Opinions | Whether it is PoW or PoS, it will eventually become centralized

In this article today, the author focuses on "decentralization" – yes, "decentralization", a problem that has been repeatedly discussed by the blockchain industry but has not been conclusive.

This article also brings some somewhat deviant views:

1. All consensus algorithms require an entry threshold;

2. There is no point in a blockchain that everyone can join;

3, "Calculation decentralization" is just the illusion brought by your computer;

4, to ensure the security of the POW algorithm, is nothing else, it is the ASIC mining machine and centralized;

5. Both POW and POS algorithms will eventually become quite central;

6. The pastoral era that we are longing for without professional miners will not last long;

7, …

Author: Maxdeath, Dr. Ren Jie, a senior fellow at the only chain block chain, the main research directions include block chain consensus algorithm, expansion, application, has published many papers in international academic block chain conference.

This article discusses the centralization of POS and POW.

First of all, POS will cause inequality to become an old-fashioned issue. As for why POS will be closer to concentration of rights, that is, centralization, we will not repeat it, because this is not controversial.

But the POW will eventually tend to be centralized, and this view is likely to be controversial. In fact, if logically inferred, whether it is POW or POS, the two algorithms will eventually become centralized. We focus on the centralization of POW.

POW's centralization problem

We all know that the power of almost all head digital currencies is fairly central. But everyone usually puts the pot to the ASIC mining machine or the mining machine manufacturer, gives the algorithm, the mining pool and the outsourced mining tasks, etc. Usually, everyone regards the POW as a center more than the POS. It is an algorithm that is more able to participate and compete equally.

However, I am here to mention such a very deviant conclusion –

No, I am not saying that the currency currently using the POW algorithm is very central. I mean, all the blockchains that use the POW algorithm will eventually become centralized, or more precisely, for a normal one, using the POW algorithm. In terms of blockchain, the concentration and centralization of computing power is its inevitable ending. Of course, the exception here is "This is not a normal blockchain", and we finally say what it means.

Let's reason through several important events, why centralization is the inevitable result of the evolution of any POW algorithm.

1, the emergence of professional miners

Many blockchains using POW, including Bitcoin, have experienced a "idoral era" that many people are fascinated with. At that time, everyone can use the graphics card or even the computer to mine, no professional miners, no ASIC, no mine pool, There is also no centralization. So a natural idea is that we can't keep this state all the time, so professional miners don't appear. In other words, no one (or very few people) are willing to purchase specialized equipment for mining, and most people will choose to mine with ordinary household equipment – this is the real zero threshold for anyone who can join the area. Blockchain.

The answer is yes – if mining does never make money. (Condition 1)

POW is a non-licensed system. In other words, if amateur miners can make money, there is no reason why no one will hit the idea of ​​"buying twice the equipment to make double money." In this definition, when he bought the equipment, his identity changed to a professional miner, and his purpose became a profit. It sounds a bit awkward here. Isn’t the person who dug bitcoin early because of faith?

But faith and earning money are inherently integrated. The success of Bitcoin is precisely because it unifies the two and thus avoids the tragedy of the commons. Making money does not necessarily mean making cash, but also anticipating the appreciation of the currency. Whether it is real money or future money, when the network recognizes that “can make money”, there will be a miner.

The difference between a miner and an amateur miner is that since the miner has already invested, the income will be placed in a very important position.

2, the emergence of special mining machines (ASIC)

As professional miners are born with competition, the reason for competition is that rewards are not distributed according to the calculation power, but are distributed according to the calculation power. So, if this is an open system (Condition 2), a system that everyone can join, all miners will need to continue to invest in equipment based on the trend of rising computing power, and calculate the corresponding profit costs, and can not afford this cost. People will quit, or find ways to cut costs.

The method of cost reduction is of course to use more efficient mining equipment, so for each POW algorithm, because under normal circumstances, special equipment must be more effective than general equipment (condition 3). So, in the end, we will get more and more efficient and more specialized equipment, if the competition time is long enough (condition 4), that is, many people are optimistic about the mining of this algorithm will have long-term profit, we In the end, you will get an ASIC mining machine.

