Introduction to Blockchain: Consensus
Blockchains are designed to be distributed, decentralized networks. Part of this includes removing the central authority used in many other systems. In a traditional financial system, banks centralize power by maintaining control of the ledger that states how much value is stored in each account. If a dispute arises over the ledger, the bank has the final authority to decide what the authoritative version is.
Blockchain is designed to remove centralizing authorities like banks. Instead, the blockchain network maintains a shared, decentalized ledger with each node in the network maintaining a copy and updating it as each new block is created.
The challenge with this is ensuring that all nodes make the same updates to their copies of the ledger with each block. Since the network does not have a consistent authority to create the official version of the ledger, it chooses a temporary authority to create and share each block. The mechanism for accomplishing this is called the blockchain consensus algorithm.
Fundamentals of Consensus
The job of the consensus algorithm is to ensure that control of the blockchain is decentralized so that no one user has the ability to control the network. The means by which this is accomplished is through making control of the blockchain network dependent on control of a scarce resource.
No matter what consensus algorithm you choose, it boils down to the fact that control of a scarce resource equals power on the blockchain. In Proof of Work, this resource is computational power. In Proof of Stake, it’s the blockchain’s cryptocurrency.
The logic behind using a scarce resource as a analog to power on the blcokchain is that it enables the use of economic incentives to protect the blockchain. The Law of Supply and Demand says that, if there is increased demand for a resource with a limited supply, then the price increases.
When an attacker tries to gain control of a blockchain network (to perform a 51% attack or similar), they need to acquire more of the scarce resource to do so. As a result, they increase the demand for the resource, which increases the price to acquire it. Hopefully, the cost to acquire enough of the resource to perform a successful attack will be beyond the attacker’s resources. If not, we have successful 51% attacks against blockchains, which has certainly happened on smaller cryptocurrency networks.
How Common Algorithms Implement Consensus
When Satoshi Nakamoto created Bitcoin, it was the only blockchain in existence. The Bitcoin whitepaper described the Proof of Work consensus algorithm used on the Bitcoin network. Since then, many other consensus algorithms have been developed for different blockchain implementations. Of these, Proof of Stake also receive a lot of attention, partly due to its presence on the Ethereum roadmap.
Proof of Work
Proof of Work is the original consensus algorithm, and, as its name suggests, it involves making people do work. In Proof of Work, miners are the ones attempting to create a new block. The way that the block creator is selected is by implementing a race where the winner creates the block (and earns the associated rewards).
This race involves creating a valid block, where the condition for validity is that the header of the block hashes to a value less than a given threshold. Due to the properties of hash functions, the best way of accomplishing this is by random guessing. As a result, the miners in the network try random hashes until one stumbles across a nonce that creates the desired hash output. The first miner to find a valid block then transmits it to the rest of the network to build the next block on top of.
The main issue with Proof of Work is that the criteria for block creation is the ability to create a valid block. There is nothing to say that two different miners can’t find different versions of the block around the same time. If this occurs, a divergent blockchain may be created with different parts of the network building on top of different blocks. Blockchain resolves this using the longest block rule, which says that, in a conflict between two versions of the blockchain, the longer one should be accepted.
Proof of Work also tries to minimize the probability of divergent blockchains using the concept of difficulty. The threshold value that a valid block header’s hash must be less than can be updated in a distributed fashion. The difficulty is updated at regular intervals so that the creation of blocks (with the current computational power of the blockchain network) occurs at the desired block rate.
Proof of Stake
Proof of Stake takes a different approach to securing the blockchain using a scarce resource. Instead of using scarce computational power (like Proof of Work), Proof of Stake uses the blockchain’s scarce cryptocurrency.
Proof of Stake works a lot like investing in a company. By giving some of your money to a company, you have the right to receive investor dividends. In Proof of Stake, you promise not to spend a portion of your cryptocurrency (or stake it) in exchange for the chance to be a block creator (and earn the associated rewards).
The mechanics of how block creators are selected based on stakes varies based upon the implementation. In some implementations, the probability of being selected is directly proportional to the size of the user’s stake. In others, the concept of coin age is introduced, where stakers who have not been selected to create a block in some time have an increased probability of being selected. Regardless, control of more staked cryptocurrency in Proof of Stake equates to increased control over the blockchain.
One issue with Proof of Stake is the potential for a user to create multiple versions of the same block. Since the only criteria for a block to be valid is a signature by the chosen block creator, it’s possible for a user to sign multiple versions of the same block. In fact, this is one place where blockchain incentives break down since, if presented with two versions of the blockchain to build upon, it’s in the block creator’s best interest to build on both to ensure that whichever version eventually wins out includes the block that pays them their block reward.
Attacking Consensus
Consensus mechanisms are the key to controlling the blockchain. As a result, many attacks on the blockchain are based upon gaining this control. If successful, an attacker can perform a double-spend attack, which allows them to complete one transaction and then remove it from the ledger at a later date. Some attacks against consensus have been known from the beginning (like the 51% attack), while others (like long-range attacks) were developed later.
51% Attacks
51% attacks are probably the simplest way to attack a Proof of Work blockchain and occur when the economic incentives of the blockchain don’t work. Under the longest block rule, every benign node is obligated to choose the longer option when presented with two contradictory versions of the blockchain. If an attacker has the ability to create the longer version at will, then they control the blockchain.
In Proof of Work, this is accomplished by controlling over half of the computational power of the blockchain network. Since creation of valid blocks requires randomly searching the space of potential options, whomever can search the space more quickly can create blocks faster.
Similar attacks are possible on Proof of Stake, but it requires a greater level of control over the scarce resource. In Proof of Work, you need 50% of the computational power to have a 100% chance of finding the next block. In Proof of Stake, you need 100% of the staked cryptocurrency to have a 100% chance of forging the next block. Since this is unlikely, an attacker trying to control a Proof of Stake blockchain needs to accept the possibility of failure.
Long-Range Attacks
Long-range attacks can be used on Proof of Stake blockchains to give an attacker the controlling portion of the staked cryptocurrency necessary to attack the consensus algorithm. In this attack, the attacker creates a divergent version of the blockchain all the way back to the genesis block (this assumes that they have a stake in the genesis block).
On their divergent blockchain, the attacker creates a new block whenever they are selected as the block creator. Since they are the only ones creating blocks, they’re the only ones receiving block rewards. Over time, the attacker has the controlling stake in the divergent blockchain.
However, the divergent blockchain will only be accepted if it is longer than the “true” version of the blockchain. Since the attacker can only create blocks on their version when it’s their turn, their divergent blockchain will fall behind the main chain whenever a benign user is selected to create a block. While this happens less frequently as they control more of the stake, the attacker’s chain is significantly behind in the beginning.
In order to catch up, the attacker deliberately passes up their opportunities to create blocks on the main chain. Between these missed blocks and ones missed by natural causes (or due to a Denial of Service attack on the chosen block creator), the attacker’s chain has the opportunity to slowly catch up to the main chain. When this occurs, the attacker can publish their malicious divergent blockchain and gain control of the blockchain.
Up Next: Smart Contracts
At this point, we’ve examined the security implications of each level of the original blockchain. However, blockchain technology has advanced since the publication of the Bitcoin whitepaper The remaining two articles in this series are devoted to technology built on top of the original blockchain: smart contracts and blockchain extensions.