Bitcoin’s security is not cryptographic, it is Economic
An analysis of Dr. Craig Wright’s paper- ‘POW as it relates to the theory of the firm’
Bitcoin has been embroiled in its scaling debate where one of the central arguments put forward by the small blockers is that each user should operate his own node to validate transactions for himself. Another argument proposed is that users get a say in the system and UASF was an attempt to enforce segwit activation through node voting. We will look at why these arguments are not valid and also evaluate differences between Proof of Work and Proof of Stake.
The Bitcoin whitepaper was the first solution to the Byzantine’s general problem, a problem where consensus is to be achieved between distributed systems.
What do Bitcoin nodes do?
The system was determined to be based on one vote per CPU (Satoshi, 2008) and not one vote per person or one vote per IP address. The reasons for this is simple, there is no methodology available that can solve byzantine consensus on an individual basis. The solution developed within bitcoin solves this economically using investment. The parties signal their intent to remain bound to the protocol through a significant investment. Those parties that follow the protocol are rewarded. Bitcoin manages to maintain the decentralised nature of the network through a requirement that no individual party can ever achieve more than 50% of the network hash rate.
Each node (bitcoin client) has been programmed to follow a set of rules. By following these rules a node is able to check the transactions it receives and only relay them if everything is cool. If there are any problems such as double spend/spending more than balance etc, the transaction is classified as a bad transaction and is not passed on. Each node is autonomous and the software automatically validates all the set rules. Nodes share information of unconfirmed transactions(mempool) and confirmed transactions(blockchain) with other nodes.
Validating transactions is a by-product of mining
Proof of work systems purposefully inject a costly signal into the network that is designed as the security control. Many believe that the cryptographic element, namely the hashing process is the security feature of bitcoin. This is a fallacy, it is the economic cost that is relevant to the overall system and not the individual element.
For Bitcoin, the costly signal is the hashing process that involves solving a computationally challenging problem which on average will yield a solution every 10 mins. To solve this problem, miners have to invest resources which includes buying mining equipment, setting up mining farms, and spending electricity as a variable cost. Miners around the world race to solve the computational problem and the first to solve the problem gets the block reward. The only way miners can increase their reward is to invest and increase their hashpower. The probability of finding a block is solely dependent on the hashpower directed, if someone has 20% of the total haspower of the network, they are likely to find blocks 20% of the time(or 1 in 5 blocks).
Validating transactions is a by-product of the hashing. The miner who solves the problem puts the mempool of transactions into a block and adds it to the blockchain which is then relayed to all other miners. All the other miners’ nodes verify these transactions and if they verify that the block consists of bad transactions(double spend etc.), they will reject this block and continue hashing until they find the ‘right’ solution. If the mining nodes verify that the block contains only valid transactions, they will build over this block and start the race to find the next block.
The block reward can be spent only after 100 blocks and hence it is in the best interests of miners to include only good transactions so that the network picks up their block and continues to mine over it. A malicious miner who tries to include bad transactions spends electricity and other variable costs to mine the block but will forego the potential block reward as his block will be rejected by the network. In this way, the network is incentivized to be honest and include only good transactions through rational self-interest.
Proof of Work
The error held by many people is that this move from a CPU-based solution into more costly implementations could have been averted.
Mining nodes are the only nodes that add security to the system. That is because, miners put transactions into blocks. The reason mining nodes are given this function is because they require investment. If Bitcoin was a one user one vote system and still used CPU mining, the cost of including transactions in blocks would be cheap. A malicious attacker can spin up millions of nodes on cloud servers and gain a 51% market share with a very low investment.
As more hashpower rushes to the network, it becomes more expensive to mine a block, because the probability of finding a block decreases. The more investment it takes to generate a block, the more secure the network becomes. As mining equipment moved from GPU to FPGA to ASIC, it became more expensive to mine and hence more difficult for a single entity to gain more than 51% of the total hashpower.
