Hitesh Joshi

@achiever.hitesh

Finding Nemo in the Blockchain to Understand PoW Approach to Consensus

Nemo, find it for a bounty !

The title might be catch-bait, but I assure you the rest of the article has some salient points for a layman to understand POW based consensus. We will look at the development of various new consensus mechanism in the Blockchain space, and why it is the most prominent theme in Blockchain development ecosystem now. Why companies should understand consensus before commissioning a Blockchain from the plethora of options that have sprung up.

In this article specifically, we will first examine the most prominent consensus mechanism Proof of Work (PoW). PoW is being used in almost all production grade systems like bitcoin and ethereum.

We will explore Proof of Work in all its brilliance and see how it helps in achieving consensus and avoids double spending. Let’s dive in…

Finding Nemo

Proof of Work consensus requires Miners to find (actually compute) a value to achieve consensus. Let’s call this value Nemo …

Input (I) + Nemo (N) = Output(O)

Nemo, hereby known as N.

Proof of Work mechanism involves finding N, such that when it is added to Block of transactions (Input), it produces a known Output.

Of course, Input contains other things apart from transactions packed in a block, example hash of the previous block, nonce, etc. But let’s not dive into implementation specifics here. The transactions in the input are picked up by the miner based on their processing fee.

The output is a hash (with some property, leading zeroes etc). This property of output can be changed to increase or decrease the difficulty of mining in the network. The challenge is to find N (and find it fast, as miners compete) which when added to the Input gives the output. The generation of this N is hard and requires the computer to spend a lot of computing power to come up with the correct N.

You could say that the miner’s computer did a lot of work for coming up with a correct N. Because of this work, public blockchains are said to work on Proof of Work (PoW) mechanism.

Miners are compensated with bounties or fees for doing this work.

The system is designed in such a way that it is computationally very hard to generate N, but given an N and a Block of the transaction, it is very easy to check whether (Input + N) is really equal to Output.

Once a miner successfully generates N, it broadcasts this Proof of Work to the network (in the hope of winning the mining bounty). Let’s say miner A, found Nemo, while miner B, miner C and miner D are still working on finding their Nemo. They would get a notification from A, with a block containing transactions and Nemo(N). Miners B, C, D can quickly check if using this N produces O.

If it does produce output correctly, they add it to their local Blockchain (Agree with A ‘s version of transactions and hence achieve consensus).

This gives us consensus in between 4 decentralized non-trusting nodes. The logic can be extrapolated to any number of nodes.

But what about double spending?

The Story Of Good vs Bad with an Ugly twist of chain reorganization.

Let’s understand how PoW blockchains tackle double spending with a fictional example of Mr. Good and Mr. Bad.

Mr.Bad offers to buy the stock Mr. Good holds in a Company. They agreed that Mr.Good will accept the payment in Bitcoins(or Ether) and once he does, he will transfer the Digital ownership of these stocks to Mr. Bad.

Mr.Bad sends Mr.Good 200 bitcoins in a transaction and in the process empties his wallet. Unbeknownst, to Mr. Good, Mr. Bad also sent the same 200 bitcoins to Mr. Ugly which is an alias of Mr. Bad himself.

Now, if Mr. Good were smart, he would wait for Bad — Good transaction to be permanent in the Blockchain. Typically he has to wait for at least 12 new blocks (number of blocks changes based on current hashing rate of the bitcoin network) after the Block which has included his transaction to be sure that he would not be affected by chain reorganization. After which, he can then safely send the shares to Mr. Bad. Mr. Bad’s transaction to Mr. Ugly (alias of himself) would be rejected by the network in this case.

Now in the case that Mr. Good turns out to be naïve. He sees that Mr. Bad has sent him the required Bitcoins, he immediately dispatches the shares to Mr. Bad. If Mr. Bad is slightly lucky, his transaction to Mr. Ugly (himself) would be picked up by the network first and would be made permanent and his transaction to Mr. Good would be rejected by a chain reorganization.

In effect, he did not spend a penny and he now owns all the shares of Mr. Good. So he was able to double spend.

The network tries to stop double spending on best effort basis and places the onus on the users to wait until their transaction is old enough in bitcoin and becomes irreversible before they transfer any asset based on a payment over the network.

The case of 51% attack

If Mr.Bad does not want to rely on luck to defraud Mr. Good. He has heard about 51% attack and knows that anyone who owns the majority of the hashing power in the network would be able to reverse transactions or double spend. He buys 51% of bitcoin network hashing power and now can easily defraud Mr. Good or for that matter anyone at will.

So why he or anyone else not doing it?

Getting 51% control over the network is extremely costly.

You can reverse only recent transactions. Rewriting slightly older transactions would still be computationally very hard, nearly impossible.

The recent transaction value should be very large so that reversing it justifies such a hostile takeover of the network.

Once the network is compromised, the underlying currency loses its value. Even if you can buy the majority of hashing power, you would not because the participants would lose faith in the fairness of the system and the underlying currency value would fall.

Your purchase of 51% of the network would be worthless pretty soon.

I hope you see the simple brilliance behind POW, hail Satoshi Nakamoto for that.

Alternate consensus mechanism to replace POW

Almost all new and prominent Blockchain implementations are coming up with their own consensus mechanism. Ethereum is coming up with Casper, a POS(Proof of Stake) based consensus, Eris has Tendermint, Hyperledger Fabric has PBFT — [Practical Byzantine Fault Tolerance], Hyperledger Sawtooth lake has PoET [Proof of Elapsed Time] with SGX (Software Guard Extensions) and so on. But why?

Certain drawbacks of PoW:

1. Mining requires electricity and uses costly hardware.

2. Processing power centralization concerns especially in private or consortium chains.

3. Mining to achieve consensus in a private network does not make sense if there are only a few known parties in the network.

4. A node can always bring in external processing power and reverse a higher value transaction in a private Blockchain.

Next, in these series, we will look at some of the alternate consensus mechanisms and identify how you can pick the right blockchain for your use case.

If you are interested, here is my previous article in this series.

References :

https://bitcoin.org/bitcoin.pdf

https://tendermint.com/static/docs/tendermint.pdf

http://www.pmg.lcs.mit.edu/papers/osdi99.pdf

https://github.com/hyperledger-archives/fabric/wiki/Next-Consensus-Architecture-Proposal

More by Hitesh Joshi

Topics of interest

More Related Stories