A paper on the value accumulation, security and settlement efficiency of the public chain

Bitcoin has gradually been recognized as a value storage asset with the ability to fight inflation. Ethereum, as a smart contract platform, was recently proposed by Eric's co-founder and ConsenSys founder Joe Lubin as a " global financial settlement layer ."

It seems that there is no relationship between the "value store" and the "clearing layer" . But on the contrary, the ability of a blockchain to accumulate value as a value store is a major factor in measuring its settlement efficiency as a settlement layer .

This article from Coin Metrics founder Nic Carter discusses this truth:

The higher the value accumulated by a public chain in a unit of time, the higher the security and settlement efficiency of this public chain. However, most of the smart contract platforms that want to be the settlement layer have not taken this into account in their economic model design.

For investors who want to have a deeper understanding of the transaction settlement and the economic model of the future public chain, this article, you must not miss it.


How long does it take for the state of the mainstream blockchain to reach its final state? How long do I have to wait to confirm that a bitcoin transaction is actually settled? What are the risk factors that may cause me to require additional trade confirmation? How does the quantity confirmed by the transaction affect the settlement of the transaction?

Surprisingly, even in 2019, 10 years after the first Bitcoin block was mined, these issues are still not well answered.

Due to the existence of some opinions, the rigorous investigation of the characteristics of the Proof of Work (PoW) mechanism has been stagnant. Some believe that the workload proof is only a temporary mechanism that will be replaced when a better consensus/anti-witch attack mechanism emerges. There are also some Bitcoin fundamentalists who believe that the quality of Bitcoin cannot be questioned.

But these issues are crucial. If you think that a public chain with an open validation node set and a distributed convergence mechanism will continue to serve value transfer for the foreseeable future, then these issues are definitely worth pondering. If you are an exchange, your livelihood will depend on the number of transaction confirmations needed to properly evaluate the various blockchains, and these issues will be important to you.

First, let me explain why I think settlement guarantees are the primary factor worth considering in any public chain .

Where is Bitcoin interesting?

This is actually a difficult question to answer. If you ask ten different Bitcoin users, you will receive ten different responses. Regarding the differences in the use and purpose of Bitcoin, the entire community was split almost during the 2014-2017 period.

Hasu and I have tried to write and summarize the history of the debates on these visions. Others have noticed this and recorded them in detail. I especially like the views of Murad Mahmudov and Adam Taché. Daniel Krawisz also cleverly discussed this topic in 2014.

Recommended reading Visions of Bitcoin https://medium.com/@nic__carter/visions-of-bitcoin-4b7b7cbcd24c The Many Faces of Bitcoin https://hackernoon.com/the-many-faces-of-bitcoin-1c298570d191 The Two Ideologies In Bitcoin https://nakamotoinstitute.org/mempool/the-two-ideologies-in-bitcoin/

In Krawisz 's article, he believes that there are two very different groups in Bitcoin: investors and entrepreneurs.

He believes that investors think Bitcoin is a new form of high-energy currency, the main purpose is to maintain the sovereignty of individuals. They tend to think that Bitcoin will eventually become a mainstream asset because of its inherent currency attributes. For them, evangelism is meaningless: the price of money is the best evangelist. The "entrepreneurs" , as Krawis believes, are more interested in Bitcoin as a global payment system and are more concerned about their use in commerce.

As anyone who has focused on the blockchain in 2015-2017 knows, the two camps have engaged in a fierce civil war on the topic of Bitcoin, which is the main battleground between the two parties.

I think maybe these views can be unified. I tend to think that bitcoin is interesting because it uses the communication medium for value transfer and provides strong trading guarantees . (I have tried to explain and evaluate the meaning of trading guarantees in another article, https://medium.com/@nic__carter/unpacking-bitcoins-assurances-a3c98824d3f0) I think Bitcoin is a novel institutional technology . It provides highly assured wealth storage and transfer functions and is independent of any country or financial system. This will open a new chapter for the human organizational model and will allow for an efficient business model where the property ownership system is not guaranteed.

