-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpreliminaries.tex
132 lines (122 loc) · 8.76 KB
/
preliminaries.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
\section{Preliminaries}\label{sec:preliminaries}
Before studying the egalitarianism of different cryptocurrency consensus mechanisms, we
provide a description of the leader election process, which is a central part
of each blockchain consensus mechanism. We give an
overview of the details of the two most common decentralized consensus mechanisms,
proof-of-work and proof-of-stake, in order to establish an understanding of the
differences in egalitarianism between the two models.
\noindent\textbf{Proof-of-work.}
The core idea behind proof-of-work cryptocurrencies is solving the
proof-of-work inequality. Specifically, the mining hardware is provided with
two constants, $\textsc{previd}$ and $\textsc{data}$, \ie the id of the
tip of the adopted blockchain and the data which need to be appended to it. The mining
device then \emph{brute-force} searches for some string \textsc{nonce}, such
that $\hash(\textsc{previd} || \textsc{data} || \textsc{nonce}) \leq T$ for
some hash function $\hash$ defined by the system. Here, $T$ is a
---relatively--- small number called the \emph{difficulty target}, which is
adjusted in order to ensure a stable block production rate, although typically
remains constant for periods of consecutive blocks called \emph{epochs} --- for
example, in Bitcoin, epochs are $2016$ blocks long~\cite{SP:BMCNKF15}. Because the search for
solutions is exhaustive, the expected number of solutions found by a given
miner is proportional to the number of evaluations of the
hash function $\hash$ she can obtain in a given time frame.
The number of hash evaluations is one of the several critical parameters to
consider when purchasing mining hardware. Other important parameters include
the price of a mining unit, as well as its electricity consumption. Mining
hardware is divided in various tiers based on performance, namely CPU miners,
GPU miners, FPGA miners, and specialized ASIC miners~\cite{taylor2013bitcoin}. Although the pricing of
such devices may be similar, the hashing rate and, in turn, the return on
investment, is highly dependent on the hardware's tier. For example,
the mining hardware ``Whatsminer M10'' produced by the company ``MicroBT''
costs $\$1{,}022.00$ per unit and produces $\$0.104266$ per hour of operation in
net gains, \ie average mined Bitcoins per hour denominated in US dollars with today's
prices (December 2018) minus the electricity costs. On the other hand, the
mining hardware ``8 Nano Pro'' produced by the company ``ASICMiner'' costs
$\$6{,}000.00$ per unit, but produces $\$0.315327$ per hour of operation in net
gains, \ie almost three times the hourly net gains of its cheaper competitor.
Thus, if one can afford to purchase the more expensive hardware, each of their
subsequent dollar invested in electricity returns more mined coins.
It has long been folklore knowledge in the blockchain community that mining
becomes more egalitarian by using a memory-hard proof-of-work function. This
intuition is correct, the core reason being the difficulty to construct
specialized hardware for memory-hard functions. For example, no ASICs
currently exist for Monero mining. Therefore, the only way to scale mining
operations is by purchasing more general purpose hardware. However, since the mining hardware
in this case varies little, both in terms of cost and performance, scaling
returns become proportional to investments. To the best of our knowledge, our
work is the first to confirm this correspondence between the
memory-hardness of proof-of-work hash functions and the economics of mining.
\begin{remark}[Block generation at scale]\label{rmk:pow-scale}
We only analyze the scaling of the economics of mining with
respect to hardware. We also do not take into account basic costs such as
shipping and the availability of a basic machine to co-ordinate mining (such as
a personal computer not performing mining itself). A multitude of additional
factors play important roles for mining operations, such as space rental costs,
machine cooling and maintenance costs, as well as bulk electricity purchase. As
is common in economies of scale, these relative costs are reduced for
large-scale operations, although they are similar for all proof-of-work
cryptocurrencies and thus do not affect relative comparisons between them. We
also remark that we analyze mining costs for small capital investments. If
larger capital, \eg above a few million US dollars, is available, corporations
can develop their own specialized hardware and gain a competitive advantage by
treating it as a trade secret~\cite{taylor2013bitcoin}. Indeed, these details
make our comparison in favour of proof-of-stake \emph{more pronounced}, as
proof-of-stake operations do not incur such types of costs and do not lend
themselves to specialized mining hardware research. We leave the analysis and
calculation of egalitarianism under these parameters for future work.
