This article was kindly provided by www.goodbit101.com
In crypto-speak, consensus means pretty much what it sounds like: agreement. Consensus is the method by which blockchain networks agree on which transactions are valid and which aren’t. The current methods used to achieve consensus are discussed here.
Proof of Work: the original consensus mechanism
In our section on Mining, we discuss the proof of work consensus mechanism, the original cryptographic solution to the Byzantine General’s Problem introduced in the Bitcoin white paper.
The Byzantine General’s Problem boils down to this: how can we prevent the falsification of data in an environment where there is an economic incentive to cheat? In our case, this is analogous to miners creating fake transactions (or entire blocks) on the public ledger.
Well, Satoshi, being a smart cookie, laid out a plan for how we can trust miners.
In the case of the Bitcoin protocol, it is prohibitively expensive to falsify data in fact, an interesting summary of the system might be that the network is secure as long as honest miners outspend dishonest ones.
As the number of honest miners increases, it becomes exponentially more difficult for “bad actors” to create false transactions. When dishonest miners gain a majority of the network, it is possible to mount what is known as a 51% attack.
Let’s review proof of work and 51% attacks briefly before continuing (please visit Mining for a step by step, logical explanation of why proof of work is effective):
1. Miners operating in a proof of work system under the assumptions that:
a. The likelihood of mining a block is proportional to mining power (computational power).
b. The things you need in order to mine (energy, time, and computational power) are costly.
i. Miners must therefore carefully ration their computing power. Usually, miners can only mine one chain at a time. If there are two chains on the same protocol (a fork!) to mine on, any effort put into mining the fraudulent one will ultimately yield no reward only wasted energy and time costs. The inclusion of a limited physical resource (energy) in the entire process motivates me to mine only on one chain… the one that I believe to be honest.
ii. The absence of this cost opens the door to a slew of game theory issues, most prominently the Nothing at Stake problem. To be discussed further!
c. Miners will accept the longest chain as the honest one.
i. In essence, this means miners will accept the chain with the most computational work as legitimate, as it would be incredibly costly to replicate all of the work put into the honest chain.
ii. Computational work costs money.
2. Since there is an emphasis on computational work and computational work takes energy, it follows that:
a. A dishonest entity owning 51% of total computing power and mining on a fraudulent chain would, on average, mine blocks faster than the honest chain until the dishonest one is longer.
b. At this point, honest nodes will be forced to accept the longer chain as the valid one, and the attack has succeeded.
c. Therefore, it is of critical importance that no one entity control 51% of the mining power.
d. The cost to mount such an attack would require capital equal to the value of 51% of the entirety of the mining power associated with the network. The assumption of proof of work systems is that:
i. The coordination of such an endeavor makes this situation unlikely.
ii. The cost is large enough to be prohibitive.
3. Furthermore, there is a final layer of security:
a. Miners are rewarded with newly minted cryptocurrency.
b. A succeeding 51% attack on the blockchain implies a broken, insecure system.
c. No one trusts a broken, insecure system.
d. People will immediately sell the broken cryptocurrency, crashing its value.
e. Miners pay costs and take a profit by selling the crypto they’ve mined, so they have an economic incentive to keep the system secure. In fact, there has been active miner collaboration in the past to prevent any one entity from controlling too much of the global mining power.
These distributed and economic solutions serve as a consistent work around for the Byzantine General’s problem, as it is far too costly to mount an effective attack without destroying the value of the currency that has been stolen in the process!
While genius, the proof of work consensus mechanism has some very important drawbacks, the first of which is massive energy consumption. The amount of energy necessary to maintain just the Bitcoin network daily is absolutely staggering.
It can take upwards of 350,000 times more energy to confirm a single Bitcoin transaction than it does to execute a comparable VISA transaction.
Because energy costs are high for miners, many of them are forced to form large conglomerates, or “pools,” splitting the block reward among contributors when any of the miners finds a block. This decreases the size of payments but increases their frequency, allowing miners to receive a steady income.
The problem is, this puts a very large proportion of the mining power in the hands of just a few organizations, which is the opposite of what the Bitcoin protocol hopes to achieve.
Additionally, energy costs vary widely across geographic regions, effectively pricing out some prospective miners just because they live in the wrong place. This further reduces mining decentralization we want as many people mining as possible, all over the place!
Clearly, proof of work has some serious drawbacks. However, it was by far the best system proposed in modern history, allowing for the development of a decentralized system like Bitcoin.
Building off of this original idea, developers have since worked on a new consensus model. It’s known as Proof of Stake, and it solves many of the aforementioned problems while introducing entirely new ones.
Proof of Stake: an Improvement?
In a proof of work-based consensus mechanism, a person’s power in the network is proportional to computing power. If you have more computing power, you’re more likely to discover new blocks.
One consequence of this methodology is a profit-focused miner mentality. If it makes miners more money to mine a different cryptocurrency on a different blockchain, they will do so without reservation. After all, they’ve got high energy bills to pay!
Proof of stake approaches things differently. Instead of using computational work to determine who is likely to win the next block, wealth is used. Advocates of a coin operating under the proof of stake protocol can opt to take a portion of their currency and “stake” it. Those that do so are known as forgers.
To forge, they must place these coins in a special wallet, where the coins are effectively frozen. The person staking these coins cannot remove, transfer, or sell them at will. Therefore, a person staking coins is likely to be a dedicated proponent of a given coin, highly motivated to act honestly and maintain system security.
The likelihood of a forger discovering the next block is determined by the proportion of total staked coins that they own. For instance, if the total quantity of staked coins is 100 and I’ve staked 10 coins, there is a 10% chance that I will be selected to construct the next block in the blockchain.
