Bitcoin Wiki:Proof of work change hard fork: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
JW (talk | contribs)
No edit summary
JW (talk | contribs)
No edit summary
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Proof of work change hard fork ==
= Effects of a long anticipated PoW change =
If the PoW change takes place after enough notice
to miners and specialized hardware makers
are able to switch without causing an accelerating
the obsolescence of hardware.


Changing the proof of work algorithm has been planned as a solution to ASIC mining centralization since as early as 2012 when Butterfly Labs first announced their intention to produce the first mining ASICs.
= Effects of a single unexpected PoW change =
Comment from JW: This history is not relevant to the discussion and should be removed. It also implies that it was agreed upon, by saying it was "planned." This is not true.
Making a one-time change to proof of work  
would have different effects
on different participants in the bitcoin ecosystem.
Here we are assuming that concerns over centralization
of mining power
and the behavior of miners has created enough concern
to justify a proof of work change
in order to destroy the economic value of
all existing specialized mining hardware.
Proposals to modify proof of work so that the mining hardware
is not completely worthless, but less valuable
will have the same effects,
but in proportion to the economic value removed  
by the change to proof of work.


== Specialized hardware makers in early stages of development ==
If an specialized hardware maker has invested into developing
hardware, but has not begun selling the hardware
or earning bitcoin fees by mining himself,
the entirety of his investment would be destroyed
with a PoW change.


It is expected that by changing the PoW, the mining economy will be given a "restart" back to its original decentralized state. 
This is true for both malicious and benevolent
Comment from JW: While it would be "decentralized" until new speciality hardware is developed, it would be vulnerable to attack using specialized hardware. The goal isn't decentralization, but security. In this case that requires commoditization of cutting edge hardware. This approach is similar to creating a "gun free zone" instead of making gun ownership common. In the end only the bad guys will have ASICs.
specialized hardware makers, but if it could be determined
the ratio of malicious specialized hardware makers to benevolent specialized hardware makers
it is possible that the change could be timed
in order to have a greater impact on malicious makers.  


And the current centralized miner (Bitmain) will incur significant enough financial loss to deter future centralization of the new algorithm.
However, chip manufacturing is highly secretive,
Comment from JW: Well it will certainly slow additional ASIC hardware manufacturers from atempting to build ASICs. But it won't prevent it. To do that we would need to change the PoW every time ASICs were known. The incentive would be to build ASICs and keep them secret. And well funded attackers would be able to invest in the best possible ASICs in order to attack a network that is not defended by the best possible ASICs. Bad in every way.
and determining intent is very difficult
(especially with brand new entrants).
As a result of these, and other challenges,
no mechanism has been identified to reliably
determine the ratio of malicious to benevolent
specialized hardware maker investments that would be destroyed
through a PoW change at a given point in time.


=== Purpose of proof of work recap ===
== Specialized hardware makers with products near end of life ==
If an specialized hardware maker has made investments in hardware
that is nearing obsolescence
by the creation of more efficient hardware,
they would actually benefit from a PoW change.


The purpose of proof of work is to ensure that the next block is randomly determined from a large pool of entities, without any centralised authority nominating such entities.
This is because their competitors would be harmed
financially to the degree that they have investments
that have not returned capital,
whereas their own investments have already returned
capital and are no longer producing additional revenue.


=== Problems solved through a PoW change ===
It may be easier to determine makers with products
nearing end of life to avoid harming them with financial loss
with a PoW change,
but those makers are in the best position to know
how they would be effected and when a change would be most helpful.
And we still lack a mechanism for reliably determining their
future intent.


* The goal is to restore mining decentralisation.
== Miners with newer specialized hardware ==
JW: This would be achieved only until someone, maybe a malicious actor, invested in ASICs.
Miners will be financially damaged by a PoW change
* By changing the PoW, Bitmain would suffer financial loss.
in proportion to the investments that they have made
JW: As would everyone that invested in ASIC manufacturing including competitors of Bitman. In fact the newest entrants would be hurt the worst since they have likely invested the most in ASICs that have not been recouped through sales.
in mining hardware and facilities that will become
* Any competent and benevolent manufacturing competitors to Bitmain would not suffer financial loss.
unprofitable as a result of a PoW change.
JW: A PoW change doesn't discriminate. It harms everyone that has invested in SHA256 miners in proportion to their investment.
* Small miners would be able to mine the new algorithm using different hardware, likely at a higher network percentage than with Bitmain-issued hardware.
JW: Miner centralization is a secondary issue with a PoW change. But miners that have recently entered the competition would be harmed more because they have a higher investment in hardware that has not earned a break even point through mining. Older miners, especially those with equipment nearer end of life, would be effected the least.


