What is Proof of Stake?

Bitcoin relies on a system called Proof of Work to ensure consensus and security on a blockchain. So do other cryptocurrencies such as Peercoin, NXT, Nubits, Qora and Bitshares,  But some strongly believe that Proof of Work is wasteful and unreliable, and instead implement an alternative system called Proof of Stake.

by Len de la Cruz for Unsplash
by Len de la Cruz for Unsplash

How does Proof of Stake work? By offering the chance to validate a block of transactions, and to receive the corresponding reward, to holders of the currency in question.

In Proof of Work, those most likely to validate a block are those with the most computing power. Taking control of the blockchain is, then, a question of churning computations, and would be prohibitively expensive. Work = cost. That is how Proof of Work secures the blockchain, by making it too expensive to retroactively change, and too difficult to control going forward. Consensus is understood to be the chain with the most work behind it, ie. with the greatest number of validated blocks (technically it is possible to have a sequence of blocks with a relatively low level of work behind them, but it is rare).

In Proof of Stake, holders of the underlying currency “deposit”, “pledge” or “bond” an amount, in exchange for the right to validate blocks. Generally, the likelihood that they will successfully validate a block is in proportion to the amount deposited. Security is achieved by the high cost required to control the majority of the network (a validator would have to hold over half of the market capitalization!). Consensus is achieved by the assumption that stakeholders have a strong interest in the health of the network. If trust disappears because of suspected bad behaviour, the value of the currency will crash and the manipulator’s holdings will be worthless. With Proof of Stake, trust becomes a self-fulfilling prophecy.

Also, Proof of Stake in theory is more democratic. With Proof of Work, influence tends to concentrate in the hands of those with the most powerful computers. Not everyone has the wealth to purchase or the skill to maintain that level of equipment. With Proof of Stake, the validation can be done on any computer. The investment required is in the actual currency itself.

Yet Proof of Stake in its simplest form is not conducive to reaching a consensus, since there is no cost associated with mining on a chain. In Proof of Work, if you mine on the wrong chain, you lose the amount that you invested in doing that work (= the cost). In Proof of Stake, it doesn’t matter which chain you try to mine on. You’re depositing an amount of currency, not incurring a cost. If it turns out that you’re trying to mine on the wrong one, you lose very little. In fact, you could theoretically mine on several chains at the same time, since there is no additional cost for doing so. This makes consensus harder to achieve.

And it will obviously lead to increasing concentration, not ideal for a decentralized concept. Why increasing concentration? Because if those that have the highest stakes are more likely to receive the newly issued coins, then their stakes will become even greater, which will make them even likelier to receive the newly issued coins, etc.

So, the currencies that use it have solved these weaknesses by tweaking and adding features, often ending up with a hybrid system that includes some Proof of Work characteristics.

For instance:

One of the earliest examples of Proof of Stake was PPCoin, subsequently called PeerCoin, in which miners process blocks by submitting a stake. They do this by sending to themselves a chunk of their own coins. Only PeerCoins that have been held for at least 30 days can be used for this, and the longer they have been held without being used (up until 90 days), the higher the chance that block production process has of being successful. Once used, the stake has to sit idle for 520 days. This system ensures that the minting of new coins does not concentrate in the hands of a few participants. The consensus chain is the one with the highest “consumed coin age” behind it. Peercoin also allows for Proof of Work mining as an alternative, but this is being phased out as Proof of Stake becomes more important to the network.

NXT was the first 100% Proof of Stake currency. Block validators are selected at random based on the amount of the currency they hold, and everyone knows who the next miner is going to be. This makes double-spending very difficult, as it the whole network will be able to see if a transaction occurred or not. NXT does not offer fresh coins as a reward for validation – all 1bn coins were created at launch. Block validators focus on maintaining a healthy network, which will increase the value of their stake.

Bitshares uses a derivative called Delegated Proof of Stake, in which wallet holders elect 101 delegates who carry out the voting on which transactions get validated. These delegates take turns producing a block every 10 seconds, in a random manner. This is a less decentralized system than simple Proof of Stake, but more manageable.