3, the emergence of the mine

In a highly competitive environment, the benefits of mining should be slightly higher than inputs. With the advent of ASIC mining machines, assuming that miners are using ASICs with close efficiencies, competition in other aspects of the cost will be unprecedented, such as: electricity, mining machine purchases, site rental fees, Labor and administrative maintenance costs, etc… This is also called the scale effect.

And all these costs, in reality, will only lead to one result – the birth of the mine.

Because: electricity costs are regional, and mines can be located in places where electricity costs are low; whether from the perspective of R&D, manufacturing or sales, the price of large-scale purchases will be lower than that of retail; the cost of mines for site lease and management It also has advantages.

Therefore, regardless of the size of the mine, it is certain that in a POW blockchain where the miners are highly competitive (condition 5), the individual miners are slowly reduced to be eliminated.

4, the emergence of the mining pool

Similar to the POS case, in most cases, the large pool of POW has many advantages over independent miners in terms of consensus participation (condition 6), such as bandwidth, received transactions, computing power, and so on. And the biggest advantage is that large mines pay for electricity because they can get more stable income. Therefore, POW's independent miners are more motivated to join the mine than POS miners. As a result, the situation of miners competing in the form of “mine pools” has been formed. However, since the mine pools are not binding on miners, the miners will only spontaneously choose the mines with higher yields, which will eventually lead to no matter which miners join the miners. The mining industry will eventually leave only a few competitors. In other words, in the end, several major mining pools will monopolize the entire computing market.

Of course, the controversy here is whether the mine pool must be equal to the centralization, because the miners can still decide which tank to join. Indeed, there is a slight difference between the two, but I think the easiest criterion for judging is that if 51% of attacks are made from the pool level, how many miners can detect and extract the power in time? What's more, if the mine pool can give the miners a higher return by 51% attack, are all the miners really willing to boycott?

POW decentralization attempt

Above, we analyze why the POW will form a centralized mine pool from the perspective of the real world and the nature of the POW algorithm. In this case, we made six hypotheses, which are marked in bold in terms of "conditions" –

  • 1, mining to make money;
  • 2, open system;
  • 3. Special equipment is more effective than general equipment;
  • 4, the competition time is long enough;
  • 5, the miners are highly competitive;
  • 6, large mining pool has an advantage.

These six conditions are an indispensable part of reasoning. In other words, if these conditions are not true, then our reasoning is problematic. In fact, when a POW blockchain does not satisfy such a condition, it is mostly not a "normal" blockchain.

Moreover, such a blockchain is likely to be more central.

Let's first look at some simple situations: in the case of mining without making money, it is impossible to have a long competition and fierce competition. In fact, most of the POWs without ASIC mining machines are in this situation. Therefore, there is no relationship between the ASIC mining machine and the algorithm, but the investment in the development of ASIC mining machines is not worth it.

In another case, the ecology of the whole system is not completely open, such as having special permission to join mining, or not being mainstream, so there are fewer ways to buy mining machines.

In the above two cases, the blockchain has not become more decentralized—a system in which mining does not make money, competition is not intense, is not open enough, or competition is just getting started. It means that it is involved in mining. There are not enough people. In fact, almost all POW systems, including Bitcoin and Ethereum, are very central in their calculations. Bitcoin and Ethereum are truly decentralized, and it is considered to be the golden age that everyone can mine. It is actually very short-lived and may never appear again. The market has entered a transition before full competition. period.

From this perspective, the advantage of POW for POS is not in the consensus algorithm itself, but in the current business model of the blockchain. Under the current heat, the price of a POW blockchain project is already before the main online line. With a very high valuation, so compared to the POS before the main online line has a very high threshold of money, when the POW is on the main network, there will be a section of "earning to make money but The competition is not so intense that everyone can mine. The participation during this period is truly “unlicensed” and almost “zero threshold”, so that it can get a large number of participants in the early stage. It is not available at POS.

