One of the fundamental assumptions of blockchains, whether public or private, is that 51% of actors, especially miners, are honest. Logically, the more actors there are, the more the assumption stands. However, numerous bitcoin developers, including Gregory Maxwell, Peter Todd, Luke-Jr and others, have stated that bitcoin mining is centralized in two or three individuals. The invention of ASICs, in combination with economies of scale (although some research suggests after a certain point – around 25% – it becomes more economical to have less hashing power) has led to giant mining farms in remote areas of China where electricity is cheap, making Bitcoin mining highly profitable. It is, however, much more profitable to be rewarded for mining, through blocks or fees, rather than maliciously attack the network, but the option is there and facts can change. A new paper [PDF] from university researchers based in Shanghai and Virginia claims to have a solution which secures the network even if 51% of miners are malicious. The highly technical paper, extending more than 30 pages, opens by stating:
“On top of Bitcoin’s brilliant ideas of utilizing the power of the honest miners, via their computing power together with blocks, to secure the blockchain, we further leverage the power of the honest users, via their coins together with transactions, to achieve this goal.”
That is, a second layer is added to proof of work via coin-voting, otherwise known as proof of stake. The paper analyses proof-of-stake implementations, the “nothing at stake” problem and the many proposed solutions, including Ethereum’s Casper. The researchers conclude that Casper uses a random number generator which “is an extractor based on the previous state of the blockchain, with entropy sourced from missing block propositions.” It is, therefore, manipulatable, according to the study. Moreover, they argue that the current proof of stake implementations require coins to be locked:
“If a validator set is too big then most of the coins are immovable and sadly misses the point of currency, but if the set is too small, then an adversary with a meager sum of coins could halt consensus.”
The proposed solution is not to lock coins, but to ask transacting users to vote on the best blockchain: “A possible way for an honest user to [support the best chain] is to include the user’s best available blockchain as part of the transaction; this transaction is then signed by the user and bound to the user’s current best available blockchain. When this transaction is broadcast into the network, all miners are informed with the user’s best choice of blockchain. After collecting all users’ best choices, miners will be able to derive and extend the best blockchain.”
I really like reading an article that can make people think. Also, many thanks for allowing for me to comment!