Incentive Attacks on Proof-of-Work Cryptocurrencies
Let’s start with honest praise of Incentive Attacks on Proof-of-Work Cryptocurrencies. As a paper it is hard to fault: the authors catalogue a class of neglected attacks in an genuine fashion. The only qualm I had reading was a suggestion some attacks would be transparent to miners but not victims, an issue acknowledged at the end of the paper.
With that said, there is a problem with the paper’s assertion that Nakamoto Consensus is the same as proof-of-work that needs to be pointed out. For the reasons outlined below, it is much better to define Nakamoto Consensus by the three abstract properties it insists are necessary to protect the integrity of the longest-chain:
- block production must be expensive
- payments must be proportional to work
- governance changes must be expensive
This more abstract way of thinking about Nakamoto Consensus is superior for approaching economic problems — it makes the similarities between proof-of-stake and proof-of-work on the economic level much more apparent, while highlighting the differences that actually matter: whereas proof-of-work hangs its second and third properties on the security of the first, proof-of-stake creates its governance system first and then uses that to encircle the other two.
For researchers cataloguing economic attacks, the fact that both POW and POS have monolithic security models (where the security of their secondary properties depends on the integrity of their primary property) makes the differences far less important than the similarities. Why economic attacks are so devastating in both system is that all three security functions can be undercut by targeting money at the primary vulnerability: the focus of the attack may differ (mining versus governance system) but the security of both networks is economic in nature and thus ultimately dependent on the fee volume of the network and the return-on-investment available to miners and stakers respectively.
So my first complaint is an odd form of praise in disguise: while the authors have launched a broadside against proof-of-work, their article would be a lot better if they were savage enough to take on the entire flotilla of POW and POS chains. The lack of any attention to POS actually makes me wonder if the authors are holding back out of professional discretion, or have further work underway in that direction.
There is a deeper problem with equating Nakamoto Consensus with proof-of-work that has a less positive outcome: it reinforces a mental model that gets in the way of actually fixing the problems. In contrast, using the more encompassing definition above makes it immediately obvious that the incentive problems the authors discuss stem not so much from the logical structure of Nakamoto Consensus as the technical instantiation of the second security property; how payment is made proportional to ‘work’. Fix this issue — the ability of participants to break the proportionality of the payment mechanism – and bribery attacks degrade into the straightforward doublespend attacks that Satoshi already taught us how to address: wait an appropriate number of confirmations until attacks are more expensive than they are worth.
And this point stretches past the focus of the paper itself, but given that there are blockchain implementations like Saito that follow Nakamoto Consensus but do not have the attacks these authors attribute to it, these definitional issues actually matter. Given that, I hope that in future efforts the authors will either generalize their critique to encompass all vulnerable blockchains, or show awareness that solutions already exist in the proof-of-work world for the problems they are describing.
It will be a good day for blockchain when people make this step. From my vantage point in Asia, I suspect it will be the economists that get there first – they tend to be less partisan and more universal in their critiques. But who can tell? Papers like this show that some upcoming computer scientists are starting to think of the problems in the right way. May the race go to the swiftest of mind!