Part 2: PoW (read: Proof of Work) is dead.
Why and how a blockchain needs to be secured ?
Is this technology mature to be trusted for business?
Explained in the most layman terms as possible.
Part 1: relax, your bitcoin are safe. Or are they? (did you read it?)
Part 2: PoW (read: Proof of Work) is dead.
Part 3: PoS (read: Proof of Stake) has limited uses.
Part 4: Is PoP (read: Proof of Participation) the way to go?
By Roberto Capodieci — Blockchain Zoo http://bcz.ooo
Author’s note: the debate on PoW (Proof of Work) as THE ONLY viable method to secure a blockchain has many heated conversations online (and offline) between blockchain enthusiasts and cryptocurrency lovers. There are mainly two factions: the PoW supporters and the PoS (Proof of Stake) supporters. In my opinion, for some of these people, the devotion to PoW or PoS must be based on faith, almost to a religious level, on the lines of “Thou shalt have no other proof before me”.
Why I think this? Because when I discuss the theology, oops, I mean… the technology with some of this PoW or PoS devotee, I notice often their refusal (or incapacity) to look objectively into the technology. Here is a series of 4 articles that has the aim to explain, in the most simple terms and step by step, how PoW and PoS work, why is important to secure a blockchain and how. If you are an expert, bear with me when I use simple terminology, but please read all, as it may give you good new insights and, please, share your thoughts and correct me if you feel I do say something wrong. We are all here to learn!
Part 2: PoW (read: Proof of Work) is dead.
Why all the nodes in a P2P network would abandon their good version of the blockchain (and that of their WORM database) to update/rebuild themselves with a tempered version of the blockchain offered by a malicious attacker? It is simple, and easily understood by the explanations in part 1 of this series: if an attacker can broadcast in the P2P network the last block of a version of the blockchain “chained” with a higher cumulative difficulty (obtained doing more “work”, that means putting in exercise more hashing power) compared to the version currently used by the nodes, the protocol instructs the nodes to abandon their version of the blockchain to update themselves to the “stronger” (yet tampered) one.
In the same way a new node with no blockchain stored in its hard disk drive, as it joins the P2P network starts downloading all the blocks from the #1 onward. For each block offered by other nodes in the P2P network, before using it to rebuild its copy of the blockchain, the node verifies that the block is correctly chained to the previous ones. If the node receives from the P2P network two or more versions of a block of a specific height, to be used to rebuild the blockchain it will choose the block that more respects the rules written in the protocol, thus the one that is chained using an ID with more zeros. It chooses the block that is chained with the highest difficulty.
Let’s see what happens when, in the same P2P network, some nodes choose to follow a version of the blockchain and other nodes a different one. It may happen that part of the network keeps adding blocks on top of a version of the blockchain, another part of the network adds blocks on another version of the blockchain, and so on. At this point the blockchain has been split in two (or more) branches. This phenomena is called “forking”. There are different types of fork, and reasons why a blockchain can fork: those caused by the use of different software versions among the nodes in the network, and those caused by a tie in the race to find a new block.
Let’s first look at the case of incompatible node software versions. It may happen (by accident or on purpose) that part of the network uses an old node software with a consensus format or a P2P protocol version that are not compatible with the new node software used by the rest of the network. This causes new blocks with a good unique ID proposed by a group of nodes to be considered valid only by the same group, while due to difference in the protocol architecture, those blocks are not considered valid by the other group of nodes, which will use only blocks found by nodes in their own group. If the fork is permanent in a coin centered blockchain, it can be also referred to as a “cryptocurrency split”. This is what has been done to create Bitcoin Cash out of Bitcoin, and Ethereum Classic out of Ethereum.
In the case of P2P protocol incompatibilities in the network, due for example to a software update done only by part of the nodes, a fork in the blockchain is created as those nodes cannot communicate with the others. The same things happens with networks problems: an ISP blocks all the P2P data. For example often ISP “sniff” data packets and drop all the packets that belong to the Torrent P2P protocol. Different new blocks are found and used by each group: the nodes with a P2P protocol version and the other nodes, the nodes behind an ISP, and the nodes outside that ISP. This causes each group of nodes to grow their own version of the blockchain. In particular conditions, in some blockchain, forks become irreversible if each branch of the blockchain keeps growing independently for a long time, as each group of nodes, even if they get back in connection one with the other, will always think to have the right version of the blockchain.
This type of forks may also happen when a full nation remains isolated in the internet: the nodes of the network inside that nation think to be the only ones in the whole P2P network, and consequently keep building their own branch of the blockchain as if it was the main blockchain. This means that if Bob sends the 5 bitcoin to Alice while they are in the isolated nation, Alice receives the 5 bitcoin and Bob’s balance decreases by 5 bitcoins, but once they jump in an airplane and connect to the internet with their wallets outside that isolated nation, Bob still has his 5 bitcoin and Alice never received them. Alice is 5 bitcoin richer only inside the isolated nation, because only in that version/branch of the forked blockchain the transfer has been registered.
