Part 1: Relax, your bitcoin are safe. Or are they?
Why and how a blockchain needs to be secured ?
Is this technology mature to be trusted for business?
Explained in the most layman terms as possible.
Part 1: Relax, your bitcoin are safe. Or are they?
Part 2: PoW (read: Proof of Work) is dead.
Part 3: PoS (read: Proof of Stake) has limited uses.
Part 4: Is PoP (read: Proof of Participation) the way to go?
By Roberto Capodieci — Blockchain Zoo http://bcz.ooo
Author’s note: the debate on PoW (Proof of Work) as THE ONLY viable method to secure a blockchain has many heated conversations online (and offline) between blockchain enthusiasts and cryptocurrency lovers. There are mainly two factions: the PoW supporters and the PoS (Proof of Stake) supporters. In my opinion, for some of these people, the devotion to PoW or PoS must be based on faith, almost to a religious level, on the lines of “Thou shalt have no other proof before me”.
Why I think this? Because when I discuss the theology, oops, I mean… the technology with some of this PoW or PoS devotee, I notice often their refusal (or incapacity) to look objectively into the technology. Here is a series of 4 articles that has the aim to explain, in the most simple terms and step by step, how PoW and PoS work, why is important to secure a blockchain and how. If you are an expert, bear with me when I use simple terminology, but please read all, as it may give you good new insights and, please, share your thoughts and correct me if you feel I do say something wrong. We are all here to learn!
Part 1: relax, your bitcoin are safe. Or are they?
The idea was genuine, but, having no predecessors, the Bitcoin PoW (Proof of Work) implementation has been a step in the dark when used as a method to secure “the” blockchain. I quote the “the”, because, at the time, Bitcoin was the only decentralised system using blockchain. PoW, the system used to protect the only blockchain in existence, at the time, seemed to be perfect and a genius solution. It turns out not to be so.
Yet, the deployment of the Bitcoin blockchain has been, after the Torrent protocol, the first step into a more mature decentralised technology, and PoW has been surely a brave choice made by the “Satoshi Nakamoto” team. We must consider that they were deploying a technology without having past experiences and examples to learn from. They pioneered what is now becoming the new period of the information era: decentralization.
The inventor of the first steam engine created something new yet, for today’s standards, inefficient and imperfect. Yet the steam engine has lead to an evolution and optimization of its technology such that today we have very efficient engines in our cars. This analogy applies to what the Satoshi Nakamoto team did by creating their model of blockchain for the Bitcoin digital currency. Bitcoin runs on a steam engine, but being in a digital world, the risks of using this technology without fully understanding it, are not just that the technology doesn’t work.
We are still at the beginning of the era for decentralized technologies, and the mechanics of blockchain are not yet well understood even by expert developers that are new to decentralised systems. It happens often, when architecting systems based on blockchain, that inexperienced (in decentralization terms) software engineers do conceptual mistakes. This is what happened to the Satoshi Nakamoto team, when architecting the blockchain for Bitcoin. Based on the way the Bitcoin Proof of Work is implemented, they made some choices based on assumptions that lead to consequences they couldn’t even think about, at that time.
To understand why PoW fails as a system to secure a blockchain, it is necessary to understand how a blockchain works, and why (and what) needs to be protected.
In layman terms the bitcoin blockchain is a replicated “WORM” (write once, read many) database, where information can be added, and, once added, will live there forever without ever been deleted or modified. A copy of this database is stored and maintained in each computer (or server), called “node”, that, connected to the other nodes through a P2P network, shapes up the blockchain. A P2P (Peer to Peer) network is a network of nodes with no central authority, where no computer in the network is more or less important than any other, and where the participation to the network is open to any new computer (node) that desire to join.
Database records are added into each replica of the database when users broadcast them through the peer to peer network (for example from a web browser or mobile wallet connected through the internet to the P2P network). When the user request to add a record to the database reach the nodes of the P2P network, each node places the request in a queue, and leave it there waiting to be added to a block of data (the “block” in “block-chain”). If the user request (called “transaction”) respects the rules stated in the node software, then it will be added to a new block. When the new block is confirmed, each node executes the instructions contained in the request, thus updating its copy of the database, and removes the request (transaction) from the queue.