So if you think that the settlement guarantee for a transaction is the most interesting thing in this system, how should we evaluate it? How should we conduct a standard-consistent comparison between Bitcoin and other systems on the premise of open validation?

Settlement assessment

So what exactly is the settlement guarantee? It refers to the ability of the system to be able to convince the recipient of the transaction that the transaction will not be tampered with for a transaction received by the system . Wire transfers using messaging systems like SWIFT are very mainstream because the transactions they process cannot actually be tampered with. SWIFT is safe for the recipient, because the issuing bank will release the funds only after confirming that the funds in the sender's account are complete.

That's why the thieves behind the theft of the Bank of Bangladesh have chosen to use SWIFT and bank wire transfers : they want to take advantage of the transaction settlement guarantees of these systems. In other words, they chose to implement their theft using a system that is difficult to tamper with. The result of this is that the $61 million involved in the case is still missing.

This is not to show evidence that SWIFT and bank transfers are a failure, but rather to demonstrate the advantages of these systems. Even in this case, almost every participant wants to reverse the transaction, but they still can't do it. This shows that the system can resist rollback, free change and post-editing. This does not make it a bad system. This in turn makes it a system that provides a good guarantee for the counterparty, ensuring that the transaction will eventually be settled.

Bitcoin is a similarly useful system because it also provides users with a strong settlement guarantee . It’s just how good it is, we don’t know it completely.

LaurentMT has written some of the most scientific explorations in his outstanding "Gravity Series". But in general, the characteristics of Bitcoin PoW have not yet been fully studied. It has had some block reorganization events in history, but as far as we know, there has not been a reorganization aimed at malicious theft. And we know that miners have imported a lot of real-world resources into the mining of the transaction.

This means that the recipient of the Bitcoin transaction can have a high level of confidence that once the transaction is buried under several blocks, the transaction cannot be reversed .

But for many competing cryptocurrencies, this is not the case. Although in many cases they look similar to Bitcoin, none of them have the same settlement guarantee as Bitcoin. This is not necessarily because of any design flaws, but simply because each block of Bitcoin accumulates more cost per unit of time (that is , the cost of attack), and also because Bitcoin has a hash function for it. Said to be a near-monopoly role, and also has dedicated hardware.

Somewhat surprisingly, many of the weaker chains have not yet been tried, even if the cost of doing so is low. This is most likely because the 51% post-attack cash-out needs to take advantage of the exchange, which brings some additional complexity. And frankly, most of the smaller coins are relatively low in the beginning (and there is not much liquidity available for shorting), which limits the benefits of the attack.

If you want to understand the vulnerability of many cryptocurrencies, you can check out the crypto51.app website. The site calculates the possibility of a blockchain being attacked by assuming that an attacker can rent enough hardware on Nicehash. Although it is a bit unrealistic, it still points well to the lower cost of attacking these systems.

So what are the key variables for assessing the efficiency of settlement in the public chain system? Let's discuss them in two parts: easily quantifiable variables and difficult to quantify variables .

Before we get started, let's start with a lost literature review and cite some of the previous work in this area:

  • For a more concise description of this issue, read Anthony Lusardi's Understanding (and Mitigating) Reorgs. [https://medium.com/@pyskell/understanding-and-mitigating-re-orgs-921c7768fa18]
  • For a comprehensive survey of Bitcoin workload proofs, see: Beyond the doomsday economics of "proof-of-work" in cryptocurrencies by Raphael Auer of the Bank for International Settlements. [https://www.bis.org/publ/work765.pdf]
  • For a concrete implementation of a model containing some variables, refer to A Lower Bound on Miner Rewards by Kevin Lu from BKCM. [https://bkcm.co/research/economicfinality.pdf]

Quantitative settlement related variables

Accounting cost

Accounting costs are the most useful and straightforward variable in our assessment of blockchain settlement guarantees. In simple terms, it is equivalent to the amount paid to the transaction verifier/selector per unit of time. In Bitcoin, every time a miner digs out a block, he gets block rewards and transaction fees as an incentive to stay honest and “follow the rules”. In the proof of workload, the miners attached an unforgeable evidence that they had consumed some energy, so each miner had to pay a price for each block. Every time they win a block, unless they are very lucky, the miner must consume resources roughly equivalent to the value of the block (the marginal margin is usually small). Therefore, miners are motivated to create effective and rule-compliant blocks .

