10 years later: the risk that Satoshi failed to foresee
In 2008, Satoshi famously proposed his peer-to-peer protocol for establishing collective trust.
The mathematical beauty of Satoshi's algorithm comes from the marvelous property that for the entire system to work: no single party is required to trust their counterparts.
To accomplish this without a trusted party, transactions must be publicly announced, and we need a system for participants to agree on a single history of the order in which they were received. The payee needs proof that at the time of each transaction, the majority of nodes agreed it was the first received.
[Nakamoto, 2008]
Now, let's cut the to the chase and address the unforeseen issues that Satoshi did not see coming. Satoshi's trust algorithm relies two pillars:
- Proof-of-Work: Work is a scarce resource.
- Incentive: greedy miners have the incentive to stay honest.
In this article, I'll cover:
- why neither of these trust pillars necessarily hold
- the implied risks and how to best avoid them
Let's first focus on the second pillar.
Do miners have the incentive to stay honest?
Satoshi claims that if miners decides to attack the network, they will undermine the system that provides value to their coin balance and mining operations in the first place, and therefore there is no incentive to attack the network.
If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.
[Nakamoto, 2008]
At the inception of bitcoin, the incentive hypothesis is actually very reasonable.
A crypto currency miner invests large amounts of capital to acquire mining capacity. During normal mining operations, the miner collects block rewards as well as transaction fees. Should miners use their mining capacity to undermine the network, it would sunk the value of the network as a whole and destroy the value associated with the mining capacity.
10 years later, however, the crypto currency ecosystem evolved in ways that Satoshi’s vision did not foresee and this no longer holds true.
The reality today is different. There's no more one network: there are hundreds of crypto currencies, each with their own blockchain.
Satoshi did not foresee the proliferation of forks that we see today, and that is a bad bad thing.
What we see today is that the work available from an installed mining capacity is easily fungible within subsets of those crypto currencies.
I’ll pick the two obvious examples: Bitcoin (BTC) and Bitcoin Cash (BCH).
BCH was a fork from BTC that preserved many properties allowing mining rigs for BTC to be used for BCH and vice-versa. Should one of those two coins be attacked by miners, destroying the network, the value of the invested mining capacity does not disappear.
Now let's go back to the first pillar.
Mining capacity is not always a scarce resource.
Now this is were things get ugly.
The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote.
[Nakamoto, 2008]
Looking at the BTC/BCH pair, we see that approximately 10% of the mining capacity is currently allocated to BCH and 90% allocated to BTC.
From this, it's obvious that for BCH (the smaller network), the first pillar does not hold. The proof-of-work happening in BCH can be easily overwhelmed by the capacity in BTC, should BTC decide to attack BCH.
Observe the converse is not true: because BTC receives most of the mining, it is not vulnerable to mining attack.
The scarcity of work as proposed by Satoshi still protects the BTC network: the mining capacity to attack BTC does not excit.
For the BCH network, the capacity to attack it exists, and it's out there. While the BTC protection relies on a mathematical impossibility, BCH protection relies on how much it would cost to attack it: the opportunity cost of mining BTC vs. attacking BCH.
An attack on a smaller currency would primarily hit exchanges.
Timeline of an attack (BCH example)
- Mining capacity is diverted to mine BCH, in parallel with the main chain. The parallel chain has to be just enough to keep up with the main chain.
- Fake or compromised accounts are funded via BCH transfers. These transfers are registered in the main chain, but not in the parallel chain.
- Accounts immediately convert BCH to BTC, or any other blockchain.
- The parallel chain gets a boost, replacing the main chain.
- The exchange takes the loss.
- Rinse and repeat until the exchange goes bust, or BCH plummets too far and trading BCH is no longer possible.
How much miners can be trusted?
It's hard to quantify the risk here, but note that each of the top 5 BTC mining pools have the capacity to solely execute a 51% attack on BCH.
It only takes one of them.
To be fair, everything up to here was theoretical. I personally don't believe miners would actually attack smaller currencies.
The most likely scenario is one of those mining operations becoming compromised by hackers.
How to avoid the risk
There is a real counterpart risk. Exchanges would obviously be the primary targets of this class of attacks, and they should implement safeguards to protect themselves.
For exchanges:
- Limit or disallow funding accounts with at-risk currencies.
- Prevent fake accounts. In particular, know your customer.
- Protect customer accounts, to prevent compromised accounts.
For individuals:
- Avoid exchanges that list at-risk currencies. You do not want your savings there if they get hit.
- Don't invest in at-risk currencies.
Obs.: I picked BCH as an example because it’s likely the most critical target today. It’s small enough to be vulnerable, and big enough for an attack to profitable. Any crypto currency in the same situation should be considered at-risk.
[Nakamoto, 2008] Nakamoto, Satoshi. “Bitcoin: A peer-to-peer electronic cash system.” (2008)
