific measures incentivize its validators to produce blocks honestly, or the Bitcoin miners’ willingness to process peg-in requests (whichever is the weaker guarantee).
  • Stacks is NOT a layer-2 system for Bitcoin — it's a sovereign system in its own right. The Stacks blockchain state is distinct from Bitcoin, and is wholly maintained by and for Stacks nodes. Stacks transactions are separate from Bitcoin transactions. Layer-2 systems like Lightning are designed to help scale Bitcoin payment transactions, whereas Stacks is designed to bring new use-cases to Bitcoin through smart contracts. Stacks is not designed as a Bitcoin layer-2 scalability solution.
  • Stacks is NOT a merged-mined chain. The only block producers on the Stacks chain are Stacks miners. Bitcoin miners do not participate in Stacks block validation, and do not claim Stacks block rewards. Moreover, Stacks is not a blind merged-mined chain, because STX block winners are public and randomly chosen (instead of highest-bid-wins), and its tokens are minted according to a schedule that is independent of the degree of miner commitment or Bitcoin transferred (instead of minted only by one-way pegs from Bitcoin). This ensures that Stacks is able to make forward progress without opt-in from Bitcoin miners, and it ensures that Stacks miners are adequately compensated for keeping the system alive regardless of transaction volume.
Stacks uses the Bitcoin blockchain only as a reliable storage and broadcast medium for recording the set of all Stacks blocks ever produced, as well as the parent/child linkages between them. The state of the system settles on Bitcoin — the act of creating a new Stacks block entails sending a well-formed Bitcoin transaction that records the hash of a Stacks block and where it attaches to the blockchain. Settling the system on Bitcoin grants Stacks novel security properties not seen in other blockchains — it leverages the security of Bitcoin to guarantee that all Stacks forks are public, and to help bootstrapping Stacks nodes identify the canonical Stacks fork and find Stacks blocks they have not yet downloaded.
Overview
Stacks 2.0 is the first blockchain to use proof-of-transfer (PoX) to mine blocks. PoX is a novel mining protocol in which block producers are chosen by transferring another cryptocurrency on another blockchain to a predetermined list of addresses. In the Stacks 2.0 implementation of PoX, it transfers Bitcoin to Bitcoin addresses, which are set periodically by STX token holders.

PoX mining is a form of single-leader mining, just like in PoW. Each block is produced by exactly one miner, and each miner can choose any existing block as its block’s parent. This behavior yields a blockchain with the following properties:
  • Mining is open-membership. The means of block production are tied to transferring another cryptocurrency token (BTC) to STX holders. The only barrier-to-entry for becoming a block producer is to acquire and spend BTC. Miners do not need to hold STX (unlike PoS), and miners do not need to acquire specialized hardware (unlike PoW).
  • Forks are a failure recovery mechanism. Because anyone can become a miner only by spending BTC, the blockchain may fork. Miners are financially incentivized, but not required, to build atop a canonical chain fork that the rest of the network follows. This is a desirable property, because it means that honest miners can recover the chain in the event of catastrophic network partitions or periods of dishonest mining activity. The Stacks blockchain provides a way for nodes to independently identify the canonical fork without consulting other nodes. This fork is simply the Stacks fork with the most blocks, since this represents the fork in which miners spent the most time working on, as measured by number of Bitcoin blocks.
  • The history of block production on all forks is public. By selecting miners based on sending transactions on another blockchain (Bitcoin), all miners’ activities are made public across all Stacks forks. This means that all Stacks nodes that have the same view of the Bitcoin chain will learn of all Stacks forks that exist; the act of altering this view is the act of altering the state of the Bitcoin chain itself.
So, where do these properties put the Stacks blockchain in the space of existing, similar blockchain designs?
Stacks Blocks are Produced Through Mining on Forks
The only barrier-to-entry to becoming a miner in the Stacks chain is to acquire and spend BTC. Moreover, miners do not even need to possess a full replica of the chain state to begin mining — they are free to pick any existing Stacks block to build their block on top of, which permits the creation of blockchain forks.