Think of it as a school assignment, such as having to read a book and make a book report. You need to prove to your teacher that you have read this book, so you have to make a reading report (a valid block hash with a sufficient number of zeros in the prefix), only if you actually read the book (calculated There are enough hashes) before you can create it. Because your teacher is a rigid person, you must also correctly format your reading report (to produce a structured and valid block). It would be very tragic if you read the entire book but only submitted a malformed report and ended up with a score for F. The same is true for the workload proof mechanism: work needs to be done in advance, and the benefits can only be obtained later . Since you have already taken the actual cost, and your business needs you to perform the last few rigid steps to get your reward, you don't want to mess up this part. A similar incident has occurred recently, with one miner completing all the necessary work and getting the qualification to submit a block, but creating an invalid block in the last level.

For a more complete description of how PoW rewards work, read Hugo Nguyen's article: The Anatomu of Proof of Work (https://twitter.com/BitMEXResearch/status/1148989508588883970)

So why is the higher billing cost per unit time meant higher security? Because if the (honest) miners have higher wages, it means you need to hire more people who are profitable to defeat them. The resources to be consumed must come from somewhere: you need to manage the hardware, power, etc. that can generate hashing power. (There is a view that since the attacker gets a block reward when doing 51% of attacks, only the transaction fee can be provided as PoW security. I don't have enough time here to fully discuss this, for now I would think that blockchain rewards, especially dedicated mining hardware, are themselves a huge threshold that must be addressed before the 51% attack theory is discussed.)

All in all, it is very difficult to be a good miner who wants to bid above the production block in Bitcoin. They now generate $6.9 billion in annual revenues, and many of them may invest in other businesses in their industry to anticipate future profits (which means mining machines may have a premium, ie mining is being done on the blockchain network) The price of a mining machine may even be higher than the value it produces).


Bitcoin miners' income/dollar, data: Coinmetrics.io

Therefore, Bitcoin not only protects the daily salary paid by the Bitcoin Agreement from the miners, but also protects the discounted income that these miners expect to receive in the future. This means that Bitcoin is not only protected by today's status quo, but also by the expectations of miners for future rewards .

Here we have not found a simple way to simulate expectations, so the easiest way is to get the miners' income per unit time and compare different blockchain systems on this basis. So far, if you choose to stop reading this article now and only remember the last sentence, then you have gained a better understanding of security than most people. Few teams, even those that are as risky as exchanges, rarely evaluate blockchains like this.

Fortunately, Anthony Lusardi has done some very good illustrative work on this topic. He introduced BitConf (https://medium.com/@pyskell/your-exchange-needs-more-confirmations-the-bitconf-measure-872b69babc8f). This work shows that for a transaction confirmation on Bitcoin, how many transaction confirmations other blockchains (such as Litecoin) need to make to achieve the same value.

However, I dare say that most people will not use BitConfs, or try to index the transaction settlement costs required for each blockchain. On the contrary, “civilians” consider settlement as a linear function of the number of confirmed transactions . What is more regrettable is that this is actually a very common point of view. Even the Litecoin Foundation website conceals this view:

The confirmation of the Litecoin transaction is faster than other cryptocurrencies, such as Bitcoin, because it produces one block every 2.5 minutes, while Bitcoin is 10 minutes. This means your money can be delivered faster.

