Opinion | Whether it is PoW or PoS, it will eventually tend to be centralized

This article also brings some somewhat unconventional views:

1. All consensus algorithms require an entry threshold;

2. A blockchain that everyone can join is meaningless;

3. “Decentralized computing” is just an illusion brought by the computer in your hand;

4. What guarantees the security of the POW algorithm is nothing but ASIC mining machines and centralization;

5. Both POW and POS algorithms will eventually become quite centralized;

6. The idyllic era without professional miners that we long for will not last long;

7.......

The author of this article: Maxdeath, Dr. Ren Zhijie, is a senior researcher at VeChain Blockchain. His main research directions include blockchain consensus algorithms, capacity expansion, and applications. He has published many blockchain papers at international academic conferences.

This article discusses the centralization issues of POS and POW.

First of all, it is a commonplace that POS will lead to greater inequality. We will not elaborate on why POS is closer to the concentration of rights and interests, that is, centralization, because there is no controversy about this.

However, the view that POW will eventually become centralized is probably controversial. In fact, if we reason logically, both POW and POS will eventually become centralized. Let’s focus on the centralization problem of POW.

The centralization problem of POW

We all know that the computing power of almost all the leading digital currencies is quite centralized. But people usually blame ASIC mining machines or mining machine manufacturers, algorithms, mining pools and outsourced mining tasks, etc., and usually, everyone regards POW as an algorithm that is more decentralized than POS and allows people to participate and compete equally.

However, I would like to propose a very unconventional conclusion here:

No, I am not saying that the currencies currently using the POW algorithm are very centralized. I am saying that all blockchains using the POW algorithm will eventually become centralized, or more precisely, for a normal blockchain using the POW algorithm, the concentration of computing power and centralization is its inevitable outcome. Of course, the exception here is "this is not a normal blockchain", and we will talk about what it means at the end.

Let us reason through several important events to explain why centralization is the inevitable result of the evolution of any POW algorithm.

1. The emergence of professional miners

Many blockchains that use POW, including Bitcoin, have experienced a "pastoral era" that many people yearn for. At that time, everyone could mine with graphics cards or even computers. There were no professional miners, no ASICs, no mining pools, and no centralization. So a natural thought is, can we always maintain this state and prevent professional miners from appearing? In other words, no one (or very few people) is willing to purchase special equipment for mining, and most people will choose to use ordinary household equipment for mining - this is the real zero-threshold blockchain that anyone can join.

The answer is yes - if mining never makes money. (Condition 1)

POW is a non-permissioned system. In other words, if amateur miners can make money, there is no reason why some people would not want to "buy twice as much equipment to make twice as much money." In this definition, when he buys the equipment, his identity becomes a professional miner, and his purpose becomes making money. This may sound a bit awkward. Didn't the early people who mined Bitcoin do it out of faith?

But belief and making money are one and the same. The reason why Bitcoin is successful is precisely because it unifies the two and avoids the tragedy of the commons. Making money does not necessarily mean making cash, but also includes the expectation of currency appreciation. Whether it is real money or future money, when more people in the network recognize that "making money" is possible, miners will naturally appear.

The difference between miners and amateur miners is that since miners have already made investments, they will place great importance on profits.

2. The emergence of dedicated mining machines (ASIC)

With the birth of professional miners comes competition, and the reason for competition is that rewards are not distributed according to computing power, but according to the proportion of computing power. Therefore, if this is an open system (condition 2), that is, a system that everyone can join, all miners will need to continue to invest in equipment according to the trend of increasing computing power and calculate the corresponding profit cost, and those who cannot afford this cost will withdraw, or find ways to cut costs.

The way to cut costs is of course to use more efficient mining equipment. Therefore, for each POW algorithm, since special equipment is usually more effective than general equipment (condition 3), eventually, we will get more and more efficient and special equipment. If the competition lasts long enough (condition 4), that is, many people are optimistic about the long-term profitability of mining this algorithm, we will eventually get ASIC mining machines.

3. The emergence of mines

In a highly competitive environment, the benefits of mining should be slightly higher than the input. With the emergence of ASIC mining machines, assuming that miners all use ASIC mining machines with similar efficiency, the competition in other aspects of cost will be unprecedentedly fierce, such as: electricity costs, mining machine purchase costs, site rental costs, labor and management and maintenance costs, etc. This is the so-called scale effect.

In reality, all these expenses will only lead to one result - the birth of a mine.

Because: electricity costs are regional, and mining farms can be located in places with low electricity costs; whether from the perspective of research and development, manufacturing or sales, the price of large-scale purchases of mining machines will be lower than retail; mining farms also have advantages in site rental and management costs.

Therefore, no matter the size of the mining farm, one thing is certain: in a POW blockchain with fierce competition among miners (condition 5), individual miners will gradually decrease and be eliminated.

