Tuning PoW with Hybrid Expenditure

Proof of Work (PoW ) is a Sybil-deterrence security mechanism. It introduces an external cost to a system by requiring computational effort to perform actions. However, since its inception, a central challenge was to tune this cost. Initial designs for deterring spam email and DoS attacks applied overhead equally to honest participants and attackers. Requiring too little effort did not deter attacks, whereas toomuch encumbered honest participation. Thismight be the reason it was never widely adopted. Nakamoto overcame this trade-off in Bitcoin by distinguishing desired from malicious behavior and introducing internal rewards for the former. This solution gained popularity in securing cryptocurrencies and using the virtual internally-minted tokens for rewards. However, in existing blockchain protocols the internal rewards fund (almost) the same value of external expenses. Thus, as the token value soars, so does the PoW expenditure. Bitcoin PoW, for example, already expends asmuch electricity as Colombia or Switzerland. This amount of resource-guzzling is unsustainable and hinders even wider adoption of these systems. In this work we present Hybrid Expenditure Blockchain (HEB), a novel PoWmechanism. HEB is a generalization of Nakamoto’s protocol that enables tuning the external expenditure by introducing a complementary internal-expenditure mechanism. Thus, for the first time, HEB decouples external expenditure from the reward value. We show a practical parameter choice by which HEB requires significantly less external consumption compare to Nakamoto’s protocol, its resilience against rational attackers is similar, and it retains the decentralized and permissionless nature of the system. Taking the Bitcoin ecosystem as an example, HEB cuts the electricity consumption by half.

[1]  H. Barger The General Theory of Employment, Interest and Money , 1936, Nature.

[2]  H. Chernoff A Measure of Asymptotic Efficiency for Tests of a Hypothesis Based on the sum of Observations , 1952 .

[3]  J. Friedman A Non-cooperative Equilibrium for Supergames , 1971 .

[4]  Leslie Lamport,et al.  The Implementation of Reliable Distributed Multiprocess Systems , 1978, Comput. Networks.

[5]  R. Lucas Two Illustrations of the Quantity Theory of Money , 1980 .

[6]  Anita Borg,et al.  A message system supporting fault tolerance , 1983, SOSP '83.

[7]  Leslie Lamport,et al.  Using Time Instead of Timeout for Fault-Tolerant Distributed Systems. , 1984, TOPL.

[8]  T. Maugh Why buy when you can rent? , 1984, Science.

[9]  R. Aumann Correlated Equilibrium as an Expression of Bayesian Rationality Author ( s ) , 1987 .

[10]  S. Clarke,et al.  Keynesianism, Monetarism and the Crisis of the State , 1989 .

[11]  P. Hall The Political Power of Economic Ideas: Keynesianism across Nations , 1989 .

[12]  D. Ricardo,et al.  Keynesianism, Monetarism and the Crisis of the State , 1989 .

[13]  M. Lynn Scarcity effects on value: A quantitative review of the commodity theory literature , 1991 .

[14]  Laura A. Brannon,et al.  Liberalization of Commodity Theory , 1992 .

[15]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[16]  T. Philips,et al.  The Moment Bound is Tighter than Chernoff's Bound for Positive Tail Probabilities , 1995 .

[17]  Markus Jakobsson,et al.  Proofs of Work and Bread Pudding Protocols , 1999, Communications and Multimedia Security.

[18]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[19]  John G. Brainard,et al.  Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks , 1999, NDSS.

[20]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[21]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[22]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[23]  Michael K. Reiter,et al.  Defending against denial-of-service attacks with puzzle auctions , 2003, 2003 Symposium on Security and Privacy, 2003..

[24]  Ben Laurie,et al.  \Proof-of-Work" Proves Not to Work , 2004 .

[25]  Ben Laurie,et al.  “ Proof-of-Work ” Proves Not to Work version 0 . 2 , 2004 .

[26]  J. Aspnes,et al.  Exposing Computationally-Challenged Byzantine Impostors , 2005 .

[27]  Ramakrishna Kotla,et al.  Zyzzyva , 2007, SOSP.

[28]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[29]  Cullen Jennings,et al.  The Session Initiation Protocol (SIP) and Spam , 2008, RFC.

[30]  Meni Rosenfeld,et al.  Analysis of Bitcoin Pooled Mining Reward Systems , 2011, ArXiv.

[31]  Colin Boyd,et al.  Stronger Difficulty Notions for Client Puzzles and Denial-of-Service-Resistant Protocols , 2011, CT-RSA.

[32]  Ghassan O. Karame,et al.  Double-spending fast payments in bitcoin , 2012, CCS.

[33]  Jörg Becker,et al.  Can We Afford Integrity by Proof-of-Work? Scenarios Inspired by the Bitcoin Currency , 2012, WEIS.

[34]  Johannes Behl,et al.  CheapBFT: resource-efficient byzantine fault tolerance , 2012, EuroSys '12.

[35]  D. Howden The Quantity Theory of Money , 2013 .