Miners with the most recent investments,
new competitors,
would be harmed the most
because they have not had the opportunity to earn
mining rewards and fees using the new hardware.


== Miners with newer facilities investments ==
It is possible that facilities could be reused
since they are not directly effected by a PoW change,
however cooling, electrical, and space requirements
could be drastically effected with a PoW change.


===New layout draft to capture both positions===
To the degree to which these facilities are no longer
as ideal, due to a PoW change,
the miner will suffer financial loss.


The newest facilities will be the most likely
to be optimally designed for the current generation
of mining hardware,
and therefore will be the most likely to suffer loss.


====Effects of a single unexpected PoW change====
== Miners with older specialized hardware ==
=====On ASIC makers in early stages of development=====
Miners with hardware nearing obsolescence
=====On ASIC makers with products near end of life=====
would benefit from a PoW change.
=====On Miners with newer hardware=====
This is because their competitors,
=====On Miners with older hardware====
would be damaged financially
====Effects of an ongoing PoW changes to prevent ASIC makers====
(the best equipped competitors would be harmed the most)
while they would not suffer financial loss.
 
== Physical and administrative centralization of bitcoin ==  
If a great majority of the existing mining hardware
is under the control of a few people,
or is physically located in a small number of places,
a PoW change could result in greater decentralization
(a larger number of individuals with administrative control
and a larger number of physical locations).
 
This would be a security improvement
because it would make
physical attacks on the network
and the individuals managing the network,
more more difficult.
 
Unfortunately this is not guaranteed.
 
For example consider a large organization
who's business is being disrupted by bitcoin.
Before the PoW change they would have needed to
make a large investment in hardware
that is only useful
as long as bitcoin maintains market value.
 
But after the PoW change they could use hardware
that could be useful to their business,
or resold later,
to attack bitcoin.
If this business maintains a large number of servers
that are idle except during peak usage hours
the costs are even lower.
 
In this example,
and others,
it is possible that mining could become more centralized
after a PoW change.
 
The authors are unaware how to measure the likelihood
of increased or decreased centralization immediately
following a PoW change.
 
== Bitcoin's resistance to physical and administrative centralization ==
Immediately after a PoW change
it is possible that physical and administrative
centralization would be reduced,
however it would also make bitcoin specialized hardware soft.
 
Currently bitcoin mining equipment
is operating at the height of human capability
using 10 nm and below chipsets specifically designed
to mine bitcoin as efficiently as possible.
A PoW change would reduce bitcoin mining efforts
to more generic, and less efficient, mining hardware.
 
As a result a well funded miner
could invest in specialized hardware hardware
and gain a disproportionate amount of control over the network.
This is believed to be the source of
centralization problems as of Q1 2018.
 
This illustrates the importance of reaching commoditization
of state of the art hardware.
Attackers would need to advance the state of the art
of microprocessors,
not just bitcoin miners,
in order to obtain an advantage over the network.
This is far more expensive
and would be far more difficult
to accomplish and maintain in secret.
 
 
== Bitcoin's Resistance to malicious mining attacks ==
 
Changing the PoW would have
three major effects on the networks resistance
to malicious mining attacks.
 
First, an attacker could invest
in mining hardware and gain a disproportionate
amount of power of the network.
So, while it is possible that the immediate effect
of a PoW change would be physical and administrative decentralization,
it would certainly make it much easier for a well funded
attacker to create a high degree of centralization before executing his attack.
 
Second, it would lower the hardware cost
involved in malicious mining attacks.
For example an attacker could,
rent hardware from a cloud server provider,
such as Amazon EC3,
for only long enough to execute his attack.
This is far less expensive than purchasing hardware
that will be less valuable in proportion to the success of the attack.
 
Finally, it would greatly increase the possibility
of an attacker discovering a flaw in the PoW algorithm
that would allow him to attack the network by faking work.
Changing security critical components always
introduce significant risk.
The existing PoW algorithm has enjoyed
the benefit of nearly a decade of attack and analysis,
including the identification of vulnerabilities
not discovered until after deployment.
 
== Speed of commoditization of cutting edge specialty hardware ==
 
After years of research and development
bitcoin mining hardware is nearing,
or at,
state of the art with regard to chip design.
 
If profits continue of specialty hardware makers
competition will increase,
profit margins will decrease,
and we will see commoditization of
bitcoin mining hardware created using the
height of human ability.
 