Ethereum, the second largest cryptocurrency by market capitalization, currently uses Proof of Work, but plans to move over to a Proof of Stake variation some time in 2017. The twist that Ethereum plans to put on the concept is that validators have a “stake” in the outcome. They stand to lose out if they mine on the wrong chain. To earn the right to try to mine, participants submit a deposit, and are then invited to “bet” on which block will be validated next. Yes, you heard right, you “guess” (presumably in an experienced and insightful way) which block will be the next one to be included in the chain. If you guess right (= if you bet well), you get a reward. If not, you lose your bet. This will make consensus naturally easy to achieve – everyone sees where everyone else is concentrating, and converges on that chain.

As you’ve probably noticed, securing a network and identifying consensus in a decentralized public network that is not controlled by any one entity, is not at all simple. Both systems – Proof of Work and Proof of Stake – are totally ingenious, even though they both have their flaws. Will one turn out to be much better than the others? It’s way too soon to tell. Proof of Work has served Bitcoin well over the past seven years, but the cost and the centralization are becoming serious issues as the profitability of mining falls. Will it withstand the test of time? Proof of Stake has yet to find the magic formula that combines efficiency, security and decentralization. But that doesn’t mean that it won’t happen. We are still in the experimentation phase, launching ideas into the wild and seeing what adaptations and unexpected consequences the users come up with. And the cryptocurrency sector may well end up converging on something totally different. What is most likely, though, is that we will end up with an ecosystem that supports and nurtures combinations of what we have now. And it will be very interesting to see if we can reach a consensus on consensus.

Rational selfishness and bitcoin vulnerabilities

Rational selfishness is the philosophical principle that an action is rational if and only if it maximises one’s self-interest. This can get your brain in knots faster than you can say “but is selflessness even possible?”. Digging deep, can we really say that we give money to charity for selfless reasons? Don’t we really do it because we feel good in doing so? Sure, we’re helping others. But we’re also helping ourselves. When you give the last bite of the chocolate bar to your partner, you feel kind and loving. When you give money to the beggar on the street, you feel altruistic. When you pay into your pension fund, you feel sensible. But are any of these “maximising” your self-interest? Being kind and practical and unselfish feels good. Which makes it, inherently, selfish. But not particularly rational.

by a-shuhani for Unsplash - bitcoin vulnerabilities
by a-shuhani for Unsplash

What has that got to do with bitcoin? Glad you asked. Bitcoin is, as you probably know, a decentralized autonomous platform for transferring value. It’s run by all the participants, and maintained by volunteers, for the benefit of everyone. There’s no central organization profiting from this. The design will have been proven a success if bitcoin manages to establish itself as a reliable alternative to fiat money. It’s totally decentralized, so it’s fair. And we collectively want it to work, so it’s resilient.

Or is it? Is there room for selfishness in bitcoin?

Of course there is. We want bitcoin to work because it will be a step towards a more independent financial system. If we profit from our trading or make money on our mining operation, so much the better. And many of us do focus on those potentially lucrative activities. But for most of us, the benefit is not directly economic. At least not just yet.

Which is one of the reasons why the concept of “selfish mining” is so fascinating. Mining is selfish in that the block validators rightfully expect to at least be able to cover their costs. So how is “selfish mining” different from normal mining?

(Note: if you need a reminder of what bitcoin mining and block production is, check this out.)

Selfish mining is based on the desire to influence the production of blocks, and effectively control the blockchain. Bitcoin is based on the resilience and fairness of decentralization. Selfish mining is a tactic, allowed in the current bitcoin protocol, that completely undermines those concepts.

First labelled and quantified by Emin Gün Sirer and Ittal Eyal of Cornell University (although the possibility had been previously mentioned in bitcoin forums), it is based on some miners not informing the network of processed blocks. In other words, by not “playing fair”.

