Warning: This article is not noob friendly. It assumes you already know about Decred and it’s hybrid PoS & PoW consensus mechanism, as well as the nature of double spend attacks, otherwise known as 51% attacks.
This article tries to answer the following questions:
1. Is Decred’s Hybrid Proof of Work & Proof of Stake consensus mechanism more resistant to a double spend attack (often called a 51% attack) than Bitcoin’s Proof of Work consensus mechanism?
2. How about when compared on an equal playing field?
3. And if hybrid PoW & PoS is superior in this regard, by how much?
1. Currently, Decred is less resistant overall to a double spend attack than Bitcoin. We were able to determine that an effective double spend attack on Bitcoin’s chain would cost at least $1.6 billion in new hardware to be successful. While an effective double spend attack against Decred would cost $152.7 million in hardware and ticket (PoS) expenses. Therefore, Decred’s blockchain is currently 9.5% as expensive to double spend than Bitcoin’s blockchain. Not bad for a coin whose market capitalization is currently 0.23% of Bitcoin’s marketcap.
2. Therefore, when compared on the equal playing field of market capitalization, Decred’s Hybrid PoS & PoW is 41X times more resistant to a double spend attack than Bitcoin’s PoW …
This article is mostly a thought experiment in armchair-math, that tries to go all the way down the Decred rabbit hole. Decred has come a long way within the past year. In May of 2018, the Decred network hashrate was 4,868 TH. Today, in May of 2019, the hashrate is now 455,752 TH. That is a 935% increase since last year. With such a significant increase in hashrate, my analysis from last year needs an update to reflect today’s numbers.
Last years analysis looked at Decred’s double spend attack resistance compared to Bitcoin’s. In that analysis I was able to initially find that, at the very least, Decred’s hybrid PoS & PoW consensus mechanism is 11.24X times more secure against a double spend attack then Bitcoin’s Proof of Work. This was done by comparing both consensus mechanisms on an equal playing field, with marketcap being the baseline. And I was only able to compare the proof of work portion of the consensus mechanisms at the time, using respective hardware costs and the like.
We latter discovered that a successful double spend attack on Decred was much more difficult to pull off when factoring in the tickets needed to buy off the PoS consensus portion of the chain. This was so difficult to pull off that I believed it was improbable to do without a super majority of tickets. Which is impossible to acquire without serious shenanigans (breaking modern computing with a quantum computer for example).
For those who don’t know, to successfully double spend attack the Decred chain an attacker needs 51% of the hashing power on the network, just like Bitcoin. But unlike Bitcoin, for the attack to be successful, the Decred attacker would also need 60% of all PoS staked funds!
This was latter expanded upon by Decred lead, Jake Yocom-Piatt:
“Decred is strongly resistant to a typical double spend attack, i.e. a Finney attack, where the attacker mines in secret. Mining Decred in secret is very difficult due to the requirement of having 3 or more votes on the blocks mined in secret. Using the techniques from the Proof-of-Activity paper, section 5.1, mining Decred in secret would require roughly 90% of the hash-power and 23% of the staked funds. There is a curve that gives the approximate percentages of PoW and PoS that would be needed to attack… Here is an image of the curve that has the attacker’s fraction of stake on the x-axis and the multiplier of the honest hash-power required to keep up with the honest chain on the y-axis:” Comment Source
From this added information I was able to conclude that Decred is 16.5X times more resistant to a double spend attack than Bitcoin, when compared on an equal playing field. Let that settle in for a moment, because we’re now going to update the numbers for this year to see if this figure still holds true. Oh, and remember, Decred’s hashrate has 93.5X’d since then…
First things first. I’m going to take the above chart and map it in excel to discover what the optimal mix between PoW and PoS is needed to conduct the most efficient double spend attack on the Decred chain. I updated the above chart to reflect this activity:
From the above chart we can conclude that to successfully double spend attack Decred, you need a combination of the following:
There are an infinite number of these scenarios along the pink curved line, but for this analysis we will be looking solely at the above 20 odd scenarios in the chart.
Let’s first walk through a specific example by inputting some numbers. For instance, the current supply of all Decred at time of writing this (May 9th, 2019) is 9,754,123 DCR. The current number of DCR locked up by tickets that are validating the PoS portion of the Decred blockchain is 4,761,194 DCR. This happens to be 48.81% of the total current DCR supply, according to https://dcrstats.com/.