Forks are a failure recovery mechanism in Stacks, just as they are in PoW blockchains. In the event of a systemic network or miner failure, or even systemic block loss, other nodes can become miners at any time and proceed to produce new blocks. The fact that the history of all Stacks blocks is encoded within the Bitcoin chain means that all nodes can enumerate all Stacks blocks that have ever existed, and identify which Stacks blocks are missing from their local chain states.

Since mining is a single-leader process, there is no quorum required to produce a block. To mine a block, a Stacks miner submits block-commit transaction on the Bitcoin chain, and out of all competing block-commits within a Bitcoin block, one of them will be chosen via a cryptographic sortition process. The winning miner earns the right to have their block accepted into the chainstate of other honest nodes, on the fork of their choice.

To choose winners, miners collectively maintain the state of a shared random number generator via their on-Bitcoin block-commit transactions. They use a verifiable random function (VRF) to deterministically but randomly sample each sortition’s winning miner, and to prove that the sampled block was chosen according to the protocol-specified random number generator. The probability of winning a block is a function of the fraction of BTC each miner commits — all miners commit BTC, but a miner has a higher chance of winning if they commit more than the others. This recreates the incentive model of PoW block production in most cases: all miners expend a resource (BTC) at a rate that approximates the rate of expected rewards (STX).

Each miner is incentivized to build its block on top of the canonical Stacks fork, since this fork is where the rest of the miners (and thus users and exchanges) have spent the most time competing to build on. The canonical fork is always the longest fork by number of consecutive blocks appended. A detailed description of the mining process and chain-building process can be found in SIP-001 and SIP-007.

The canonical fork can be independently identified by each node — as long as the Stacks node can identify the canonical Bitcoin fork, it can identify the canonical Stacks fork. To do so, a user runs a Bitcoin node (or connects to a trusted one) to synchronize the Bitcoin chainstate. The Stacks node extracts the block-commit transactions from each Bitcoin block, runs a cryptographic sortition to determine which Stacks block was chosen in each Bitcoin block, and then finds the Stacks fork with the most winning Stacks blocks. Unlike in PoS, a bootstrapping node does not need to trust a 3rd party to tell them which fork is canonical — the node independently determines the canonical Stacks fork by first determining the canonical Bitcoin fork, and it determines the canonical Bitcoin fork by selecting the Bitcoin fork with the most cumulative proof-of-work.

Users and exchanges only consider transactions on the canonical fork to be valid, and they only consider block rewards to be spendable if they are sufficiently confirmed on it. This creates the need for miners to build on the canonical fork, since acquiring and selling block rewards will permit them to recoup their BTC expenditures. This, in turn, is what incentivizes the miners in all single-leader blockchains (including Stacks and Bitcoin) to replicate their blocks far and wide, as well as to take steps to keep their view of the chainstate synchronized with their peer miners. It also incentivizes them to build on top of each other’s blocks, instead of mining competing forks. These dual needs to replicate blocks and build on top of the canonical chain both ensure that miners work to preserve the chain’s liveness and safety — building blocks on the canonical chain keeps the chain processing transactions, and dissuades miners from building forks to revert already-accepted blocks.

Because of these three properties — miners only need to spend BTC to mine, the Stacks blockchain can fork, and there exists a way to compute the canonical fork — the Stacks blockchain is not a PoS blockchain. Nothing is staked or slashed; miners irretrievably expend a resource (BTC) for the coin (STX) at a rate that over time approximates the expected value of the coin earned; each chain fork represents a cumulative expenditure of the resource (BTC and time), which acts as a proxy indicator of how much economic activity the fork represents.
The Stacks Blockchain Implements a Variant of Nakamoto Consensus
In the Stacks blockchain, liveness and safety are obtained by incentivizing miners to flood the network with all blocks they’ve confirmed, and to build on each other’s blocks. Like a PoW chain, the Stacks chain implements a form of Nakamoto consensus: there is no irreversible agreement reached on whether or not a block is accepted in the canonical fork; instead, it simply becomes harder and harder to revert a block’s inclusion as more and more blocks are built on it. This works in practice because for most transactions, there is only a small confirmation depth at which it would be more costly for a hostile miner to try and revert the transaction’s block than it would be to simply accept that it is now canonical.