To understand what a “user request to add a record to the database” could be, if we look at the Bitcoin network we can think to coin transactions. For example Bob broadcasts the request to modify the database so that 5 of his Bitcoin are moved to Alice account (Bob sends 5 Bitcoin to Alice to buy her car). The rules to validate the user request, in the Bitcoin blockchain protocol, are relative to the sender balance: does Bob have the 5 Bitcoin to be sent to Alice? If Bob’s request doesn’t comply with the rules, then it is bounced and not added to a new block, thus the database remains unchanged, and Alice, not seeing her balance increase, doesn’t give the car to Bob.
Each new block, which contains some of the transactions (user requests) taken from the transaction queue (called “mempool”), needs to be “chained” to the last approved block present in each node of the P2P network. This action of “chaining” a new block to the oldest approved block forms a “chain” (the word “chain” in “block-chain”) and it is the key on how a blockchain is secured. In practical terms, chaining a new block to the last confirmed one is done in a simple way: by including in the new block a unique ID of the last confirmed block using a deterministic method. In this way we always know which is the block that came before the one we are looking at, and so on down to the first initial block, called “genesis” block, that is included in the node software that a person downloads to setup a new node.
When a node creates a new block and finds the block’s valid unique ID, it propagates block and block ID to all the other nodes via the P2P network. When a node in the P2P network receive a new block, it confirms its validity, executes the user requests included in the block updating its database accordingly, and adds the new block to its copy of the blockchain. To continue the previous example about the Bitcoin blockchain, at this point Alice receives the 5 Bitcoins from Bob, and hands him car keys and ownership certificate.
As I mentioned earlier, this act of “chaining” blocks one to the other, is the key for a blockchain security and must be done in a way that makes it impossible for someone to modify past (already chained) blocks of the blockchain, without “breaking” the chain. If someone could rebuild a valid blockchain omitting to include user requests in past blocks, and thus the matching records in the WORM database, and convince other nodes to use its version of the blockchain, then the blockchain couldn’t be considered secure, and nobody would use it. In the case of the bitcoin blockchain Bob could remove the transaction where he has sent the 5 bitcoin to Alice, creating an alternative reality where he still has the 5 bitcoin as Alice didn’t receive them, and yet Bob has legal ownership of Alice’s car.
If a malicious actor succeeds in rewriting, ad his own advantage, some of the more recent blocks of the blockchain, while maintaining the integrity of the chain, he or she can use a node to broadcast in the P2P network the last block of his tempered version of the blockchain. If the tempered version of the blockchain has its blocks chained in a “stronger” way than the authentic version of the blockchain, then all the other nodes sees the tempered version proposed by the malicious actor as the most valid version of the blockchain available. This causes all the other nodes to drop the authentic version of the blockchain they have, and align with the tempered version, making it the “official” blockchain.
The key here is how to consider “strong” the way blocks are chained one to the other. This is the “proof” we are talking about. So, how to “prove” that the unique ID for a new block proposed by node A is “stronger” in chaining with future blocks than the unique ID for a new block proposed by node B? How to prove that new a proposed version of the blockchain is better than another, by looking at how strongly its blocks are chained one to another? There are several ways to prove the “strength” of the chaining process in a blockchain, and to calculate the total strength of a chain compared to another.
The bitcoin blockchain protects the “chaining” of its blocks using Proof of Work. What does this mean? We know now that the unique ID of the last confirmed block in the blockchain must be included in a proposed new block. The bitcoin blockchain protocol (proof of work) requires serious computer work to calculate the unique ID for a new proposed block. A node that wants to suggest a new block to the P2P network, needs to generate a unique ID for its new block finding a particular result to a mathematical operation (called hashing). Hashing data produces a string of numbers of a fixed length. The hash required as unique ID for a proposed block needs to have a certain amount of zeros at its beginning. The quantity of zeros required at the beginning of the hash to make it a valid unique ID, is determined by a specific “difficulty” that can be calculated by looking at blockchain. Higher is the difficulty more is the quantity of work needed to find the hash (unique ID) for the proposed new block.