Changing the PoW algorithm would slow this achievement
by several years.
 
 
= Effects of the expectation of regular PoW changes =
Creating the expectation of regular PoW changes
would have effects in addition to the effects
resulting from a one-off PoW change.
 
In this case the uncertainty created by the possibility
that another PoW change would occur
would be replaced by the reality that
investing in specialized hardware would
only be profitable if the cost of development
could be recovered through sales or mining rewards
before the next expected PoW change.
 
The motivation for creating this expectation
is to discourage investment into specialized hardware
and therefore to create a "more equal" competition
among miners with generic and specialized hardware.
 
In the most extreme case the PoW changes would
be so varied and often that
specialized hardware,
of any kind,
would not be profitable.
 
== Specialized hardware makers ==
In all cases specialty hardware makers would remain.
If the variation of mining algorithms is
expected to be great the speciality hardware makers
could be employees of the miners themselves.
Any changes to the mining algorithm at all
would likely result in disk, memory, cooling or other requirements.
Optimization of some form will always be present.
 
If the variation of the mining algorithm is
expected to vary within a range of possibilities
specialized mining hardware will simply focus on
the optimal design to address that range of possible algorithms.
 
However this expectation would be successful
at increasing the amount of uncertainty
for speciality hardware makers
beyond a one-time PoW change.
As a result there will be fewer competitors
all other things (namely profits) being equal.
 
The net effect of this is that while
a one-off change would delay commoditization
of state of the art specialty mining hardware,
the expectation of regular changes to PoW,
would prevent this from occurring as long as
the expectation was maintained.
 
== Bitcoin miners ==
Currently bitcoin miners are primarily concerned
with obtaining cheap electricity
and access to the best mining hardware available.
 
Labor costs are currently a minor expense,
but if the PoW algorithm changes often
this will be a greater portion of their expenses.
This will result in mining operations tending
to move to areas with cheaper labor costs.
 
Uncertainty is also increased because
miners will need to account for obtaining
speciality hardware more often (already a major risk),
and maintaining security in more dangerous areas of the world,
due to cheaper labor.
Income will also be less certain
as some miners will be better equipped for the next PoW change than others.
 
As a result miners will invest less
into securing the bitcoin network
all other things equal.
 
== Physical and administrative centralization of bitcoin ==
While it is possible this expectation
would result in greater administrative and
physical decentralization of bitcoin mining,
as in the case of a one-off change,
it is by no means guaranteed,
and we lack a way to determine the likelihood
that it will be an improvement.
 
== Bitcoin's resistance to physical and administrative centralization ==
By ensuring that hardware is never commoditized
we have ensured that the economic incentives
of benevolent actors
are not strong enough to result in
securing the network with the most efficient equipment possible,
but we have not ensured that malicious actors will not
developed more efficient hardware  
to create the centralized control required for an attack.
 
== Bitcoin's Resistance to malicious mining attacks ==
When the best hardware is not profitable
only the bad guys will have specialty hardware.
 
An attacker could invest
in mining hardware and gain an even greater
amount of power of the network
than would be possible after a one-time PoW change.
 
 
== Additional attack vectors ==
In addition to amplifying the problems
that would be created by a single PoW change,
regular PoW changes would introduce at least
three major attack vectors.
 
First, any miner with inside information
on the next PoW algorithm would be able to
optimize his operation more than his competitors.
This creates a strong incentive to build political
relationships with bitcoin developers and researchers.
An attacker could use inside information to gain
an disproportionate advantage,
especially if he could influence the decision process.
 
Second, an attacker could deceive users about
the amount of work used to secure the network.
Currently the PoW algorithm is very simple
and therefore very easy to understand and verify.
If a large number of PoW algorithms are used
verification of work would be exponentially more difficult.
 
Third, it the possibility
of an attacker discovering a flaw in the PoW algorithm
is greatly increased.
Regularly changing the PoW algorithm would be very dangerous
and virtually guarantee that the algorithm is not
reviewed enough to prevent security flaws from being implemented
in production.

Latest revision as of 17:31, 10 March 2018

Effects of a long anticipated PoW change

If the PoW change takes place after enough notice to miners and specialized hardware makers are able to switch without causing an accelerating the obsolescence of hardware.