If you compare the speed of the initial selection of transactions from the in-memory trading pool and include them in the chain, the Litecoin is much faster, but in cryptocurrencies, probabilistic transaction settlement efficiency must be taken into account. In other words, if you only care about the first confirmation, then the Litecoin is "faster," but when you care about long-term settlement (multiple confirmations), it's obviously much slower.

If you think that each confirmation of Litecoin and Bitcoin provides the same level of settlement guarantee, then you might think Bitcoin is obviously slower and draw a picture like this:


But this is wrong. Litecoin produces more blocks per unit of time, but it accumulates bookkeeping costs more slowly. In fact, Bitcoin will provide higher income for its miners, so they will provide more security every minute in the form of a hash.


The cost of accumulating bitcoin blocks is "heavier" than Litecoin. Even if the Litecoin has a 10 minute block interval, a bitcoin block is still 14.5 times more expensive than a Litecoin block. The amount of confirmation is irrelevant, and the opportunity cost per minute of miners is the most important.

We can try to visualize the process of increasing the cost of accounting. As the blocks are stacked, the transaction will be buried under more and more blocks, and it will be closer to the state in which it is finally settled.


As more blocks are added, the deal becomes more and more difficult to reverse, and the settlement of the transaction is closer to completion. In this figure, I scaled the width of the block according to the relative size of the accounting cost and plotted the granularity of the block.

The point here is that there is a process for settlement in the blockchain system. The block interval is basically irrelevant. Ethereum has more blocks per hour than Bitcoin, but the billing efficiency should be compared based on billing costs rather than confirmation numbers.

Reversal of the proceeds of the transaction: the amount of the transaction

Billing costs are not the only factor that affects the efficiency of transaction settlement. Equally important is the reversal of the possible gains from a successful transaction. The purest way to measure this incentive is based on the amount of the transaction. If you are the recipient of a 50,000 BTC transaction, you may have to wait for more than six blocks to confirm the completion of the transaction. If you are receiving 1000 Sat, then that confirmation is enough. In short, the settlement of each transaction is more or less affected by the amount involved.

Elaine Ou in a wonderful Bloomberg article (https://www.bloomberg.com/opinion/articles/2019-01-16/bitcoin-and-other-cryptocurrencies-are-open-about-being-at-risk The concept was formalized and it was assumed that the payee should wait until the value of the transaction matches the billing cost to conclude that the transaction was settled.

Elaine's formula subtly combines the two most important quantifiable variables in blockchain settlement: billing costs and the benefits of reversing transactions. If you want to settle a $10 million collection transaction at BTC, you need to wait 60 blocks, or 10 hours, according to its rules. (This is a clever coincidence. For a price of $13,330, Bitcoin will accumulate bookkeeping costs at a rate of $1 million per hour). Next, I will refer to this simple formula as the Ou rule.

Now that we have listed the two most critical settlement-related variables, let's do some calculations and compare these mainstream PoW networks.


Statistics as of 2019/07/15, data: Coinmetrics.io

Undoubtedly, Bitcoin is the fastest blockchain to date (only considering these two variables, and not considering other less mainstream blockchains). In many blockchains, even a $1 million collection transaction can be very slow. In addition to Bitcoin, Ethereum and Litecoin, other distributed books require at least one day (in these examples I don't include Ripple and Stellar because they don't have distributed authentication in the real sense). The smaller chains simply do not have enough miners' rewards to allow the settlement to be completed in a reasonable amount of time.

Luke Childs' Howmanyconfs provides some dynamically updated versions of this table: How Many Confs? (https://howmanyconfs.com/?source=post_page—————— ———)

It is also worth noting that the transaction settlement of BCH and BSV is 33 and 69 times slower than Bitcoin, respectively. Although they are functionally identical in most respects to Bitcoin, they are much slower because they offer fewer rewards to miners. This is in stark contrast to their positioning as a "faster" blockchain.

This is also an interesting case study of how Bitcoin resists being imitated. You can create something that looks similar to Bitcoin, but you can't copy settlement guarantees based on billing costs. Miners follow the real economic situation and they will not be deceived to support an agreement that does not provide them with good income. In fact, as we will understand, the performance of BCH and BSV is even worse than that shown in this table due to the existence of the third variable.