How it works: a “selfish miner”, let’s call him S, processes a block. It’s linked to the previous block on the chain, but S doesn’t tell the network about it. Now, one of two things will happen. Either the next block will also be processed by S (how probable that is depends on how much computing power S has), in which case he now has a blockchain that is two blocks longer than the one that the rest of the network is looking at. Or, the “good guys”, let’s call them G, process a block and add it on to the blockbefore S’s first block. They think that’s the latest block, because S never told them about his. On seeing this, S “announces” the first block he processed. There are now confusingly two different public blockchains of the same length, one ending in S’s block and one ending in G’s block.

If that happens, which one will the next processed block be added on to? It depends who processes it. If it’s S, he’ll obviously add it on to the one ending in his block. If it’s G, it could be either one. Either way, the chances are greater that it will be the one ending in S’s. Why? Because you have to add the probability that S processes the block, to the probability that G processes it and adds it to S’s block (G has no idea that S does not have honourable intentions). That sum will almost always be greater than the probability that G processes the next block and adds it to the other chain.

So, while it may take a while, S’s “success” will increase. S will eventually end up with more processed blocks on the chain. If S is a mining pool, more miners will want to join him because of that success. S’s share of the computing power will increase, as will the probability that they can pull off selfish mining, which will increase their computing power some more, which will increase the probability that they can selfishly mine, etc. And soon we will end up with a group that has an uncomfortable consolidation of power in a platform designed to be decentralized and fair.

Selfish mining could also be used to facilitate double-spending attacks, which undermine reliability. If S has processed a few blocks in a row, and has not told the network about any of them, he can be pretty sure that he can “replace” the public blockchain with his. So, he could purchase something with bitcoins, and let G process that transaction. G would add that block on to the latest block that it is aware of. S would continue to try to mine blocks to add on to its private chain, the one that it is keeping secret. But G would add subsequent blocks on to the last one that it processed, because that is now the longest public chain. When G’s public chain is almost at the same length as S’s private one, S would publish its longer chain, thus invalidating all the transactions in G’s recent blocks. Including the one in which S purchased something with bitcoin. They would be invalid because they are no longer part of the longest chain. S has the goods it purchased. But the payment for those goods is now invalid.

There has been disagreement in the community over the realistically possible consequences of selfish mining. Vitalik Buterin, the founder of Ethereum, believes that it’s not that worrying, since in reality it is very unlikely and the potential profitability is doubtful. But the authors of the original selfish mining paper insist that “bitcoin is broken”. I believe that both are right. At this point in time, it’s not that worrying. There’s no evidence that this kind of attack has happened (and we should be able to detect from the confirmation records), and the economic cost to the system should it happen won’t be that high. Miners will “waste” work, but that’s about it. However, as the authors have repeatedly pointed out, the likelihood that this scenario, if enacted, will lead to concentration of power is very, very serious. It’s the potential destruction of the underlying concepts that is the most damaging. Will the desire to see the system work, for both economic and ideological reasons, trump the desire to benefit from enhanced mining rewards? We don’t know.

Rational selfishness reduced to its simplest form can be programmed into a computer, or a self-regulating protocol like bitcoin. Such-and-such is a good thing to do if it improves my value or the balance on my ledger. And rational selfishness no doubt forms an integral part of Artificial Intelligence research. But, as we all know, it’s not really part of our way of life. At least not the “rational” part. Humans are generally not very rational, let’s face it. We let emotions cloud even basic investment decisions. We allow unspoken biases or loosely held convictions to affect our reasoning. And we are very bad at predicting what will make us happy. Wanting to participate in interesting projects, wanting to be part of something important, wanting to help change what needs changing – these are also selfish aims. They will make us feel good, they will give our lives meaning. But the results don’t go into any quantifiable ledger anywhere.