Effects of a single unexpected PoW change

Making a one-time change to proof of work would have different effects on different participants in the bitcoin ecosystem. Here we are assuming that concerns over centralization of mining power and the behavior of miners has created enough concern to justify a proof of work change in order to destroy the economic value of all existing specialized mining hardware. Proposals to modify proof of work so that the mining hardware is not completely worthless, but less valuable will have the same effects, but in proportion to the economic value removed by the change to proof of work.

Specialized hardware makers in early stages of development

If an specialized hardware maker has invested into developing hardware, but has not begun selling the hardware or earning bitcoin fees by mining himself, the entirety of his investment would be destroyed with a PoW change.

This is true for both malicious and benevolent specialized hardware makers, but if it could be determined the ratio of malicious specialized hardware makers to benevolent specialized hardware makers it is possible that the change could be timed in order to have a greater impact on malicious makers.

However, chip manufacturing is highly secretive, and determining intent is very difficult (especially with brand new entrants). As a result of these, and other challenges, no mechanism has been identified to reliably determine the ratio of malicious to benevolent specialized hardware maker investments that would be destroyed through a PoW change at a given point in time.

Specialized hardware makers with products near end of life

If an specialized hardware maker has made investments in hardware that is nearing obsolescence by the creation of more efficient hardware, they would actually benefit from a PoW change.

This is because their competitors would be harmed financially to the degree that they have investments that have not returned capital, whereas their own investments have already returned capital and are no longer producing additional revenue.

It may be easier to determine makers with products nearing end of life to avoid harming them with financial loss with a PoW change, but those makers are in the best position to know how they would be effected and when a change would be most helpful. And we still lack a mechanism for reliably determining their future intent.

Miners with newer specialized hardware

Miners will be financially damaged by a PoW change in proportion to the investments that they have made in mining hardware and facilities that will become unprofitable as a result of a PoW change.

Miners with the most recent investments, new competitors, would be harmed the most because they have not had the opportunity to earn mining rewards and fees using the new hardware.

Miners with newer facilities investments

It is possible that facilities could be reused since they are not directly effected by a PoW change, however cooling, electrical, and space requirements could be drastically effected with a PoW change.

To the degree to which these facilities are no longer as ideal, due to a PoW change, the miner will suffer financial loss.

The newest facilities will be the most likely to be optimally designed for the current generation of mining hardware, and therefore will be the most likely to suffer loss.

Miners with older specialized hardware

Miners with hardware nearing obsolescence would benefit from a PoW change. This is because their competitors, would be damaged financially (the best equipped competitors would be harmed the most) while they would not suffer financial loss.

Physical and administrative centralization of bitcoin

If a great majority of the existing mining hardware is under the control of a few people, or is physically located in a small number of places, a PoW change could result in greater decentralization (a larger number of individuals with administrative control and a larger number of physical locations).

This would be a security improvement because it would make physical attacks on the network and the individuals managing the network, more more difficult.

Unfortunately this is not guaranteed.

For example consider a large organization who's business is being disrupted by bitcoin. Before the PoW change they would have needed to make a large investment in hardware that is only useful as long as bitcoin maintains market value.

But after the PoW change they could use hardware that could be useful to their business, or resold later, to attack bitcoin. If this business maintains a large number of servers that are idle except during peak usage hours the costs are even lower.

In this example, and others, it is possible that mining could become more centralized after a PoW change.

The authors are unaware how to measure the likelihood of increased or decreased centralization immediately following a PoW change.

Bitcoin's resistance to physical and administrative centralization

Immediately after a PoW change it is possible that physical and administrative centralization would be reduced, however it would also make bitcoin specialized hardware soft.

Currently bitcoin mining equipment is operating at the height of human capability using 10 nm and below chipsets specifically designed to mine bitcoin as efficiently as possible. A PoW change would reduce bitcoin mining efforts to more generic, and less efficient, mining hardware.

As a result a well funded miner could invest in specialized hardware hardware and gain a disproportionate amount of control over the network. This is believed to be the source of centralization problems as of Q1 2018.

This illustrates the importance of reaching commoditization of state of the art hardware. Attackers would need to advance the state of the art of microprocessors, not just bitcoin miners, in order to obtain an advantage over the network. This is far more expensive and would be far more difficult to accomplish and maintain in secret.


Bitcoin's Resistance to malicious mining attacks

Changing the PoW would have three major effects on the networks resistance to malicious mining attacks.

First, an attacker could invest in mining hardware and gain a disproportionate amount of power of the network. So, while it is possible that the immediate effect of a PoW change would be physical and administrative decentralization, it would certainly make it much easier for a well funded attacker to create a high degree of centralization before executing his attack.