[36]  Christian Decker,et al.  Information propagation in the Bitcoin network , 2013, IEEE P2P 2013 Proceedings.

[37]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .

[38]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[39]  P. Ciaian,et al.  The economics of BitCoin price formation , 2014, 1405.4498.

[40]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[41]  Meni Rosenfeld,et al.  Analysis of Hashrate-Based Double Spending , 2014, ArXiv.

[42]  Elaine Shi,et al.  Permacoin: Repurposing Bitcoin Work for Data Preservation , 2014, 2014 IEEE Symposium on Security and Privacy.

[43]  L. Goodman,et al.  Tezos : A Self-Amending Crypto-Ledger Position Paper , 2014 .

[44]  H. Young,et al.  Handbook of Game Theory with Economic Applications , 2015 .

[45]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[46]  Elaine Shi,et al.  Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions , 2015, CCS.

[47]  Joshua A. Kroll,et al.  perspectives on Bitcoin and second-generation cryptocurrencies , 2015 .

[48]  Ittay Eyal,et al.  The Miner's Dilemma , 2014, 2015 IEEE Symposium on Security and Privacy.

[49]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[50]  A. Poelstra Distributed Consensus from Proof of Stake is Impossible , 2015 .

[51]  Jeffrey S. Rosenschein,et al.  Bitcoin Mining Pools: A Cooperative Game Theoretic Analysis , 2015, AAMAS.

[52]  Paul Haynes,et al.  Governance in Blockchain Technologies & Social Contract Theories , 2016, Ledger.

[53]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[54]  Abhi Shelat,et al.  Micropayments for Decentralized Currencies , 2015, IACR Cryptol. ePrint Arch..

[55]  Elaine Shi,et al.  FruitChains: A Fair Blockchain , 2017, IACR Cryptol. ePrint Arch..

[56]  Aviv Zohar,et al.  Optimal Selfish Mining Strategies in Bitcoin , 2015, Financial Cryptography.

[57]  Kartik Nayak,et al.  Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[58]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[59]  S. Matthew Weinberg,et al.  On the Instability of Bitcoin Without the Block Reward , 2016, CCS.

[60]  J. Gans,et al.  Some simple economics of the blockchain , 2016, Commun. ACM.

[61]  Hubert Ritzdorf,et al.  On the Security and Performance of Proof of Work Blockchains , 2016, IACR Cryptol. ePrint Arch..

[62]  Arvind Narayanan,et al.  Bitcoin and Cryptocurrency Technologies - A Comprehensive Introduction , 2016 .

[63]  Emin Gün Sirer,et al.  Bitcoin-NG: A Scalable Blockchain Protocol , 2015, NSDI.

[64]  Bryan Ford,et al.  Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing , 2016, USENIX Security Symposium.

[65]  Christian Cachin,et al.  Architecture of the Hyperledger Blockchain Fabric , 2016 .

[66]  P. Giungato,et al.  Current Trends in Sustainability of Bitcoins and Related Blockchain Technology , 2017 .

[67]  Jacob D. Leshno,et al.  Monopoly without a Monopolist: An Economic Analysis of the Bitcoin Payment System , 2017, The Review of Economic Studies.

[68]  Iddo Bentov,et al.  Tortoise and Hares Consensus: the Meshcash Framework for Incentive-Compatible, Scalable Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[69]  Lin Chen,et al.  On Security Analysis of Proof-of-Elapsed-Time (PoET) , 2017, SSS.

[70]  Jonathan Katz,et al.  Incentivizing Blockchain Forks via Whale Transactions , 2017, Financial Cryptography Workshops.

[71]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[72]  Peter Fairley,et al.  Blockchain world - Feeding the blockchain beast if bitcoin ever does go mainstream, the electricity needed to sustain it will be enormous , 2017, IEEE Spectrum.

[73]  Fan Zhang,et al.  REM: Resource-Efficient Mining for Blockchains , 2017, IACR Cryptol. ePrint Arch..

[74]  J. Truby Decarbonizing Bitcoin: Law and policy choices for reducing the energy consumption of Blockchain technologies and digital currencies , 2018, Energy Research & Social Science.

[75]  Sarah Meiklejohn,et al.  Smart contracts for bribing miners , 2018, IACR Cryptol. ePrint Arch..

[76]  Mauro Conti,et al.  A Survey on Security and Privacy Issues of Bitcoin , 2017, IEEE Communications Surveys & Tutorials.

[77]  C. Mora,et al.  Bitcoin emissions alone could push global warming above 2°C , 2018, Nature Climate Change.

[78]  J. Gans,et al.  Initial Coin Offerings and the Value of Crypto Tokens , 2018 .

[79]  Emin Gün Sirer,et al.  Decentralization in Bitcoin and Ethereum Networks , 2018, Financial Cryptography.

[80]  Emin Gün Sirer,et al.  Majority is not enough , 2013, Financial Cryptography.

[81]  Aggelos Kiayias,et al.  Stake-Bleeding Attacks on Proof-of-Stake Blockchains , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[82]  Abhi Shelat,et al.  A Better Method to Analyze Blockchain Consistency , 2018, CCS.

