Idelto

Cryptocurrency news website

technical

Why Proof-Of-Work Is A Superior Consensus Mechanism For Bitcoin

by

The proof is in the pudding when it comes to Bitcoin’s proof-of-work mechanism versus a proof-of-stake consensus mechanism debate.

There have been countless arguments surrounding both the proof-of-work (PoW) and proof-of-stake (PoS) as a means of gaining consensus on a blockchain network.

Many people have been asking themselves which one is better, and why? In this article, I’ll go over some of the main benefits and drawbacks of each consensus mechanism.

Let’s dive in.

What Is Proof-Of-Work (PoW)?

Proof-of-work is a decentralized consensus mechanism first introduced by Bitcoin (BTC). We will use the Bitcoin network as an example to understand the proof-of-work consensus mechanism.

The Bitcoin network essentially requires members to contribute computing power, such as graphics processing units, to solve arbitrary mathematical puzzles, and prevent anyone from gaining control or manipulating the system.

Every transaction that occurs is validated before it gets added to the blockchain. Each block then gets validated by the miners, who get rewarded BTC tokens as they have put in the “work” through their processing units. Hence, this is called proof-of-work.

The proof-of-work consensus mechanism has stood the test of time. This consensus mechanism has successfully validated billions of transactions on the Bitcoin blockchain for years and has maintained its authenticity and reliability as the most secure and decentralized consensus mechanism created till date.

What Is Proof-Of-Stake (PoS)?

Proof-of-stake (PoS) is a consensus mechanism used on blockchain networks created as an alternative to the PoW method for validating transactions.

In this mechanism, cryptocurrency owners can validate block transactions based on the number of coins the validator stakes (instead of miners validating them). Hence, this is called proof-of-stake (PoS).

The validators in PoS are chosen at random. To become a validator, one needs to stake a specific amount of cryptocurrency token required by that specific blockchain.

There are multiple variations of PoS, such as delegated-proof-of-stake (DPoS), etc. These have been developed and implemented across various blockchain networks, but they all mostly work in a similar way.

When a block of transactions is ready to be processed, the cryptocurrency’s protocol selects a validator to review the block. The validator then checks if the transactions in the block are fully accurate, and if they pass the checks, the block gets added to the blockchain.

In return for doing so, the validator gets rewarded in the form of cryptocurrency tokens for their contribution.

However, if a validator ends up proposing a block with information that is inaccurate, they lose some of their staked tokens as a penalty. This can happen in PoS as there is no hardware that solves cryptographic puzzles (unlike in the case with PoW).

Which Consensus Mechanism Is Better And Why?

Both PoW and PoS are designed to help the nodes on a blockchain network to verify all the transactions that occur.

Once the nodes agree on the validity of a block of transactions, the transactions get added to the blockchain. Both models offer distinctive methods to achieve the same end result.

However, proof-of-work as a system for validating transactions and securing the blockchain network is far more superior to a proof-of-stake (PoS) model, but it comes at a cost.

Below, I have discussed what makes PoW a superior consensus mechanism when compared to PoS, and the costs associated with it.

Security And Data Authenticity

PoW is more superior than PoS from a security and data authenticity perspective. This is due to the fact that in PoW, the data is connected to a proven history of human choices, which cannot cheat in a system that verifies every single transaction.

This system works with 0% trust, and 100% of the transactions are verified and recorded by the network participants on a public ledger.

PoW is also a highly secure consensus mechanism because over a period of time, it makes the network more and more difficult, to a point that it becomes unhackable — because the network is constantly monitored by its participants. These participants now have skin in the game (as they need to “work” to solve for transactions). This makes the network extremely expensive to hack.

On the other hand, the PoS consensus mechanism is more vulnerable to hacks and attacks.

In theory, if a network participant (or a group of participants) gets to a point of owning 51% of staked coins, this network participant (or group) could then essentially control the entire blockchain and alter it. This is termed as a 51% attack.

Network Ownership

Given the design of “mining” for getting rewards, the PoW model enables a decentralized structure.

Bitcoin is a great example of this. Bitcoin’s network is completely decentralized. No one person, entity or country controls it. It is owned and controlled by thousands of nodes running the network, in a decentralized and secured system, backed by PoW.

On the other hand, PoS enables a more centralized structure. The participants who can stake more (often the rich), in theory, can accumulate greater control just by staking more.

This is a risky proposition because if a group of participants eventually gets to 51% control, they can alter the blockchain to benefit themselves.

Haven’t we seen the problems with this kind of system already? Just open your eyes and you will see that we have been living in this system for a while now and look where it has brought us.

Incentive Alignment And Equity

The PoW model rewards miners when they solve complex mathematical puzzles — a block reward and a share of the transaction fees in some cases. This incentivizes the right behavior as the nodes are competing to solve the puzzle to get the reward.

The network keeps getting tougher and tougher, ensuring that solving these puzzles requires greater computing power. This in turn makes the entire network more secure and more expensive to hack or attack.

As the value of the cryptocurrency goes up, the value of the reward goes up. Every miner on the network has equal opportunity of earning the reward and in doing so, they continue to secure the network and make it robust.

