Part 2 by Matthew Czarnek

Proof of Capacity is Secure

First of all, the more decentralized the equipment powering the cryptocurrency, the more secure the cryptocurrency is, because no one person can simply block your account or affect the rules regarding the inflation of the currency or block transactions. Keep in mind that since cryptocurrency uses public and private key cryptography, this means no one else can ever access your funds without using your private key. Given that Proof of Capacity is inherently more decentralized than Proof of Work, this gives Proof of Capacity a security advantage over Proof of Work.

Proof of Capacity has a big advantage over Proof of Stake in that Proof of Stake has a history key attack vector. To explain this, imagine that someone gains hold of a large enough percentage of the coins in a Proof of Stake coin at a specific point in time. Once they own enough coins to 51% attack the network, then they can always create a fake chain to be used to attack the network. They could even buy these coins when the coin is very cheap, then sell them all immediately and later use these keys to attack the blockchain. Or they can buy the keys from people who have long since sold their all their coins. This is not true in a Proof of Capacity network since you are not using your private key to directly mine like this. This is not something to be taken lightly as you can imagine that if someone put up a couple million bucks, they could buy many of the original account keys and make multiple fake chains. Some Proof of Stake coins will say that this isn’t an issue because they have decentralized checkpoints.  The issue of course is that new miners and customers downloading the blockchain for the first time have no way to prove which chain is the correct one.

Additionally, keep in mind that best security practice is to hold on to your private key for your account balance in cold storage where an attacker cannot easily gain access to control of your account. When mining in a Proof of Stake system, you must use that private key to sign blocks and store it on a server where it is easier for an attacker to potentially hack your system and steal that private key.

There are other issues with achieving provable consensus within a Proof of Stake system, which have been explored further in “Distributed Consensus from Proof of Stake is Impossible” by Andrew Poelstra.

At first glance you’ll see that there is a “Nothing at Stake” attack against Burst’s current algorithm, similar to a Proof of Stake “Nothing at Stake” attack but it still involves a 51% attack on the network. In fact more than 100% of the stake mining on the correct fork must also mine on the wrong fork to cause a problem. And importantly, he can not use his own past keys in order to attack the network.  Because with Proof of Stake, if you ever gain a large enough percentage of the coins to 51% attack the network.. you can 51% attack it for the rest of eternity.  But in a Proof of Capacity network, the attacker must still be holding on to the equipment to be used to attack the network. However, it turns out that if you allow miners to essentially Nothing at Stake attack the network themselves, meaning that short term they mine along as many chains as they can find, then they will strengthen the chain in this way.

To get more technical again and explain how Burst can work around this, let’s start by describing how a 51% attack works. The only way for a miner to attack the network is to create a fake fork of the block chain that is stronger than the legitimate fork. Where strength is determined by the amount of Hard Drive space the miner can prove he controls. When creating the blockchain, Proofs of Work are used to prove that you are holding on to equipment used to mine for the network.

In a Proof of Work system, the Proofs are created in real time. This means that miners must all compete to mine on the longest chain or risk being left behind by the rest of the network.  So, short of having over 50% of the mining power that mines on this second chain, this cannot be reliably accomplished.

In a Proof of Capacity system, the miners have pregenerated their Proofs of Work. So they don’t have to concentrate their mining power on any one given fork of the blockchain. They can mine on every fork they see the potential to mine on.

And except for the fact that it’s not in the best interest of the coin they are likely all invested in, it can be argued it is in their best interest to mine on any fork they see that they can mine on. This is because they get paid for mining a block. This means that if the majority of the network starts using this selfish cheat, then a malicious miner can hold on to a block that contains a transaction sending money back to himself when he knows this block would win the ability to mine. Then along the other chain, he send all his coins to an exchange and dumps them. A few hours later, he releases his block, and if enough miners are cheating, they may mine a new fork building off of this block and essentially 51% attack the network.[a][b]

Keep in mind this does require the vast majority of the network essentially attacking the network which makes this unlikely in the first place but it is a potential attack vector and slightly more likely than in a Proof of Work system since miners could work together to cause it without specifically coordinating their attack on the network. Additionally keep in mind that this is indeed an attack on the network, miners realize that if the reorganization does succeed that they have therefore hurt the trust in Burst and which could lead to them stopping being paid all together to mine for the network. So it seems unlikely in the first place and is only in the best interests of a very short sighted selfish miner.

Additionally and importantly, keep in mind that even in this scenario, 100% of the network continues to mine along the legitimate chain, while only the cheaters mine along the cheating chain, so even if a large percentage of the network started trying to perform this attack, 100% of the network would still mine along the main branch. In order for it to be a true 51% attack, more miners would have to mine along this fake branch than the real branch, which is basically impossible. It only means that if say 5% of the network starts participating in this selfish miner scheme, that they selfishly weaken the chain and make it a little bit easier for someone 51% attacking the network with fewer resources.

However, Burst has a work around that once implemented[c][d] will make sure there is never ever the potential of this becoming an issue.  Keep in mind that Nothing at Stake is only a short term issue. So in this work around, miners will essentially get free tickets that they get to cash in a day or so into the future instead of getting their block rewards. Then when they cash in their votes by casting their single vote on the right chain, they will earn their block reward.

