Bitcoin Wiki:Proof of work change hard fork

From Bitcoin Wiki
Revision as of 23:49, 9 March 2018 by JW (talk | contribs)
Jump to: navigation, search

Proof of work change hard fork

Changing the proof of work algorithm has been planned as a solution to ASIC mining centralization since as early as 2012 when Butterfly Labs first announced their intention to produce the first mining ASICs.

JW: This history is not relevant to the discussion and should be removed. It also implies that it was agreed upon, by saying it was "planned." This is not true.

LD: It is relevant, because it testifies to the fact that there is no excuse to be ignorant of the possibility of PoW change. It is not sudden or unexpected. Every ASIC miner on Bitcoin who has done basic due diligence is aware that the PoW algorithm may change, and specifically that it will probably change under these current circumstances.

It is expected that by changing the PoW, the mining economy will be given a "restart" back to its original decentralized state.

JW: While it would be "decentralized" until new speciality hardware is developed, it would be vulnerable to attack using specialized hardware. The goal isn't decentralization, but security. In this case that requires commoditization of cutting edge hardware. This approach is similar to creating a "gun free zone" instead of making gun ownership common. In the end only the bad guys will have ASICs.

LD: There is no reason to expect speciality hardware will re-centralise. Incentives will have been made clear to deter that. And if not sufficiently so with one change, we can always change again and again until the message is understood. There is ZERO security from centralised mining. There is no "gun free zone" because ASICs are encouraged.

And the current centralized miner (Bitmain) will incur significant enough financial loss to deter future centralization of the new algorithm.

JW: Well it will certainly slow additional ASIC hardware manufacturers from atempting to build ASICs. But it won't prevent it. To do that we would need to change the PoW every time ASICs were known. The incentive would be to build ASICs and keep them secret. And well funded attackers would be able to invest in the best possible ASICs in order to attack a network that is not defended by the best possible ASICs. Bad in every way.

LD: ASICs are not the same thing as centralisation, and it is not rational to claim their production would be deterred by a PoW change.

Purpose of proof of work recap

The purpose of proof of work is to ensure that the next block is randomly determined from a large pool of entities, without any centralised authority nominating such entities.

Problems solved through a PoW change

  • The goal is to restore mining decentralisation.

JW: This would be achieved only until someone, maybe a malicious actor, invested in ASICs.

LD: With a simple algorithm, anyone can produce ASICs, and there would likely be multiple manufacturers. Bitmain only gained an inherent advantage over SHA2 by patenting the AsicBoost exploit.

  • By changing the PoW, Bitmain would suffer financial loss.

JW: As would everyone that invested in ASIC manufacturing including competitors of Bitman. In fact the newest entrants would be hurt the worst since they have likely invested the most in ASICs that have not been recouped through sales.

LD: No, see below. (Regardless, nobody was ever guaranteed a profit or break-even, and this risk was known long before anyone mining with ASICs invested in them; they chose to accept that risk.)

  • Any competent and benevolent manufacturing competitors to Bitmain would not suffer financial loss.

JW: A PoW change doesn't discriminate. It harms everyone that has invested in SHA256 miners in proportion to their investment.

LD: Competent ASIC manufacturers will design their chips with one or more backup algorithms (likely SHA2-related). This enables discrimination in PoW change scenarios.

  • Small miners would be able to mine the new algorithm using different hardware, likely at a higher network percentage than with Bitmain-issued hardware.

JW: Miner centralization is a secondary issue with a PoW change. But miners that have recently entered the competition would be harmed more because they have a higher investment in hardware that has not earned a break even point through mining. Older miners, especially those with equipment nearer end of life, would be effected the least.

LD: Mining centralisation defeats the entire purpose of PoW. It can never be secondary. But to the main point: these miners would still make a larger profit if the PoW algorithm was changed, than if it was not.



Section that follows is for a more detailed discussion

Effects of a single unexpected PoW change

Making a one-time change to proof of work would have different effects on different participants in the bitcoin ecosystem. Here we are assuming that concerns over centralization of mining power and the behavior of miners has created enough concern to justify a proof of work change in order to destroy the economic value of all existing specialized mining hardware. Proposals to modify proof of work so that the mining hardware is not completely worthless, but less valuable will have the same effects, but in proportion to the economic value removed by the change to proof of work.