The choice to implement Nakamoto consensus in Stacks was made to grant the chain a high degree of resiliency in the face of unfavorable network conditions. For example, a PoX chain can recover from a safety failure (a 51% attack) as long as the malicious miners do not outspend the honest miners in perpetuity. As another example, a PoX chain can recover from long-lived network partitions or even systemic block loss — the longest fork will become the canonical fork, and lost blocks will be “forked around” to produce a new canonical chain from the transactions that were orphaned. In fact, thanks to Nakamoto consensus, the Stacks chain has already automatically recovered by forking around bug-induced network partitions and block loss early in its operation. If Stacks were a PoS chain, it would have crashed instead due to a quorum failure.

PoX’s Nakamoto consensus differs from PoW’s Nakamoto consensus in that it is resilient under two additional PoX-specific forms degraded mining: discount mining, and external miner monopolization. In these mining modes, the chain’s safety and liveness are preserved, but we classify them as “degraded” because they are still detrimental to the chain’s overall health. PoX’s Nakamoto consensus shares the rest of PoW’s Nakamoto consensus degraded forms of mining, such as selfish mining, block-withholding, and 51% attacks, but the degree to which these degraded forms can be damaging is mitigated in PoX by the fact that all miner activity is public.

Discount mining occurs when PoX miners use their accumulated block rewards to receive PoX token transfers from other miners (including themselves). Over time, this would allow discount miners to out-compete non-discount miners, since their true expenditures are lower than they appear on-chain. However, this degraded form of mining still has an ongoing capital cost in the form of a (BTC) transaction fee, which prevents the system from fully collapsing into PoS. Specific to Stacks, a minority STX token holders have the power to vote to compel PoX miners to burn the BTC instead of transferring it if it is discovered that miners are systemically discount-mining, thereby eliminating the advantage. Because the upside of doing this is capped by vigilant STX holders, and because discount mining requires miners to forego selling their STX to recoup their BTC spend for a long time, it is unlikely to be a problem in practice. Moreover, the existence of a thriving set of use-cases for STX beyond locking them for PoX further renders discount-mining as a less profitable and more risky use of STX.

External miner monopolization occurs when Bitcoin miners become Stacks miners, and proceed to censor competing block-commit transactions in a bid to win the STX tokens. If fully realized, this degraded form of mining is equivalent to merge mining with 100% miner participation (something that no merge-mined chain has ever achieved to date). It still wouldn’t degrade into PoS, since new Bitcoin miners could continue to join the Bitcoin network, spend electricity, and proceed to mine both BTC and STX (i.e. the de facto means of STX production would become spending electricity instead of BTC). Specific to Stacks, if Bitcoin miner monopolization happens with less than 100% participation from Bitcoin miners, then STX holders have the power to vote for a network upgrade which would kill the current Stacks chain at a predetermined block height, and replace it with a backwards-incompatible version that could penalize miner monopolization (for example, by requiring STX miners to instead burn a minimum amount of BTC as a function of the last Bitcoin block’s total transaction fees). Because the option exists to vote to upgrade the chain to use new mining rules, and because the act of monopolization is the act of destroying Bitcoin’s reputation as censor-resistant money, it is expected that the act of maintaining this degraded form of mining would be detrimental to the profits of Bitcoin miners.

Other than these two new forms of degraded mining, PoX’s Nakamoto consensus operates under the same principles and limitations as PoW. Miners which commit more resources (BTC) have higher chances of winning blocks. All miners commit resources, but only one will win a given block race. Miners can choose which block to mine off of, and miners are encouraged (but not required) to replicate their blocks in a timely manner and build on the canonical fork. The Stacks blockchain will continue to maintain liveness and safety even if these degraded mining modes arise in practice.
Safety is a Function of both the Value of STX and Time Spent Mining It
How hard is it to cause a safety failure (i.e. a double-spend via a reorg) on just the canonical Stacks chain fork? Anyone can become a miner by spending BTC, so without loss of generality, reverting the last block on the canonical chain is at least as hard in expectation as spending more BTC than the rest of the miners combined for that block. Because each Bitcoin block selects at most one Stacks block, the act of reorging the canonical Stacks chain back N blocks is the act of winning at least N + 1 blocks built off of a common ancestor that is N blocks deep. This is a lower bound on the number of Bitcoin blocks mined during which a reorg needs to take place — in practice, honest miners will keep working on the canonical chain, and will win some Stacks blocks of their own, which in turn increases the number of Stacks blocks the reorging miners must win.