However, this is actually related to the centralization of the power distribution, which is irrelevant to our topic here (we will discuss this issue in more depth later). Because, for any POW blockchain, in the current blockchain and the search for the so-called "hundreds of coins" and "thousands of coins", this window will be very short, and we will definitely appear in the normal market. The situation – there will be ASIC mining machines that make it impossible for ordinary equipment to mine, and then professional miners will join the large mining pool due to the restriction of electricity bills or simply purchase mining services by cloud mining or hosting, or because Mining is not profitable and the miners are withdrawn. In order to maintain the safety of the system, the more centralized projects will gradually close the system. In the end, the system will become central.

So, is there an exception?

The answer is yes – we can start with the above conditions.

1, special equipment is more effective than general equipment

The earliest attempt to decentralize the POW is about starting from this point, that is, how to prevent the emergence of the ASIC mining machine from the algorithm, that is, the ASIC resistance algorithm. However, ASIC resistance does not exist, because the above assumptions are irrefutable truths in various fields, that is, dedicated must be more effective than general purpose, the only difference is the degree of effectiveness, and the difficulty of design, development and manufacturing.

The so-called ASIC resistance mining algorithm is to transfer the computational speed requirements of SHA256 to memory or even hard disk, such as the famous Ethash, Equihash, and X11 using 11 algorithms. They hope to improve the design and manufacturing difficulty of hardware. At the same time, reduce the advantages of dedicated devices for general-purpose devices. But we have seen the result of this approach – they overestimate the difficulty of hardware manufacturing and underestimate the advantages of dedicated equipment.

In fact, from an academic point of view, designing an ASIC resistance algorithm, that is, "how to design a manufacturing and development cost and the most secure hash algorithm in the current hardware conditions and the environment of the electronics industry manufacturing" is quite complicated or even a brand new. Academic issues, I have no doubt that this problem can be solved by the academic community, but to develop a systematic theory, and ultimately to give a "development of the most expensive and the least advantageous algorithm for general-purpose equipment", it may take several years .

All of the algorithms before this face many risks, such as overestimating the difficulty of hardware development, underestimating the advantages of ASICs, or simply hiding security risks in algorithms, which in fact bring tangible security risks because Users cannot judge 51% difficulty. Now, we can still see many ASICs that don't have ASIC miners resist the POW algorithm, but judging from their predecessors' experience, I don't think they can resist it for too long.

2, the competition time is long

Thus, Monero brings another solution, which is to switch the algorithm before any ASIC mining machine may appear. But first of all, this is a fairly centralized behavior. It is not centered on computing power but policy makers. At the same time, if you want to completely avoid the emergence of ASIC, they must choose some ASICs (that is, no other mainstream coins). The use of the unpopular algorithm, which also increases the aforementioned security risks.

At the same time, in fact, ASIC is not a proxy for hardware that can only be used for one kind of algorithm. It can also be designed to be used for mining of most mainstream hash algorithms. In other words, hardware developers actually It is capable of making a dedicated mining machine that can be used for “mining”, although development costs may be higher. In the final analysis, the behavior of Monroe is just a centralization instead of another centralization.

3, the big mining pool has an advantage

At present, a popular research field is “non-outsourcing mining algorithm”, which aims to prevent the emergence of large mining pools. There are many proposals and ideas in this area, such as linking mining results with private keys or making the mines unable to accurately assess the workload of each miner, etc., but there are no mature algorithms.

Let us assume that this algorithm exists and the pool cannot exist. But this algorithm can't change the reason why the mine is happening –

1. Although the long-term expected return of the mining award is the same, the probability of the independent miner getting the corresponding reward for the equipment is small, so it is necessary to bear the risk of great probability risk and currency fluctuation;

2. Independent miners have no interest or relevant knowledge and ability to participate in the consensus, or simply say that even if a miner who buys a mining machine, how many people want to participate in the consensus, how many people simply want to make money? ?

Therefore, the complete elimination of the organizational form of the mining pool will only lead to two results:

1, independent miners can not bear the risk of return on mining, or are reluctant to invest in equipment verification transactions and exit, resulting in the only remaining large mines that can guarantee stable profits;

2, the mining pool adopts a more centralized organization form, so the independent miners join the mining pool in a custody manner, and the mining pool becomes more centralized.