This entire setup incentivizes the right behavior and discourages forking, which is the creation of an alternative blockchain when the protocol gets updated.

On the other hand, in a PoS model, the incentive for getting the reward is to just stake more. This leads to the centralization issue with participants staking more, potentially getting greater control of the blockchain. In an unmonitored blockchain, this incentive leads to a bigger security threat with less decentralization and more susceptibility to low-cost attacks.

Test Of Time

The PoW model has stood the test of time. The Bitcoin network is a great example of this.

In the last 13 years, the Bitcoin network has never been hacked or compromised in any way or form. It’s the world’s most powerful network and has stood the test of time from a network authenticity, reliability and security perspective.

On the other hand, the proof-of-stake models are relatively newer and remain in their early stages, both in adoption and implementation. Also, there is a higher level of confusion around the feasibility of some of these models as more and more variations are coming out that have not been fully tested.

Energy Consumption

There have been arguments historically that PoW models demand excessive energy consumption, which leads to increased costs and environmental impacts.

This is true. Indeed, a PoW model consumes a lot more energy than a PoS model.

This is due to the fact that as the difficulty of the network goes up, more and more computational power is needed to solve for the complexity. This is the cost of running a highly secure network.

A monetary network, which needs security at its core, does consume energy. Let’s take fiat currencies for example. Fiat currencies use a lot more energy than the PoW model, like the Bitcoin network would use.

This is because conventional banking backed by fiat currencies relies on paper money, which requires resources to produce them, and results in a lot of waste. When you factor in the energy costs of banks, high-rise office spaces, security vaults, security trucks, and other overheads, the traditional banking system is shown to be far more energy-depleting than Bitcoin.

A PoW model, like the Bitcoin network, doesn’t require any physical resources to produce, apart from the computational power needed to maintain the blockchain. So, while the Bitcoin network consumes energy, it’s still more environmentally friendlier than traditional banking and the fiat currency system that we use today. It’s a much better solution and an improvement of the energy consumption use case and an upgrade to the current system.

In other words, moving our monetary system into the Bitcoin network will not just be more efficient and secure, but will also be an essential step in fighting against global warming.

PoW is a superior system (as we discussed earlier) and it is incentivizing innovation and creativity in the energy consumption space as well.

PoW energy consumption has been heavily optimized throughout the past few years and uses renewable energy, and energy that would have otherwise been wasted.

Let’s take the Bitcoin network for example. According to the Q3 Global Bitcoin Mining Data, a majority of the mining done on Bitcoin is through renewable energy.

In fact, Bitcoin mining energy use is only 0.122% when compared to the world’s total energy. According to the report, in Q3 of 2021, mining efficiency increased by 23%, and sustainable electricity mix increased by 3%.

Image source: bitcoinminingcouncil.com

In fact, Bitcoin mining has increased 43X in efficiency within the last seven years. In other words, its mining is 4,237% more efficient now than it was seven years ago.

This report concludes that the Bitcoin Mining Council has estimated a 3x and 2x improvement in the mining efficiency over the next four and following four years.

So not only is it the most efficient usage of energy today (for the application of a monetary system), it is guaranteed to be dramatically more efficient within the span of the next eight years.

The rewards for mining Bitcoin are high, which incentivizes miners to look for alternative energy sources, leading to innovations in renewables. Since most of the cost of mining Bitcoin goes to electricity, miners are driven to find the cheapest, cleanest source possible to maximize profits.

In fact, Bitcoin mining could be said to be one of the greenest large-scale industries globally. Most of the largest mining outfits are located in regions where renewable electricity is abundant. Renewable energy sources are becoming more and more popular, as they are cleaner and cheaper than traditional forms of energy.

Many experts believe that the future of renewable energy is bright and will eventually overtake conventional forms of energy. Bitcoin mining is leading this charge.

The energy consumption of Bitcoin is a small price to pay, considering the economic and social value that it provides. Bitcoin is worth every bit of energy needed to keep it going.

Conclusion

When you look at all the benefits and costs of a PoW model, you realize that the benefits of the PoW model far outweighs the costs.

PoW is a superior system due to the fact that it is fair, secure, and ensures incentives that are aligned with the goal of the blockchain network, to secure each transaction.

PoW energy consumption has been heavily optimized throughout the past few years and uses renewable energy or energy that would have otherwise been wasted.

Bitcoin is backed by the PoW consensus mechanism and has stood the test of time over the last 13 years. This alone is proof of how effective and powerful the PoW consensus model is.

A network built on equity, security, decentralization and proof-of-work consensus mechanism is engineered to thrive.

This is a guest post by Mir Quadri. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

JoinMarket Lead Adam Gibson Sees A Bright Future For Bitcoin Mixing

by

Adam Gibson, aka Waxwing, is the lead maintainer for one of Bitcoin’s most prolific CoinJoin projects. And he sees a bright future for transaction privacy.

In a recent interview with Adam Gibson, aka Waxwing, lead JoinMarket maintainer and expert on CoinJoining, we talked about the exciting changes that we will see within CoinJoin transactions, how the processes of CoinJoin works in its current state and his outlook on further innovation. But first, let’s talk about what a CoinJoin transaction consists of in its current state.

