Consensus: Do you agree that we don’t agree?
First a quick recap: The blockchain network is a distributed collection of nodes who help verify transactions across the user base and add these onto an immutable ledger. These transactions are grouped together into blocks and full nodes (miners) on the network race to solve a cryptographic puzzle in order to add their candidate block of transactions onto the chain of previous blocks. For their effort, the miners are rewarded with the native cryptocurrency or token of the blockchain — Bitcoins in the case of the bitcoin blockchain and Ether for the Ethereum blockchain.
This cryptographic puzzle helps to ensure that only valid transactions are placed onto the blockchain and that the network reaches consensus about the current state of the system. This is important in a network where there is no central counterparty and participants may not trust each other. As such, the consensus mechanism helps to ensure all network participants come to an agreement about the state of play. However there isn’t just one consensus mechanism, there are many. Two of the most well know are; Proof of Work and Proof of Stake.
Proof of Work
Proof of work is the most common consensus mechanism and the one employed by the bitcoin blockchain. It is based on the SHA-256 algorithm and requires miners to compete to find a nonce which produces a hash of specified difficulty. Now that’s a whole lot of complexity in one sentence — let’s break that down!
Firstly the miner must group transactions together into a candidate block — a typical block has approximately 2,000 transactions in and is limited at 1MB in size. It’s worth noting that a disagreement about the bitcoin block size waged on throughout 2017 and on 1st August 2017 the bitcoin blockchain forked to create a new variation, Bitcoin Cash, which has a block size of 8MB. The bitcoin cash blockchain is now due to upgrade to a 32MB block size in May 2018 which it hopes will further increase the speed of transactions.
Let’s go through some definitions:
Hashing: The processing of hashing takes a value of indiscriminate length and produces an output of a fixed length, referred to as the hash. As such, an input of 100 characters may be hashed to a value which only has 20 characters.
The input is placed through the hashing algorithm, which in the bitcoin blockchain is called SHA-256, and will always produce the same output for the same input.
It is important to note that hashing is a one way function. As such, it is easy to calculate the hash of an input but impossible to calculate the input from the hash.
Furthermore a small change in the input will create a vastly different hash value. This means it is not possible to ‘guess’ the possible hash value of an input from a similar input’s hash.
Nonce: An arbitrary number
Block header: Essentially the title of the block — it includes a summary of the transactions included within the block
Merkle tree: An iterative hash of block pairs which connects all previous blocks together and forms a complete chain of all blocks in the blockchain. This can be thought of as the hash of all block pairs within the entire blockchain.
Difficulty: The number of leading zeroes the hash result must have in order to be considered correct
Once the miner has a candidate block they take the hash from the block header, the hash of the previous block, the current time, the difficulty requirement and the roothash of the merkle tree and try adding different nonces until the output has the required difficulty.
In plainer English: If the hash of all these block elements is ‘ABC123’ then the miners must try to compute this against various random values to reach an output which has the required number of leading zeros.
ABC123 x = 0001hgyfn475h5m5is9843njf98765hjbe98fn439
ABC123 y = 087df98732r76432bf632bf08324ojf0ygbdiy32
In even plainer English: Imagine you have a combination lock. What the miners are doing is trying all the possible combinations to try and unlock it. If the combination is 0007 then they will find it after only 7 guesses (presuming they start at 0000) however if the combination is 7697 then they will have to try vastly more combinations first! The guessed combinations in this analogy are the nonces and the difficulty is the lock’s combination which they’re trying to break.
It’s worth noting that the current difficulty within the bitcoin blockchain is 392,963, 262, 344 therefore, on average, miners have to try 16^ 392,963,262,344 nonces before they are successful.
As evident from the above very very large number, searching for the current nonce takes a lot of computational power. This helps with the security of the network and ensures that miners very rarely confirm two concurrent blocks, thus reducing the likelihood of their ability to enter fraudulent transactions. However it is still possible that if a miner has enough computational power, they may be able to mine two concurrent blocks. This could allow them to enter fraudulent transactions or remove transactions from the blockchain. This is referred to as a 51% attack as in order to raise the likelihood of this occurring, a miner would need at least 51% of the mining power on the network. It’s also worth noting that this does not make it certain that they will find the next block, only more likely. The biggest mining pool, BTC.com has 30.7% of the network mining power and thus is expected to mine c30% of the blocks — however this is rarely true in practice.