For example, miners can propagate a transaction 800 to 1200 blocks into the future after they’ve mined a block that tags a certain branch as being the correct fork of the network.  They do not immediately get access to their reward for mining a block. Instead they get a vote, and at a given time they can use their votes, and get a portion of the block rewards of another miner who includes their vote. Note that when mining their own block, they must either include at least one vote by other miners or they will be punished. After a certain period of time, measured in blocks, they gain access to the block reward for the block they mined as well as part of the block reward, for votes that are included into other blocks if they used their votes. These votes strengthen the chain that gets voted on as they cannot later be removed or moved to another chain as miners cannot votes on multiple chains.

If a miner catches a cheater, then he can include that cheat into his block and the miner that proved another miner was cheating gets to keep the cheaters block reward. This is a big incentive to not cheat.

This is a simple version of the Nothing at Stake fix idea, we may want to give them multiple unique votes that must be used within the same fork but each vote must be used within a certain time period measured in terms of blocks.  For example, vote 1 may be used within blocks 200 to 400  after this block, vote 2 must be used between blocks 400 to 600, etc.  This would further strengthen the number of votes on this chain.  If miners do not include the votes of others, and include it within the right number of blocks, they will not receive their full reward for cashing in their own votes  If a miner can prove that another miner is voting on multiple forks, they can include both votes.  Doing this will invalidate both votes and the miner who caught the cheater will earn the portion of the cheaters block reward the cheater should have earned for that block.[e][f]

Additionally, if nodes find that someone else is cheating and releasing their blocks late, then they should refuse to build off of their legitimate blocks as well for a long period of time.  Given that in order to switch accounts a miner would need to spend time replotting, this should be significant enough so as to discourage miners from even trying this and will prevent “Nothing at Stake” issues. However, this is unlikely to help as much as it’ll only help for miners/pools that own a large percentage of the mining power.

One more potential work around is similar to Gavin Andresen’s work around for a 51% attack on Bitcoin. The idea is that essentially you introduce a Proof of Stake component to help provide extra security. Note that this Proof of Stake component only needs to be stored short term, which is important for blockchain trimming. More information can be found here: http://gavintech.blogspot.com/2012/05/neutralizing-51-attack.html 

In case of an emergency 51% attack against the Proof of Capacity component of the network, Proof of Stake could be introduced to ensure the proper blockchain is built.  Miners could discard the Proof of Stake portion when trimming the blockchain.  It would introduce some Proof of Stake security issues but remember it’s only an emergency fail safe.

Point being there are indeed ways to ensure this is not an issue.

Proof of Capacity is Energy Efficient

The energy consuming part of mining is performing the calculations, but with Burst, the computer performs the calculations once, then all it does while mining is to read a few megabytes off of a hard drive every few minutes and checks every nonce it pulls off, instead of working through heavy calculations.

Some have argued that miners will just buy more equipment to get to the point where the amount of Burst they are earning equals the amount they are spending on electricity, so they still spend the same amount on electricity. However, this argument does not take into account the initial cost of the mining equipment that must be amortized over the lifetime of the equipment. The more energy efficient the equipment relative to it’s cost, the more energy efficient the overall system.

Keep in mind that even those ASICs that are rated as most energy efficient (though no where near as efficient as a hard drive) generally require cooling systems that are not included in with their energy efficiency ratings.

Most importantly though is that, given that Burst coin is ASIC proof, it means that you will have many more people who will mine from their PCs during the time their PCs happen to be on anyway and those miners will be profitable and with no risk of losing money put into buying mining equipment. This is essentially free energy as far as Burst is concerned as those miners would be using the same amount of energy regardless of whether or not they were mining.

A quick analysis of the energy efficiency of Proof of Capacity vs Proof of Work, let’s compare two ‘mining machines’. Keep in mind that what keeps the network secure is how much money has gone into buying mining equipment.

Bitcoin mining machine

SP35 Yukon Power [1]

Cost: $2,235

Power Consumption: 3650 W

Power Consumption per dollar spent: 1.63 W/$

Burst mining machine

Seagate Barracuda 7200.14 Hard Drive [2]

Cost: $101.99

Average Power Consumption: 5.50 W

Power Consumption per Dollar spent: 0.05 W/$

Your average miner would likely be using this drive at a fairly average power level, meaning:

This means that the Bitcoin miners use approximately 33 times more energy than an extra hard drive mining for Burst. 

Note that this calculation assumes that you are adding this hard drive to a machine that already happens to be running.  While a fairly safe assumption for the majority of miners, let’s look at the case where you get a machine dedicated to mining for Burst using multiple hard drives.

So, let’s take the amount of money invested into that Bitcoin miner, and put it into buying a dedicated mining machine and hard drives instead.

We need a computer first, let’s assume that the miner would be trying to save money and buys a cheap machine.