[83]  Ittay Eyal,et al.  The Gap Game , 2018, SYSTOR.

[84]  Bart Preneel,et al.  Lay Down the Common Metrics: Evaluating Proof-of-Work Consensus Protocols' Security , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[85]  Amos Fiat,et al.  Energy Equilibria in Proof-of-Work Mining , 2019, EC.

[86]  S. Matthew Weinberg,et al.  Bitcoin: A Natural Oligopoly , 2018, ITCS.

[87]  Edgar R. Weippl,et al.  Pay-To-Win: Incentive Attacks on Proof-of-Work Cryptocurrencies , 2019, IACR Cryptol. ePrint Arch..

[88]  Constantinos Patsakis,et al.  A Survey on Long-Range Attacks for Proof of Stake Protocols , 2019, IEEE Access.

[89]  Christian Stoll,et al.  The Carbon Footprint of Bitcoin , 2019, Joule.

[90]  Ittai Abraham,et al.  HotStuff: BFT Consensus with Linearity and Responsiveness , 2019, PODC.

[91]  Tim Roughgarden,et al.  An Axiomatic Approach to Block Rewards , 2019, AFT.

[92]  Hannes Hartenstein,et al.  Short Paper: An Empirical Analysis of Blockchain Forks in Bitcoin , 2019, Financial Cryptography.

[93]  A. Sonnino,et al.  State Machine Replication in the Libra Blockchain , 2019 .

[94]  A.W.G. de Vries,et al.  Renewable Energy Will Not Solve Bitcoin’s Sustainability Problem , 2019, Joule.

[95]  George Danezis,et al.  SoK: Consensus in the Age of Blockchains , 2017, AFT.

[96]  N. Houy Rational mining limits Bitcoin emissions , 2019, Nature Climate Change.

[97]  Dylan Bugden,et al.  Energy consumption boomtowns in the United States: Community responses to a cryptocurrency boom , 2019, Energy Research & Social Science.

[98]  Shunya Noda,et al.  An Economic Analysis of Difficulty Adjustment Algorithms in Proof-of-Work Blockchain Systems , 2019, EC.

[99]  Sebastian Faust,et al.  Temporary Censorship Attacks in the Presence of Rational Miners , 2019, 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[100]  Ari Juels,et al.  SquirRL: Automating Attack Discovery on Blockchain Incentive Mechanisms with Deep Reinforcement Learning , 2019, Proceedings 2021 Network and Distributed System Security Symposium.

[101]  Ladislav Kristoufek,et al.  Bitcoin and Its Mining on the Equilibrium Path , 2019, Energy Economics.

[102]  Benny Pinkas,et al.  SBFT: A Scalable and Decentralized Trust Infrastructure , 2018, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[103]  Aggelos Kiayias,et al.  Proof-of-Burn , 2020, IACR Cryptol. ePrint Arch..

[104]  Chamseddine Talhi,et al.  A Theoretical Model for Fork Analysis in the Bitcoin Network , 2019, 2019 IEEE International Conference on Blockchain (Blockchain).

[105]  André Orléan The Bitcoin community , 2019 .

[106]  Alexander Spiegelman,et al.  Mind the Mining , 2019, EC.

[107]  Tim Roughgarden,et al.  Transaction Fee Mechanism Design for the Ethereum Blockchain: An Economic Analysis of EIP-1559 , 2020, ArXiv.

[108]  Jude C. Nelson,et al.  PoX: Proof of Transfer Mining with Bitcoin , 2020 .

[109]  Ari Juels,et al.  BDoS: Blockchain Denial-of-Service , 2019, CCS.

[110]  Aviv Zohar,et al.  Pricing ASICs for Cryptocurrency Mining , 2020, ArXiv.

[111]  Daniel Tschudi,et al.  Virtual ASICs: Generalized Proof-of-Stake Mining in Cryptocurrencies , 2020, IACR Cryptol. ePrint Arch..

[112]  Ittay Eyal,et al.  Efficient MDP Analysis for Selfish-Mining in Blockchains , 2020, AFT.

[113]  M. Dotan,et al.  Proofs of Useless Work - Positive and Negative Results for Wasteless Mining Systems , 2020, ArXiv.

[114]  Emin Gün Sirer,et al.  Selfish Mining Re-Examined , 2020, Financial Cryptography.

[115]  A.W.G. de Vries,et al.  Bitcoin’s energy consumption is underestimated: A market dynamics approach , 2020 .

[116]  A. Goodkind,et al.  Cryptodamages: Monetary value estimates of the air pollution and human health impacts of cryptocurrency mining , 2020, Energy Research & Social Science.

[117]  Ittay Eyal,et al.  MAD-HTLC: Because HTLC is Crazy-Cheap to Attack , 2020, 2021 IEEE Symposium on Security and Privacy (SP).

[118]  Tim Roughgarden,et al.  Transaction fee mechanism design , 2021, SIGecom Exch..