4. The emergence of mining pools

Similar to the case of POS, in most cases, large mining pools of POW have many advantages over independent miners in terms of consensus participation (condition 6), such as bandwidth, transactions received, computing power, etc. And the biggest advantage is that large mining pools can obtain more stable income to pay for electricity bills. Therefore, independent miners of POW are more motivated to join mining pools than miners of POS. As a result, a situation has been formed in which miners compete in the form of "mining pools", but since mining pools have no constraints on miners, miners will only spontaneously choose mining pools with higher returns, which ultimately results in only a few competitors remaining in the mining pool industry no matter which mining pool the miners join. In other words, several large mining pools will eventually monopolize the entire computing power market.

Of course, the controversial point here is whether mining pools are necessarily equal to centralization, because miners can still decide which mining pool to join. Indeed, there are some differences between the two, but I think the easiest criterion is - if a 51% attack is carried out at the mining pool level, how many miners can detect it in time and withdraw computing power? Moreover, if the mining pool can give miners higher returns through a 51% attack, are all miners really willing to initiate a boycott?

POW's Decentralization Attempt

Above, we have analyzed why POW will definitely form a centralized mining pool purely from the perspective of the real world and the nature of the POW algorithm through reasoning. We made six assumptions, which are marked in bold "conditions" in the reasoning:

• 1. Make money by mining;

• 2. Open system;

• 3. Special equipment is more effective than general equipment;

• 4. The competition time is long enough;

• 5. Fierce competition among miners;

• 6. Large mining pools have advantages.

These six conditions are an integral part of reasoning. In other words, if these conditions do not hold, then our reasoning is problematic. In fact, when a POW blockchain does not meet these conditions, it is most likely not a "normal" blockchain.

Moreover, such a blockchain is likely to be more centralized.

Let's first look at some simple situations: if mining is not profitable, it is impossible for the competition to be long and fierce. In fact, most POWs without ASIC miners are in this situation. Therefore, the lack of ASIC miners has little to do with the difficulty of the algorithm, but it is just because the investment in developing ASIC miners is not worth it.

Another situation is that the entire system ecosystem is not completely open. For example, special permissions are required to join mining, or it is not mainstream enough so there are few ways to buy mining machines.

In both cases, the blockchain has not become more decentralized. A system where mining is not profitable, competition is not fierce, it is not open enough, or competition has just started, just means that not enough people are involved in mining. In fact, almost all POW systems, including Bitcoin and Ethereum, have very centralized computing power when they started. The truly decentralized era of Bitcoin and Ethereum, which is still considered to be the golden age when everyone can mine, is actually very "short-lived" and may never appear again. It is a transitional period before the market enters full competition.

From this perspective, the advantage of POW over POS lies not in the consensus algorithm itself, but in the current business model of blockchain. Under the current popularity, the price of a POW blockchain project has already been highly valued before the mainnet is launched. Therefore, compared with POS, which has a very high threshold for obtaining coins before the mainnet is launched, when the mainnet of POW is just launched, there will be a bonus period of "mining makes money but the competition is not fierce, so everyone can mine". The participation during this period is truly "permissionless" and almost "zero threshold", which enables it to obtain a large number of participants in the early stage, which is something that POS does not have.

However, this is actually irrelevant to the centralization of computing power distribution, which is our topic here (we will discuss this issue in more depth later). Because, for any POW blockchain, under the current popularity of blockchain and the search for so-called "hundred-fold coins" and "thousand-fold coins", this window will be very short, and in a normal market, the situation we described above will definitely occur - either ASIC mining machines will appear, making ordinary equipment unable to mine, and then professional miners will join large mining pools or simply purchase mining services through cloud mining or hosting due to the constraints of electricity costs, or, due to the lack of profitability of mining, miners will withdraw, and in order to maintain the security of the system, more centralized project parties will gradually close the system. In the end, the system will become centralized.

So, are there any exceptions?

The answer is yes - we can start with the above conditions.

1. Special equipment is more effective than general equipment

The earliest attempts to decentralize POW started from this point, that is, how to prevent the emergence of ASIC mining machines from an algorithmic perspective, that is, ASIC resistance algorithms. However, ASIC resistance does not exist, because the above assumption is an irrefutable truth in all fields, that is, dedicated ones must be more effective than general ones, and the only difference is the degree of effectiveness and the difficulty of design, development and manufacturing.

The so-called ASIC-resistant mining algorithm is to transfer the computational speed requirement of SHA256 to memory or even hard disk, such as the famous Ethash, Equihash, and X11 which uses 11 algorithms, etc. They hope to increase the difficulty of hardware design and manufacturing, while reducing the advantages of dedicated equipment over general equipment. But we have seen the results of this approach - they overestimated the difficulty of hardware manufacturing and underestimated the advantages of dedicated equipment.

