How does the mainstream exchange Coinbase view the security of PoW?
Total text: 3,290 words
Estimated reading time: 10 minutes
The following is the original translation:
The following is the original translation:
proof of work
proof of work
All cryptocurrencies define a state of ownership within their currency's network. In order for a cryptocurrency to be usable, there must be a way to update the ownership state. In most existing cryptocurrencies, state of ownership means a minimal history of all transfers that have ever occurred. These histories are stored by network nodes in a data structure called a blockchain. In order to update the ownership state, there must be a way to add recent transfers to the transfer history stored on the blockchain.
Cryptocurrencies add history to their blockchains in different ways. In cryptocurrencies that use proof-of-work, the blockchain scales in a way known as mining. Miners package newly declared transfers into data structures called blocks, which are then added to the blockchain.
Miners attempt to add blocks by solving a proof-of-work puzzle unique to the proposed block. Once a miner finds an answer to the puzzle, he declares the new block and corresponding answer to other nodes in the network. The remaining nodes in the network will recognize valid proof-of-work answers and treat the proposed block as the most recent addition to the blockchain. It is important to note that for any miner, no permission is required to produce a block. This essentially allows miners to enter and leave the network at will.
In order to determine the minimal transaction history among the multiple valid transaction histories that miners may generate (for example, different valid blocks, or even chains of different valid blocks), the cryptocurrency definition using proof-of-work accumulates the most amount of work The blockchain is the simplest transfer history. This consensus rule introduces a fundamental property of cryptocurrencies using proof-of-work: any participant who can find more proof-of-work answers and outperform the rest of the network in terms of work can unilaterally generate a valid transfer history, The remaining nodes in the network will use this history as the simplest transfer history. (But that doesn't mean that participant has unlimited power within the network.)
This paper makes the following two claims about the security of cryptocurrency proof-of-work:
01. Letting mining applications dominate mining hardware is a security feature
The owner of the hardware can jeopardize the value of his investment by losing value to the primary application on that hardware.
Hardware owners consider the long-term success of a major application on their hardware for reasons of financial incentive. The longer the life of their equipment, the more they invest in the long-term success of their hardware's primary application. As of this writing, Bitcoin ASIC miners are enjoying much longer useful lives due to improvements in slowdown efficiency of newer models.
This concept is related to the specific cost principle:
A large amount of computing power of a certain currency outside its system is a security threat to the currency.
The coins with the highest risk of being 51% attacked are those with a large amount of inactive hashrate. This inactive computing power can start mining the coin and disrupt the coin's blockchain. This is especially important when considering the above claim that hardware owners have economic incentives to view applications on their hardware. If the owners of the hardware have other applications besides mining that they can use to monetize their investment in the hardware, then disrupting a coin's blockchain will have only a small negative effect on them.
Those ASIC-resistant algorithms simply allow vast amounts of general-purpose computing resources around the world to mine, potentially disrupting these cryptocurrencies. Coins that implement anti-ASIC algorithms are empirically very vulnerable to 51% attacks due to the above reasons. Well-known examples of anti-ASIC coins being successfully 51% attacked include BTC, VTC, XVG, etc. However, so far, there is no example of a coin that dominates a certain type of hardware being attacked by 51% double spending.
Coins mined with ASICs: The miners of this coin can choose to attack the coin.
Coins mined with general-purpose hardware: Miners of the coin can choose to attack the coin; anyone else in the world with general-purpose hardware can also choose to attack the coin.
Case Study: 51% Attack on BTG
In May 2018, BTG was repeatedly 51% attacked, resulting in double spending of millions of dollars. After this wave of attacks, BTG developers announced to change their proof-of-work algorithm to Equihash-BTG:
"Because Equihash-BTG is different from the existing conventional Equihash mining pool algorithm, we are actually in a separate computing power pool. This means that BTG will dominate the computing power of this new PoW algorithm. This new algorithm has a significant impact on the amount of BTG Customized, adding a layer of incompatibility for other coins, so that other coins (such as BTCZ) will be transferred within the (144, 5) parameter set. (We have worked with many other coin teams in this field cooperate.)"
