What is Ethereum’s difficulty bomb?

With an alarming name for a relatively straightforward workaround (although in blockchain land, even straightforward things aren’t really), the “difficulty bomb” is an ingenious way to get all Ethereum miners to switch to another consensus system.

by Blake Richard Verdoorn for Unsplash - Ethereum
by Blake Richard Verdoorn for Unsplash

A bit of background: Ethereum currently uses the Proof of Work consensus algorithm, but has always planned to switch to a Proof of Stake system at some point in the future. Casper, as its Proof of Stake system will be called, is in development, and will be rolled out sometime in early 2017, according to the current plan.

One problem has been, as with every decentralized permissionless system, how to get everyone to switch over to the new system, to avoid split chains, replay attacks, etc. As we saw with the recent hard fork, there is always a strong possibility that some will stick with the old system, and there’s not much that the Foundation can do to coerce them into following everyone else.

Unless it’s in their interest to do so. Here’s the ingenious part: the difficulty of mining Ethereum blocks (= the time it takes to find the nonce that will, when combined with the block data, give a hash within a certain parameter) has been gradually increasing since August 2015, and will continue to do so with exponential increments.

What does that mean? That Ethereum blocks will gradually take longer and longer to mine. The time between bitcoin blocks is in theory about 10 minutes (although recently it’s more like 20 minutes). The time between Ethereum blocks is about 17 seconds. This is one of several aspects that makes Ethereum more attractive to some.

But that is likely to change when Ethereum blocks take longer to process than bitcoin blocks. And it will certainly change, for the miners especially, when Ethereum blocks are so “difficult” to process that it no longer is profitable to mine them, since the electricity consumed in the calculations costs more than the potential ether reward.

The “difficulty bomb” is a clever way to force miners to stop using one system and move to another. Rather than pressure through centralized control (“do this or else…”), it does so through decentralized incentives. No-one is told what to do. But the current Proof of Work algorithm has a built-in self-destruct function that, since it is part of the code, no-one can do anything about. You either move to the new system, or you go out of business. Your choice. No coercion.

Since the increase occurs very gradually, “bomb” is perhaps not the best word for the concept, since no explosions or sudden changes disrupt operations. But it does successfully imply the destructive intent of the code, and subliminally encourages everyone to jump over as soon as Casper becomes available. Ethereum developers call it the “difficulty adjustment algorithm” or the “difficulty adjustment scheme”, which are not nearly as dramatic.

It’s worth noting that the difficulty bomb was conceived as a way to get everyone to move over to Casper when the time came. But it could be used to get everyone to move over to a different hard fork. Ethereum has committed to moving to a version of Proof of Stake. But who knows? Change happens. There’s also no guarantee that Casper will be ready in time. What everyone jumps over to, is not yet “written in stone”, as they say. But they will be jumping over to something different.

It’s also worth noting that the difficulty increase could be modified in the upcoming hard fork that will introduce Metropolis, the next planned iteration of the Ethereum platform (expected in the fall of 2016). This type of modification has already happened once. With the Homestead release in mid-March, the difficulty adjustment algorithm was relaxed a bit. Could this indicate a delay in the release of Casper? With the adjusted system, blocks will become un-mineable by 2021, but the slowness will, according to the founder of Ethereum, become “very annoying by the second half of 2017”. This may change.

Ethereum Classic, the alternative result of the latest fork, also has this ticking difficulty bomb, obviously. But what it doesn’t have is the obligation to migrate to a Proof of Stake consensus system, it doesn’t have the commitment to move to Casper. Its miners do have to move to a different algorithm, though. Or, Ethereum Classic could hard fork to remove the difficulty bomb. It will probably let Ethereum launch Casper and see how it goes, before deciding or not to adopt it. Only by then it will have had to do something about its difficulty levels. Assuming, of course, that it’s still around.

The genius here was in knowing that a possibly contentious hard fork was coming, and devising a way to pre-empt resistance. That doesn’t mean that the process won’t be without drama, though. It’s possible that disagreement emerges as to whether Casper is the right consensus algorithm to be using. Some may believe that another alternative is preferable, and independently fork to that. As we’ve seen with Ethereum Classic, it is possible for more than one Ethereum chain to exist (for now, anyway). The difficulty bomb does not solve the problem of trying to get intelligent and strong-willed people to agree on an optimum process, to facilitate the communication as to why the Casper version is the best, and to demonstrate that the entire community is buying into the Ethereum mainstream creed. Clever as it may be, what the difficulty bomb fails to do is to achieve consensus about consensus.

Proof of Work, Proof of Stake and The Bitcoin Halving

You probably know that bitcoin’s security system is called Proof of Work (if not, see here). It’s based on the idea that the amount of work required to attack the system is a deterrent. The costs you would incur from changing transactions that were processed several blocks ago, to either double-spend or to modify details of the embedded data, would be greater than the potential gain. The same applies to what you could gain from denial of service or consensus attacks. By requiring a lot of computer power, Proof of Work assures the integrity and security of the system.

But Proof of Work is not the only game in town. It may not even be the best one.

by Aditya Siva for Unsplash
by Aditya Siva for Unsplash

What are the potential flaws in this system? For one, it consumes a LOT of electricity. A report came out recently suggesting that bitcoin mining (the generation of new bitcoins through successful block validation) will end up consuming as much electricity as Denmark by 2020. While this could well be exaggerated, it does help to envisage the scale of the energy needs. Some innovative ideas suggest that bitcoin mining rigs (the powerful computers used to generate new bitcoins and validate blocks) could simultaneously be used to heat buildings. There’s an ecological thought.

Two, imagine that electricity prices come down and computing power becomes more energy-efficient. And, imagine that there are billion dollar transactions on the network. It’s therefore not hard to imagine that there would be a strong economic incentive to try and change a previous transaction. The costs to engineering an attack on the system would not be so high. The cost of Proof of Work could cease to be a deterrent.

Three, given the current concentration of mining power in China, it’s not hard to see how a consortium could “break” the system by pooling their resources together. All an attacker looking to influence or change the course of the blockchain needs is 51% of the system’s computing power (different types of attacks could be pulled off with less). The top 3 mining pools in China hold 61%. And while there is no indication that they would ever do this (in fact, they have taken steps to dilute their power to avoid such doubt), it is technically possible. The incentives could be personal, or as a response to state pressure, or as a result of bribery, extortion or blackmail.

proof of stake
graph via blockchain.info

So what are the alternatives? One alternative used by some blockchains is Proof of Stake. While Proof of Work depends on computing power, Proof of Stake depends on the amount of the currency owned. In most Proof of Stake systems, a block validator “pledges” or “deposits” a certain amount of coins. That amount influences the likelihood of that validator processing the next “winning” block. While the reality is somewhat more complex than that, the premise is simple enough: to have a say in the development of the chain, you need to have a stake in the currency.

Proof of Stake has similar vulnerabilities to Proof of Work. But the likelihoods are lower, and the consequences very different. It is theoretically possible for an attacker to accumulate 51% of a cryptocurrency’s supply, especially in the younger, lower value currencies. In the case of Bitcoin, however, that would cost almost $5 billion at today’s price. And that’s assuming that the price holds still, which it obviously wouldn’t if someone started buying that many bitcoins. The real cost would be much, much higher. The bounty would have to be pretty spectacular to warrant that type of investment. Comparing this security with Proof of Work, it’s unlikely that accumulating 51% of Bitcoin’s computing power would cost anything like that. In this aspect, Proof of Stake would ensure greater security than Proof of Work.

Another shared vulnerability is that of centralization. As I mentioned before, Proof of Work tends to centralize through access to the “work” resources, specifically electricity (cheaper in some parts of the world than others) and computing hardware (more accessible in some parts of the world than others). Proof of Stake would centralize by making it easier for those with a higher stake to generate new coins through block validation. The higher your stake, or deposit, the easier the problem that needs to be solved. So the new coins tend to go to those who already have a high stake. But, those who hold a large amount of the currency are more likely to act in the currency’s interest, than those whose stake is high-powered computing equipment. Again, in this aspect, through the power of incentives (or disincentives), Proof of Stake would ensure greater security than Proof of Work.