Keep in mind, when I say “current,” this is in reference to methods actually being used today. This distinction is important because Taproot activation does not mean that new methods now available are actually currently being used.

What Is CoinJoin?

When I asked Gibson to give a simplified explanation of CoinJoining, he gave this response:

“In simple terms, CoinJoins are transactions where more than one person contributes inputs. They don’t require trust because each person only signs the transaction if it pays to the outputs they expect. They’re mainly used today to improve privacy by invalidating the assumption that all the inputs in a transaction are from one person — an assumption that blockchain analysis uses to try to trace the history of coins.”

“Transactions where more than one person contributes inputs,” he said.

Well, what’s an input? Contrary to the user interface found in most exchanges that shows you holding a specific amount of bitcoin at all times, in order to spend bitcoin, it is more like handing over dollars you have to the gas station for your cup of coffee. Bitcoin transactions add up all of your UTXOs (unspent transaction outputs) until they meet the necessary amount for the transaction, verifying that you actually have the units you are trying to spend. These prior transaction outputs totaling up to the amount of bitcoin you have are called “inputs.”

A CoinJoin transaction happens when multiple people are trying to provide the amount of bitcoin they have to finalize a transaction in a more private way. But, you do not by design sign the transaction unless the “output” is paying exactly what you expect to receive. Unspent outputs are simply units of bitcoin that have provably not been spent. If the output is proved to not be spent, then the person on the other side of the transaction can spend that bitcoin, which results in that bitcoin being sent to your wallet. Unless you are paid exactly what you expect, you don’t sign the transaction, preventing it from being completed.

Invalidating the input ownership assumption occurs when multiple people have inputs and outputs of the same amount creating a clear level of privacy to transactions. This can also be accomplished through a process called “signature aggregation,” which was not applicable before Schnorr signatures were implemented in Bitcoin and can make transactions cheaper by allowing all participants to use one single signature.

But what is signature aggregation, and why does it matter?

What Is Signature Aggregation?

When I asked Gibson how he would summarize signature aggregation, this was his answer:

“Since Taproot has been activated, in Bitcoin we can make single signatures that are actually multiple signatures ‘under the hood.’ This makes multi-signatures way less bulky and more private.”

The inception of Schnorr signatures allows for signature and key aggregation. Previously, a verifier would need to validate each signature in a transaction. Once these signatures are aggregated, or combined into one, the verifier only needs to validate the one signature. This comes with a cost savings in processing and resources spent when zoomed out to the entire blockchain. But is privacy enough incentive for people to adopt CoinJoining? We’ll return to this point later, but Gibson thinks we can go further.

This process allows for obvious privacy increases while possibly incentivizing more people to CoinJoin by saving on fees, as each transaction is basically molded with all of the rest, making it far harder to discern where each input/output is going, or coming from. So how does this process work without Schnorr being implemented? I asked Gibson that question, and here is his outline to creating a CoinJoin transaction:

The Process Before Schnorr

“I’ll try to do it as a numbered list,” Gibson said, preceding the incoming information dump that followed, breaking it down for plebs like me.

But before we get into it, we’re going to learn what a “change output” is, in Gibson’s words:

“Basically, forget CoinJoin for a minute and say you’re making a payment for a coffee. you want to pay $5 in bitcoin, but you only have one UTXO available in your wallet, and its value is $20 in bitcoin. So, you make the transaction have two outputs: one for $5, one for $15 (ignore fees for now). The coffee vendor’s address gets the $5 and the other address is one that belongs to your wallet, and you assign it $15. That’s the ‘change output.’”

If your inputs only add up to a larger sum than required, you simply subtract the difference of your purchase from your input, and what is left over comes back to you, while what was spent goes to the person you made an output for. Simple, right? Alright, let’s get into it.

Again, Gibson:

“One, a group of people/nyms gets together and agrees on an output amount, let’s say 0.5 BTC. (This is the hard part! Coordinating anons!).”

Let’s say ten people, or anonymous users (anons), all get together and say we all want to be paid this specific amount. They need to agree on that specific amount, because if the transactions are simply batched (combined without meeting an agreed output they all want), then “they can easily be separated from within that big CoinJoin transaction, just by looking at the numbers,” Gibson explained.

“Two, each person prepares enough inputs to cover at least the 0.5 BTC; just the same way as a normal wallet does when they want to make a payment of 0.5 BTC,” Gibson continued.

You and those ten other people agree to an output of 0.5 BTC. This means that each individual participating in the transaction needs to hold enough inputs to equal that amount. (Simply put, if the expected output is 0.5 BTC, then you need to hold 0.5 BTC to participate.)

“Three, each nym also, as for a normal payment, needs to prepare, a) an output address that they own, where the 0.5 BTC will go and, b) a change address for whatever is left over,” Gibson said.

Admittedly, this part confused me and I asked for a further explanation of what a change address is and how BTC could be “left over” from a transaction. This is the “change output” mentioned above.

Gibson continued:

“Four, this information from two and three is gathered together: a full list of all the inputs from all the nyms, and all the output addresses and change addresses. Different CoinJoin implementations do this differently.”