How costly is it to carry out a reorg of N blocks? It’s a function of how valuable STX is relative to BTC — the more valuable STX are, the more BTC honest miners are committing to mining (this has borne out in practice), and thus the more BTC a reorging miner must commit. Therefore, the cost of a reorg is a function of the value of STX.

This is similar to the economic security of a PoW blockchain. Like in PoW, each fork of the Stacks chain has its own independent “security budget” — an attacker must out-spend the security budget to carry out a reorg, and the security budget is a function of the block rewards. In PoX, the only difference is that the miners spend another blockchain’s tokens (BTC in Stacks’ case) instead of energy. Therefore, Stacks can’t be a sidechain, a drivechain, or a merge-mined chain, because none of these other systems’ security budgets are a function of their tokens’ worth. Sidechains, drivechains, and merged-mined chains all rely on external miners for their safety, since their safety is guaranteed in part by external miners validating their blocks. The onus on these systems is to get external miners to care enough to do so, and in the case of sidechains, drivechains, and blind merged-mined chains, there is an additional onus to encourage their nodes to mine blocks at all (since there is no on-chain reward for them to earn by doing so). By contrast, disinterested Bitcoin miners neither assist nor prevent a reorg in PoX — they only record the history of all Stacks forks.

PoX offers two additional, unique security properties on top of PoW. First, no matter how much BTC a reorging miner can commit, the act of executing a reorg is going to be time-consuming. Unless the attacker can attack the Bitcoin chain itself by quickly producing a better Bitcoin fork, a reorging miner must sustain the attack for at least N + 1 Bitcoin blocks. This gives honest miners and users ample time to notice and react to the reorg attempt.

Second, the history of block production in all Stacks forks is embedded within Bitcoin. This allows the system to leverage Bitcoin’s security budget in order to ensure that all forks are public. This is because the act of producing a hidden Stacks fork, where the fork’s block hashes are not known to the honest miners, is the act of producing a hidden canonical Bitcoin fork. Therefore, the act of producing a hidden Stacks fork is at least as hard as reorging the Bitcoin chain. A PoX chain leverages this property not to prevent reorgs, but to make reorgs unprofitable.

By anchoring blocks to an existing blockchain, a PoX chain forces reorgs to happen out in the open, thereby giving advance warning to all honest network participants when they happen. Honest miners, users, and exchanges will see the PoX transactions for reorg attempts on the existing blockchain, and adapt their behaviors accordingly: honest miners will increase their commitments, and users and exchanges will require more confirmations for transactions. This makes the act of carrying out a reorg while also making a profit much more challenging, since malicious reorgs — like selfish mining and double-spending — rely on secrecy to work effectively. Specific to Stacks, miners are additionally required to mine for a “warm-up” period of two blocks, during which they must spend BTC at their target commit levels but will not win any Stacks blocks. So, a high-budget reorg attempt will not only be costly, but will also alert the rest of the network before the damage is done.
Stacks Recycles Bitcoin’s Energy for Additional Safety
The mining process in PoX is closely related to PoW. Both PoX and PoW are single-leader mining algorithms that permit blockchain forks, and both provide liveness and safety by incentivizing miners to publish blocks and build on the canonical chain. The key difference between the two is that PoX does not require energy expenditure; it instead “recycles” the energy required to produce a PoW chain’s tokens. Running Stacks takes negligible energy on its own; the expenditure of Bitcoin’s scarce token extends Bitcoin’s energy use to secure both chains.

