Decentralised consensus and the disintermediation of trust
Please note the disclaimer at the bottom of this page.
Despite the hype around blockchain, the key innovation that made cryptocurrencies possible was to create a reliable consensus mechanism to validate transactions in a decentralised manner. Although blockchains make clever use of cryptography to allow anyone to verify their integrity as a transactions ledger, the more fundamental problem was to ensure that only valid transactions enter the blockchain, and that they do so in a well-defined process. For this to work without a central authority, a mechanism was required that would generate consensus amongst network participants on which transactions will be included in the ledger.
How decentralised consensus has enabled cryptocurrency payments
Bitcoin’s solution was to introduce a proof-of-work¹ consensus mechanism, in which ‘miners’ gather transactions they want to endorse in a block, and then solve a difficult cryptographic challenge that links this block to the existing blockchain.² This challenge is so difficult that it can only be solved by computers which consume significant amounts of electricity in the process. Once a miner has found a solution, they publish the result and broadcast the linked block to the network. By design, the cryptographic challenge and its difficulty are publicly known, so that anyone can readily verify the amount of electricity that must have been expended to create this block — the miner has delivered his proof of work.
Since the miner has provably incurred a cost in generating a block, the network can either reward or punish him. The convention is that if the majority of the network is happy with the transactions the miner has included in his block, he will be rewarded with the transaction fees that were attached to the transactions in his block. But if the network disagrees with the miner, it will punish him by rejecting the block. In this case the miner would have incurred a cost without getting anything in return. Without going into the details of how acceptance or rejection of blocks can be achieved in a decentralised setting,³ let us make the following key observation: cryptocurrency networks achieve consensus by punishing bad actors. This disincentivises malicious behaviour and ensures that only legitimate transactions enter the blockchain.
How trust is maintained in fiat currency networks
Let us compare this with fiat currencies, where we need to place trust in entities such as banks and payment service providers to process legitimate transactions in a timely manner, and reject fraudulent ones. But why can we trust these entities? Ultimately, it is the same mechanism: malicious behaviour is disincentivised by having laws that allow for the punishment of bad actors, for example by imposing fines or imprisonment. Of course, the centralised structures that society has built to govern the interactions of individuals are designed to resolve all sorts of conflicts, whereas cryptocurrency networks establish trust with respect to just one particular application: payments.
Both fiat and cryptocurrency networks rely on bad actors being punished.
We conclude that fundamentally both crypto and fiat currencies employ the same principle to ensure that transactions cannot be manipulated. The fact that cryptocurrencies are trustless, i.e. decentralised, but the fiat system requires trust may differentiate the two to some extent, but in itself does not necessarily make one superior to the other. Instead, the more relevant feature economically is that consensus on cryptocurrency protocols encompasses not only the rules on transaction validation, but also the supply schedule.
While transaction validation works reasonably well in fiat currency systems even when there is serious political or economic turmoil, the latter is an issue even in stable developed countries, where central banks can expand or contract the money supply. Such actions are often contentious, unpredictable, and may disadvantage certain parties over others. In the case of a cryptocurrency like bitcoin, it’s hard to imagine how the supply schedule that was defined in the whitepaper could be altered, as it is such an ingrained part of the protocol definition.⁴ Strong network effects work in the favour of cryptocurrencies that are widely adopted.
For the first time are there assets which are both well-suited for transactional purposes in an interconnected world and also resistant to supply manipulations.
This is what makes cryptocurrencies such a powerful concept. For the first time are there assets which are both well-suited for transactional purposes in an interconnected world and also resistant to supply manipulations. As a result, cryptocurrencies have the potential to reduce the demand for traditional means of payment, such as fiat currency, as well as traditional store-of-value assets such as gold.⁵
Decentralised consensus for applications beyond payments
Cryptocurrencies have demonstrated that decentralised consensus mechanisms can disintermediate established societal structures for building trust. However, payments are a particularly simple application, because whether a transaction is fraudulent or not can easily and objectively be verified. This makes achieving consensus relatively easy too.⁶
Going forward, the big question will be for which other applications decentralised consensus mechanisms are sufficiently robust. The less binary the distinction between good and bad behaviour, between right and wrong, becomes, the less likely it is that disintermediation of conventional, trustful structures will be feasible.
But certainly for commercial arrangements, which are often more about fact and figures than fuzzier concepts such as morality, there is potential for smart contract platforms like Ethereum to compete with traditional contracts and the way they are enforced in courts. The big challenge will be how to interact with the real world, so that use cases can go beyond the limited set of applications that can be realised purely on-chain, such as payments. Oracles⁷ provide a mechanism to do this, and may allow decentralised consensus mechanisms to extend their reach beyond the validation of cryptocurrency transactions.
As with payments, a trustless set-up in itself is not necessarily superior to a trustful mechanism, but for applications where the cost⁹ of executing and enforcing smart contracts is lower than that for conventional contracts, the technology may be adopted.
- Proof-of-work in itself wasn’t new, and had already been used in the digital world, for example in the form of Hashcash, which was designed in the late 90's to prevent denial-of-service attacks and email spam.