The information from steps two and three are combined.

“Five, once that info is gathered in one place, the transaction can be assembled.”

How is the transaction assembled?

“The inputs to the transaction are all the input UTXOs from all the nyms, and the outputs are: a) all the ‘output’ addresses, each assigned 0.5 BTC and, b) all the change addresses, where the amounts must be calculated by subtracting 0.5 BTC from the total of all the inputs from that nym,” Gibson said. “This transaction is unsigned, i.e., it has all the information except the signatures, so it can’t yet be broadcast to the Bitcoin network, of course.”

Simply put, all of the information we have gathered thus far is combined into a transaction, and the only thing it needs are the signatures.

Gibson:

“Six: Now that the unsigned transaction is prepared, it is sent to every one of the nyms.”

The unsigned transaction is sent to all parties in the CoinJoin transaction, and then, as Gibson explained:

“Seven, each individual nym signs each input that belongs to them,” and “Eight, each nym sends back their valid signatures on their inputs.”

Everybody sends their signatures back to finalize the transaction, verifying their inputs equal the necessary amount for the transaction.

“Nine, the coordinator gathers all of the signatures from eight. When they have one valid signature for every input in the transaction, they can just insert them into the transaction, and make a fully-valid, signed transaction, and broadcast it.”

Once all signatures are collected by the coordinator, the transaction is broadcasted to the Bitcoin blockchain.

Notes On The Process

“Obviously crucial is that each nym carefully checks the full list of inputs and outputs, to make sure they are not being cheated: the output amounts are what they expect, and their inputs are what they expect,” explained Gibson. “Notice they don’t need to care about everyone else’s inputs and outputs, as long as they get back what they expect.”

As mentioned earlier, the signature should not be given if the output does not match your expected outcome. It is, at current, the responsibility of the involved party to make sure that the transaction lines up.

Now, we can all be forgiven for thinking that the process above sounds a bit heady. Innovation requires patience. Much like the original versions of the web that were largely read-only with horrible user interfaces, eventually we were able to evolve to Web 2.0. Regretfully, this technological innovation has become largely centralized, but it does allow us to see that the pain of founders can eventually be soothed with further innovation. This brings us to JoinMarket.

The Basics Of JoinMarket

Being multifaceted, we will briefly talk about just one of the applications JoinMarket currently runs.

“Joinmarket-Qt is a GUI application which allows users to create wallets and send coinjoins,” according to Bitcoin Wiki. “It is essentially a simple GUI bitcoin wallet with sendpayment and tumbler scripts wrapped inside.”

A GUI (graphical user interface) is just a way to make a webpage or program simple to use. Instead of seeing read-only code that no one can understand, or operating on a command line, which can prove difficult for new users, JoinMarket seeks to make the process of CoinJoin easier and more accessible.

As you can see, a lot of effort is being spent for this particular innovation, and there are other platforms working on this as well. As difficult as it may sound, it’s really quite easy comparatively, as long as all parties can agree on the output. But why is all of this effort being thrown at this particular problem?

Why Does CoinJoin Matter?

This is the exact question I asked Gibson, and he told me:

“[CoinJoin] is a technique to make it impossible for a person, looking at a transaction that you created (example: you are paying them for goods or services), to be able to deduce things about your money (how much you have; what its history is, etc.). This is a big advantage for your security.”

Bitcoin is always about privacy and making sure your funds are kept safe. At the core of every change that happens within Bitcoin, privacy and security remain supreme. Gibson went on to compare the process of CoinJoining with the legacy system:

“Compare with the legacy system: your recipient almost never sees any information about your money/account, except in certain edge cases, while your bank and the government that controls it, might be able to see everything (all history).”

CoinJoining is putting private ownership of your money back in your hands. With Schnorr signatures and signature aggregation in the future, you can interact with others looking to secure privacy, and help lower fees at the same time, all while no financial institutions or centralized governments have any control over your money. Gibson’s closing remarks on this process summarize the need for this innovation, and also the necessity of further innovation.

“A person can certainly try to look at the history of your money or how much you have, directly on the blockchain,” he said. “CoinJoin is one of a number of techniques that ‘makes it impossible’ (except, that is not entirely true, it tries to do that, but it is by no means perfect, so ‘impossible’ is not the right word).”

What Comes Next?

The answer depends on your time preference. In the short term, work can be done to close up the efficacy of CoinJoining to get us closer to that point of imperviousness. Privacy isn’t enough reason for widespread adoption of CoinJoining tactics, that requires other incentives, because some might not care as much about privacy and won’t do the extra leg work just to get there.

One interesting thought is cross-input signature aggregation (CISA). On this, Gibson seems quite bullish. It’s worth noting that while this particular method can create incentives, it does not necessarily do so for private CoinJoins. While private CoinJoins will be incentivized, there will not be a requirement for private CoinJoins to achieve the savings in fees, meaning all CoinJoin transactions will be private.

On CISA, this was Gibson’s response:

“But we could go further: we could combine the signatures from all of the inputs in a transaction (even, say, 100 of them) into one single signature.”