It often happens that many different, yet valid, new blocks are broadcasted in the P2P network. Some nodes end up using a particular new block and others use another one. At this point there are two (or more) potential forks of the blockchains. This situation is also called a blockchain split or a blockchain divergence. If the two (or more) chains of the same length differ only in the last few blocks, the first node that makes a new block with a higher difficulty compared to the ones added to the other forks, will resolve the conflict as he made so that his fork has the highest cumulative difficulty, and thus all the other nodes will be able to calculate that fork as the longest chain, and adopt it as the authoritative one.
The blocks on the shorter chain will be deemed as “orphaned blocks” and the miners who created them will not receive any reward as the blocks will get deleted, and with them the transaction that was giving them the reward. This kind of fork is called “short-lived” fork, and is created when two or more valid new blocks (each with a different unique ID) have the same block height, and are broadcasted in the P2P network almost at the same time. It may happen by accident, or it does happen because someone is trying to rewrite the blockchain doing a “Sybil Attack” (see: https://en.wikipedia.org/wiki/Sybil_attack for more information). In an open P2P network that uses PoW to chain blocks, this happens often. The faster the production of new blocks is, the more often and more long are this “short-lived” forks.
Quote: “Detached or Orphaned blocks are valid blocks which are not part of the main chain. They can occur naturally when two miners produce blocks at similar times or they can be caused by an attacker (with enough hashing power) attempting to reverse transactions.”
See real time orphaned blocks in the bitcoin blockchain here: https://www.blockchain.com/btc/orphaned-blocks
To summarise: when new blocks with the same height, one for each of the different versions of the blockchain are propagated in the same P2P network, the nodes evaluate which version of the various branches has the highest cumulative difficulty, and deletes the other branches to keep only the stronger blockchain. This behaviour is called blockchain “reorganization”, and the procedure it is hard coded in the node software. Reorganizations do happen automatically and are necessary to get back to the right path of “short-lived” forks.
There is no method to avoid the issue of orphaned blocks (forks of the length of 1 or 2 blocks only), longer forks, and blockchain rewrites, when a blockchain is secured by Proof of Work. To completely eradicate the above issues, PoW based blockchains would have to go through a hard fork and update the core node software so that the consensus system uses a different and more secure protocol. Different blockchains have tried to create a new way of chaining blocks. For instance there are projects with the aim of creating a consensus reward system that does not require miners to compete against each other as the reward is shared between all the miners in proportion to their contribution to keep the work to secure the blockchain as much distributed as possible, others that grow the trust only on older nodes, and thus let them approve new blocks with a digital signature, etc.
Not clear yet why I say that Proof of Work is dead? Let me try again to explain and summarise the logic used by the Proof of Work architecture to evaluate, between many available “versions” of the blockchain which one is the more authoritative and thus the one the node should adopt and revert to. How a node recognises the supposedly true version of a blockchain against a supposedly tempered one? By now it should be clear: it simply adds the difficulty used to find the unique ID of each block (for example the zeros at the beginning of each block unique ID), starting from block with height 1 (the first block after the Genesis block), up to the latest block present in each version of the blockchain available in the P2P network. The node adds all the work done to “chain” each block of a single version of the blockchain and finds which of those versions is the “longest” chain: the one with higher cumulative difficulty and with more blocks (with the highest current block height)
Why is the protocol designed in this way? As it requires higher processing power to go through the trial and error attempts to chain a “longer” set of blocks. This means that the blockchain with the higher cumulative difficulty must be the chain with blocks found by the majority of the computing power of the network working together. A single computer, or anyways the minority of computers in the P2P network, would not be able to do a better job compared to the rest of the network. As the majority wins in a democracy, so PoW architecture recognise as valid the blockchain created — supposedly — by the majority of the power in the P2P network. The issue is that the “power” (called “hashing power” to produce blocks is external to the blockchain. I will explain this later, with Proof of Stake.
The bad news for Proof of Work is that Bitcoin isn’t the only blockchain in existence protected by the same PoW architecture. Ethereum plans to shift to PoS (Proof of Stake, more on in part 3 of this series), but it is still secured by PoW. Ethereum classic, a fork of Ethereum — or as some say, the original Ethereum — is secured with PoW, and so are all the Bitcoin clones, such as Litecoin, Dodgecoin, and many others. And this is a crucial security aspect for PoW secured blockchains.