Rather than computationally intense hash functions, a simple randomization algorithm can be easily and continuously run by any computer, determining whether it is eligible to create a block. This block must then be verified by a majority of the other nodes in the network before it is added to the chain.
Let’s review the issues this solves:
- Energy consumption is no longer an issue.
- Anyone, anywhere with a normal computer can stake coins.
- Because staked coins are locked up for a period of time, only those truly invested in maintaining the honesty and security of the system will stake.
- Mounting a 51% attack would require a person to own 51% of staked coins. Because the price of a coin would inevitably increase as you sought to buy massive quantities of it, it would likely be more expensive to accrue 51% of the supply of a coin than to own 51% of the computational power associated with a comparable proof of work system.
- Conducting a successful attack would destroy the value of a coin, meaning any coins you’ve staked would become worthless.
Fantastic! We’ve done it! Well, almost…
There’s a reason that most coins still utilize a proof of work system. There are some serious issues with a proof of stake network. Some of the more obvious are:
- Because those who stake more coins are more likely to be selected to mine a block, the gap between rich forgers and poor forgers will grow over time. The rich get richer!
- There is no longer a physical restriction on how many chains you can mine at once. In fact, it becomes easy to mine on multiple chains at the same time.
That last one actually proves to be quite an issue if you follow its implications through to the end. Let’s take a look at an example:
You want to double spend some money that you have. You spend it, receive a delicious ice cream cone, and then run home to your computer, where you promptly create an alternate chain. On this chain, you change the transaction so that instead of the money going to the ice cream store, it goes to another account that you own. Now, there are two chains on the network. Which will the forgers choose to continue mining, extending to make the longest (and therefore victorious) chain?
In a proof of work system, miners would only be able to mine on one chain per computer. And if they picked the wrong one, it would be a massive waste of electricity for them, with no reward to offset their costs. So, they would all stick with the honest, original chain, the one that has made them money in the past. As a result, the honest chain would be the one used to keep track of account value.
But in a proof of stake system, it costs forgers nothing to mine on both chains. In fact, they have an economic incentive to do so, because they will be rewarded regardless of which chain ends up winning in the end.
Back to our situation. Let’s pretend that you’re a forger with 1% of the total staked coins on the network. As soon as you create an alternate chain, all of the forgers begin forging both on the original chain and also on the newly created one.
In a proof of work system, 100% of mining power must be distributed across competing chains. In a proof of stake network, 100% of forging power can be distributed across each competing chain.
So, 99% of forging power (not including yours) is at work on both the original and your fraudulent chain, extending them both at the same rate. The 99% is waiting for one chain to grow consistently longer, indicating its identity of the honest chain. The thing is, everyone is forging on both chains, so they extend at the same rate… at first.
Because you, too, are a forger. You own 1% of total forging power in the network. If you had the same mindset as every other forger, you would forge on both chains. But you don’t!
You use your forging power only on the fraudulent chain you created.
As a result, the fraudulent chain will, over time, become longer than the original and be accepted as the valid chain. Even with only 1% of the forging power, your attack will succeed.
This is known as the Nothing at Stake problem, and it is possible because you are able to forge on multiple chains at the same time without any punishment for doing so. As it turns out, the seemingly flagrant waste of electricity and computational power in proof of work was actually implemented to solve exactly this problem.
On a more fundamental level, you could say that “There Ain’t No Such Thing As A Free Lunch,” especially if you’re trying to secure a global system that keeps track of wealth. To some, proof of stake sounds like accomplishing a task without putting in much work, getting something for nothing, a free lunch.
Another issue with proof of stake is known as the Long Range Attack. If a bad actor were to gain access to the private keys of a person with a massive amount of wealth thousands of blocks in the past, the bad actor would be able to initiate a fork at that point. They could replicate every single transaction up to the present and send all the coins to themselves.
Because the chain is ultimately of the same length as the real one and extends back thousands of blocks, only those who were forging the blockchain at the very beginning will know which chain is honest. Any other newcomers will not be able to know the difference.
But if we trust those who were present at the very beginning to decide which chains are valid and which are fraudulent… aren’t we just trusting a central authority?
That just won’t do.
As per usual, however, some very smart people are working on solutions to this issue. Ethereum, founded on a proof of work consensus model, has begun testing of their proof of stake adaptation, known as the Casper protocol.
Ultimately, all of the above issues exist because of a single, systematic flaw: in a proof of stake system, miners are not penalized for mining fraudulent chains.
So, some seriously smart people over at Ethereum whipped up a plan to do just that. It’s still in development at the moment, but the crypto-space is waiting anxiously to see how the network will transition.
Actually, several prominent coins have already made this transition with considerable success. NEO, a platform similar to Ethereum, operates using a specialized form of proof of stake known as Delegated Byzantine Fault Tolerance.
It uses a multilayered voting protocol for each block that helps to identify bad actors and remove them from the system. From a technical standpoint, the whole thing is devilishly complicated, but what it basically boils down to is: cheaters will be punished. Harshly. And we’re darn good at catching them. So don’t cheat!
Other cryptocurrencies have attempted to merge the two modes of consensus. Dash, for example, utilizes a proof of work system overlaid by a network of “masternodes,” which act as forgers. These masternodes are required to put up a large amount of capital, which makes them motivated to maintain network security.
Masternodes don’t participate in block addition. Instead, they enable special transaction functions to users (for a fee). These include features like near instantaneous and fully anonymous transactions. While this combination expands the functionality of the cryptocurrency, ultimately it still has the same energy consumption issues as other proof of work networks.
For now, proof of work still remains king… but proof of stake is rapidly catching up, as smart-as-heck developers work 24/7 to circumvent the system’s flaws.