This lack of rationality spills over into the world of bitcoin. Most of those who insisted back at the beginning (many still do) that it can never work, were letting their fear of fundamental change convince them that clinging on to old systems is the most intelligent option. Most of those who jumped at the chance to try bitcoin did so because of an irrational hope that we had finally found an alternative to centralized finance. That irrationality, strangely enough, is one of bitcoin’s enduring strengths. We collectively really want it to work, and not just for economic gain. If miners were purely rational, yes, they would join a selfish mining pool. But that reasoning overlooks the fact that miners, too, want bitcoin to succeed. They want to make money, yes. And we’re happy for them to make money, since it keeps the system going. But it’s unlikely that that’s their only objective. The opportunities to profit from bitcoin’s weaknesses are there. And they have not yet been taken advantage of. Absence of proof is not proof of absence, I know. But I don’t believe that the fact that it hasn’t happened is because the miners don’t know how. It’s because selfishness is not always rational.

(This post was originally published on LinkedIn.)

Hello, DAO? I have some questions.

by Gabriel Garcia Marengo for Unsplash
by Gabriel Garcia Marengo for Unsplash

I’ve been trying to get a handle on the concept of The DAO (and all DAOs in general), and I have a ton of questions. So I’m going to throw them out there, because maybe you have the same questions. Maybe you even have some of the answers. That would be great. Please share.

  1. First (actually, these are in no particular order), I notice that we rapidly moved from “Digital Autonomous Corporation” (coined back in late 2013) to “Digital Autonomous Organization”. I get why. A “corporation” is a legally constituted entity which has to abide by certain regulatory and financial rules. An “organization” is a collective that is organized. Since a DAO seems to be a collection of rules and tasks, with some degree of organization, the name makes sense. What I don’t understand are headlines like “The DAO: How the Employeeless Company Has Already Made a Boatload of Money” (from The Observer), “Can A Company Be Run Without Leadership, Management Or Employees? $150m Invested In The DAO Says Yes” (from Forbes), “The Tao of “The DAO” or: How the autonomous corporation is already here” (from TechCrunch), and “Chiefless Company Rakes In More Than $100 Million” (from The Wall Street Journal). From what I gather, the DAO is not a company, or a corporation. It has not been constituted as such, and I have not yet come across one (maybe they do exist) that even claims to be a company. So why the leap from “organization” to “company”? Other than the pressing need for attention-grabbing headlines, of course.
  2. Since DAOs are not technically companies, can they legally issue shares? Yes, I know that technically they’re not issuing shares, most of them operate on a “token” basis for their crowdsales. But, operationally, is there much of a difference? Except that one has a lot of enforceable rules and regulations designed to protect the investor, and the other doesn’t. Since financial regulatory bodies do like their investor protection laws, how long before they deem token sales as an investment worthy of heavy regulation? And when that happens, what will happen to current token holders? Or token issuers?
  3. Has anyone seen anything that resembles a business plan? I’m not averse to risk, but I’d like my investment to have some sort of scenario at least thought of, other than best case = lots, worst case = dunno. Right now the “business plan” seems to be along the lines of “let’s kickstart the Ethereum ecosystem with a crowdfunded investment pool”. It’s a good idea: all Ethereum-linked business will benefit if the platform grows and extends. But that’s a conceptual, almost ideological bet rather than an investment one.
  4. In the case of The DAO, if the ether (contributed in exchange for tokens) is distributed to viable investments (those that receive enough votes to qualify), does that not reduce the amount of ether backing the issued tokens? Does that not make the tokens worth less?
  5. Unless of course you assume that the future value of the investment will be higher than the invested amount. But, let’s be real, the world of apps and “startups” is fraught with investments with no return. Even trained and seasoned VCs get it wrong most of the time. Why do we believe that a collection of untrained enthusiasts will do any better?
  6. Perhaps the “profits” will come from the increase in value of ether, pushed by the increased activity in Ethereum, financed by the funds of The DAO. But that is a financial profit rather than an operating profit. Different concept, different motivation. And, if token holders start to “cash out” as the currency moves up, would that not push down the price? And the value of the tokens?
  7. Will the DAO be subject to taxation? If so, what? Which? Where? And if not, does that mean that it is possible to evade taxes by setting up DAOs? I can’t see the regulators liking that.
  8. The proposals submitted to The DAO for funding have to specify (again, if I understand correctly) how much ether they need to produce or create their product or service. Now, unless they can pay for the services that they need in ether, which unfortunately is still very unlikely, they’re going to need to convert it into some sort of officially recognized fiat currency. And even if they can pay for their services in ether, their suppliers are going to need to convert. And, the exchange rate of ether is not exactly stable. So, given that the project creators understand how much local fiat currency they would need, how do they know how much ether to ask for? They apply the current exchange rate and pray that it holds for the duration of the voting and execution?
  9. If the price of ether crashes, the project will probably no longer be viable. Can a project be cancelled and funds returned if that happens? Can token holders get their money back if the market environment changes?
  10. With projects receiving ether and cashing out in order to do what they need to do,would that not apply downward pressure to the price of ether?
  11. What about quality control? And delivery control? The “contractors” (those who submit successful proposals) get the funds whether they end up delivering or not, right?
  12. Let’s say a really great proposal comes along that needs, for example, $20 million (or $10 million or $50 million, the amount is not important). Let’s say the smart contract stipulates that the funds are disbursed in stages, $5 million each month. After receiving the first $5 million, imagine that the “contractors” (the ones who submitted the proposal) disappear. True, the fund can then find another “contractor” to finish the work. But contractor A has stolen a good chunk of the funds’ money. And say this happens a few times. Since code is not a legally recognized language in any jurisdiction that I know of, does that mean that there is no legally binding contract? And therefore no breach of contract? Does that mean that there is nothing that law enforcement could do to recover the funds?
  13. Let’s imagine that one of the proposals gets funded and turns out to be an efficient and novel service that adds value to the network. Who would own the intellectual property rights? If I understand correctly, The DAO “owns” the projects, and pays the “contractors” (the ones who submitted them) to make them happen. Who gets to file the patent?
  14. If a token holder is not happy with the investments the DAO is funding, he or she can “fork” the DAO by withdrawing their tokens from the main one, and forming another. There are certain conditions that need to be fulfilled for this to come to pass, but they don’t look onerous, and it’s not hard to imagine an ecosystem populated with many DAOs that started as part of this one. So, the funds have split into several DAOs. To which do the projects submit their proposal?
  15. And what happens if something goes terribly wrong with one of the funded projects? Say an Ethereum app manages to delete data, or execute something that causes a loss somewhere. Who is liable? That matters to the person or persons who were hurt by that action. And it matters a lot to lawyers.
  16. I could go on for quite a lot longer, but I’ll end with the ultimate question: how safe is our invested money? What are the chances of a hack? I know that the DAO has procedures in place to prevent malicious attacks. But what about an outright hack? Or a hack of the funded projects? People who know about this assure me that the code is solid. But as we’ve seen, very few systems are totally hack-proof. And the cost to the entire system, not only in terms of ether (and the equivalent fiat currency) but especially in terms of reputation, could set development back by years.

