One of the defining aspects of a public blockchain is that anyone can add information to it. However, before it is added, the information must be verified. All cooperating nodes in the network must agree on the definitions of valid, and invalid, information. For example, in the case of Bitcoin, there must be a consensus on what defines a legitimate transaction. When the new information is deemed valid by all participating nodes in the network, then the consensus is reached. This article explores how a decentralized network could achieve consensus through two different algorithms: proof-of-work and proof-of-stake.
In a blockchain, all connected elements of the network are called nodes. The nodes uphold and respect a set of rules. Using these rules, the nodes in the network agree on the transactions to include or exclude. This process allows the blockchain to reach consensus.
Periodically, a new block of transactions is added, and all nodes update their view of the network. Afterward, they agree on this updated view of the ledger. But determining who can add or create the next block in a decentralized chain is not trivial.
In a public blockchain network, miners create blocks, but miners are not controlled or predefined. This creates the need for a decentralized consensus algorithm. Two popular options exist for a consensus algorithm: proof-of-work and proof-of-stake.
In proof-of-work, a node in the network must prove that it has done a considerable amount work to become the leader and add a block to the chain. This “work” is solving a computational riddle, which can only be solved by “brute force” (the technical term used for a problem for which no smarter solution can be found). On average, a solution is found periodically. In the case of Bitcoin network, the riddle is finding a hash.
What is a hash?A hashing algorithm computes a cryptographic fingerprint of an input and outputs a fixed length hash. In the context of cryptocurrencies, like Bitcoin, transactions are taken as the input in order to make them permanent. Even a minor change in a single transaction would change the hash significantly, and hence, easily detectable. Bitcoin uses uses SHA-256, which means that the output will always have a fixed 256-bits length.
What is a fork?
If you look at a blockchain as a series of blocks, a fork is a permanent divergence from the previous version of the blockchain, forged by creating a new path. One path follows the new blockchain, while the original path continues. A fork means a radical change to the blockchain, as it determines previously invalid blocks or transactions to be valid (or the other way around). For example, an incompatible change to the consensus rules that defined the original chain.
By aiming for a hash to be found every ten minutes and adjusting the difficulty of the task, the Bitcoin network can cope with increases and decreases in “hashing capacity,” that is, the number of miners. Moreover, by maintaining this ten-minute interval, it reduces the chance that two miners will find a solution to the riddle at the same time, creating a fork in the chain. The difficulty level is adjusted every 2016 blocks, based on time it took to find those. When hashing capacity grows, it reduces the time it takes to find 2016 blocks, so the the difficulty level increases.
To prevent changes to a block, the hash a miner attempt to find is made up of several components. The three most important inputs are: the hash of all transactions in a block is added; a link to the previous block; and a random number. This prevents transactions in a block from being altered at a later time, a block being linked to a different previous block, and allows the miner to generate different solutions to the riddle. By changing the value of the random number, different hashes can be computed for the same input. If a miner finds the correct random number, then he solved the riddle, and successfully mined that block.
To overcome the problem of unplanned forks, Satoshi, the mythical person that invented Bitcoin, added an additional consensus rule which states that nodes must choose the longest chain as their primary one. Choosing the longest chain prevents attacks. If an attacker has less computational power than all other nodes combined, he cannot keep up with the honest nodes and has no influence over the network, as they will always choose the longest chain, which is the honest one. This prevents attackers from selectively adding transactions or blocks to the chain.
The choice of a hashing algorithm is an important one. At the time, Satoshi chose SHA256. A typical choice for a hashing algorithm, but maybe not the best choice for proof-of-work. Because the SHA256 algorithm doesn’t use a lot of memory, it was ported to run on GPUs, then later on custom chips created for the sole purpose of mining bitcoin, called ASICs. GPUs can hash a factor of 10 faster than a CPU, and ASICs a factor of 10 faster than GPUs.
Because ASICs are not readily available, the number of people and organizations who currently mine Bitcoin is relatively low. Not such a good idea in a decentralized network. Ultimately, having fewer miners was deemed so bad, that other blockchains, like Litecoin, chose a different hashing algorithm (Scrypt), which uses more memory. ASICs become very expensive when they require more memory, so they weren’t created for Litecoin.
Satoshi included a block reward as an incentive for miners to perform their work. On top of this reward, a miner gets all the transaction fees from the transactions included in the block it mines. Eventually, the fees will replace the block reward as the incentive for miners, as the block reward will halve every 210.000 blocks.
A more general downside affecting all proof-of-work networks is the wasteful electricity usage. A primary driver behind the electricity usage isn’t the hashing itself, but the price of the currency. In the case of Bitcoin, the block reward plus transaction fees currently total at around 14 BTC, or more than $100,000. So, for example, if a miner spends less than that amount to solve the hashing riddle, it makes sense. A miner needs to invest in ASICs and electricity to run them. An increase in the price of a single bitcoin increases the amount of electricity used because improvements in ASIC performance have, so far, been few and far between.
An alternative consensus algorithm for proof-of-work is proof-of-stake. A proof-of-stake does not rely on hashing, so consumes a lot less electricity. Ethereum has implemented proof-of-stake called Casper, which defines a special transaction wherein a user locks up a certain amount of ether.
There are two options currently being evaluated for Casper. In the most basic option, a random validator is selected out of the pool of users who locked up an amount of ether. This validator can then add a new block to the longest chain. Depending on the amount of ether locked up, or staked, a user has higher or lower probability of being selected as a validator.
Since choosing the longest chain is critical for achieving consensus in the network, the economic incentive must nudge the node towards it. Herein lies the problem with proof-of-stake. Developing such an incentive is much more complicated than the hashing riddle of proof-of-work. There are multiple scenarios wherein it is in the best interest of a node to add a block to all chains instead of just choosing the longest, as by doing so, it reduces the risk of choosing the wrong one.
Compared to proof-of-work adding a block to multiple chains is basically free, as it does not require any hashing. However, by doing so, it will have contributed to a situation wherein multiple chains do not converge. In contrast, if a node in a proof-of-work network decides to try to add a block to more than one chain, it has to divide its computational power of those blocks, and hence will lower its probability of being able to add a block to the longest chain.
In a centralized blockchain, the company running it can predetermine which nodes are the miners. So, any of the designated nodes can decide if a transaction is added to a block or not. This removes the need for a consensus algorithm and also substantially reduces the time required to confirm transactions. XRP is an example a centralized blockchain operated by Ripple. XRP confirms transactions within four seconds, blazingly fast compared to Bitcoin, which (when waiting for six confirmations) will take at least sixty minutes.
Achieving consensus in a decentralized network is difficult, but the proof-of-work method introduced by Bitcoin does make it possible. The wasteful electricity usage associated with proof-of-work makes proof-of-stake a viable alternative. However, the complex design of proof-of-stake could cause other problems down the road. Centralizing a blockchain solves the consensus problem altogether, but gives away control to a single company. Which will be the final solution? Only time will tell.
This article is part of the report Urgent Future - Blockchain.