The Disappearing Fee Trick: how Saito fixes blockchain security
A magician doesn’t normally reveal their tricks. But Saito is less magic than science. In this post we’re going to open the curtains and explain how it fixes the fundamental security problem in blockchain. Are you watching closely?
Problem: Relying on External Markets for Security
POW networks use an external market for hashpower to impose a “cost-of-attack” on block production. They then give the block reward to the block producer to avoid attacks on the payment faucet. This design makes producing blocks expensive, but also makes the 51 percent attack unavoidable. And since nothing guarantees that the slope of the supply curve for hashpower will remain steep, the mechanism is not even secure over the long-run: once you can buy 51 percent of hashpower for less than 100 percent of network revenue the network incentivizes attacks.
This isn’t just a problem with proof-of-work. While there’s a lot of buzz around proof-of-stake these days, replacing an external market for hashpower with an external market for stake accomplishes nothing except flattening your supply-curve faster. The fundamental economic problem is unaddressed, which may be why on the rare occasions POS developers wander deep enough into network incentives their tendency is to declare the problems unsolvable and retreat.
We can do better. Fixing these problems requires moving our “cost-of-attack” away from an external market and under the control of our internal consensus algorithm. Saito does this by making nodes burn transaction fees to produce blocks. Rules specify that nodes can only burn fees from transactions they can prove were routed to them (cryptographic routing signatures). The percentage of the transaction fee that nodes can use to meet this burn fee halves with each hop a transaction has made into the network prior to reaching them.
In short, instead of asking miners to sell tokens to buy energy and burn that to produce blocks, Saito tells them to burn the tokens directly. Honest nodes will do this for free (as they are burning user fees) but attackers must suddenly burn their own capital. As long as our block producer is not paid our cost-of-attack is guaranteed to be positive and we have perfect economic security: users can wait however many confirmations are needed to make network reorganizations unthreatening.
Problem: But we need to pay for the network, right?
No network can rely on volunteers to provide high-throughput network infrastructure. And we want a commercially-supported network to maximize fee-throughput and cost-of-attack. So our first solution has provided a second problem. Saito needs to “unburn” its in-block fees and use them to pay for the network without destroying its cost-of-attack.
The solution divides our burned fees into two parts: half for routers and half for miners. Saito then uses a mining like lottery to pick winners. Miners start hashing once a block is produced. If they find a winning “golden ticket” they broadcast it into the network as a fee-paying transaction. Should that transaction be included in the very next block it unlocks the burned fees and distributes them to the lucky miner and a random node from the routing network. Essentially, instead of burning energy to produce blocks, Saito burns money to produce blocks and then burns energy to bring the money back.
The result looks and feels a lot like Bitcoin, but it eliminates the 51 percent attack completely. If attackers lock up their own money (to produce blocks) and hash lottery tickets (to get their money back) they lose everything they spend on mining. If attackers include transactions collected by honest nodes they double their potential payout but also double the hashpower needed to find a solution that pays them instead of an honest node. The mechanism is counterintuitive but elegant.
Can the solution really be this simple?
If you’re interested in reading the full details of how Saito works, you can find more in our Saito whitepaper and network description. In production Saito adds a few additional features that drive cost-of-attack higher. An important lottery modification allows us to drain money out of circulation when and only when the network comes under attack, a step which pushes the cost-of-attack well over 100 percent of potential reward and ensures attackers always lose if they have to overpower honest nodes to control the blockchain.
If you are in the blockchain space and interested in fundamental solutions we encourage you to get involved with Saito. And if you have thoughts on Saito’s solution or questions about how it works please feel welcome to get in touch with us via our Telegram Group or Discord Channel. Saito is challenging because it removes conceptual middleware and forces us to wrestle directly with economics below the surface.
In the next few years, we expect the blockchain space will transform as people realize that “sharing money” is the only form of work that can provides a solid foundation for network security. When your form of work requires destroying money, you have a cost-of-attack that can scale with transaction throughput, that isn’t threatened by circular economic attacks, and that survives against many more since fee-paying users are the ones who ultimately decide which nodes earn profit.