Not only do we have fee savings in standard signature aggregation, but a further implementation of CISA could take those savings even further. Plus, we have yet to discuss how these changes affect the process on a detailed level. But those are discussions for other articles.

This is a guest post by Shawn Amick. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

How Blockchain Commons Is Improving Individual Access To The Bitcoin Network

by

Standards put forth by the open-source software team at Blockchain Commons will help individuals get the most out of Bitcoin.

The below is a direct excerpt of Marty’s Bent Issue #1144: “Gordian principles and software standards.” Sign up for the newsletter here.

via Blockchain Commons

I had the pleasure of sitting down and interviewing Christopher Allen and Wolf McNally from the Blockchain Commons project earlier this afternoon. Blockchain Commons is a group of open source developers focused on building open source tools and standards with interoperability in mind. I thoroughly enjoyed the conversation because it forced me to get back to first principles and think deeply about the precedents that are being set today by those building software that deals with an individual’s access to the Bitcoin network.

There are so many small details that have been abstracted away by wallet software that most users are completely unaware of when creating their key pairs. Is it a single sig or a multisig? What is the derivation path of the particular xpub you are using to produce receive addresses? Is your wallet software able to construct and/or broadcast pre-signed bitcoin transactions (PSBTs)? This may sound like gibberish to many of you freaks, but these small details matter. And, more importantly, keeping these small details in mind to loosely agree upon base level standards for those building wallet software so that users of different wallets can transact with each other seamlessly. With the overarching goal being to minimize the stress around securing sats while maintaining more than sufficient sovereignty and privacy.

The decisions we make today around best practices when building wallet software will have a material effect on the ability of users with different wallets to transact with each other with the utmost confidence. Creating standards that stay true to the Gordian principles put forth by the team at Blockchain Commons seems like a good idea to me.

via Blockchain Commons

Check out the podcast if you get a chance. I think you’ll learn a lot about the type of adversarial thinking that, when implemented effectively, adds to the accessibility and security of Bitcoin.

Ethereum’s Centralization Endgame Makes The Case For Building On Bitcoin

by

In a recent explanation of Ethereum’s roadmap, Vitalik Buterin inadvertently made the case that building on Bitcoin is our only path to decentralization.

In a recent blog post called “Endgame”, Ethereum founder Vitalik Buterin addressed the concerns around undue centralization of Ethereum. But not so that he might dismiss those claims. Nay, he’d rather confirm them.

Source

There are a couple of noteworthy comments in the beginning of this article, such as “average ‘big block chain’,” and “acceptably trustless and censorship resistant, at least by my standards.”

Clearly, Bitcoin is not considered the average blockchain, even by Buterin. All of us remember the Block Size Wars, where a hard fork known as Bitcoin Cash emerged from a fundamental disagreement around the acceptable block size for Bitcoin.

To summarize, Bitcoin as we know it today stood on the side of the everyman, allowing small block sizes so that anyone willing to could easily participate as a node. Proponents of what became Bitcoin Cash wanted to rival the likes of Visa in its ability to process transactions quickly, and demanded larger blocks in order to meet their idea of transactional demand.

The Lightning Network and Layer 2 applications allowed this scaling to ultimately happen on Bitcoin off-chain, which is how El Salvador, for instance, was able to practically accept bitcoin as a legal tender currency.

Now, one might be tempted to utter, “He didn’t say ‘Ethereum,’ he’s talking about other projects.” Fine then, let’s continue, young padawan.

“Trying To Decentralize”

Buterin then provided a roadmap for how one might achieve his “standards” of trustlessness and censorship resistance.

Source

Let’s break them down. First, “second tier of staking.” What’s he going on about? What is “staking” and how does it work?

Staking exists as a consensus model for other cryptocurrency platforms, Ethereum being potentially the most prominent to use this model if it ever realizes promises to adopt it, and is referred to as “proof of stake.”

A consensus model is a way for all of the nodes, or participants in the network, to agree on the information contained within each block of its blockchain. These second-tier holders would validate, while the larger “stakers” would create blocks.

Bitcoin runs on a model called “proof of work.” In this consensus model, think of computers using electricity to solve a puzzle. The resources spent to solve the puzzle are the “work” in proof of work. It actually requires effort and resources.

Ethereum’s proof of stake, however, would require no resource expenditure once it switches from proof of work (God knows when that would be as they change the date constantly), which is cited as a feature, not a bug, by its proponents.

But if there’s no resource expenditure, how are the blocks validated through consensus? The answer is: staking. In order to stake on the Ethereum network, you would be required to have 32 ether. Going off of the floating value of $4,000 per ether, let’s just call the requirement for staking an even $120,000 worth of ether to be a validator. Staking means providing liquidity to an organization, so you can’t touch these staked ether, or move them. Your asset is at stake, and can be lost. You are giving that organization the ability to use your funds. See where the name comes from?

Attestation And Weighted Voting

Ethereum blog

In this blog post on Beacon Chain, we can see that attestation is tied to your ETH balance.

“An attestation is a validator’s vote, weighted by the validator’s balance,” it explains. “Attestations are broadcasted by validators in addition to blocks.”