Due to the high levels of number crunching, the proof of work consensus mechanism is exceptionally data hungry and the bitcoin blockchain consumes more energy than many small countries. This is an often raised criticism of blockchain tech and many proponents use it to claim that blockchains in an indirect way are damaging to the environment. Another criticism levelled is the ‘slow’ transaction times. This is due to increasing demand in the network and only a limited number of transactions which can be processed in a block. As such, transactions take c10 minutes to be processed but towards the end of 2017, due to rocketing network demand, this increased to several hours and sometimes days. In line with this, the fees associated with transactions rose and priced out man smaller transactions. However it is worth noting that this has subsequently decreased and the bitcoin blockchain is now experiencing some of the lowest ever fees. There are also many improvement proposals in-flight which would increase the speed and capacity of the network and thus have a positive impact on price.
Therefore whilst there exists some fair criticisms of the network and its chosen consensus mechanism, using PoW enables a completely trustless, open network with high security and confidence in the mining process. However there are other options and the Ethereum network (another distributed ledger) has set its end goal to move from PoW to another consensus mechanisms, Proof of Stake.
Proof of Stake
It’s first worth noting that only a handful of cryptocurrencies employ the PoS consensus mechanism, Peercoin was the first and this was then followed by ShadowCash, Nxt, BlackCoin, NuShares, Qora and NavCoin, amongst others.
Proof of Stake consensus differs from PoW in that forgers (a variant of miners) do not need to compete against each other to solve the same computational problem, thus reducing energy inefficiencies within the network. Within PoS, forgers must demonstrate they have a stake in the network and then can mint a comparable amount of transactions. E.g a miner with 3% of Ether could mint 3% of the proof of stake blocks within the Ethereum network. Note here that blocks created using PoS are referred to as ‘minted’ not ‘mined’. In addition to this, and unlike PoW, forgers are not rewarded but instead only receive the transaction fees, however as minting costs are comparably lower this does not decentivise forgers.
There are also two selection methods which help identify the next forger within the network. The first is a randomized block selector which operates similarly to a lottery and the second is a coin age based selection in which the ‘coin age’ is derived from the number of coins times the number of days the coins have been held. As such, when a forger submits their bid to mint the next block, they become part of a waiting list and their chance of being chosen increases with the length of time they have been waiting.
In more technical terms, the forger combines the block ID with their public key and this seeds a random number, x. This is multiplied by the amount of money they have in the system, and the number of seconds since the last block. If this is greater than a threshold value then they are able to mint the next block.
The PoS consensus mechanism is purported to be more secure than PoW in that the cost of attacking the network would be significantly higher. Where it’s estimated that a 51% attack on a PoW blockchain would cost c$1.6bn in hardware, a PoS 51% attack would cost approximately $617m a day in staking attempts and any unsuccessful attempts would result in the loss of the coins.
However a criticism often levelled against the PoS consensus mechanisms is the ‘Nothing at stake’ problem. This is where a malicious actor may try to take advantage of a network fork and process a transaction in the loosing chain of blocks. It is first key to note that unlike in PoW where mining power must be dedicated to just one of the forks, in PoS forgers can go across both, thus the total hashrate across both chains can be over 100%. As such, if the chain splits into forks A and B, the actor may look to include their transaction in A but place their processing power in B. Thus if both fork A and B have hashrates of 99%, with just a 1% stake, the bad actor could tip the processing power of B from 99% to 100% and chain B will be confirmed. However if their transaction was in fork A and fork B wins, it will be as if the transaction didn’t occur and thus they could have received their coins but their payment wouldn’t be processed. Whilst this may seem a damning bug in the protocol, in principal the majority of forgers are not malicious and instead dedicate their forging power to just one fork.
There are of course additional attack vectors for both proof-of-stake and proof-of-work consensus mechanisms as well as benefits for both the miner/forger and the blockchain user. In themselves they could merit an independent write up, as would the host of new consensus mechanisms which are being created and implemented. Further explanations of these will follow.