A blog about Blockchain technology

Ethereum Proof-of-Authority on Azure

Unveiled on August 7th, Microsoft announced the availability of Ethereum in Azure, running a Proof-of-Authority consensus algorithm. This new service purportedly enables consumers and enterprises to build and deploy decentralized apps (dApps) in private and consortium networks. Instead of utilizing Ethereum’s standard Proof-of-Work consensus mechanism, Microsoft has opted for Proof-of-Authority (PoA), which they maintain is a “more efficient” choice with no mining required. Where the Ethereum main network may be appropriate for trust-less environments, Microsoft points out that such a consensus mechanism falls short in permissioned blockchain deployments.
From PoW to PoA
Proof-of-Work is a Sybil-resistance mechanism that leverages computation costs to self-regulate the network and allow fair participation. This works great in anonymous, open networks where competition for cryptocurrency promotes security on the network. However, in private/consortium networks the underlying ether has no value. In contrast to Ethereum’s current protocol, PoA grants approved individuals the right to validate transactions and blocks without the competitive and consumptive process of mining.
The existing Proof-of-Work solution has been deployed tens of thousands of times across a variety of industry verticals. Through the extensive development on the Azure Blockchain platform, and great feedback received from the community that has helped shape Microsoft’s next Ethereum ledger product, please meet Ethereum Proof-of-Authority on Azure.
Proof-of-Authority is more suitable for permissioned networks where all consensus participants are known and reputable. Without the need for mining, Proof-of-Authority is more efficient while still retaining Byzantine fault tolerance. In PoA-based networks, transactions and blocks are validated by approved accounts, known as validators. Validators run software allowing them to put transactions in blocks. The process is automated and does not require validators to be constantly monitoring their computers. It, however, does require maintaining the computer (the authority node) uncompromised.
With PoA, individuals earn the right to become validators, so there is an incentive to retain the position that they have gained. By attaching a reputation to identity, validators are incentivized to uphold the transaction process, as they do not wish to have their identities attached to a negative reputation. This is considered more robust than PoS (proof-of-stake), as:
  • In PoS, while a stake between two parties may be even, it does not take into account each party’s total holdings. This means that incentives can be unbalanced.
  • Meanwhile, PoW uses an enormous amount of computing power, which, in itself lowers incentive. It is also vulnerable to attack, as a potential attacker would only need to have 51% of the mining resources (hashrate) to control a network, although this is not easy to do.
Governance DApp allows for on-chain consortium management.
In Proof-of-Authority, each consensus node on the network has its own Ethereum identity. In the case that a node goes down, it’s important that the member doesn’t lose consensus participation. Ideally, each member would run redundant consensus nodes to ensure a highly available network presence. To accomplish this, PoA Ethereum in Azure runs on a level of abstraction which allows each consensus participant to delegate multiple nodes to run on their behalf. Each Azure Proof-of-Authority network comes with an identity leasing system that ensures that no two nodes carry the same identity. In the case of a VM or regional outage, new nodes can quickly spin up and resume the previous nodes’ identities.
Extensible Governance
Many organizations want to participate in a consortium, but don’t want to manage the network infrastructure. Azure Blockchain leverages Parity’s highly extensible Proof-of-Authority client to build a level of abstraction that allows users to separate consortium governance from network operation. Each consortium member has the power to govern the network and can optionally delegate the consensus participation to the operator of their choosing. The Proof-of-Authority deployment comes with a Governance DApp to simplify voting and validator delegation. With this solution, each consortium member has custody over their own keys, allowing secure signing to be performed in the wallet of preference, for example, MetaMask in-browser wallet, Ledger hardware wallet, or Azure Key Vault with ECC signing.
Bring Your Own Operator
Often a consortium member wants to participate in network governance but doesn’t want to operate and maintain its infrastructure. Unlike traditional systems, having a single operator across the network works against the decentralized model of blockchain systems. Instead of hiring a centralized intermediary to operate a network, each consortium member can delegate infrastructure management to the operator of their choosing. This allows a hybrid model where each member can choose to operate their own infrastructure or delegate operation to a different partner. The delegated operation workflow works as follows:
  1. The Consortium Member generates an Ethereum address (holds private key).
  2. The Consortium Member provides public Ethereum address to the Operator.
  3. The Operator deploys and configures the PoA validator nodes using Azure Resource Manager.
  4. The Operator provides the RPC and management endpoint to the Consortium Member.
  5. The Consortium Member uses their private key to sign a request accepting the validator nodes that the Operator has deployed to participate on their behalf.
For more information about Ethereum Proof-of-Authority in Azure, please Check out the deployment guide to get started and learn more about the architecture and consortium governance.

Go Back