The higher the balance (with a maximum of 32 ETH), the more weight the vote carries in validating transactions, which is not to be confused with creating a new block.The more ETH you have available, the more likely you are to be chosen to participate in the process, be it with weighted voting procedures or multiple wallets containing the maximum amount of ETH.

This attestation, or validation, is where the aforementioned second tier of staking comes into play.

A “second tier” would allow those with smaller amounts of money to stake as well, but this doesn’t change the fact that those with the most ultimately control everything. This is just to make retail investors feel better about themselves.

Next, let’s refer back to Buterin’s second point from the “Endgame” roadmap, “Introduce either fraud-proofs, or ZK-SNARKs.”

This is basically a way of compressing data so that the validators are not required to see as much of the information. This is accomplished by providing a public set of parameters or rules for validating the information.

The problem here is that trust is usually required. If the parameters are not deleted by the necessary participant in validation, someone can maliciously use those parameters to counterfeit currency.

I won’t go into a massive explanation of what these things are, just know that the point is to compress data in a cryptographic format in order for smaller validators to be required to have less work. This is hardly a fool-proof system, as mentioned with the necessary trust built into the system in most use cases.

In fact, here’s a quote from Buterin himself from a blog post called “Zk-SNARKs: Under The Hood:

“Hence, for this to work it’s absolutely imperative that whoever creates those points is trustworthy and actually deletes k once they created the ten points. This is where the concept of a ‘trusted setup’ comes from.”

Later on in that post, Buterin discusses his hope that the ZK-SNARKs Rollups would scale, which makes it “a difficult market to enter,” by making the process more straining on the validator.

It’s important to note that while SNARKs require a trusted and permissioned private key, there are other options available. zk-STARKs, for instance, seeks to resolve this issue.

“First and foremost, zk-STARKs have solved the trusted setup problem. They completely remove the need for multiple parties to create the private key needed for the string. Instead, everything needed to generate the proofs is public and the proofs are generated from random numbers. zk-STARKs actually remove the requirement in zk-SNARKs for asymmetric cryptography and instead use the hash functions similar to those found in Bitcoin mining.” 

–CoinCentral 

Why would this not be the default solution to retain a trustless system? Buterin answered that on his blog:

“However, this comes at a cost: the size of a proof goes up from 288 bytes to a few hundred kilobytes. Sometimes the cost will not be worth it, but at other times, particularly in the context of public blockchain applications where the need for trust minimization is high, it may well be.”

This is something developers could work to progress and allow for smaller datasets, however, in typical Ethereum fashion, the focus is scale and speed. There’s no value placed on decentralized or trustless systems, only efficiency. Which is exactly why zk-STARKs were not addressed in “Endgame.”

Remember earlier when we talked about Buterin’s “standards” for trustlessness, and centralization? Let’s continue, because all I see is required trust and centralized liquidity.

The next two steps Buterin included in his roadmap, “data availability sampling” and “secondary transaction channels,” will be addressed briefly. Data sampling is just a way for validators to check block space while only needing a smaller portion of the blockchain to be downloaded, preventing larger download requirements.

Secondary transaction channels would work like the Lightning Network mentioned earlier. It would be a Layer 2 that allows transactions to happen off-chain, to be submitted at a later point. There’s nothing inherently wrong with wanting a Layer 2 protocol for scale, but the need of having one emerges from centralized control of data because of massive block size is a problem.

Still with me? On we go!

End Goal For The “Endgame”

In “Endgame,” Buterin then addresses what the fruits of this labor would hold:

“What do we get after all of this is done? We get a chain where block production is still centralized, but block validation is trustless and highly decentralized, and specialized anti-censorship magic prevents the block producers from censoring.”

Block production is still centralized. The entire consensus model that dictates the whole network is still controlled by those who have the most money. “Validation” at this point is trusting random nodes to verify a zk-SNARK, where they have little information, and come to a two-thirds agreement in order to meet an arbitrary threshold to stamp it complete.

But, he said block validation is trustless, right? Hardly. We discussed how the idea of zk-SNARKs will lead to creating a trusted party. Seems like the opposite of trustlessness to me.

Even saying that block validation would be “highly decentralized” still seems like a stretch. Would it be more decentralized than if the change isn’t made? Absolutely. But when you’re starting from zero, any increase looks better than nothing.

Scaling The Centralization

“Imagine that one particular rollup – whether Arbitrum, Optimism, Zksync, StarkNet or something completely new — does a really good job of engineering their node implementation, to the point where it really can do 10,000 transactions per second if given powerful enough hardware.”

–Buterin, ”Endgame”

This is the best part, because what do you think he wrote after the paragraph that followed?

“Once again, we get a world where block production is centralized, block validation is trustless and highly decentralized, and censorship is still prevented.”

Now remember, according to Buterin’s earlier statements in “Endgame,” zk-SNARKs would make the market “a difficult market to enter,” yet somehow the introduction of scaling these rollups makes the centralization even more so by adding validation strain and makes block validation trustless? No. The third-party requirement is simply now at a larger scale of trust.