Monopolize its hash function

So far, I have not mentioned the third key variable, which will directly affect the settlement guarantee of a blockchain: whether it is monopolistic to the hardware that can perform its hash calculation . As I mentioned above, BCH and BSV are a huge disadvantage relative to Bitcoin because they only have a small portion of all SHA-256 ASICs. This means that even a medium or small bitcoin mining pool may temporarily point its power to one of Bitcoin's smaller forks and attack it 51% as desired.


Relative share of miners' income, Coinmetrics.io BTC (orange), BCH (green), BSV (red)

The fact that these blockchains have not been attacked cannot be evidence of their security. It may be that no miners on Bitcoin are willing to maliciously harass today's minority, but relying solely on the goodwill of the miners will lead to an extremely fragile security model. Since this risk is always present, it can be assumed that these blockchains will not generate valid transaction settlements regardless of the number of confirmations. This is because, for example, there are enough pools on Bitcoin, and it is easy to reorganize the BSV with a depth of more than 100.

This variable brings more complexity to the analysis of this article. It's not that more computing power means that the blockchain is more secure, and it must also occupy a large portion of the hardware corresponding to the hash function.


In this example, even if blockchain B has more billing costs, I will still assume that blockchain A is less secure than B, because it would be easier to theoretically find enough hardware to attack A.

So I consider that this variable is a Boolean value: whether the blockchain is the monopolist of the power of its hash function . If it unfortunately shares mining hardware with many other blockchains and only has a small portion of mine support, it is likely to be fundamentally unsafe. But it is difficult to determine how insecure it is. The risk of an attack will depend on the ability of the attacker to gather enough power and hardware.

Less quantifiable settlement variable

The three variables mentioned above are not exhaustive, they are just the most easily quantifiable variables. With these variables, you may already be able to build a better model than many of today's exchanges. But there are still many factors to consider.

Reversing the benefits of trading: Goldfinger attack

The name of the Golden Finger attack is taken from the Bond movie, and the villain in the movie plans to radiate all the gold coins of Fort Knox to make the gold coins he owns more valuable. This term is used to describe some types of attacks where an attacker is motivated by some protocol. Joseph Bonneau described it more scientifically as an " attacker with an extrinsic motivation to undermine the consensus process ."

The risk of such an attack is almost impossible to quantify because the attacker has a variety of motivations and is often not a priori (disclosed before the attack). Here, I will give two more examples, which will make the yield of the reverse transaction increase sharply and make the settlement guarantee less certain.


This refers to the creation of a large number of highly valued assets as tokens on top of some base layer agreements, such as Omni assets on Bitcoin or ERC20 assets on Ethereum . Since the security of these tokens comes from their Layer 1 and relies entirely on Layer 1, they are vulnerable to attacks on Layer 1.


As the asymmetry between the attack cost of the underlying protocol and the value of the upper-level assets becomes more prominent, the problem of over-weighting will begin to emerge. When this asymmetry becomes large enough, an attacker may seek opportunities to short up certain assets on the upper layer and simultaneously attack the underlying protocol, dig empty blocks and perform DOS attacks on the relevant tokens, or reorganize and confuse them.

In the real world, there are examples of the consequences of excessive problems on the upper level. Recently, some attackers have tried some methods to attack the reference price of derivatives on BitMEX. Due to the large asymmetry between the collateral of BitMEX (upper layer) and the underlying reference market (bottom layer), the margin position on BitMEX can be liquidated and profitable by dumping the spot on Bitstamp. (Translator's Note: Open a 100-fold empty order on BitMEX, then stock up on Bitstamp to profit from BitMEX)

I don't think that any blockchain today will face this problem, but as more assets are tokenized and deployed on the blockchain, the return on the attack base layer will increase significantly.