Second, it would lower the hardware cost involved in malicious mining attacks. For example an attacker could, rent hardware from a cloud server provider, such as Amazon EC3, for only long enough to execute his attack. This is far less expensive than purchasing hardware that will be less valuable in proportion to the success of the attack.

Finally, it would greatly increase the possibility of an attacker discovering a flaw in the PoW algorithm that would allow him to attack the network by faking work. Changing security critical components always introduce significant risk. The existing PoW algorithm has enjoyed the benefit of nearly a decade of attack and analysis, including the identification of vulnerabilities not discovered until after deployment.

Speed of commoditization of cutting edge specialty hardware

After years of research and development bitcoin mining hardware is nearing, or at, state of the art with regard to chip design.

If profits continue of specialty hardware makers competition will increase, profit margins will decrease, and we will see commoditization of bitcoin mining hardware created using the height of human ability.

Changing the PoW algorithm would slow this achievement by several years.


Effects of the expectation of regular PoW changes

Creating the expectation of regular PoW changes would have effects in addition to the effects resulting from a one-off PoW change.

In this case the uncertainty created by the possibility that another PoW change would occur would be replaced by the reality that investing in specialized hardware would only be profitable if the cost of development could be recovered through sales or mining rewards before the next expected PoW change.

The motivation for creating this expectation is to discourage investment into specialized hardware and therefore to create a "more equal" competition among miners with generic and specialized hardware.

In the most extreme case the PoW changes would be so varied and often that specialized hardware, of any kind, would not be profitable.

Specialized hardware makers

In all cases specialty hardware makers would remain. If the variation of mining algorithms is expected to be great the speciality hardware makers could be employees of the miners themselves. Any changes to the mining algorithm at all would likely result in disk, memory, cooling or other requirements. Optimization of some form will always be present.

If the variation of the mining algorithm is expected to vary within a range of possibilities specialized mining hardware will simply focus on the optimal design to address that range of possible algorithms.

However this expectation would be successful at increasing the amount of uncertainty for speciality hardware makers beyond a one-time PoW change. As a result there will be fewer competitors all other things (namely profits) being equal.

The net effect of this is that while a one-off change would delay commoditization of state of the art specialty mining hardware, the expectation of regular changes to PoW, would prevent this from occurring as long as the expectation was maintained.

Bitcoin miners

Currently bitcoin miners are primarily concerned with obtaining cheap electricity and access to the best mining hardware available.

Labor costs are currently a minor expense, but if the PoW algorithm changes often this will be a greater portion of their expenses. This will result in mining operations tending to move to areas with cheaper labor costs.

Uncertainty is also increased because miners will need to account for obtaining speciality hardware more often (already a major risk), and maintaining security in more dangerous areas of the world, due to cheaper labor. Income will also be less certain as some miners will be better equipped for the next PoW change than others.

As a result miners will invest less into securing the bitcoin network all other things equal.

Physical and administrative centralization of bitcoin

While it is possible this expectation would result in greater administrative and physical decentralization of bitcoin mining, as in the case of a one-off change, it is by no means guaranteed, and we lack a way to determine the likelihood that it will be an improvement.

Bitcoin's resistance to physical and administrative centralization

By ensuring that hardware is never commoditized we have ensured that the economic incentives of benevolent actors are not strong enough to result in securing the network with the most efficient equipment possible, but we have not ensured that malicious actors will not developed more efficient hardware to create the centralized control required for an attack.

Bitcoin's Resistance to malicious mining attacks

When the best hardware is not profitable only the bad guys will have specialty hardware.

An attacker could invest in mining hardware and gain an even greater amount of power of the network than would be possible after a one-time PoW change.


Additional attack vectors

In addition to amplifying the problems that would be created by a single PoW change, regular PoW changes would introduce at least three major attack vectors.

First, any miner with inside information on the next PoW algorithm would be able to optimize his operation more than his competitors. This creates a strong incentive to build political relationships with bitcoin developers and researchers. An attacker could use inside information to gain an disproportionate advantage, especially if he could influence the decision process.

Second, an attacker could deceive users about the amount of work used to secure the network. Currently the PoW algorithm is very simple and therefore very easy to understand and verify. If a large number of PoW algorithms are used verification of work would be exponentially more difficult.

Third, it the possibility of an attacker discovering a flaw in the PoW algorithm is greatly increased. Regularly changing the PoW algorithm would be very dangerous and virtually guarantee that the algorithm is not reviewed enough to prevent security flaws from being implemented in production.