\end{remark}
\noindent\textbf{Proof-of-stake.}
In proof-of-stake, a minter is selected in proportion to the stake they hold,
which is to say proportionally to the amount of money they own. There exist a
number of flavors of this process. In one case, all coins automatically
participate in the leader election process --- this is the case for Ouroboros~\cite{C:KRDO17} and
Ethereum's Casper~\cite{buterin2017casper}. In a second flavour, the stake has
to \emph{opt-in} to participate in the election by a special process, such as
purchasing a \emph{ticket} or becoming a delegate of the stake of other users.
This is the case for cryptocurrencies such as Decred~\cite{decred} and EOS~\cite{eos}. Among those
participating in the election, a leader is elected at random, in proportion to
their stake.
% While some protocols such as Ouroboros elect \emph{exactly one} leader, there
% are protocols, in both the work and stake setting, such as Bitcoin and Ouroboros
% Praos, which can elect multiple leaders for a particular time slot. However, the
% final blockchain forms a \emph{sequence}, and hence only one block survives among multiple competing blocks.
% As will shortly become clear, our analysis is not sensitive to such nuances.
Proof-of-stake is often criticized for its lack of egalitarianism. The
rationale is that, in proof-of-stake, the more money one stakes, the more money
one generates. Thus, the \emph{rich get richer}, which is precisely the
\emph{opposite} of egalitarianism. Additionally, in proof-of-stake systems, the
money owners could constitute a \emph{closed, rich club}, refusing to share the
assets with any outsiders. In contrast, this argument claims, proof-of-work is
naturally egalitarian: everyone is paid not according to the money they own,
but according to the computational power they put to work. In this case, since
computational power is a \emph{natural} thing and cannot be exclusively owned,
a closed rich club cannot be formed.
% In the worst case, one can still
% have a minuscule chance of generating a block with computational power by mining
% with pencil and paper~\cite{paper-mining}, or by building one's own computer.
Although this argument seems agreeable at first, the results of our work contradict it.
In fact, correctly parameterized stake-based systems are much more egalitarian than work-based ones.
It is instructive to dispel the above argument intuitively, before we support
our position with data. Firstly, the argument that money can be exclusively
owned, but computational power cannot, is rather misguided. Indeed, this may be true
in the case of a peculiar oligopoly, where a small faction of parties mutually
agrees to never sell to outsiders, despite external demand. However, in an open
market, both money and computational power can be freely purchased and, in
fact, any non-negligible amount of computational power must be necessarily
purchased that way.
In the present work, \textbf{we assume an open market} for both mining hardware
and financial capital which allows participation in the respective systems.
Therefore, given that both money and computational power
are purchasable, we now need to consider the funds one needs to invest either in
technology or in financial capital in order to maximize the returns from a
cryptocurrency's block generation mechanisms. The amount of cryptocurrency
generated by a given investment can be concretely measured and compared, thus
the question can now be analyzed quantitatively and answered concretely.
We should
note that variations of proof-of-stake, such as ``delegated proof-of-stake,''
may not be perfectly egalitarian, since the delegates, \ie the leaders of
the stake pools which are formed, typically earn extra profits for managing the
stake pools~\cite{bkks2018}. In this paper, we only concern
ourselves with non-delegated variants, \ie \emph{pure} proof-of-stake protocols.
We leave the study of the contrast between pool formation mechanism truthfulness
(or Sybil-resilience) and egalitarianism for future work.