Recording the hashes and parent/child linkages of all Stacks blocks to the Bitcoin chain makes it possible for miners to not only compute the canonical fork, but also identify which blocks are missing. In particular, a Stacks node can learn the block header hashes for the canonical fork before it has the blocks. This makes it difficult to carry out eclipse attacks -- the node would notice a string of unavailable blocks, and if they happen to fall onto the canonical fork as computed from Bitcoin, it would be able to infer that an eclipse attack was ongoing and alert its users.
Stacks Blockchain State is Sovereign
Just because the Stacks blockchain stores the history of block production in another blockchain does not mean that that other blockchain is aware of Stacks. Bitcoin miners are agnostic to Stacks, by design — they treat Stacks miners' block-commit transactions just like any other Bitcoin transactions. While the Stacks blockchain allows some Stacks transactions to be embedded within Bitcoin transactions (such as PoX lock-ups and token-transfers), these transactions are treated just like any other Bitcoin transaction by Bitcoin miners. Stacks nodes only use the Bitcoin blockchain as a shared broadcast medium for discovering block data, and that’s all Bitcoin miners get compensated for providing.

The STX token and contract state is mined and validated using rules known to and applied by Stacks nodes, not Bitcoin nodes. The state of the chain is settled on Bitcoin in each block-commit transaction by means of hashing each block, and writing the hash to the Bitcoin blockchain via an OP_RETURN output. The Stacks blockchain nodes and miners, not Bitcoin nodes and miners, curate Stacks state and maintain chainstate replicas. Bitcoin nodes are disinterested — the only role they play is to mine block-commit transactions as if they were any other Bitcoin transactions.

While it is the case that Stacks’ Clarity smart contracts can validate arbitrary Bitcoin transactions and identify where in the Bitcoin chain they were mined, someone has to relay them into the Clarity contract in the first place. Similarly, while it is the case that a Bitcoin transaction’s scriptSig execution can depend on state stored in the Stacks blockchain (such as a HTLC hash preimage), someone must explicitly send a Bitcoin transaction with the state from the Clarity contract. This is what distinguishes the Stacks blockchain from a layer-2 system — it is not designed for scaling Bitcoin’s transaction capacity, and does not even represent Bitcoin state. It’s a separate system that just happens to be able to read state from Bitcoin by virtue of each Stacks block being anchored to a Bitcoin block, and uses the canonical Bitcoin fork as a broadcast medium for its own block discovery. The Stacks state itself is sovereign from Bitcoin state.

The fact that Bitcoin miners are disinterested parties in the Stacks blockchain further distinguishes Stacks from merged-mined chains, sidechains, and drivechains. The only compensation Bitcoin miners receive for mining Stacks block-commit transactions is the BTC transaction fee, and that fee only pays for the storage and validation of the Bitcoin-specific parts of the transaction (since this is the only work Bitcoin miners contribute to the Stacks mining process). There is no mandatory Bitcoin peg-in or peg-out, and Bitcoin miners do not mine Stacks blocks — the Stacks chain maintains liveness and safety through its own miners.
So What Kind of Blockchain is Stacks?
Stacks is a layer-1 blockchain, with a unique mining algorithm that ensures that the history of all blocks ever produced is settled on Bitcoin. At most one Stacks block is mined per Bitcoin block, and if there is competition, a winning Stacks block is chosen at random through a cryptographic sortition process. A Stacks miner has a higher chance of winning if it sends more BTC relative to other miners. In doing so, a PoX chain like Stacks implements a variant of Nakamoto consensus with its own safety and liveness guarantees separate from Bitcoin. These properties distinguish it from a layer-2 system, a merged-mined chain, a sidechain, and a PoS chain.

Stacks leverages the security of Bitcoin to give it some extra capabilities not seen elsewhere. These include the ability to make all forks public (making it easier for honest nodes to detect pending reorgs), and the ability to measure chain quality by fork length (making reorgs time-consuming). In addition, the fact that all blocks mined are recorded on Bitcoin means that any bootstrapping node can determine which blocks are missing from the network, and determine which fork would be the canonical chain fork even if blocks are missing.

The following table summarizes the key differences:
Key difference between Stacks and other chain types
[1] https://github.com/stickfigure/blog/wiki/Proof-Of-Stake-Wears-No-Clothes


Jude Nelson earned his PhD in computer science at Princeton and worked as a core member of PlanetLab, which received the ACM Test of Time Award for enabling planetary-scale experimentation and deployment. His research covered wide-area storage systems and CDNs. 10+ years of Vim usage.