Specialized hardware makers in early stages of development

If an specialized hardware maker has invested into developing hardware, but has not begun selling the hardware or earning bitcoin fees by mining himself, the entirety of his investment would be destroyed with a PoW change.

This is true for both malicious and benevolent specialized hardware makers, but if it could be determined the ratio of malicious specialized hardware makers to benevolent specialized hardware makers it is possible that the change could be timed in order to have a greater impact on malicious makers.

However, chip manufacturing is highly secretive, and determining intent is very difficult (especially with brand new entrants). As a result of these, and other challenges, no mechanism has been identified to reliably determine the ratio of malicious to benevolent specialized hardware maker investments that would be destroyed through a PoW change at a given point in time.

Specialized hardware makers with products near end of life

If an specialized hardware maker has made investments in hardware that is nearing obsolescence by the creation of more efficient hardware, they would actually benefit from a PoW change.

This is because their competitors would be harmed financially to the degree that they have investments that have not returned capital, whereas their own investments have already returned capital and are no longer producing additional revenue.

It may be easier to determine makers with products nearing end of life to avoid harming them with financial loss with a PoW change, but those makers are in the best position to know how they would be effected and when a change would be most helpful. And we still lack a mechanism for reliably determining their future intent.

Miners with newer specialized hardware

Miners will be financially damaged by a PoW change in proportion to the investments that they have made in mining hardware and facilities that will become unprofitable as a result of a PoW change.

Miners with the most recent investments, new competitors, would be harmed the most because they have not had the opportunity to earn mining rewards and fees using the new hardware.

Miners with newer facilities investments

It is possible that facilities could be reused since they are not directly effected by a PoW change, however cooling, electrical, and space requirements could be drastically effected with a PoW change.

To the degree to which these facilities are no longer as ideal, due to a PoW change, the miner will suffer financial loss.

The newest facilities will be the most likely to be optimally designed for the current generation of mining hardware, and therefore will be the most likely to suffer loss.

Miners with older specialized hardware

Miners with hardware nearing obsolescence would benefit from a PoW change. This is because their competitors, would be damaged financially (the best equipped competitors would be harmed the most) while they would not suffer financial loss.

Physical and administrative centralization of bitcoin

If a great majority of the existing mining hardware is under the control of a few people, or is physically located in a small number of places, a PoW change could result in greater decentralization (a larger number of individuals with administrative control and a larger number of physical locations).

This would be a security improvement because it would make physical attacks on the network and the individuals managing the network, more more difficult.

Unfortunately this is not guaranteed.

For example consider a large organization who's business is being disrupted by bitcoin. Before the PoW change they would have needed to make a large investment in hardware that is only useful as long as bitcoin maintains market value.

But after the PoW change they could use hardware that could be useful to their business, or resold later, to attack bitcoin. If this business maintains a large number of servers that are idle except during peak usage hours the costs are even lower.

In this example, and others, it is possible that mining could become more centralized after a PoW change.

The authors are unaware how to measure the likelihood of increased or decreased centralization immediately following a PoW change.

Bitcoin's resistance to physical and administrative centralization

Immediately after a PoW change it is possible that physical and administrative centralization would be reduced, however it would also make bitcoin specialized hardware soft.

Currently bitcoin mining equipment is operating at the height of human capability using 10 nm and below chipsets specifically designed to mine bitcoin as efficiently as possible. A PoW change would reduce bitcoin mining efforts to more generic, and less efficient, mining hardware.

As a result a well funded miner could invest in specialized hardware hardware and gain a disproportionate amount of control over the network. This is believed to be the source of centralization problems as of Q1 2018.

This illustrates the importance of reaching commoditization of state of the art hardware. Attackers would need to advance the state of the art of microprocessors, not just bitcoin miners, in order to obtain an advantage over the network. This is far more expensive and would be far more difficult to accomplish and maintain in secret.


Bitcoin's Resistance to malicious mining attacks

Changing the PoW would have three major effects on the networks resistance to malicious mining attacks.

First, an attacker could invest in mining hardware and gain a disproportionate amount of power of the network. So, while it is possible that the immediate effect of a PoW change would be physical and administrative decentralization, it would certainly make it much easier for a well funded attacker to create a high degree of centralization before executing his attack.

Second, it would lower the hardware cost involved in malicious mining attacks. For example an attacker could, rent hardware from a cloud server provider, such as Amazon EC3, for only long enough to execute his attack. This is far less expensive than purchasing hardware that will be less valuable in proportion to the success of the attack.