To find a result with the correct amounts of zeros, to then be able to propose a new block and earn a reward, a node must add a nonce (some random data) to the block data used to calculate the unique ID, and start a trial and error loop producing different results by using every time a different nonce, until it finds the nonce that produces a result (hash) with as many zeros as required by the current network difficulty. At regular intervals (measured in blocks, circa every 2 weeks), each node calculates the same new “difficulty” simply measuring the difficulty used for the past blocks and the time taken to find the correct unique ID for each of them. The aim is to adjust the difficulty so that, to find a valid correct unique ID for a new block, the network needs an average of 10 minutes.
Ideally, more entities take turn to produce blocks, the safer and more resilient the network gets. More “distributed” among many different parties is the chaining of new blocks to the blockchain, the harder it is for someone to rewrite the blockchain. If a single party produces all the blocks, then it has full control over what goes into the new blocks, and can rewrite past blocks. To guarantee decentralization, a blockchain needs a mechanism that prevents a single entity (even under multiple identities) to be the origin of most if not all the new blocks. In the case of Proof of Work, what needs to be guaranteed, is the decentralization of the block chaining power.
The trial and error exercise to find a unique ID for a block is what is called “Proof of Work.” The idea is that, having a difficulty that adjusts to the ability of the network to find a new block ID, it would be impossible for a single computer, or a minority of computers working together, to rewrite the last part of the blockchain fast enough to catch up to current cumulative difficulty of the blockchain (the sum of the difficulties needed to arrive at the current block) to be able to replace it. Based on this thinking, the “longest” blockchain, thus the one that has the total higher difficulty, in other words has the higher total amount of zeros at the beginning of all the blocks IDs, is the “true” one as it has been computed by the majority of the network. A version of the blockchain that has taken more difficulty to build compared to another version, by the architecture of PoW is considered the most authoritative and one each node should have.
As there is a reward for finding a new block (it started at 50 bitcoin every new block and halves every few years, now it is 12.5 bitcoin), people started investing in ways to find the new block unique ID before others, to win the rewards. Some hardware companies started producing devices that people could connect to their USB ports that are very fast in calculating hashes, thus block unique IDs, of block data. Obviously more trial and error people could do, the higher the network would set the difficulty, so that it will always take 10 minutes on average to find the unique ID for the next block.
There is a great playground to experiment with what I explained above, made by Anders Brownworth. See the concept of hash, nonce, and mining difficulty (the zeros) here: https://anders.com/blockchain/blockchain.html
I know all this is a lot to digest, but bear with me. Here is a recap:
- The bitcoin blockchain is a replicated “write once and read many (times)” database,
- with a copy of it stored in each node (server/computer) of a
- Peer to Peer network: a network where each participant computer is as important as any other and where
- participation is open to anyone with an up to date copy of the node core software.
- Users add data to this database by broadcasting their data add requests through the P2P network.
- Nodes put those requests in a queue, and
- if the requests respect the rules of the blockchain
- can be added to a new block.
- When the request is added to a block, it also gets executed updating the node database.
- Every new block needs to be “chained” to the last confirmed block by including in its data the unique ID of the previous block.
- To find a unique ID for a new block the hash of the block data needs to start with as many zeros as requested by the current network difficulty.
- A node does trial and error attempts adding a nonce to the block data until the hash complies with the difficulty requirement.
- The first node that find a new valid block and broadcast it to the P2P network “wins” a reward in Bitcoin.
- The difficulty is updated every two weeks.
- The bitcoin blockchain with the highest cumulative difficulty is the authoritative one.
- People started using many computers to split the trial and errors needed to find blocks, so to win the “race” and be the first to find a block, and this to collect the reward.