The idea is exciting, and I hope that it is a great success. I hope that it helps us to see how we can change processes and structures, and that we can gradually move towards a new form of business logic. But I fear that the risks are very high, and that so much can go wrong. The attention that the surprise success has brought is not necessarily a good thing. It would be preferable, much, to let us test this concept far from the glare of public scrutiny. To make mistakes, to iterate and to build on small triumphs. As it is, the project has the world’s attention. And knowing how the press love their failures, if it doesn’t live up to expectations, the fallout will be unreasonably severe.

(This article was originally published on Medium.)

What is Proof of Work?

Bitcoin uses Proof of Work to ensure blockchain security and consensus. Fine, but what does that mean?

“Proof of Work”, as its name implies, requires that the decentralized participants that validate blocks show that they have invested significant computing power in doing so. As we saw in “How does Bitcoin work?”, bitcoin validators (known as “miners”) compete to process a block of transactions and add it to the blockchain. They do this by churning enough random guesses on their computer to come up with an answer within the parameters established by the bitcoin program.

Hang on, that’s confusing. So, they wildly guess and hope that their resulting answer ends up in a certain range? Sort of. The main character in this game is called a “nonce”, which for trivia lovers, is an abbreviation of “number used once”. In the case of bitcoin, the nonce is an integer between 0 and 4.294.967.296.