Summarize
Summarize
The only way for a proof-of-work coin to physically reduce 51% attacks is to become the dominant application on the hardware that mines the coin. Coins mined using widely available general-purpose hardware such as CPUs and GPUs lack this major security feature.
02. ASIC friendly algorithm will improve production and ownership diversity
No algorithm is anti-ASIC, at most it is ASIC-unfriendly.
For any computational problem, problem-specific hardware will always be more efficient than general-purpose hardware. In addition to the advantages of writing application-level logic directly on the circuit, special-purpose hardware does not need to be burdened by other requirements of general-purpose hardware, such as safety isolation, clock interrupts, context switching, and other requirements to support multiple applications. generated tasks. Therefore, no proof-of-work algorithm is ASIC-resistant, just ASIC-unfriendly.
Empirically speaking, ASIC-unfriendly algorithms have repeatedly failed to prevent ASIC development. Previous examples include scrypt (LTC), equihash (ZEC, BTG), ethhash (ETH), cryptonite (XMR), and more.
ASIC-unfriendly algorithms raise the barrier to entry into the mining hardware market.
ASIC-unfriendly algorithms effectively make it harder to manufacture efficient ASICs. The natural consequence of this is that chipmakers need more investment and expertise in producing efficient ASICs.
Therefore, ASIC unfriendliness simply raises the barrier to entry into the ASIC market. This makes the manufacturing of mining hardware more centralized. And this is exactly what choosing an ASIC-unfriendly algorithm wants to avoid.
Contrary to this, the goal in choosing an algorithm should be to choose an algorithm that can easily manufacture an ASIC at low cost. This will make ASIC actually become a commodity, without the professional skills or intellectual property rights of many ASIC manufacturers as their own moats. This will lead to the differentiation of manufacturers, which will further encourage the differentiation of owners/operators, and then realize the decentralized mining network.
When developers choose an ASIC-unfriendly algorithm, they provide a competitive moat for developers who end up making ASIC chips for that algorithm.
Case Study: Monero's Timing Change Algorithm
The development team of Monero knows that the algorithm cannot resist ASICs, and can only resist ASICs to a certain extent. Judging from their previous strategy of pursuing general-purpose hardware mining, they seem to understand that they cannot stop ASIC development forever by developing an anti-ASIC algorithm once. Therefore, they decided to modify their proof-of-work algorithm every six months, hoping to quickly isolate the hardware to prevent the creation of special-purpose hardware.
This strategy underestimates the ability of talented hardware designers to quickly incorporate functionality into chip designs. It is almost certain that a skilled chip designer can master a development process that will eventually incorporate all changes to the proof-of-work algorithm into the chip. This would force a small group of closely guarded developers to try to play a high-stakes, highly secretive game of cat-and-mouse to hide their plans for algorithm changes. And any member of the group has an extremely high economic incentive to breach that trust and leak information to the chipmaker. The weight of the group's decisions and the high level of trust placed on them is not a good attribute for a permissionless world currency. This may also create a risk of centralization that is much higher than the risk of miner centralization.
The limitation of this strategy is obvious. ASICs with at least 3 different versions of mining algorithms have been successfully developed and deployed in advance in the XMR network.
Big ambitions only matter if they can be achieved.
A lot has been raised about ASIC-resistant ambitions. These rhetoric usually have some common goal: "to ensure that the network is not controlled by a few people." This goal is good, and it is also important to ensure that digital currencies live up to their promise.
Summarize
Summarize
in conclusion
in conclusion
Cryptocurrencies will not provide a completely egalitarian system that removes all power structures or the advantage of additional resources. But cryptocurrencies bring vast improvements to the current opaque, human, fallible, permissioned financial system. While it is important to be zealous about principles when trying to change the world, it is equally important not to make a falsely perfect system the enemy of an achievable good system.
As digital assets mature, participants must ask themselves whether the industry will be guarded by a group of enthusiasts running laptops in their own homes, or, like almost every other endeavor in human history, be left to a large group of heavily invested Self-interested people with resources lead the way. Every large-scale professional industry uses purpose-built equipment. It would be naive to think that cryptocurrency mining will be different, or should be different.