When the entire network was using CPU’s, an attacker could invest a few million dollars and overpower the system. Today the BTC network is secured with 10 Exahash implying 800,000 S9 Antminers which equal to more than a Billion dollars in just mining rigs excluding all other costs. John McAfee has said that the cost of generating each bitcoin is $1000 which would mean that it costs around $12,500 dollars to mine every block today.
Decentralisation in the Bitcoin network doesn’t mean that the verifying power is taken from a central authority and is given to all users. The verifying authority is given to enough entities that it becomes increasingly difficult for any single entity to gain a majority of hashpower in the system and ensure that the overall system works.
The Nakamoto consensus
Even if a bad guy does overpower the network, it’s not like he’s instantly rich. All he can accomplish is to take back money he himself spent, like bouncing a check. To exploit it, he would have to buy something from a merchant, wait till it ships, then overpower the network and try to take his money back. I don’t think he could make as much money trying to pull a carding scheme like that as he could by generating bitcoins. With a zombie farm that big, he could generate more bitcoins than everyone else combined
A miner trying to double spend a transaction will have to pay a merchant, wait until the merchant ships the product and then reverse the particular transaction. Attempting to take his money back requires him to go to the block where he paid the merchant, remove his transaction from the mempool and start mining from that point. The miner trying to reverse this transaction needs enough hashpower to produce 6 blocks in quick succession and also produce blocks faster than the remaining network to create the longest chain. If a transaction has 6 confirmations, that means that the total computation work for a malicious miner to reverse this transaction costs more than $75,000($12500*6) and requires Billions of dollars of prior investment to successfully overpower the network.
The security isn’t the computing power but is actually the economic investment behind the computing power. As the network gains more value, it incentivises more people to join the network and further decentralise the network increasing the cost to reverse transactions.
Newer generation mining rigs will have exponentially higher hashrate than ASIC miners. GMO’s plans show that their mining rigs are capable of 1.25 PH/s which are 100x the 12.9TH/s of Bitmain’s ASIC S9. When the next generation devices come into play, it will give us the illusion that mining is getting more ‘centralized’ as one player seems to dominate the entire hashrate. But as with ASIC miners, these rigs will be developed by mining companies all around the world, as they invest and compete for the block reward.
Bitcoin follows the longest chain or the chain with the most Proof of Work because this is the chain that has had the most cumulative investment securing the blockchain. Any miner trying to overpower the network should have enough hashpower to create a longer chain than the remaining network combined.
Joining a pool does change a miner’s expected revenue, it provides a lowering of transaction costs to the business as any variation in revenue presents as a cost and a risk to the full miner.
A mining pool doesn’t imply that it is one entity that controls all the hashpower belonging to the pool. A mining pool consists of many individual miners who choose to connect to a mining pool to decrease transactional costs and risks.
A small organisation that would expect to win one block every week may gain one block in a week and then gain nothing for several months when they suddenly receive several block rewards in a row. During the period when they are not receiving any rewards the small operator would still need to pay for expenses including power and any property leases as well as staff costs and other incidentals. Most small organisations do not have capital available and may be leveraged. Any period where the organisation is not receiving a regular income results in additional charges from interest and even the loss of payment discounts to suppliers.
Individual miners can switch between mining pools quite easily and take long term contracts only when it is beneficial. Mining companies calculate transactional costs of joining a mining pool and at some point of crossover of hash power, it becomes cheaper for miners to solo mine rather than join a mining pool. Looking at the Bitcoin hashrate distribution, mining companies with hashpower greater than 0.3% network seem to choose to solo mine rather than join a pool.
Collusion between mining companies is a potential threat but it is in the best interest of mining companies to not collude. Collusion requires trusting all the other companies involved, it requires trusting the that the payout will happen as promised after the attack, it requires trusting that the other companies mine as promised and it requires arriving at a ‘just’ payout for each of their efforts.