The other main character is a “hash”, which is an algorithm (= a really long and complicated formula) that converts any sequence of characters (it could be the word “dog”, or it could be an entire novel) into a string of 64 letters or numbers.

Hashes are a big part of what makes bitcoin secure. If you change so much as a comma in the text that is hashed (= has the algorithm applied to it), or if you so much as add a space, you get an entirely new hash. It could be a little different, or it could be very different, the outcome is random. Only it’s not really random, because every time you pass a particular text through a hash, you get the same string. If you change something, it’s different. For a given text, it’s always the same. Change one thing, and it’s not.

So, if you hash a real estate purchase agreement or a last will and testament or a stock purchase deal, and put that on the blockchain, no-one can change the details without everyone knowing. If a hash on the blockchain suddenly changes, things get messy. That’s what makes historical bitcoin transactions and records tamper-proof.

by Paulo Vizeu for Unsplash - proof of work
by Paulo Vizeu for Unsplash

Now, let’s leave hashes for a second. You have a block of transactions to process. You want to be the first one to process it, because then you get the “mining reward”. The “mining reward” is an amount of new, fresh bitcoins awarded to the first one to process a block. Fresh bitcoins are a good thing to have. So, how do you get them?

You know the hash of the previous block of transactions. That’s public information, it’s on the blockchain. That will form the beginning of your block of text. Next, you take the current block of transactions, the one you want to process, and add it onto the hash of the previous block. Your block of text is growing.

Now, you pick a nonce, the random number that we mentioned above, and add that to your block of text. You perform a hash of that block (= apply the algorithm to it), which now consists of the hash of the previous block + the transactions + a random number. The resulting hash needs to be a string that has a certain number of zeros in front of it.

That doesn’t sound too complicated, right? Well, bear in mind that to find the number, your computer has to perform approximately 10^21 computations. That’s a LOT. It takes on average 10 minutes to find a nonce that gives you the desired string. That is why it takes about 10 minutes to completely process a bitcoin transaction, to get it registered on the blockchain. There isn’t only one nonce that will do it, there are probably several, but you have no way of knowing what they are.

(And if you know your numbers and thought that the possible range for the nonce given above is not very large, you’re right. In most cases all possible nonces in that range won’t get you the hash you want. So then you go and change a second nonce that is buried in the block, incrementing it by 1 or whatever you want, and you start all over again. Complicated, huh? So the total number of possible nonces from the combination of the two is 4.294.967.296^2, which gives you a really huge number.)

Sometimes computing power improves and the pesky nonces are found increasingly quickly. If that happens, the difficulty is increased. This means that the number of zeros needed in front of the resulting hash for the block to be accepted is increased.

Given the immense amount of work that your poor computers have to do, you can see why this system is called “Proof of Work”.

How does that ensure security and integrity?

Imagine that you wanted to go back and change something in a transaction or a document registered on the blockchain a few blocks ago. As I explained above, if you change so much as a comma, the entire hash changes. And since that hash forms part of the next hash, that would change too. And so on. You would effectively have to re-mine every subsequent block. If one is difficult and expensive, how difficult and expensive would it be to successfully get several re-mined? Prohibitively so. Proof of Work helps maintain bitcoin transactions’ integrity.

It can also prevent double-spending attacks. Let’s say that you send bitcoins to one person. The person that you sent the coins to in the first transactions sees that you did that, and releases or sends the goods you wanted to purchase. A second later, you send the same bitcoins to another address that you own. Given bitcoin’s latency (it can take a few seconds for transactions to spread around the nodes, and your second one may arrive at some nodes before your first one), it’s possible that your second transaction gets processed and validated first. Your first transaction is invalid. Are you going to send back the goods? Probably not. This is why, if you are a merchant accepting bitcoin, it is recommendable to wait for a few blocks to pile on top of the one that sends you the bitcoins, to make sure that yours is the one that got processed, not the “nice try!” fraudulent attempt by the sender.

