Is the cost of proof of work in bitcoin mining fair? Tomaso Aste of the UCL Centre for Blockchain Technologies at the University College London’s Department of Computer Science thinks the current cost large and wasteful, but nonetheless, fair. Aste recently examined the factors that determine the current proof of work cost in a study titled “The fair cost of Bitcoin proof of work.”
Aste noted that bitcoin has proven that untrustful peers can exchange value over the Internet without any third party intermediary or trusted authority, as bitcoin has surpassed $10 billion in capitalization and processes tens of thousands of daily transactions with any serious challenge of attack.
The verification and cryptographic sealing mechanism that is critical to the bitcoin network involves a computationally intensive process. A large number of nodes in the bitcoin network engage in the verification process.
The process provides a mechanism that avoids false duplications of voters and forces voters to demonstrate computational capacity. To secure a qualified majority, the system employs a cryptographic sealing process that is computationally intensive. The process includes a challenge called “proof of work.” The first node that solves this challenge receives a bitcoin reward. This mechanism, called “mining,” enables new bitcoins to be created.
Miners worldwide generate several billions hashes (10^18 or one Exahash) every second. With existing hardware, the computation of a billion hashes consumes between 0.1 to 1 Joule of energy. Hence, roughly a billion watts (1GW/sec) are used globally every second to create a valid proof of work.
The amount of energy for this process accounts for about $50,000 per hour, although electricity costs change worldwide.
Since the system currently processes under 10,000 transactions hourly, the per-transaction cost exceeds $5. The user does not pay the cost. The miners pay the cost and are rewarded with the accreditation of new bitcoins.
The individual proof of work reward was 25 bitcoins leading up to the halving, equating to about $15,000 at current change.
The mining community is estimated to consume an average of around $50,000/6, equaling $8,333 in electricity every 10 minutes to create a block, receiving around $15,000 in remuneration. This makes the mining operation profitable, even taking into account the infrastructure and hardware cost.
The electricity cost for one year of mining totals more than $400 million. This can be viewed as a significant waste.
The reward, now cut in half to 12.5 bitcoins, will leave smaller profit margins, Aste noted.
Proof of work allows the blockchain to remain “pure” and lets an entire community compete to verify the validity of transactions and make attacks to the system costly.
Is the cost justified? Aste claims the cost should make a double spending attack too expensive to be executed.
A double spending attack would occur when someone tries to gain more bitcoin by spending the same bitcoin with different users. The attacker would attempt to double spend the highest amount of bitcoin possible. The amount is limited to that which is normally exchanged within a block, which is currently about $1 million.
A transaction that includes a higher sum than the total transaction value in a block will attract attention from the network. This reality limits double spending to about $1 million. While the duplication can be repeated serially or in parallel several times, it does not affect the present computation’s outcomes.
The attacker can try to gain a fraction of $1 million. To do so, the attacker has to be sure both the duplicated transactions are validated. This requires a fork with two blocks attached to the previous block.
If the attacker has sufficient computing power, it is possible to generate two valid hashes to seal both blocks to create the impression that both transactions were verified. For a final transaction settlement, it is necessary to wait for six new blocks to join the blockchain to ensure the transaction is unlikely to be reverted.
The attacker has to generate six valid hashes before the double spend transaction can be considered settled. The attacker only has to artificially validate one of the two forks, the shortest. The system will consider the other to be valid and let to propagate by other miners. The attacker can propagate it as well.
It is unrealistic to assume no one will notice the propagating fork, Aste noted, but this assumption is made for the purpose of this hypothesis.
Also read: How proof of work…works
The fork’s artificial propagation cost is the proof of work cost times six. The attacker will profit if the cost is less than the gain. The break-even point is represented by the following equation: the fair equilibrium cost of proof of work equals the duplicated fraction of the value of a block divided by the number of blocks required for settlement.
At current values, the attacker duplicates 60% of the typical value of a block, therefore double spending $600,000.
Requiring six blocks for settlement yields the following estimate for the fair cost of the proof of work per block at equilibrium:
Equilibrium fair cost of proof of work per block equals $100,000.
This computation overestimates the cost since the attack, to be unnoticed, has to be done on a smaller fraction of the block value. It is highly unlikely the long forking can propagate beyond an hour with all blocks being validated by the same miner with no one noticing something unusual. Hence, it is reasonable to consider 10% of the cost is a sufficient deterrent to an attack.
Aste concluded that the existing proof of work cost for bitcoin is wasteful and large, but necessary. Costs can be cut by raising the number of blocks needed for settlement or detecting forking at early stages. At the same time, an attacker can cut costs by hacking mining farms or stealing electricity.
There are other mechanisms for building blockchains that do not require such computationally intensive proof of work, Aste noted.
Proof of work produces qualified voters in an anonymous system of untrustful parties. A mechanism that verifies voter identity or avoids uncontrolled duplications of voters can eliminate or reduce the need for proof of work. But such mechanisms must also relax other properties like openness, equalitarian distributed verification or anonymity.
Featured image from Shutterstock.
Last modified: July 11, 2016 10:50 UTC