Although the above two solved the mining pool, they did not solve the problem of centralization.

"Calculation decentralization" is the illusion that your computer brings to you.

Having said that, some people may ask, if we can really find an ideal algorithm? An ASIC can't take advantage of it, so everyone can join. An independent miner can get a steady income without having to join the mine pool (such as some DAG algorithms), or a true one CPU one vote. Algorithm.

Ok, then let's consider an extreme situation, suppose we can really find an algorithm like this: each node can submit a work proof to participate in the consensus and get rewards, and this proof must come from a CPU, otherwise they are Unlawful. So, first of all, in fact, whether it is POW, POS, POA (license chain) or something else, all public chain consensus algorithms, not all hope that we can find some kind of anti-challenge attack in an unlicensed malicious environment. , the way to identify real users?

However, POW believes that "calculating" is the best thing to identify. If so, the above algorithm can no longer be called POW, because we are not using "computation" to determine the contribution of the node in the system, but to use "whether it is a CPU."

Also, even if we have such a system, is it really the system we want? What is the system's participants, what kind of nodes should come to participate in the consensus, and what kind of nodes can obtain higher weight, POS advocates to use the number of coins to judge, POA or other alliance chain algorithm advocates the use of real identity And the credibility of the physical world to judge, and POW advocates using computing power to judge, an "ideal POW" in the above, advocates whether or not to have a CPU, and has several CPUs to judge…

But in the final analysis, why do we think that "computing" or even CPU is a more "ideal" and more "fair" solution?

In fact, nothing more than because each of us has almost one, or a few CPUs, so let us have the illusion that computing (CPU) = equality for all = decentralization.

In fact, my core point of view in this paragraph is this: POW is a proof of the ability to use a hash function as a "workload". Its only advantage is that it is easy to verify – this is not surprising, because This is the design requirement for the hash function. However, whether it is an ASIC, a mine or a mine, it is something that comes with a hash function, and these things will eventually lead to centralization.

The reason why we produce "computation" is more decentralized, more non-permitted, more private, and more equal than the "authority", is just because we are in this era. Everyone has a computer.

Of course, if we take reality into consideration –

Since "computation" is not so centralized, and now we happen to have a computing device for everyone, is it a good idea to use this device to determine the participants' right to speak in the system? The answer is no. We can look at the entire industry and upstream and downstream of computing, from research, to wafer fabrication, to chip manufacturing, to energy, to the Internet industry. Almost every relevant core industry is highly Centralized, some industries are more centralized than the banking and government we have been scorning. Why do we think that such an industry will be more “decentralized” than other things after the same centralized capital intervention?

In other words, I think that the reason why we think that "computation" is decentralized is just the illusion that "we all have computers" – "I may not have money, but I have a computer, you also There is only one computer, so we are equal." However, the fact is that when a public chain adopts the POW algorithm and successfully becomes the size of its desired size to form a real computing market, then "computation" can only be centered at a faster rate. Money people and people with resources can seize the market power faster. At that time, the decentralization of computing power will become as ridiculous as the current CPU mining.

The reality of the blockchain consensus algorithm

Having said that, I haven't raised the issue of security at all – I'm just explaining from the basic logic of POW and POS, why in reality, these two algorithms will eventually be fairly centralized.

However, as we mentioned before, the difference between the two is that the POW is very weak against the 51% attack, while the POS is the opposite. The POS is very resistant to the 51% attack, but the non-interest attack is the evil of the small miners. There is no way. So, in the previous article we said that POW is actually safer in a more decentralized environment, and POS is safer in a more centralized environment. Thus, since reality is that both will eventually become centralized, POS is a safer consensus algorithm.

But I guess someone will see here that it will almost be fooled by you, saying that POW is vulnerable to 51% attack, while POW is easy to centralize, but this does not lead to the conclusion that POW is easily attacked by 51% or POW. Is it safe? Bitcoin, Ethereum, and many other blockchains that use POW are now central, but they have not been attacked.

Because, in fact, the security of the POW algorithm is being guaranteed, it is nothing else, it is the ASIC mining machine and centralization.