Now let’s assume again that you’re an unethical bitcoin user (shame on you!). To make it likely that your block with the dodgy transaction is the one processed and added onto the chain, you would need to control over 51% of the validating nodes. If it weren’t for the amount of work that each validating node has to perform, you could create as many as you wanted. As many as you needed, in fact, to get 51% of the network. With Proof of Work, you simply can’t afford to. All of those nodes would have to, you know, do the work. There’s no way that the colossal cost would be compensated by the economic benefit.

What does that have to do with consensus?

For any system to work, you have to assume that at least half of the participants have good intentions. You don’t know who they are, though. With bitcoin, it doesn’t matter. Since there’s no way of knowing who the successful validator will be (because the successful choice of the necessary nonce is random), there’s a greater than 50% chance that it is an honest participant.

But that’s not really consensus, true. That’s where the concept of the chain comes in. In bitcoin you can assume that the longest chain, the one with the most blocks, is the “correct” one, and has the network “consensus” behind it. Why? Because the most amount of work has gone into that chain. We’ve seen how each block requires a lot of computing power. So the one with the most blocks has the highest amount of accumulated work invested in it.

And bear in mind that since the blockchain is distributed amongst all participants, they all know what’s on there. If the validators are adding on to a chain, and if it is impossible to know who the validator is going to be, then we can safely trust that the longest chain has the network’s consensus.

If it turned out that we could not trust at least half of the bitcoin validators, and that there was a strong chance that bitcoin transactions could be filtered, manipulated or duplicated, we would pack up and go home and start work on a new system in which we could rely on that assumption. If that happened, all bitcoin validators would lose not only the value of the bitcoins that they hold, but also the investment they made in the super-fast computers that do the validating (and they’re not cheap). So, the network has an economic incentive to stay honest. The network needs the trust in the system to remain intact.

Another way in which Proof of Work helps consensus is the time it takes for each block to be validated. In 10 minutes, you can be reasonably sure that the latest blockchain has been propagated to all nodes. Everyone has had time to receive the updated version. That version has consensus.

by Aaron Li for Unsplash - proof of work
by Aaron Li for Unsplash

Problem solved, right? Not so fast.

Let’s look at the drawbacks.

First, it’s inefficient. Imagine hundreds of computers all around the world churning power looking for a solution to a pointless puzzle. It sounds crazy, right? But the puzzle is only pointless in that it that it doesn’t solve anything. It just acts as a barrier. It does its best to make mining difficult, so that it would be expensive to fake.

Second, it’s expensive. Electricity costs. The super-fast computers cost. To compensate for the high cost of processing these blocks and churning computer power to find the elusive nonce, the first participant who finds the elusive nonce automatically gets a reward of new bitcoins. This is why the block processors are called “miners”. It’s almost as if they dig fresh “gold” out of the ground.

Third, the high cost is leading to centralization of bitcoin block processing. Remember how I said “hundreds of computers all around the world”? Well, they’re not really. Most of them are in China, where electricity is cheap. A kilowatt/hour in China costs $0.11, vs $0.18 in the US and $0.21 in the UK. In Spain, where I live, the variable rate for heavy users reaches almost $0.17/KwH. There are not a lot of miners in Spain (we had headlines just last week of bitcoin miners getting arrested for, among other things, stealing electricity from the neighbours to run their fast computers). Over 70% of bitcoin computing power (evocatively called “hashing power”) is in China.

So where does that leave us?

That leaves us with a secure and decentralized protocol that solves the problem of verifiable consensus, and incentives. It works. It’s not perfect, but so far it seems to be the best option available, at least for bitcoin. It’s not the only option, though, and we will soon look at alternatives, both conceptual and real. The number of blockchains out there is increasing, and each uses a different way of achieving security and consensus. Some are based on Proof of Work, some aren’t, and each has advantages and disadvantages. And if that weren’t confusing enough, there are more and more ideas emerging to improve on or even radically change the current Proof of Work system. Innovators don’t tend to sit still for long.