There are a few different mathematical algorithms to produce hashes (and thus unique IDs for new blocks) and many are shared along multiple blockchains. What does this mean? That the hardware devices that can be used to find new block IDs in a blockchain can also be used to find new block IDs on other blockchains. And shifting the hashing power from a blockchain to another is something many “miners” (the people running machines to do PoW) do, based on the value of the coin they are mining, and the current difficulty of a blockchain (their hashing power may be influential in Bitcoin blockchain, but may guarantee winning rewards mining the Litecoin blockchain). Many miners even rent “hashing power” to whoever needs it.
Now, as you should have understood how a blockchain can be rewritten, what advantages a malicious actor can have by doing so, and how PoW is structured, you should have understood why PoW is dead, and keep using PoW as a means to secure a blockchain with a low difficulty is extremely dangerous (and no, you cannot just “keep a high difficulty” on a new or minor blockchain: if there are no miners doing trials and errors to satisfy the high difficulty, the blockchain will see new block one every several days if not weeks).
Let’s look at a real story: January 2019 a hacker notices that the Ethereum Classic blockchain has a very low difficulty, as very few miners are working on it. Yet the value of ETC (Ethereum Classic coins) and the market cap of Ethereum Classic are still good. The hacker buys 1 million dollar worth of ETC, and deposits them in various exchanges (de facto making transactions from his account to the exchange account). In the exchange he then converts the ETC to BTC (Bitcoin), and he withrow the BTC. Then uses rented hashing power to rewrite the past few blocks of the Ethereum Classic blockchain removing the transactions he made to deposit the ETH in the exchanges.
He has rented enough hashing power that the blocks he rewrites use a higher difficulty than the one used to chain the blocks in the honest blockchain of Ethereum classic. He then broadcast to the network his rewritten blocks so that his “fork” has an higher cumulative difficulty. The nodes of the P2P network see that the hacker version of the blockchain has a higher cumulative difficulty compared to the one they are using, thus all the nodes “rollback” (delete their last blocks and rebuild their local blockchain and database) using the counterfeited version of the blockchain. The result? The hacker has the Bitcoin he has taken from the exchanges, and the 1 million dollars worth of ETC coins that, in the new version of the blockchain, have never been sent to the exchanges.
This process is never explained properly in various crypto news publications. But you can see this story here:
- Quote: “the exchange said it had confirmed the 51 percent attack — whereby an entity controls sufficient computing power to alter the network’s transaction history and double-spend coins — and identified three addresses that it said are tied to the attacker in question.”
- Quote: “The function of mining is to add transactions to the universal, shared transaction history, known as the blockchain. This is done by producing blocks, which are bundles of transactions, and defining the canonical history of transactions as the longest chain of blocks. If a single miner has more resources than the entirety of the rest of the network, this miner could pick an arbitrary previous block from which to extend an alternative block history, eventually outpacing the block history produced by the rest of the network and defining a new canonical transaction history.”
- Quote: “Ethereum classic saw more than 100 blocks “reorganized” during a potential 51 percent attack late Sunday, according to at least two different block explorers — Bitfly (Etherchain) and Blockscout. Coinbase said in its blog post that it detected some 88,500 ETC being double-spent (totaling some $460,000).”
- Quote: “Aren’t blockchains unhackable? Not exactly. Bitcoin, Ethereum, Ethereum Classic, and similar blockchain networks are vulnerable to an attack in which one “miner” controls more than 50% of the network’s computing capacity. This theoretically provides an opening to defraud other users by paying them in cryptocurrency before creating an alternate version of the blockchain in which the payment never happens, eventually making the alternative version the authoritative blockchain.”
What does this mean? That the most valuable PoW protected blockchain, at the moment the one for Bitcoin, is somehow safe from this kind of attack, as the costs to rewrite blocks with a higher difficulty than the current one is prohibitive, but any other minor or new blockchain, that uses on PoW to protects their database data, are at risk.I say that the bitcoin blockchain is “somehow” safe from this kind of attacks, because the cost of attacking it would be so high that makes the exercise not really worth. This if the goal is to do what that hacker did with Ethereum Classic. Yet if the intention is just to kill the Bitcoin blockchain, at a loss, then also the bitcoin blockchain is at risk. If an entity, for example a government, a corporation, or a wealthy individual, feels threatened by Bitcoin, could invest enough resources to control the creation of all the new blocks, de facto making it impossible for transactions to be added to blocks and thus executed, and consequently killing Bitcoin.
Yes, Proof of Work has been an incredible concept, implemented without understanding potential security risks, but this happened because it has been a jump in the dark. A necessary one. We owe to the Satoshi Nakamoto team the biggest step into the era of decentralization after the release of the Torrent protocol. It is the duty of all the real blockchain expert to work now toward a more advanced, more secure, lighter, faster and scalable blockchain solution. Many steps have already been done, and the first has been the implementation of Proof of Stake. A system that doesn’t use hashing power to secure the blockchain, but a very different — and more secure — method. Yet with its own limitations.
Wait for part 3 of this series to come out, and you will learn more about Proof of Stake and how blockchains should be secured!