PoW vs PoS
The distinction from proof of stake solution as has been proposed comes in the requirement to constantly reinvest. A proof of stake system requires a single investment. Once this investment is created, the system is incentivised towards the protection of the earlier investment.
Bitcoin mining requires continuous re-investment. Miners can wake up to find their hashrate disappear literally overnight if they do not reinvest.
This reinvestment involves innovating to create newer generation chips. This reinvestment involves competing with other mining pools to become more efficient and increase profitability. This involves developing features such as . such as ASIC Boost, innovations that increase the efficiency of mining and decrease the costs. Each generation of chips increases the throughput and energy efficiency. Investments aren’t just limited to chips but will happen in storage, electricity generation, cooling solutions as mining companies compete to become the most efficient.
Without the artificial blocksize limit, miners will find it profitable to include as many tranasctions as they can in a block. The increasing volume of transactions will make the fees go down. Transaction fees are market driven, and any mining pools that are not profitable at lower transaction fees are wiped out. In this way, the market finds the optimum transaction fees and operates with that fees.
In a Proof of Stake system, transaction fees cannot be market dependent but is centrally planned. This is because there is no way for the market to determine fees.
Let’s look at a hypothetical scenario in PoS-
If A,B & C decide to form an oligopoly, and together they hold 51% of the total Eth in circulation. The only way for the oligopoly to increase their mining rewards is to buy more Ether. But mining also requires investment into storage, electricity and other costs.
If A,B and C have bought storage devices at a cost of $100/TB, there is no incentive for them to invest in a newer generation of storage devices next year which might decrease storage costs to $10/TB. Let’s imagine that it is profitable for the oligopoly to only include transactions at $1 per transaction without reinvesting. Competing miners might calculate that it is profitable to include transactions at $0.5 per transaction since they invested in better storage. However competing miners do not find any incentive to include transactions at $0.5 and will charge the same $1 because higher efficiency doesn’t change the probability of getting the block reward. Miners would rather invest that amount in increasing ether holding to increase the probability of finding a block. The oligopoly can compel the market to pay a transaction fees that is profitable to them and refuse to include any transactions that do not pay this minimum fees.
Now let’s take this scenario to Bitcoin. If we imagine an oligopoly of A,B and C in Bitcoin and together they control 51% of the hash power. The oligopoly decides to include only transactions which have fees greater than $1 as anything below that is not profitable for them. The remaining market finds it profitable to include transactions at $0.5 per transaction. The oligopoly quickly realizes that this model cannot be sustained for long. Users will only pay fees of $0.5 as they would wait for 2 blocks(probability of the remaining market finding a block and including their transaction) rather than pay a higher fees. The remaining market will include transactions at $0.5 while the oligopoly fails to get any transaction fees. In this way, the market decides to punish the oligopoly and put them out of business. It is in the best interests of the remaining miners to put the oligopoly out of business because that allows them to increase their relative hashrate and increase their block rewards.
Tezos which uses a Delegated Proof of Stake model determines a 5% yearly reward for anyone who stakes their tezzies to validate transactions. This kind of arbitrary central planning by the protocol disincentivizes the market to become more efficient. When someone has 50% of the total Eth tokens, they have a 50% say in the system for ever more. There will never be any threat to their share of block rewards ever after. In the words of renowned economist Thomas Sowell: “Without the incentives and constraints created by the prospect of profit and the threat of losses, the same output might well cost millions of dollars more”
Bitcoin is an ingenious combination of cryptography and mathematics but it actually solves for the Byzantine’s general problem using economic principles. Consensus is achieved between the network actors through voluntary investment with the aim of being rewarded for their actions. The miners who validate the network have as much a say in the system dependent on the total investment they are willing to spend at that point of time. The total investment going into the network secures the network and creates a stable system of money that is expensive to rewrite. Proof of work discourages collusion of actors as it is a global decentralized free market that cannot be influenced by any action other than investment into the network.