It’s crazy to see half of all DCR timelocked for at least 30 days…this makes DCR incredibly scarce when compared to other cryptocurrencies. This also makes it difficult to acquire large amounts of DCR on the open market. For instance, today the entire DCR order-book across most exchanges only adds up to 43,410 DCR. This represents less then half a percent (0.45%) of total supply!
Therefore, if someone wants to double spend, they have to either:
A. Manufacture, setup and run Decred ASIC’s, and mine a ton of Decred over a long period of time and keep them or continually stake them.
B. Buy a ton of Decred over a huge amount of time and keep it while trying not to inflate the price with this activity (very unlikely considering the lack of DCR available).
C. Break modern encryption through quantum computing and steal the Decred treasury keys (this would only yield you around 610,200 DCR or 6.26% of total supply).
The last scenario, despite it being the most difficult, is probably the most likely to be effective for a successful Decred double spend attack (it’s also the most fun). So, here’s a thought experiment following scenario C:
Stealing the Decred treasury would have the effect of demoralizing the Decred community, thereby depressing the price. Stakers would abandon staking and sell DCR for months to come, thereby allowing the attacker to purchase even more DCR on the open market at lower prices. So, let’s say by doing this the attacker acquires 10% of the total supply of DCR. This would allow him to corner approximately 20.5% of all staked funds. Not bad…but the attacker still needs more then 10X times the current hashrate to carry out an effective double spend attack… (see previous charts).
It’s insane that an attacker could steal the entire Decred treasury and still not be able to carry out a double spend without more then 10X times the current hashrate. What confounding god of tacos created this convoluted system of chain encryption!
Ok ok, Decred is hard to double spend. Let’s get back to the numbers of how much it’s going to cost me to open this jar of crypto pickles. Here’s an update to the previous chart with baseline costing numbers for each scenario. However, most of these scenario’s can not be realistically carried out for multiple reasons. Anyways, here’s the updated chart with costing figures.
Take it with a mountain of salt.
We found these numbers with the staking numbers already discussed above. We found the proof of work numbers by looking at Decred ASIC hardware prices and factoring in their hashrate. I’ll also be adding in a power factor for the fun of it (I’ve always wanted to steal a nuclear power plant anyways). Furthermore, the costing of the PoS staking portion assumes we can buy as much Decred on the open market as we want at the current price.
44TH of Decred mining power costs 900 USD. The current hashrate of the Decred network is 609.58 PETHASHES. Right, lets convert that to TH. So 609580TH / 44TH = 13855. We multiple this by 10 since we need 10X times the hashrate to double spend.
I therefore need to buy/manufacturer/setup/run around 140,000 ASIC’s (and purchase another 1% of total DCR supply) in order to get to that pink curved double spend line on the above chart. (Also remember, I’ve already stolen the entire Decred treasury by breaking modern encryption through a quantum computer that won’t exist for the next 20 years).
So, what’s 140,000 ASIC’s multiplied by 900 USD? 126 million USD…And that’s just for the hardware.
Oh and these ASICs are each 130 x 220 x 390mm, so I also need 651,652,303,305 ft² , or 60,540,480,000 m2 , or 14,959,879 acres of rack/floor space to host these ASIC’s. Hmmm. What’s 15 million acres look like?
Almost Heaven…Looks like we’re buying West Virginia. They don’t need country roads anyways.
Now we’re going to get a little ridiculous, but stay with me for argument sake. So how much is an acre of farmland worth in West Virginia? Apparently $2570 per acre. Hmm, let’s assume all of West Virginia is only farmland. So, we buy West Virginia for $2570 X 15 million acres = 38.55 Billion USD. We also need power to run these miners, luckily there are several nuclear plants in the region to supply us power exclusively (and we’re not going to pay for them, we’re going to steal a nuclear plant).
So how much power do we need to run a hundred and forty thousand ASIC’s in West Virginia? Each miner needs 2200 watts to run. Therefore, 2200W X 140,000 ASICs = 308 million watts, or 308MW. The closest nuclear station to West Virginia is Beaver Valley Nuclear Generating Station in Pennsylvania, which can produce 1,835MW of power! That’s more then enough for our double spend operation! (lets hope the transmission lines can handle the power load).
Ok. So far, we’ve (1) cracked modern encryption with a quantum computer that won’t exist for the next 20 years. And instead of going after larger more significant encryption targets, like the united states nuclear arsenal, we’ve decided to use this new found super power to (2) steal the Decred Treasury.