Finally, it would greatly increase the possibility of an attacker discovering a flaw in the PoW algorithm that would allow him to attack the network by faking work. Changing security critical components always introduce significant risk. The existing PoW algorithm has enjoyed the benefit of nearly a decade of attack and analysis, including the identification of vulnerabilities not discovered until after deployment.

Speed of commoditization of cutting edge specialty hardware

After years of research and development bitcoin mining hardware is nearing, or at, state of the art with regard to chip design.

If profits continue of specialty hardware makers competition will increase, profit margins will decrease, and we will see commoditization of bitcoin mining hardware created using the height of human ability.

Changing the PoW algorithm would slow this achievement by several years.


Effects of the expectation of regular PoW changes

Creating the expectation of regular PoW changes would have effects in addition to the effects resulting from a one-off PoW change.

In this case the uncertainty created by the possibility that another PoW change would occur would be replaced by the reality that investing in specialized hardware would only be profitable if the cost of development could be recovered through sales or mining rewards before the next expected PoW change.

The motivation for creating this expectation is to discourage investment into specialized hardware and therefore to create a "more equal" competition among miners with generic and specialized hardware.

In the most extreme case the PoW changes would be so varied and often that specialized hardware, of any kind, would not be profitable.

Specialized hardware makers

In all cases specialty hardware makers would remain. If the variation of mining algorithms is expected to be great the speciality hardware makers could be employees of the miners themselves. Any changes to the mining algorithm at all would likely result in disk, memory, cooling or other requirements. Optimization of some form will always be present.

If the variation of the mining algorithm is expected to vary within a range of possibilities specialized mining hardware will simply focus on the optimal design to address that range of possible algorithms.

However this expectation would be successful at increasing the amount of uncertainty for speciality hardware makers beyond a one-time PoW change. As a result there will be fewer competitors all other things (namely profits) being equal.

The net effect of this is that while a one-off change would delay commoditization of state of the art specialty mining hardware, the expectation of regular changes to PoW, would prevent this from occurring as long as the expectation was maintained.

Bitcoin miners

Currently bitcoin miners are primarily concerned with obtaining cheap electricity and access to the best mining hardware available.

Labor costs are currently a minor expense, but if the PoW algorithm changes often this will be a greater portion of their expenses. This will result in mining operations tending to move to areas with cheaper labor costs.

Uncertainty is also increased because miners will need to account for obtaining speciality hardware more often (already a major risk), and maintaining security in more dangerous areas of the world, due to cheaper labor. Income will also be less certain as some miners will be better equipped for the next PoW change than others.

As a result miners will invest less into securing the bitcoin network all other things equal.

Physical and administrative centralization of bitcoin

While it is possible this expectation would result in greater administrative and physical decentralization of bitcoin mining, as in the case of a one-off change, it is by no means guaranteed, and we lack a way to determine the likelihood that it will be an improvement.

Bitcoin's resistance to physical and administrative centralization

By ensuring that hardware is never commoditized we have ensured that the economic incentives of benevolent actors are not strong enough to result in securing the network with the most efficient equipment possible, but we have not ensured that malicious actors will not developed more efficient hardware to create the centralized control required for an attack.

Bitcoin's Resistance to malicious mining attacks

When the best hardware is not profitable only the bad guys will have specialty hardware.

An attacker could invest in mining hardware and gain an even greater amount of power of the network than would be possible after a one-time PoW change.


Additional attack vectors

In addition to amplifying the problems that would be created by a single PoW change, regular PoW changes would introduce at least three major attack vectors.

First, any miner with inside information on the next PoW algorithm would be able to optimize his operation more than his competitors. This creates a strong incentive to build political relationships with bitcoin developers and researchers. An attacker could use inside information to gain an disproportionate advantage, especially if he could influence the decision process.

Second, an attacker could deceive users about the amount of work used to secure the network. Currently the PoW algorithm is very simple and therefore very easy to understand and verify. If a large number of PoW algorithms are used verification of work would be exponentially more difficult.

Third, it the possibility of an attacker discovering a flaw in the PoW algorithm is greatly increased. Regularly changing the PoW algorithm would be very dangerous and virtually guarantee that the algorithm is not reviewed enough to prevent security flaws from being implemented in production.