- To explain how the linking is done, we first need to introduce hash functions. These are a mathematical functions that take an arbitrary input and map it to an output of fixed size, the hash. The second defining property of a hash function is that it is very easy to calculate the output from the input, but extremely hard, given an output, to find an input that would have produced this output. Ultimately, hash functions make use of one of the most fundamental properties that integers possess: it is easy to multiply them together, but it is very difficult to invert this operation, i.e. to find the prime factors that constitute a given integer. Essentially all cryptography hinges on this one simple fact. Coming back to linking blocks, this is achieved by calculating a hash of the transactions the miner has included in their block together with the hash of the previous block. Not just any hash however, but one that has a certain format — in the case of Bitcoin, the hash must start with a certain number of 0’s. This is the cryptographic challenge the miner must solve, and the more leading zeros are required the harder the problem is. For the purpose of obtaining different hashes, the miner is allowed to include an arbitrary number, called a ‘nonce’, in his block. The cryptographic properties of this set-up ensure that the only way a miner can find a valid hash is by trying a huge number of different nonces until he gets lucky. This is similar to launching a brute-force attack to crack a password.
- For the interested reader, here a brief explanation of how this works in the case of Bitcoin: if a miner wishes to reject a block, they can let everyone know by linking the next block they produce to a previous block in the blockchain, leading to a second branch of the blockchain, where two blocks now link to the same predecessor. Other miners then signal their endorsement of one or the other of these two competing branches by linking the next blocks they produce accordingly. The protocol defines that after a certain cut-off point, that branch wins which miners have added the most blocks, or, more precisely, the most proof-of-work, to. The other branch gets discarded.
- For each block that gets included in the blockchain, there is a ‘coinbase’ transaction in which the respective miner issues bitcoins to himself. The number of bitcoins issued in the coinbase transaction declines exponentially over time, and the last bitcoins will be issued in 2140. From then on, miners will be rewarded solely with transaction fees. Should a miner try to issue himself more than the allowed number of bitcoins in a coinbase transaction, the network would simply reject the block. The incentive to do so is very strong — and hence reaching consensus very easy — as only one miner would profit and everyone else get diluted.
- More on cryptocurrencies as a store of value in an upcoming piece of mine. To give some context, current cryptocurrency market capitalisation stands at ca. $300bn, whereas physical cash globally accounts for $4.5tn, and gold for $7.7tn.
- As an interesting aside, Satoshi stated in the bitcoin whitepaper that he had solved the double-spend problem, a particular type of fraudulent behaviour whereby a bad actor spends their coins twice. However, I would argue that the much bigger achievement was to resolve potential disagreements over non-fraudulent transactions. Because anyone can readily verify whether a coin has been double-spent, and it is such an obvious breach of the protocol, it seems unlikely nodes would accept or propagate blocks containing a double-spend, much like blocks without a valid hash or in which coins are spent without valid private key signatures would not be accepted. In such cases, proof-of-work is not so much needed to reach consenus, but more as a spam protection measure similar to Hashcash (see footnote 1). On the other hand, consider a situation where two miners solve a block simultaneously. Both miners have adhered to the protocol, but the network must still decide on one block over the other. Following the process detailed in footnote 3 provides a fair and well-defined method for resolving such a scenario.
- Oracles feed real world data to blockchains. They can be implemented in a trustful manner, such as a stock exchange or weather station simply publishing data on a blockchain, or in a trustless manner in which network participants reach consensus on some real world event.⁸ To illustrate the differences between the two approaches, let’s assume an energy company needs a temperature measurement for London to settle a derivatives (smart) contract it entered into to hedge its exposure to the natural gas price on a cold winter’s day. Relying on the temperature published by a weather station, there is the risk that somebody has bribed the station’s operator to publish an incorrect figure (one of the two parties to the derivatives contract would have an incentive to do so), or that the equipment used has been tampered with or is broken. With a decentralised oracle, neither risk exists: there is no single entity that can be bribed (and moreover those entities are anonymous, so it’s impossible to even know who to bribe), and secondly a whole number of different devices could have been used by those entities to measure the temperature. In fact, a number of individuals could have simply guessed the temperature, and the law of large numbers would ensure that the result is still accurate, as the following video strikingly demonstrates, albeit for a different question: https://www.youtube.com/watch?v=iOucwX7Z1HU&frags=pl%2Cwn
- Consensus can be reached by getting network participants to vote on what the correct answer is. Network participants can be incentivised to participate in the vote by pledging some prize money. Since we are on-chain, this prize money is a certain amount of cryptocurrency. In order to avoid sybil attacks, in which an entity tries to obtain multiple votes by pretending to be several entities, there will also need to be a punishment mechanism. Oracles typically require voting entities to pledge some cryptocurrency to the smart contract that administers the vote, which only gets returned to those entities that voted for in line with the majority answer. In principle, this is very similar to the bitcoin consensus mechanism that we discussed further above, and ensures that the majority answer will be the correct answer.
- In the case of payments, this cost comprises transaction costs for cryptocurrencies vs those in banking systems, as well as the risk of unforeseen changes to the supply. For contracts, this cost would include upfront expenditures like the implementation of a smart contract by a developer and pledging prize money (see footnote 7) vs a lawyer drafting a conventional contract, as well as the risk of obtaining an unintended outcome, for example because an attacker expended sufficient resources to successfully manipulate the outcome of the vote, vs the cost of enforcing a conventional contract in court, or the risk of a miscarriage of justice occurring.
This article is for informational purposes only and is not, nor should it be construed as, investment advice. This article is not an offer, nor the solicitation of an offer, or a recommendation to buy or sell any assets or financial instruments. Readers should not rely on any information or opinions presented in this article and should always do their own due diligence and seek advice from their own financial advisor. The opinions expressed in this article are those of the author.