The Side Chick Problem Of Sidechains

This was Buterin’s comment in the blog when he began to address the idea of multiple-rollups, which is basically the idea that when another project is built on top of Ethereum, users will often rely on a process known as bridging which allows one to bounce between chains without paying fees, or gas on the main chain (Ethereum).

“It seems like we could have it all: decentralized validation, robust censorship resistance, and even distributed block production, because the rollups are all individually small and so easy to start producing blocks in. But the decentralization of block production may not last, because of the possibility of cross-domain MEV.” 

–Buterin, “Endgame”

Let’s assume that I didn’t spend this entire article arguing that there is no decentralized block validation and that this entire paragraph is accurate. Pay attention to that last sentence: “Decentralization of block production may not last, because of the possibility of cross-domain MEV.”

What is cross-domain MEV? And didn’t this entire blog state repetitively that there is no decentralized block production already? Oh, he must be saying that the small amount that exists would die completely because of this. So, what is it?

First, let’s establish MEV. In “Unity Is Strength: A Formalization Of Cross-Domain Maximal Extractable Value,” the authors paint a fairly clear picture in the abstract (summary) of the research paper:

“One example of such is the Ethereum modular architecture, with its beacon chain, its execution chain, its Layer 2s, and soon its shards. These can all be thought as separate blockchains, heavily inter-connected with one another, and together forming an ecosystem. In this work, we call each of these interconnected blockchains ‘domains,’ and study the manifestation of Maximal Extractable Value (MEV, a generalization of ‘Miner Extractable Value’) across them.”

In their example, the authors of “Unity Is Strength” are using Ethereum and Layer 2 protocols as separate blockchains, but deeply connected ones. A Layer 2 can be anything built on top of Ethereum that requires blocks to be solved.

“In other words, we investigate whether there exists extractable value that depends on the ordering of transactions in two or more domains jointly,” the “Unity Is Strength” authors wrote.

The MEV refers to the value you can extract by changing the ordering of transactions. So, imagine a scenario across multiple blockchains (or in Ethereum’s case, different second layer rollups, sidechains, etc.). Which chain comes first? Think about someone using Polygon (a Layer 2 protocol for Ethereum that seeks to transact between chains). Is there value to be extracted by placing the Ethereum transactions first? How does that affect the sidechain to be placed in a secondary, tertiary or even lesser level of importance? This puts Polygon at a lesser level of priority.

“We find that Cross-Domain MEV can be used to measure the incentive for transaction sequencers in different domains to collude with one another, and study the scenarios in which there exists such an incentive,” per the “Unity Is Strength” authors.

Cross-domain MEV is the process of determining the value of a specific sequencing order of transactions from two, or more domains.

Which chain is more valuable in the sequence? More valuable chains give their consensus makers more leverage in negotiating to share profit with other chains when there is MEV to realize. This gives the consensus maker power and reason to prioritize one chain over another.

What happens with processing different chains as one becomes of greater importance than another? The preferred chain, or the most important chain (Ethereum in this case) receives larger staking, which means much of the network becomes devoted to extracting that value. This creates a demand on a specific side of the transactions, leading to a larger presence of liquidity centralizing to the greatest extractable value. Now, not only is the consensus model centralized, but the entire platform becomes centralized against its own Layer 2 protocols.This dynamic creates the ability to distort consensus on other layers or chains.

Collusion across chains allows leverage to be held against the network as MEV is prioritized. The creation of a multitude of tokens leads to competition in MEV and creates a priority queue.

In Conclusion

I don’t think Buterin is maliciously intending to be deceitful. I have respect for what he has accomplished, and this is in no way meant to be an attack on him, or his future ambitions. But I purposefully reject this narrative.

His blog started with admitting that he was giving up centralization and requiring trust, but that it was being done in a way that meets his “standards.” The small amount of decentralization that remains in Ethereum block production will die as this roadmap completes. The addition of zk-SNARKs, or any other zero-proof method they attempt to install will result in scaling that leads to even further centralization. Money will dictate this platform, and maybe that’s the intention. I admire the efforts of scaling and secondary tiers of staking in order for retail to have a larger presence. But that doesn’t make it right.

Bitcoin maintains its low block size so that nodes and miners alike can participate without massive hardware requirements, or unsustainable liquidity demands. While Ethereum upgrades focus on creating a false ideology of decentralization, Bitcoin’s upgrades will continue supporting world-changing development, furthering security, scaling with little-to-no fees (Strike, we love you), and allowing its users the privacy they deserve.

This is a guest post by Shawn Amick. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Instant Bitcoin: My First 30 Days On Lightning

by

Instant Bitcoin: My First 30 Days On Lightning

This is a journal of my experience with Lightning that will be useful to any newcomers to Bitcoin or Lightning. As a disclaimer, there are many more ways to do things than I have shown here. There are a range of products and solutions for getting started, some more complicated than others. While there are certain standards and best practices for using Bitcoin and Lightning, the only way to get better is to jump in wherever you feel comfortable and learn a lot as you go.