We then (3) buy an additional 1% of all DCR in circulation for 2.5 million dollars to obtain a 22% share of all staked funds. We can now start staking to begin the double spend attack on Decred!
Also, (4) somehow the pool of staked tickets remains the same or decreases and (5) the Politeia governance mechanism is offline for some reason so the Decred community can’t change the consensus rules to block our attack.
We then (6) buy/manufacture one hundred and forty thousand ASIC’s for 126 million dollars, and these (7) magically materialize and set themselves up in West Virginia.
We also (8) bought West Virginia’s land mass to host these same miners for 38.55 Billion dollars.
We also (9) stole a Nuclear station in Pennsylvania to supply us with power and hope the transmission lines can handle 308MW to one destination.
We’re all set and ready to double spend on the Decred blockchain. And it only cost us 38.6785 Billion dollars.
Wait a second. What’s the market cap of this Decred thingy anyways?
Hmm. Ok, lets back up out of this rabbit hole then.
Let’s omit the cost of West Virginia, and only go with the cost of the ASIC’s and the cost of buying the needed DCR on the open market for PoS tickets. We’re not going steal the treasury with the quantum computer we don’t have. Instead we’ll just assume we bought out the Decred treasury for the market spot price, because the community took a nap and Jake was on vacation.
Therefore, the total minimum cost to conduct this double spend is $152.7 million. That represents 61.3% of Decred’s market cap…
Now you may have noticed that this is the most expensive scenario (highlighted green) in the chart of 20 odd scenarios. This was chosen because it also happens to be the most feasible to carry out in reality.
The other cheaper highlighted golden scenario requires alternative infinite universes to be possible in any form. But for sake of comparison, lets look at it. This cheap golden scenario costs us $73.2 million to do a Decred double spend. This represents 29.4% of Decred’s market cap.
Again, that golden scenario is no where near possible to implement since I can see no way in which someone could acquire 25% (minimum) of all DCR in circulation to have 50% of all staked tickets. Therefore, for the next part of this analysis we’ll be using the first scenario (green), which costs $152.7 million to conduct a Decred double spend. This represents 61.3% of the Decred market cap.
For comparison, we now need to ask the question, what will it take to double spend attack Bitcoin? We need 51% of Bitcoin’s hashing power, at least. Bitcoin’s hashrate is currently 50,641,334TH. There’s a new and improved Antminer t17 for sale that can hash at 40TH for $1268.
50,641,334TH / 40TH = 1,266,033 (this will be our number of ASIC’s needed to 51% attack the current Bitcoin network).
$1268 * 1,266,033 ASIC’s = $1,605,330,287
Therefore the hardware cost to double spend attack Bitcoin is $1,605,330,287 .
Side note on the power needed to double spend on the Bitcoin blockchain: you would need 1,266,033 ASIC’s * 2200 Watts = 2,785,272,600 Watts = 2,785MW = 1 Pickering Nuclear Generating Station to double spend Bitcoin.
The current market cap of Bitcoin is 108 billion dollars (May 9th, 2019). So we take the cost to 51% attack the Bitcoin network hashrate ($1.6 Billion) / ($108 Billion) Bitcoin market cap = 1.5%
So, when comparing the cost to double spend versus the marketcap of Decred and Bitcoin we have Decred with 61.3% vs Bitcoin with 1.5% …
This is a ratio of 41 : 1
Therefore, we could conclude through some crazy convoluted armchair math that with today’s numbers Decred is 41X times more resistant to a double spend attack than Bitcoin when they are compared on an the equal playing field of marketcap.
Insanity…and probably wrong. I’ll explain why in Part Two.
However, even when not compared on an equal playing field, Decred is still very resistant to double spend attacks. Arguably, more so than many of the top 10 coins listed on coinmarketcap.
In conclusion, this was a fun little exercise to demonstrate that Decred’s combined PoW & PoS validation of blocks provides a double helix of security that makes it very difficult to double spend Decred. So much so that it is likely more resistant to double spend attacks then Ethereum currently is.
With that said, this is only a basic and simplified version of what will become an increasingly important area of research for me personally. My goal in part two will be to explain why this analysis is complete garbage, and to hopefully come up with a better methodology for measuring double spend resistance across different Blockchains.
Buy some Decred tickets in the meantime.
This article was largely inspired by Dave Collins work: