You probably know that bitcoin’s security system is called Proof of Work (if not, see here). It’s based on the idea that the amount of work required to attack the system is a deterrent. The costs you would incur from changing transactions that were processed several blocks ago, to either double-spend or to modify details of the embedded data, would be greater than the potential gain. The same applies to what you could gain from denial of service or consensus attacks. By requiring a lot of computer power, Proof of Work assures the integrity and security of the system.
But Proof of Work is not the only game in town. It may not even be the best one.
What are the potential flaws in this system? For one, it consumes a LOT of electricity. A report came out recently suggesting that bitcoin mining (the generation of new bitcoins through successful block validation) will end up consuming as much electricity as Denmark by 2020. While this could well be exaggerated, it does help to envisage the scale of the energy needs. Some innovative ideas suggest that bitcoin mining rigs (the powerful computers used to generate new bitcoins and validate blocks) could simultaneously be used to heat buildings. There’s an ecological thought.
Two, imagine that electricity prices come down and computing power becomes more energy-efficient. And, imagine that there are billion dollar transactions on the network. It’s therefore not hard to imagine that there would be a strong economic incentive to try and change a previous transaction. The costs to engineering an attack on the system would not be so high. The cost of Proof of Work could cease to be a deterrent.
Three, given the current concentration of mining power in China, it’s not hard to see how a consortium could “break” the system by pooling their resources together. All an attacker looking to influence or change the course of the blockchain needs is 51% of the system’s computing power (different types of attacks could be pulled off with less). The top 3 mining pools in China hold 61%. And while there is no indication that they would ever do this (in fact, they have taken steps to dilute their power to avoid such doubt), it is technically possible. The incentives could be personal, or as a response to state pressure, or as a result of bribery, extortion or blackmail.
So what are the alternatives? One alternative used by some blockchains is Proof of Stake. While Proof of Work depends on computing power, Proof of Stake depends on the amount of the currency owned. In most Proof of Stake systems, a block validator “pledges” or “deposits” a certain amount of coins. That amount influences the likelihood of that validator processing the next “winning” block. While the reality is somewhat more complex than that, the premise is simple enough: to have a say in the development of the chain, you need to have a stake in the currency.
Proof of Stake has similar vulnerabilities to Proof of Work. But the likelihoods are lower, and the consequences very different. It is theoretically possible for an attacker to accumulate 51% of a cryptocurrency’s supply, especially in the younger, lower value currencies. In the case of Bitcoin, however, that would cost almost $5 billion at today’s price. And that’s assuming that the price holds still, which it obviously wouldn’t if someone started buying that many bitcoins. The real cost would be much, much higher. The bounty would have to be pretty spectacular to warrant that type of investment. Comparing this security with Proof of Work, it’s unlikely that accumulating 51% of Bitcoin’s computing power would cost anything like that. In this aspect, Proof of Stake would ensure greater security than Proof of Work.
Another shared vulnerability is that of centralization. As I mentioned before, Proof of Work tends to centralize through access to the “work” resources, specifically electricity (cheaper in some parts of the world than others) and computing hardware (more accessible in some parts of the world than others). Proof of Stake would centralize by making it easier for those with a higher stake to generate new coins through block validation. The higher your stake, or deposit, the easier the problem that needs to be solved. So the new coins tend to go to those who already have a high stake. But, those who hold a large amount of the currency are more likely to act in the currency’s interest, than those whose stake is high-powered computing equipment. Again, in this aspect, through the power of incentives (or disincentives), Proof of Stake would ensure greater security than Proof of Work.
And, it’s cheaper. Proof of Work implies a lot of computing power churning calculations and consuming electricity. Proof of Stake also uses resources, but fewer.
And, it’s more “democratic”. To mine bitcoins with Proof of Work, you need to invest in the equipment that can do the work. And you need to know how to operate and maintain it (or hire someone who does). It requires a significant initial outlay. With Proof of Stake, you need to buy the currency. That’s accessible to everyone. True, you need to have the funds and the tech knowledge to open a wallet, but it’s definitely easier.
Although it may sound like it, I’m not saying that Proof of Stake is better than Proof of Work. Conceptually, it has advantages. But practically, it hasn’t been tested at large scale. Technically, it is vulnerable to certain attacks (convoluted and rare, but a vulnerability is a vulnerability). And theoretically, on its own it isn’t ideal for consensus. Consensus is about everyone rapidly reaching a conclusion as to what is the “correct” chain. What’s to stop stakeholders from “betting” on multiple chains and thus reaching a stalemate? In its purest form, Proof of Stake is unlikely to work. The currencies that use it (Peercoin, BitShares, NXT, and Novacoin are a few) have each come up with ways to solve that problem, many of them using a combination of Proof of Work and Proof of Stake. Ethereum, the crypto-currency with the second-largest market capitalization, is planning to switch from Proof of Work to a Proof of Stake hybrid next year.
What does all this have to do with the halving?
First of all, what is the halving (sometimes called “the halvening”)? It’s when the amount of bitcoins that the block validators (the “miners”) get as a reward for processing transaction blocks is reduced by half. The bitcoin protocol has the reward falling by 50% every 210,000 blocks, to control the supply of bitcoins and permit a gradual tapering off of new coins as the limit of 21 million is approached (we have a way to go yet, that’s not expected until 2140). The last halving was in November 2012, when the reward fell from 50 bitcoins to 25. The next one is expected in mid-July of this year.
And here’s the thing: in theory, the halving increases Proof of Work’s vulnerability. But not Proof of Stake’s. Or at least, by not nearly as much.
Why would Proof of Work be more vulnerable after the halving? Because if everything else remains the same, it will lead to increased centralization. With increased centralization, miners would find it easier to collude to distort the system and to control block creation. Why would that lead to increased centralization? Because with the act of validating the blocks suddenly so much less profitable, it is possible or even probable that many participants would drop out. If the marginal ones drop out, that concentrates power in the larger miners and in the mining pools.
However, that theory does not take into account price movements. A doubling of the price would offset the reduction in the number of bitcoins received as a reward. And the price of bitcoin has gone up considerably since the beginning of the year – up 60% at time of writing. Is that enough to keep validation profitable for the marginal miners?
That’s hard to say, and harder to maintain. Bitcoin’s price is relatively volatile. It went up sharply and quickly (90% of the increase has been over the past month!). It could fall sharply and quickly. It’s an unreliable metric to base predictions of mining profitability on.
With Proof of Stake as a consensus method, this would not be as much of a problem. Proof of Stake requires less computation power, and as such, lower hardware costs and lower electricity costs. With lower costs, a lower reward is not as punitive. Centralization is always a risk with Proof of Stake, as we saw above. But in this case it would not be because of a contraction in production.
Obviously, bitcoin is not going to switch to Proof of Stake or any of its derivatives any time soon. Proof of Work is so deeply ingrained in its protocol and its culture that a switch would be turbulent, to say the least (and the Core developers do not seem eager to embrace radical change of any sort). But the comparison of the two systems and the increasingly obvious flaws in the decentralization assumptions of the bitcoin design highlight that we are all of us still learning as we go along. Bitcoin and other alternative currencies are still an experiment. In the case of bitcoin, one that’s shown impressive reach, resistance, activity, support and real-world potential. But nevertheless, an experiment. And in the grander scheme of things, when it comes to attempts to profoundly change the way society works, seven years is not a very long time. It’ll be interesting to see what happens next.
(This post was originally published on LinkedIn. Sometimes I publish there first, sometimes here. Experimenting.)