And, it’s cheaper. Proof of Work implies a lot of computing power churning calculations and consuming electricity. Proof of Stake also uses resources, but fewer.

And, it’s more “democratic”. To mine bitcoins with Proof of Work, you need to invest in the equipment that can do the work. And you need to know how to operate and maintain it (or hire someone who does). It requires a significant initial outlay. With Proof of Stake, you need to buy the currency. That’s accessible to everyone. True, you need to have the funds and the tech knowledge to open a wallet, but it’s definitely easier.

Although it may sound like it, I’m not saying that Proof of Stake is better than Proof of Work. Conceptually, it has advantages. But practically, it hasn’t been tested at large scale. Technically, it is vulnerable to certain attacks (convoluted and rare, but a vulnerability is a vulnerability). And theoretically, on its own it isn’t ideal for consensus. Consensus is about everyone rapidly reaching a conclusion as to what is the “correct” chain. What’s to stop stakeholders from “betting” on multiple chains and thus reaching a stalemate? In its purest form, Proof of Stake is unlikely to work. The currencies that use it (Peercoin, BitShares, NXT, and Novacoin are a few) have each come up with ways to solve that problem, many of them using a combination of Proof of Work and Proof of Stake. Ethereum, the crypto-currency with the second-largest market capitalization, is planning to switch from Proof of Work to a Proof of Stake hybrid next year.

What does all this have to do with the halving?

First of all, what is the halving (sometimes called “the halvening”)? It’s when the amount of bitcoins that the block validators (the “miners”) get as a reward for processing transaction blocks is reduced by half. The bitcoin protocol has the reward falling by 50% every 210,000 blocks, to control the supply of bitcoins and permit a gradual tapering off of new coins as the limit of 21 million is approached (we have a way to go yet, that’s not expected until 2140). The last halving was in November 2012, when the reward fell from 50 bitcoins to 25. The next one is expected in mid-July of this year.

And here’s the thing: in theory, the halving increases Proof of Work’s vulnerability. But not Proof of Stake’s. Or at least, by not nearly as much.

Why would Proof of Work be more vulnerable after the halving? Because if everything else remains the same, it will lead to increased centralization. With increased centralization, miners would find it easier to collude to distort the system and to control block creation. Why would that lead to increased centralization? Because with the act of validating the blocks suddenly so much less profitable, it is possible or even probable that many participants would drop out. If the marginal ones drop out, that concentrates power in the larger miners and in the mining pools.

However, that theory does not take into account price movements. A doubling of the price would offset the reduction in the number of bitcoins received as a reward. And the price of bitcoin has gone up considerably since the beginning of the year – up 60% at time of writing. Is that enough to keep validation profitable for the marginal miners?

That’s hard to say, and harder to maintain. Bitcoin’s price is relatively volatile. It went up sharply and quickly (90% of the increase has been over the past month!). It could fall sharply and quickly. It’s an unreliable metric to base predictions of mining profitability on.

With Proof of Stake as a consensus method, this would not be as much of a problem. Proof of Stake requires less computation power, and as such, lower hardware costs and lower electricity costs. With lower costs, a lower reward is not as punitive. Centralization is always a risk with Proof of Stake, as we saw above. But in this case it would not be because of a contraction in production.

Obviously, bitcoin is not going to switch to Proof of Stake or any of its derivatives any time soon. Proof of Work is so deeply ingrained in its protocol and its culture that a switch would be turbulent, to say the least (and the Core developers do not seem eager to embrace radical change of any sort). But the comparison of the two systems and the increasingly obvious flaws in the decentralization assumptions of the bitcoin design highlight that we are all of us still learning as we go along. Bitcoin and other alternative currencies are still an experiment. In the case of bitcoin, one that’s shown impressive reach, resistance, activity, support and real-world potential. But nevertheless, an experiment. And in the grander scheme of things, when it comes to attempts to profoundly change the way society works, seven years is not a very long time. It’ll be interesting to see what happens next.

(This post was originally published on LinkedIn. Sometimes I publish there first, sometimes here. Experimenting.)