Liquidity derivatives market

This is more intuitive. Derivatives, especially options, enable financial market participants to leverage and amplify their returns, even if the underlying securities only fluctuate slightly. Under the problem of excessive upper-level, when there is a significant asymmetry between the cost of implementing the attack and the gain of the attack, the risk of blockchain finance will appear.

The establishment of the derivatives market allows the attack to amplify the returns they receive by predicting price changes; if they can launch an attack to induce asset price declines, then the blockchain system's settlement guarantees may be at risk. As the benefits of an attack increase, the amount of resources an attacker is willing to consume for an attack increases. Therefore, the presence of leverage that can be used to short may weaken the level of settlement guarantee for a blockchain. But because of the differences in attackers themselves and the uncertainty of their ability to cash out after completing an attack, it is unrealistic to quantify this risk and add quantitative impairments to the security model.

Of course, a balancing factor here is that if the exchange suspects that a trader's trader is interfering with the attacker's assistance in interfering with the blockchain, they may not be willing to risk the indulgent trade.

Hardware related considerations

The previously mentioned discussion about mining-specific hardware has also fully demonstrated that GPU mining coins are unlikely to become hardware monopolists because there are enough GPUs in the world (thanks to games and some Other non-cryptocurrency applications). I won't particularly emphasize this here, because David Vorick has clearly stated why the blockchain for GPU mining is basically at risk and why setting up long-term incentives (in the form of ASICs) is so important.

Therefore, additional currency confirmations should always be made for GPU mining coins and blockchains. Although the ratio between the mining cost of a unit of GPU and the mining cost of a unit of ASIC is difficult to calculate accurately. But the security generated by GPU mining has to be discounted. After all, getting the hardware for GPU mining is simply too simple.

Case Study: Kraken's Transaction Confirmation Requirements

Surprisingly, even for exchanges, mistakes in the formulation of such transaction settlement rules can cause them to lose a lot. But from my conversation with them, they seem to care less about the relevant mechanisms for transaction confirmation. I haven't found a lot of information about how many confirmations a transaction needs to wait before it is settled. But fortunately Kraken made their standards public.

I decided to compare Kraren's transaction confirmation rules with a simple implementation of Lusardi's BitConf, which requires all chains to provide transaction guarantees equivalent to six confirmations of Bitcoin:


The time when the data agency Coin Metrics predicted the exchange Kraken to process deposits in various currencies

The result scared me. Depending on how you look at it, either Kraken is extremely strict with Bitcoin trading requirements, or it is extremely loose on non-bitcoin chains. Although Kraken requires 6 block confirmations for Bitcoin transactions to complete the settlement, only 12 blocks are required for Litecoin (174 should be required for the same security as Bitcoin), only for Ethereum. 30 (173 should be required for the same security as Bitcoin), only 15 for Monroe (and 2000 for the same security as Bitcoin).

My guess is that maybe six confirmations are too much for Bitcoin, and Kraken's less settlement requirements for other chains are actually more reasonable. But in any case, the result of controlling the bookkeeping cost is still a bit funny. For example, if QTUM and Bitcoin use the same evaluation criteria, then 67,000 blocks are required for confirmation, which is equivalent to 115 days of waiting time. (QTUM may have some other settlement modes that I am not familiar with. My numbers here are based only on the amount of money it pays to the block certifier).

Of course this is just a very simple implementation of the model. A more complex version should include high security requirements for "non-monopoly chains", GPU mining coins, and transactions with large receipts. I would suggest that exchanges like Kraken have not yet begun to systematically consider trading settlement criteria. But no matter what criteria are chosen, they should require fewer transaction confirmations for Bitcoin and more transactions for the remaining smaller chains.

Some key points

What is the practical significance of all this? Although we still need some work to combine these variables into a model that can be used for everyday applications of cryptocurrencies, we can now summarize the following key points:

1. The block interval is variable, but the change is small

The only thing that affects the shortening of the block interval is when the transaction gets its first confirmation. If you are not so patient, you may prefer a 2.5 minute block interval, but this does not mean that the settlement of the transaction is faster. As a function of the number of shares issued and the unit price, the accounting cost is always accumulated at that rate.