Here I think there is the first fallacy of the Proof of Work for the bitcoin blockchain. Not the reason PoW is dead (I will explain why later), but the reason the bitcoin blockchain failed as decentralised system. It is something I believe the Satoshi Nakamoto team must have failed to envision: the fact that freed would have brought the difficulty insane levels. If the dream was a very distributed network, participated by thousands if not millions of computers around the world, that vision failed. The Satoshi Nakamoto team designed the protocol so that, the reward for finding a new block is sent to an account specified in the new block by its creator. As the content of the data of a block originates the hash to make the block valid, each block creator would attempt to create a block with their own address in it, and thus the competition to find a block is among many people. Well, given how the Proof of Work for the bitcoin blockchain is structured, the trial and error attempts needed to find the valid hash can be split among many computers, given that all of the computer search a hash for the same block (a block with the same address to receive the reward).
Let me explain (and please bear with me as I use unrealistic numbers, I know computers are much faster). Let’s say that, at an initial difficulty (the hash must start with 5 zeros), a single computer needs to do an average of 1 million trial and error attempts, and this requires it about 10 minutes. I say “an average” and “about” because finding the right hash is a real lottery. As the hash results are unpredictable, a lucky computer may find the right hash after only just 500 attempts, and an unlucky one needs 2 million attempts. For this reason the Satoshi Nakamoto team must have thought that, among may computers more or less of the same power, the distribution of the rewards should have been homogeneous.
Yet, greed outsmarted the Satoshi Nakamoto team! To be sure to win the reward, if the current difficulty requires a single computer 1 million attempts, and thus 10 minutes, splitting the 1 million attempts to find a valid block ID among 2 computers that work in parallel to find a valid block ID for the SAME block (the block with the same recipient address), reduces the average time to 5 minutes as each computer needs an average of 500 thousands attempts. This is true until the difficulty adjusts again. As the nodes calculate that valid unique IDs for the new blocks have been found in an average of 5 minutes, the difficulty increases so that, now, an average of 2 millions attempts are needed to find the unique ID for a new block.
The difficulty adjusted so that with 2 computers, it now takes 10 minutes to find a new block ID (each computer now must do an average of 1 million attempts). This means that people with a single computer have half of the chance to lucky find a valid new block ID, and soon give up because leaving a computer on 24/7, doing heavy math calculations, consuming Internet bandwidth, costs more than the rewards won with lower chances. In the meanwhile the competition moves to all those with 2 computers working in parallel to solve the same problem. To win the rewards someone buys 2 more computers, and now share the attempts among 4 computers. He finds the valid hashes in 5 minutes, and wins the reward. Then the difficulty adjusts, and the story repeats. Many times. We all know that today only a few pools mine all the blocks of the current bitcoin blockchain, making its growth no more decentralised.
At today’s level of difficulty the Proof of Work for the bitcoin blockchain requires thousands if not millions of computer to work in parallel to find new blocks. This makes the bitcoin blockchain very solid, if we trust this 4 or 5 pools, and as it sounds it is a good thing: hardly anyone would invest on the resources (electricity, hardware, physical location to run the operations) needed to rewrite past blocks of the bitcoin blockchain using a higher difficulty than the one guaranteed by those pools. Because the cost required would be higher than the possible amount of value that could be stolen. As bitcoin has a finite number of coins, such a high level damage would kill the value of the coins and thus the investment would hardly be recovered (why investing a few billion dollars to steal a few millions?)
This fallacy caused by the PoW architecture (the centralization of the block creation) is not so extremely dangerous, and is not too much relative to blockchain security aspects. If we trust the few pools that daily add blocks to the blockchain, we can sleep tight. If we dreamed a world with an economic system that is fully decentralised, as per the vision of the Satoshi Nakamoto team, we may be a bit upset with how things have gone for bitcoin block mining: a network managed by the people for the people has become a network managed by 5 companies for the people (and their revenue). Something that was meant to be decentralised is in fact almost centralised. If you want to read more about “The high fees and the hell of Bitcoin mining, explained” see this article I posted in 2017: https://www.linkedin.com/pulse/high-fees-hell-bitcoin-mining-explained-roberto-capodieci/
Yet this is not the reason why I say that Proof of Work is dead. I took you through this long path for you to understand how the bitcoin blockchain works, and to realise why the second fallacy of the PoW architecture is the critical one. What else the Satoshi Nakamoto team failed to foresee? Can you guess it? Discover it on part 2 of this series.