An excellent choice for the miner would be to buy a ODROID for $35, that uses 10W. [3] [4]

That means that given a budget of $2,235, he can put $2200 into buying hard drives. So, assume that equals 22 hard drives. Now he plugs those in and mines using them.. while theoretically you could save some power by idling some drives and only reading from one at a time, or even go so far as to totally turn them off and on, let’s assume he just runs them all at average power.

22 hard drives * 5.5W / hard drive = 121W

121W for hard drives + 10 W for Odroid = 131W

So the Burst miner uses 131W while the Bitcoin miner uses 3650W for the same amount of money invested.  

So even using these calculations, a Bitcoin miner uses 28 times more energy than a Burst miner.

And for those saying that Proof of Stake is the energy efficient choice, keep in mind that you still need to run a computer which includes a hard drive in order to mine for Proof of Stake.  You could argue that with Proof of Capacity people will add extra hard drives, which probably means that Proof of Capacity does use more energy but the tradeoff is that it’s also more secure. And if you do start switching hard drives on and off, then you can save even more energy in this way.  Note that Google did a study that shows that turning hard drives off and on repeatedly does low their lifespan a little bit but not to the same extent previously believed. [5]  Additionally consider that if you have a enough drives and correctly plot them, this could likely be considered to be low to medium usage regarding the number of times it is turned off and on per day.

But let’s do some little bit more in depth calculations. Going to burst.ninja, you find a list of all miners all the network and their estimated capacity, assume that there will probably be a similar distribution once Burst grows. Summing all of the capacities of the 108 miners mining for Burst.ninja, you find that they are mining with a total of 1391.1 TB.

12.88 TB

Using the Seagate Barracuda 7200.14 as detailed above, this uses 5.50W per 3TB.  This is equivalent to 1.8 W per TB.  This means that your average miner is using:

12.88TB * 1.8W per TB = 23 W per miner

Additionally, every miner that is mining for either coin is using the amount of energy their computer uses to mine.

Let’s use an estimate of 100W per computer [ 6 ] This means that Burst uses 100W + 23W = 123W, while a Proof of Stake miner uses 100W.

This means that Proof of Capacity only uses 23% more energy than a Proof of Stake coin.

Remember that these numbers don’t take into account that your average user will likely be mining with their hard drives during the times they happen to have their computer turned on.  This is basically free energy. Another source of free energy will be data centers.  Data centers have to have extra hard drives on hand, just in case they have an extra busy day.

And for those arguing that the only thing miners will care about is the price of electricity and not the fixed initial cost of buying a hard drive.. keep in mind that by adjusting the minimum required transaction fee, Burst can change the number of miners online by changing how profitable it is to mine for the network. Burst will either end up with at least 30 times lower energy use and at least 30 times lower transaction fees than BTC to cover the cost of hard drives or at least 30 times greater security due to more money being invested into the hardware. Keep in mind the price of a 50% attack is the cost of hard drives, not electricity.

To be continued in part 3

Works Cited

[1] “SP35 YUKON POWER SHIPPING FROM STOCK” Web. 21 Mar. 2015. http://www.spondoolies-tech.com/products/sp35-yukon-power-shipping-from-stock

[2] “Compare Barracuda 3 TB 3.5″ Hard Drive.” tom’s HARDWARE Web. 21 Mar. 2015. http://www.tomshardware.com/charts/hdd-charts-2013/compare,2917.html?prod%5B5348%5D=on

[3] “ODROID-C1″ Hard Drive.” Web. 21 Mar. 2015. http://www.hardkernel.com/main/products/prdt_info.php?g_code=G141578608433

[4] “Webserver with PW on Raspberry Pi and Odroid-C1” Web. 21 Mar. 2015. https://processwire.com/talk/topic/8935-webserver-with-pw-on-raspberry-pi-and-odroid-c1

[5] “Failure Trends in a Large Disk Drive Population.” Web. 21 Mar. 2015. http://static.googleusercontent.com/media/research.google.com/en/us/archive/disk_failures.pdf

[6] “Electricity usage of a Computer – Energy Use Calculator” Web. 18 Apr. 2015. http://energyusecalculator.com/electricity_computer.htm

(a) It’s actually very hard to understand and I don’t really know what you want to tell me

(b) I understand what you are saying, however I do not find it very clear. Perhaps add a sentence or two to break up the paragraph into more easily digestible chunks 🙂

(c) Did you discuss this with burstdev? I would not like for people to see this as a promise Burst cannot keep in the end.

(d) Yes.. but let me make sure he agrees it fixes it to this extent.

(e) your not talking about Burst since 2 pages or so… It’s too detailed about proof of stake imo

(f) No, Burst inherits this one Proof of Stake issue.. this is indeed Burst, though maybe that’s not clear.

Subscribe

Subscribe now to our newsletter

2 comments

  1. I’ve read your series of articles with much interest, but it is not clear to me how PoC achieves consensus. If by chance two blocks are mined at the same time, as a miner, I’m better off extending both chains (it costs me essentially nothing doing so) rather than picking a single chain.

    My understanding is that your discussion starting at the place of the footnotes [c] and [d] is supposed to fix this problem. But given how sketchy it is, it is very hard to decide whether it makes sense or not.

    Is there a place where this is explained and analysed carefully?

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*