Bitcoin can indeed reduce its block size by 25% and switch to a 2.5-minute block interval, and almost no one will notice the difference. The system is completely functional in nature, except that the six-block rule becomes the twenty-four block rule. Satoshi chose a 10-minute block interval because he didn't know how much the system could converge. Network delays and large blocks can interfere with verification and make convergence between nodes more difficult. (Translator's Note: When the system network is in poor condition, the block can not be broadcasted well to all nodes in the whole network, there will be more forks and uncle blocks in the chain; on the contrary, when the network is in good condition, the area The block broadcast is more complete, there will be fewer forks and uncle blocks in the chain, the main chain of each node will be more consistent, and the whole network will be more convergent. 10 minutes This healthy block interval provides sufficient time for the system. And let us know what kind of system Satoshi wanted to build at the time (hint: not suitable for face-to-face micropayments).

For some small transactions, the first confirmation is a bit useful, because only when your transaction is included in a block is dug out, can be pushed down by the subsequent block. And the smaller block spacing can reduce the floating of daily increases. But beyond that, the block interval can be completely arbitrary. For settlement, security spending per unit time is a key issue in addition to the quality of billing costs. The smaller block interval is only to divide the granularity of the process of safety accumulation into smaller pieces. It does not make the settlement complete faster.

2. Either bitcoin provides too much security or other blockchains are at risk

This is the most obvious conclusion that can be seen from the various comparisons in this article. If you only measure the blockchain security by paying the trade choosers (miners or block verifiers) per unit of time, then in most cases they are very vulnerable compared to bitcoin. This can be seen from this chart. Except for Bitcoin, Ethereum and Litecoin, almost any other chain is not visible on the chart. This is because their spending on security is too little.


Daily dollar income of each currency miner (7-day moving average), source: Coin Metrics

Of course this is not necessarily fatal. It's also possible that Bitcoin's spending on security is a bit too much, and the proof of work mechanism is "good" than we think. This is actually my current view. Considering the current block rewards and high currency prices, Bitcoin may be "excessive" in terms of security spending. But it did make it wrapped in a warm blanket, giving it a good protection when it entered its youth.

So for smaller blockchains, these data do not necessarily represent the end of the day. After all, although Satoshi has developed six rules, for most transactions, one or two blocks are sufficient. This will alleviate the heavy load of blockchains that attempt to catch up with Bitcoin's security spending.

3. Settlement is always probabilistic

I promise that I will be a little bit awkward whenever the new blockchain boasted that they trade "absolutely final". The only way to truly get the finality of a transaction is to have an organization guarantee the transaction and effectively support the transaction. But when this happens, those sovereign institutions that want the transaction to roll back (such as when they suspect that it involves criminal activity) usually ask the guarantee organization to roll back the transaction and poke a final state that seems to have been reached. The hole came out.


Let's use EOS to give an example. According to information provided by EOS Canada, EOS has a concept called Last Irreversible Block (LIB), which means that you can use 100% confidence that the transaction is in the final state, is fully confirmed and unchangeable. of. If the block height corresponding to a transaction is lower than the block height of the Last Irreversible Block (LIB), this indicates that the transaction is considered to have reached the final state.

According to the EOS Network Monitor, there are 330 blocks in front of the current LIB block, which is equivalent to approximately 2 minutes and 40 seconds. This means that EOS claims that the settlement time is very short.

But there is a problem here. EOS (I used to?) has a government process through which individuals can apply to the EOS Core Arbitration Commission (ECAF) to freeze or return stolen coins. This process can effectively reverse transactions that have been settled long ago. Such a transaction reversal occurred in June 2018. Since only 21 entities (the blockers) were responsible for processing the transaction and they had leaders who could be held accountable, this process was possible at the time.