Before diving in, it’s good to have an understanding of the difference between Bitcoin Layer 1 and Lightning, i.e., why Lightning exists, its own trade-offs and special considerations. This post specifically pertains to operating Lightning channels. Effective channel management can be a rabbit hole of its own, but before we can make sense of it, let’s establish some key concepts.

  • Read and contribute to the PlebNet resources and discussions.
  • Being a node operator will come with an upfront investment but pays dividends in knowledge and experience. Think long term.
  • For routing, focus on peer selection, uptime and liquidity management.

Note, you don’t have to be a large routing node in order to enjoy the benefits of using Lightning. Merchants can accept Lightning payments for their business, and as an end user, you can make Lightning fast payments on your own terms, and that alone is reason enough to run a node.

I’m using a Raspberry Pi along with one of the well-known node starter packages. One thing I didn’t know before joining PlebNet was the importance of having an uninterruptible power supply or battery backup — and this is a must for avoiding outages.

My primary Lightning tools thus far have been ThunderHub and Balance of Satoshis (BOS). I was also a complete noob to Linux, and so if you’re at all inclined, I recommend learning the basics of the Linux command line, as it really helps to understand what’s going on under the hood as you click around on a fancy UI.

My first channel was a small one with a capacity of 150,000 sats as I needed to first get on the network graph, and this helped to go through the motions of opening a channel and watching the funds move. My first Lightning payment felt like magic.

I proceeded to open larger channels and was careful to select peers who I trusted — trust in the sense that I took the time to qualify their reputation in the community. My peers have a track record of being honest Bitcoiners as well as competent node runners. Yes, Lightning is designed to be trust-minimized, so you should be able to connect with strangers. However, I want to reduce the chance of costly scenarios and downtime due to poor node management by unvetted peers.

A routing node requires both inbound and outbound liquidity. One way to acquire inbound is by doing what’s called a loop out. In the beginning, I was looping out channels one by one in order to balance the liquidity. I did so at my own cost so as not to inconvenience my channel partner.

I later learned after reading the Voltage series on routing nodes at blog.voltage.cloud that a better way to get started is to open as many outbound channels as you can and loop out multiple channels at the same time. Lightning terminal figures all this out for you. I did a loop of several million sats at once, and I will say that got my heart beating momentarily. In general, I try to move coins around in smaller quantities, that way all your funds aren’t tied up at the same time.

I also used my own Strike wallet to perform loop outs, but since the sats arrive as dollars on the Strike app I suffered exchange fees by having to convert back to bitcoin. In either case, the cost to loop out is still remarkably small — around 20–30 basis points.

Note that I chose to loop out channel funds in order to create a balanced liquidity profile of the node. This service comes at a cost, so going forward I plan to do free liquidity swaps and simply add or remove channels as needed. Looping out is useful in the beginning to bootstrap liquidity but otherwise not necessary to do for every channel. In addition, you can always just purchase inbound channels and avoid the technical details.

I had nine or 10 channels open when I saw my first forward go through and I was ecstatic. I set my fees to be fairly low but enough to potentially recoup channel costs if all the funds were forwarded at one time (see c-otto.de for a more detailed discussion on fees). While my goal is to achieve a low-maintenance node with organic flow, I certainly noticed the forwards were primarily one-way through a small number of routes. This is where rebalancing and fee adjustment matters.

For the first 30 days, the node had 26 forwarding events at an average of 144ppm, and this amounted to 60% of the node’s local liquidity. Earnings were only 1,300 sats — not very much, but hey, it’s satisfying nonetheless.

At a high level, the costs include chain fees, routing fees and Lightning-related service charges, and that’s not to mention the cost of hardware. The cost of chain fees includes not only channel opens/closes but also deposits and withdrawals to the Lightning wallet. The routing fees paid largely came from performing the loop outs, and routing fees can rack up the more sats you have to move. I also made two payments to a few friends from my node which incurred routing fees. I started a spreadsheet to help track expenses in each category. This helps to reconcile the balances that the node is showing on screen. Records indicate I’ve paid around 29,000 sats out of pocket after all the channel opens and loops. Specifically, BOS is telling me I’ve spent around 4,000 sats in chain fees and over 25,000 in routing fees.

It’s hard to be exact because I had to attempt to account for sats eaten up by exchange fees. There was also some initial confusion around commit fees and channel reserves which are funds you own but are not reflected in the available channel balance. It’s vital that you get used to doing accounting in bitcoin terms, although to what order of precision is a personal choice.

Comparatively, I paid a lot more sats to get my channels up and running than I have earned in routing fees. But keep in mind the cost to bootstrap liquidity should be a one-time cost. Not only that, but the funds in a channel can move back and forth endlessly allowing a channel to route many multiples of its capacity over the life of the channel. I would say 25,000 sats was well worth the investment in education.

My goal for next month is to increase node capacity by 20% and see positive net earnings. Looking ahead, these are some more areas of interest:

  • Explore batched channel opening and channel funding from cold storage.
  • How might using multiple Lightning Network wallets or nodes facilitate liquidity management?
  • Experiment with automated channel management tools.
  • Improve security, reliability and uptime.

For help, don’t hesitate to ask questions; the plebs and I will be happy to assist!

This is a guest post by Tyler Parks. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

​​