As we mentioned before, everyone can feel it. The most important cost of doing 51% attack is to get the cost of computing power. As for what future mining profit, what currency fluctuations, what fees and risks, what social costs after the attack… are actually clouds. What is a cloud, that is to say, when someone really wants to attack 51%, these are meaningless, or there are ways to avoid it.

So, in a "centralized POW system", that is, when the computing power is in the hands of some large mining pools or mines, what is the cost of the attack?

Let us consider this issue from the perspective of investment:

Now, we have 8 students who are engaged in virtual currency mining.

1, A rent a mainstream mining machine, 100 yuan a day, according to the current currency price is expected to profit 110.

2, B rent a non-mainstream mining machine, 100 yuan per day, according to the current currency price is expected to profit 120, but the currency price may fluctuate.

3, C buy a mainstream mining machine, invest 60,000 yuan, an average of 3,200 yuan can be dug in March.

4, D buy a non-mainstream mining machine, invest 10,000 yuan, an average of one mine can be dug a weekly profit of 1,000 yuan.

5, E buy a graphics card mining machine, invest 10,000 yuan, the average monthly profit depends on the currency price of the currency.

6, F buy a mainstream mining machine and join a mining pool, invest 50,000 yuan, and then a fixed monthly return of 3,900 yuan.

7, G buy a non-mainstream mining machine and join a mining pool, invest 10,000 yuan, a fixed monthly income of 4,100 yuan.

8, H buy graphics card mining machine and join the mining pool, invest 10,000 yuan, an average monthly profit of 3,500 yuan.

The above profit refers to the net profit at the current currency price (excluding electricity charges). The mainstream and non-mainstream mining machines refer to how many people use the POW algorithm, and then the scenes are compiled by me, just to illustrate some problems. .

In fact, for everyone, he can choose his own investment strategy – buying a mining machine requires more upfront investment, but the long-term return is definitely higher than renting, and the rent is basically limited to the price of the currency, just thinking Try to join the new people who are mining to try the water. Then, the advantage of the mining pool compared to independent mining is the more stable return, so the risk resistance against currency fluctuations is stronger. In addition, the difference between mainstream miners and non-mainstream miners is that the competition in the mainstream currency is more intense, but the currency price is relatively stable, and the non-mainstream currency competition is relatively easy, so the profit is high, but the risk of the currency price is also high. Graphics card mining needs to judge the market, because the coins that can be dug with the graphics card are basically not the mainstream currency. At the same time, if the card mining machine is added to the mining pool and the mining pool is assigned to calculate the power to the highest currency, It will still be affected by the market, and it is possible to earn more or lower than the mainstream currency.

But here, what we need to discuss is not the issue of income, but –

Suppose, now that an M wants to make a 51% attack, then which of the above students' hands in the calculations is easier to acquire?

First of all, the computing power of the lease must be the simplest, because in fact, since A and B can rent the computing power, then M can rent the computing power in the same way. In fact, the previously attacked POW algorithm is basically a blockchain that requires less computing power than the computing power available in the marketable computing market.

In comparison, it is more complicated to get the computing power from the next few students. Here we assume that they are all rational people, then M can definitely say: no matter how much money you buy, I will buy it at a higher price… I guess most people should not reject such conditions, however, this is obviously the most A stupid way (but most of the security analysis for POW believes that attackers will use this most stupid way to gain power). M can also say that I rent you an hour of computing power at a price higher than your one-hour income. But basically no one is willing to take care of such a request, because the time is too short, don't say hours, even a day may not be attractive.

However, the smart M can tell them: I rent your year's computing power, but I pay you the money in a day… So, I guess there will be a lot of people moving. However, if they are alert enough to be aware that M may be malicious, they may still reject this request, because if M attacks 51%, it may cause their income on the mining machine to float – this is true This is especially true for non-mainstream mining machine owners, as mainstream miners can also dig other coins, while non-mainstream miners may lose their use.

Therefore, in fact, from the perspective of M's acquisition of computing power, the higher the cost of miners investing in mining machines, the greater the loss after double payments, the harder it is to acquire them. But at this time, some people may realize that another dimension of “difficulties in obtaining power” is not decentralization? Yes, maybe M can buy C or D to join him, or buy power from them, but there are thousands of M in the world who don't know who is where C or D…

So, how can M persuade oneself to be innocent and let them safely rent out the miners they bought at a large price?