Perhaps many onlookers will stand up for the return of stolen funds, but from the point of view of transaction settlement, this will cause the blockchain to lose some of the quality that users value of the blockchain. In practice, any mechanism that can achieve a transaction reversal can be abused. It is because of the flaws in refund fraud that credit cards add some transaction fees to the transaction.

Imagine a slightly more complicated scam, such as someone selling some EOS in a P2P transaction, then complaining about the transaction to the ECAF, saying that he was scammed and asked to return his EOS. This is the result of an administrative intervention.

There are many more examples of this, here I will only provide this one as an example. In fact, there are many blockchains that claim to have a complete and effective way to get the finality of the transaction, but at the same time increase the ability to roll back transactions and freeze accounts autonomously in their systems. At this point you still need to consider the possibility of the transaction being reversed, even if it is not explicitly coded into the system.

4. Bitcoin's transparent PoW mechanism discloses its security evaluation model

Referring to Elaine Ou again, one of the most useful features of Bitcoin's security model is its transparency and ease of understanding. There is no way to accurately measure a trading guarantee ("How many confirmations can settle a $1 billion transaction?"), but the resources spent calculating support for the system are simple. At any time, anyone can easily figure out how much power is needed to manipulate the system (by making some rough assumptions). Over the years, a clear fact has emerged that no entity other than the national team can come up with enough resources to beat the honest majority in the Bitcoin system.

In contrast, other blockchains hide their security models under their complexity through vagueness in their design or some opaque final mechanisms. For example, the five hash functions that Verge integrates in its workload proof mechanism become the last straw to crush the camel. An attacker found that it was possible to reduce the difficulty of mining to 1 by performing a "timed attack" on one of the hash functions. Compared to providing higher security for the system, the introduced complexity will bring more attack surface to the system.

to sum up

Here are some key points I think of this article. Never consider the settlement process of a transaction in the workload proof mechanism as a function of the quantity of the transaction confirmation, but treat it as a slow process like wood petrochemical. It will proceed at a given rate and cannot be accelerated. This rate is determined by the variables listed above: mainly including billing costs, transaction size, and difficulty in obtaining its mining hardware . Once the settlement is complete, the wood will be completely replaced by minerals and become rock-solid, rather than as soft and malleable as before. The characteristics of this piece of wood will be retained forever.

Similarly, as Nick Szabo said, blockchain is amber that can be calculated . Amber was only the sap of the tree when it was born, and then slowly hardened, and stored some information (such as insect DNA, etc.) in the process. The process of burying past changes in the books under the unforgeable cost proof also provides a slowly growing transaction settlement guarantee. As more and more blocks accumulate, the "gravity" of the blockchain begins to play its role, and the rewriting of transactions long ago was very expensive and cumbersome.

The miner's reward (the source of the cost) depends on the amount of currency issued, the unit price and the transaction fee. This is not programmable except for distribution. With a relatively high circulation, security cannot be guaranteed, and investors must pay for the future of the chain and support its value. In this sense, the strong transaction guarantees provided by the workload proof system cannot be designed, they can only appear on their own . Whether this is a frustrating conclusion depends on how you look at it.

In this article, I try to list the key variables that affect the blockchain transaction settlement guarantees, especially those based on proof of workload. But you should note that I did not provide any formal models and recommended solutions. Many of these variables are not easily quantified, and there may be some variables that I missed. Perhaps the next author after me can provide a more comprehensive, or more focused on, implementation model.

If we ignore these issues today, we will be forced to face them in the future. With the increasing short-selling liquidity in the market, new types of attacks will follow, and exchanges will find that they are gradually becoming the target of public criticism. Similarly, as some of the major custodians and clearing houses begin accepting terabytes or billions of cryptocurrency deposits, they also need to begin to develop formal settlement rules. They will do their utmost to think deeply about the security of the blockchain they depend on.

Original: It's the settlement assurances, stupid

Author: Nic Carter

Compile: really delicious haichao