Starfish Mission: are small blocks really secure?
On Thursday, February 7 Richard and I had the good fortune of presenting Saito to a select group of people we now know in San Francisco. It was a smart crowd that was constantly thinking ahead of where we were in our explanation, which made for a good back-and-forth. And has since helped us in figuring out how to simplify our explanation.
The most interesting questions came at the end of the presentation once people understood the overall design. And I think the most sophisticated and subtle question came from Brandon, who asked if it wasn’t a problem to be subsidizing routing if the large blocks this incentivizes make it more difficult for individuals to “verify” the entire blockchain. Isn’t one of the benefits of Bitcoin the fact that smaller blocks are easier to validate? And there is less trust needed since anyone can validate the entire chain on a home Internet connection?
I feel like I fumbled the answer at the presentation, so wanted to take the chance to write up a more proper answer that digs deeper into how we think about the fundamentals of blockchain economics. Brandon — this post is for you!
Why aren’t we scared of large blocks:
The Saito design recognizes that every consensus mechanism is secured by transaction fee volume. In proof-of-work the fees pay for energy. In proof-of-stake the fees incentivize staking. This underlying economic fact is the reason that “segment and subsidize” approaches in POS systems weaken security: every dollar that a governance layer directs away from its core security function reduces the cost of attacking the network while handing ammunition/cash to potential attackers.
So we know that security scales with transaction fees. And we know that maximizing security means maximizing fees while ensuring that every dollar in fees can be leveraged to defend the system.
And this is why market failures in non-Saito networks really matter. In all systems characterized by tragedy-of-the-commons pressures affect the price of ledger inclusion, transactions fees will fall to the lowest price needed to incentivize block producers to add them to the ledger. So right away we can see that smaller chains will have lower fees and lower security than bigger chains (not only because fee volume is lower, but because transactions are cheaper to include and fees reflect that).
It is possible to force fees up in these systems (i.e. increase security) but that requires capping the blocksize (i.e. decrease security). So there is an inverse economic relationship between the amount of network traffic and the security of the network that we cannot avoid. And second layer networks like LN do not get around this problem – they can only force fees up to the extent they creating conditions of settlement-unreliability on the second layer (i.e. demand for settlement space must exceed the supply of settlement space and at least some LN transactions must become unreliable for second layer networks to induce users to pay higher transaction fees).
So there is nothing *different* about the relationship between security and scale in a Saito chain than we have in networks like Ethereum and Bitcoin that are affected by these underlying collective action problems. What is wrong is to assume that we can have high levels of security on a chain that is trivial to download. If a user wants to personally verify an entire blockchain, he will need to put up with the fact that there will be a necessary cost to it that scales with the security he needs. So our choice is not between a “big and secure” Saito-chain and a “small and secure” POW chain. Our choice is between a “big and secure” chain and a “small and less secure chain”. The only question that matters is which consensus mechanism gives us the best bang for our fee volume. And then also whether we have a “transient blockchain” like Saito that reduces the cost of the blocksize through an elegant data-pruning mechanism.
What about chains with ultra-compact ways of representing data?
Yes — If all we want to validate is that tokens have been transferred, then we can use blockchains with compact forms of cryptographic data representation like MimbleWimble. And these approaches are great, except that they preclude attaching user-generated data to transactions and that makes them unsuitable for 99% of the things that we will want to put on the blockchain by 2025.
Also, it is worth remembering that without resolving their tragedy-of-the-commons and free-rider problems, these compact chains will merely induce a market response of users underpricing their transaction fees. So fantastic methods of data compression may undermine rather than improve network security. There are security advances to being on a network with supply-side constraints on transaction inclusion.
OK, so is Saito really more secure than POW and POS at arbitrary fee levels?
Yes. First note that we can create Saito-class networks with arbitrary blocksizes just like any other blockchain, so the real question we need to look at is which approach provides better security at arbitrary levels of network throughput. And the answer is hopefully obvious once one realizes that the Saito network can be defended by 100% of its transaction fee volume rather than merely 51% as in proof-of-work and proof-of-stake networks.
Another reason to believe Saito-class networks will be more secure than POW and POS networks at arbitrary throughput levels is that they can force up fees even in the absence of supply constraints on the blockchain. Routing nodes and miners in Saito are incentivized to collude and cooperate in ways that can push up network fees if that the security of the network falls too low — even if only to protect the network from each other. So the collective interests of the actors running the network actually drags transaction fees to an optimal level even in the absence of a hard-coded supply cap.
So why is there a perception that small is secure?
In Bitcoin the reality that small blocks are insecure has been masked by the combination of a falling block reward and rampant price speculation. This has artificially pumped up the value of the token and created a “security-subsidy”. But a “security subsidy” driven by price speculation is not a sound basis for long-term security, and there is no way to maintain it because token inflation will eventually be priced-in by the market anyway.
But what if I want a cheap way to validate the network?
This is really just another reason to prefer proof-of-transactions to other consensus mechanisms. Because participants who run routing nodes in the Saito network actually generate money, if someone really wants to validate all of the blocks themselves they don’t need to do it the way volunteers are forced to do it in the Bitcoin network. Participants are paid in exchange for the value they provide back to the network. Open a routing node and as bandwidth requirements start rising you’ll be able to earn enough to cover server costs.
And if the goal is to read terabytes of data from other nodes in the network without contributing anything of value back? Then it is fantastic to be creating a network that drives this sort of activity to other networks, because any network that permits this sort of free-riding will eventually either go bankrupt or become centralized through market behaviors on meta-layers (i.e. Infura).