The phrase "proof of stake" gets thrown around as a feature, a selling point, or a green-energy talking point. Underneath the label is a specific procedure for answering one narrow question that every blockchain network must answer: who gets to publish the next block? Proof of work answers it with computation. Proof of stake answers it with money already committed to the system. The U.S. National Institute of Standards and Technology lays out the model in plain terms in its Blockchain Technology Overview, and its description is a good way to see the mechanism without the marketing.

NIST describes the proof of stake model as based on the idea that the more stake a user has invested into the system, the more likely they will want the system to succeed, and the less likely they will want to subvert it. Stake, the document explains, is often an amount of cryptocurrency that a network user has invested into the system, locked in through a special transaction type, sent to a specific address, or held within particular wallet software. Once staked, that cryptocurrency is generally no longer able to be spent. The network then uses the amount of stake a user holds as the determining factor for who publishes new blocks.

"Proof of stake blockchain networks use the amount of stake a user has as a determining factor for publishing new blocks. Thus, the likelihood of a blockchain network user publishing a new block is tied to the ratio of their stake to the overall blockchain network amount of staked cryptocurrency."— NIST, source

The proportionality is the heart of it. NIST gives the arithmetic directly: if a user held 42 percent of the entire network's stake, they would be chosen to publish roughly 42 percent of the time, while a user with 1 percent would be chosen far less often. Selection is weighted by stake share. That is the structural contrast with proof of work, where selection is weighted by computational share. In both cases a scarce resource determines publishing rights; the resource is just different. In proof of work it is energy and hardware spent solving a puzzle; in proof of stake it is cryptocurrency locked into the network.

Why locking value is supposed to deter attacks

The security argument is economic rather than computational. Because the staked cryptocurrency is committed to the network and generally cannot be spent while staked, a participant who tries to undermine the network is putting their own locked value at risk. NIST notes that under proof of stake there is no need to consume large amounts of computational power to publish a block, which is the property most often cited when the model is contrasted with energy-intensive mining. The cost of participating is the opportunity cost of locked capital instead of the running cost of electricity.

NIST is also candid about a complication the marketing rarely mentions. Some proof of stake schemes add layers of voting. The document describes a Byzantine-fault-tolerant variant in which the network selects several staked users to create proposed blocks, after which all staked users cast a vote for a proposed block, with several rounds of voting possibly occurring before a new block is decided upon. That design lets all staked users have a voice in the block selection process for every new block, at the cost of added complexity. So "proof of stake" is not a single algorithm but a family of them, ranging from simple stake-weighted selection to multi-round voting protocols.

The contrast with proof of work is worth stating precisely, because the two are often presented as rivals when they are better understood as different answers to the same sequencing problem. NIST describes proof of work as a model in which a participant, often called a miner, must expend computational effort to solve a difficult puzzle in order to publish a block, with the network rewarding the publishers of protocol-conforming blocks with native cryptocurrency. The scarce, costly resource is computation, and the security premise is that an attacker would need to outspend the honest majority's computing power. Proof of stake keeps the same premise, an attacker must control a large share of a scarce resource, but swaps the resource from external computation to internal, locked-up stake. The reward structure that encourages honest block production is similar; what changes is the nature of the cost a would-be attacker has to bear.

The known weakness the standard flags

NIST does not present the model uncritically. It describes a problem specific to some proof of stake algorithms that arises when competing versions of the chain temporarily exist. Because publishing on a chain costs almost nothing once a user is already staked, a staked user could act on every competing chain at the same time, since it is essentially free to do so. That is the issue commonly known as the "nothing-at-stake" problem, and it is a direct consequence of removing the physical cost that proof of work imposes. Different proof of stake designs add their own countermeasures, but the underlying tension, that cheap publishing can mean cheap misbehavior across forks, is inherent to the approach.

The takeaway from the standard is narrow and useful. Proof of stake is a way of allocating the right to extend the ledger in proportion to committed economic stake, secured by the premise that participants will not attack a system in which their own value is locked. It removes the energy cost of mining and replaces it with a capital-lockup cost. It is not one algorithm, and it is not free of failure modes. Read against the NIST description, the model is best understood as an economic answer to a sequencing problem, with tradeoffs that depend on exactly how a given network implements the voting and the penalties around it.