In fact, from an academic perspective, designing an ASIC-resistant algorithm, that is, "how to design a hash algorithm that is secure and has the highest manufacturing and development cost under the current hardware conditions and electronic industry manufacturing environment" is a very complex and even brand new academic problem. I have no doubt that this problem can be solved by academia, but it may take several years to develop a systematic theory and ultimately come up with an "algorithm that is the most expensive to develop and has the least advantage for general-purpose equipment."

All algorithms before this face many risks, such as overestimating the difficulty of hardware development, underestimating the advantages of ASIC, or simply having security risks in the algorithm, which actually bring real security risks, because users cannot judge the difficulty of 51%. Now, we still see many ASICs that "have no ASIC mining machines yet" resisting POW algorithms, but judging by the experience of their predecessors, I don't think they can resist for too long.

2. The competition time is long enough

Therefore, Monero has brought another solution, which is to switch the algorithm before any ASIC mining machine may appear. But first of all, this is a very centralized behavior, but it is not centered on computing power but on decision makers. At the same time, in order to completely avoid the emergence of ASIC, they must choose some unpopular algorithms that do not have ASIC (that is, no other mainstream coins are using them), which also increases the security risks mentioned above.

At the same time, ASIC is not a synonym for hardware that can only be used for one algorithm. It can also be designed to be used for mining of most mainstream hash algorithms. In other words, hardware developers are actually capable of making a dedicated mining machine that can be used for "mining", although the development cost may be higher. In the final analysis, Monero's behavior is just replacing one kind of centralization with another.

3. Large mining pools have advantages

Currently, a popular research area is "non-outsourced mining algorithms" to prevent the emergence of large mining pools. There are many proposals and ideas in this regard, such as linking mining results to private keys or making it impossible for mining pools to accurately assess the workload of each miner, but no mature algorithms have yet emerged.

Let's assume that this algorithm exists, so mining pools cannot exist. But this algorithm cannot change the reason why mining pools exist.

1. Although the long-term expected return of mining rewards is the same, the probability of independent miners obtaining corresponding rewards for equipment is small, so they need to bear great probability risks and the risk of currency price fluctuations;

2. Independent miners do not have the interest or relevant knowledge and ability to participate in consensus. In other words, even among the miners who have purchased mining machines, how many of them want to participate in consensus, and how many of them simply want to make money?

Therefore, completely eliminating the organizational form of mining pools will only lead to two results:

1. Independent miners cannot afford the risk of mining returns, or are unwilling to invest in equipment to verify transactions and quit, resulting in the only large mining farms that can guarantee stable profits being left;

2. The mining pool adopts a more centralized organizational form, so independent miners join the mining pool in a hosted manner, making the mining pool more centralized.

Although the above two methods solve the problem of mining pools, they do not solve the problem of centralization.

“Decentralized computing” is an illusion created by the computer in your hand

Having said all of the above, some people may ask, what if we can really find an ideal algorithm? One where ASICs cannot gain an advantage so everyone can join, one where independent miners can get a stable income without joining a mining pool (for example, some DAG algorithms have such considerations), or in other words, a true one CPU one vote algorithm.

Well, let's consider an extreme case, assuming that we can really find such an algorithm: each node can submit a proof of work to participate in the consensus and get rewards, and this proof must come from a certain CPU, otherwise it is illegal. So, first of all, whether it is POW, POS, POA (permissioned chain) or anything else, all public chain consensus algorithms hope that we can find some way to prevent witch attacks and identify real users in a non-permissioned malicious environment?

However, POW believes that "computation" is the best thing to identify. If so, the above algorithm can no longer be called POW, because we are not using "computation" to determine the contribution of a node in the system, but "whether it is a CPU".

In addition, even if we have such a system, is it really the system we want? Who are the participants in the system, what kind of nodes should participate in the consensus, and what kind of nodes can get a higher weight. POS advocates judging by the number of coins held, POA or other alliance chain algorithms advocate judging by real identity and credibility in the physical world, and POW advocates judging by computing power. The "ideal POW" mentioned above advocates judging by whether or not a CPU is owned, and how many CPUs are owned...

But in the final analysis, why do we think that "computing" or even CPU is a more "ideal" and "fair" solution?

In fact, it is simply because almost each of us has one or several CPUs, so we have the illusion that computing (CPU) = equality for all = decentralization.

In fact, my core point in this paragraph is this: POW is a method that uses the ability to calculate a certain hash function as proof of "workload". Its only advantage is that it is easy to verify - this is not surprising, because this is a design requirement of the hash function. However, whether it is ASIC, mining farm or mining pool, they are all things that come with the hash function, and these things will eventually lead to centralization.