In fact, M does not need to convince them, just give them a slightly higher reward is enough.

Because F, G and H, why do you know that the pool they joined does not belong to M? In other words, in fact, the organizational form of the mine pool itself has been very convenient to solve the difficulties of the two acquisition powers we mentioned.

And we said before, this is actually not a problem with the mining pool. Whether the POW that cannot be outsourced can eliminate the organizational nature of the current mining pool, such centralized systems will eventually exist in some way, because for ordinary For miners, the first place is the income, the second is the ease of use, as for security… look at the volume of decentralized exchanges.

Therefore, in the POW, unless the independent miners can understand their own behavior and are willing to actively maintain the security of the system, decentralization will only allow malicious nodes to take advantage of it, and it is easier to obtain power.

I know that some people will refute the difference between my miners and ordinary users, and I think that miners will be more responsible for the blockchain, but this further confirms my argument –

In fact, we originally hoped that the miners would be more responsible for the security of the blockchain, that is, the interests of the consensus nodes of the blockchain could be consistent with the system, so we had security and only had "malicious nodes not exceeding 50." The assumption of %" makes the entire consensus algorithm meaningful. Whether it is POW or POS, in fact, the proof itself is to hope that the node can provide a "I care about the security of this system" to prove that they are responsible for this system. At this point, the POW is not as good as the POS, because in fact the reward of mining is only a fraction of the value of the entire system, that is to say, "I dig the mine" is actually not sufficient. In the public's perception, we usually think that "I bought a mining machine, if I made a bad mine machine, I bought it" is a sufficient reason, but in fact "I bought a mining machine, but I entrusted it to the mine." The pool is the same, it is also irresponsible behavior.

In the case of responsibility, it is equally irresponsible to entrust the rights to the mining pool in the POS. However, the fact that POS is naturally better than POW is that if you have more rights, you may suffer far more losses than POW (discussed in the previous section), so the larger holders have more reason to bear more. More responsibility, so "I bought a lot of coins" is a more sufficient reason than "I dig mine" or "I have a mining machine", they are willing to take responsibility.

This actually leads to a conclusion that may be quite counter-intuitive to bitcoin fundamentalists, but in fact the blockchain academic community is not new –

A blockchain that everyone can join doesn't make sense—because the inclusion of irresponsible nodes in the consensus only reduces the security of the system because the resources in their hands are easily captured by malicious nodes, whether POW or POS. , or other consensus algorithms, are all the same. Therefore, we want nodes to be responsible, and their interests can be bound to the blockchain to some extent, so all consensus algorithms need an entry barrier.

Otherwise, no matter how the algorithm guarantees, no matter how much they understand the blockchain, whether their nature is honest or not, their interests in the system determine how much responsibility they themselves cannot assume in the consensus. POS will face a non-interest attack. In the POW, although the small miners have a high cost of doing things, they will have greater willingness to join the mine pool, so there is actually no contribution to security.

At the end of the day, we found a rather tragic problem – in fact, the security proof of most public chain blockchain consensus algorithms is meaningless, because no one has more than 50% of the power (equity) assumption in most blockchains. It is difficult to establish a project.

Because the decentralized "majority" that is placed in high hopes does not really participate in the consensus, but like a centralized system, choose to trust large mining pools, big miners, or exchanges, and put their calculations And equity contributions to certain centers. Therefore, what is actually ensuring safety is a large miner, a large mining pool, a big money holder, a opinion leader, a big company in reality, or simply a project founder and founding team. They invested the most in the blockchain, and the chain did not lose the most, and the economic and social costs of the 51% attack were the highest.

Well, there is one last question left now –

All of the above is from a security perspective. So, how important is security? Is it unfair to evaluate POW and POS only from the perspective of security?

In the next final article, I want to discuss such a question: What kind of consensus algorithm do we need? Interested students remember to pay attention.

Author: Maxdeath

Source: Orange Book