The reason why we have the illusion that "computing" is more decentralized, more permissionless, more private, and more equal than "rights", "identity", and "authorization" is simply because in our time everyone happens to have a computer.

Of course, if we take reality into account -

Since "computing" is not so centralized, and now everyone has a computing device, is it a good idea to use this device to determine the participants' voice in the system? The answer is no - we can look at the entire computing-related industry and upstream and downstream, from research, to wafer machine manufacturing, to chip manufacturing, to energy, to the Internet industry, almost every related core industry is highly centralized, and some industries are even more centralized than the banking industry and government that we have always sneered at. Why do we think that such an industry will be more "decentralized" than other things after the intervention of equally centralized capital?

In other words, I think that the reason why we think that "computing" is decentralized is just an illusion brought about by "we all have computers" - "I may not have money, but I have a computer, and you also have a computer, so we are equal." However, the fact is that when a public chain adopts the POW algorithm and successfully becomes the scale it expects to form a real computing power market, then "computing" will only be centralized at a faster rate, and people with money and resources can seize the computing power market at a faster rate. At that time, the decentralization of computing power will become as ridiculous as mining with CPUs now.

The reality about blockchain consensus algorithms

At this point, I haven’t mentioned the issue of security at all - I’m just explaining from the basic logic of POW and POS why, in reality, both algorithms will eventually be quite centralized.

However, as we mentioned before, the difference between the two is that POW is very weak against 51% attacks, while POS is the opposite. POS is very strong against 51% attacks, but it has no way to deal with unprofitable attacks, that is, the evil deeds of small miners. Therefore, we said in the previous article that POW is actually safer in a more decentralized environment, while POS is safer in a more centralized environment. Therefore, since the reality is that both will eventually tend to be centralized, POS is a safer consensus algorithm.

But I guess some people will say after reading this: I was almost fooled by you. On the one hand, you said that POW is vulnerable to 51% attacks, and on the other hand, you said that POW is prone to centralization. But this does not mean that POW is vulnerable to 51% attacks or that POW is unsafe. Bitcoin, Ethereum, and many other blockchains that use POW are also centralized, but they have not been attacked.

Because, in fact, what ensures the security of the POW algorithm is nothing else but ASIC mining machines and centralization.

We have mentioned it before, and everyone can feel it to some extent, that the most important cost of a 51% attack is actually the cost of obtaining computing power. As for the future profits of mining, the fluctuations of the currency price, the handling fees and risks, and the social costs after the attack... they are actually all clouds. What are clouds? That is, when someone really wants to carry out a 51% attack, the above are meaningless, or in other words, there are ways to avoid them.

So, in a "centralized POW system", that is, when the computing power is in the hands of a few large mining pools or mining farms, what is the cost of an attack?

Let’s think about this from an investment perspective:

Now, we have 8 students engaged in virtual currency mining.

1. A rents a mainstream mining machine for 100 yuan per day and is expected to make a profit of 110 according to the current currency price.

2. B rents a non-mainstream mining machine for 100 yuan per day. According to the current currency price, he is expected to make a profit of 120, but the currency price may fluctuate.

3. C purchased a mainstream mining machine and invested 60,000 yuan. On average, he could mine once every three months and earn 12,000 yuan.

4. D purchased a non-mainstream mining machine and invested 10,000 yuan. On average, he could mine once a week and earn 1,000 yuan.

5. E purchases a graphics card mining machine and invests 10,000 yuan. The average monthly profit depends on the price of the mined currency.

6. F purchased a mainstream mining machine and joined a mining pool, invested 50,000 yuan, and then received a fixed return of 3,900 yuan per month.

7. G purchased a non-mainstream mining machine and joined a mining pool, investing 10,000 yuan and earning a fixed monthly income of 4,100 yuan.

8. H purchased a graphics card mining machine and joined a mining pool, investing 10,000 yuan and making an average monthly profit of 3,500 yuan.

The above profit refers to the net profit converted at the current currency price (excluding electricity costs). Mainstream and non-mainstream mining machines refer to how many people use the POW algorithm. The scenarios are all made up by me just to illustrate some issues.

In fact, everyone can choose their own investment strategy. Purchasing a mining machine requires more initial investment, but the long-term return is definitely higher than renting. Renting is basically limited to when the price of the currency rises, and newcomers who just want to join the mining can try it out. Then, the advantage of the mining pool over independent mining is that the return is more stable, so the risk resistance to currency price fluctuations is stronger. In addition, the difference between mainstream mining machines and non-mainstream mining machines is that the competition for mainstream currencies is more intense, but the currency price is relatively stable, and the competition for non-mainstream currencies is relatively easy, so the profit is high, but the risk of currency price is also high. Graphics card mining requires market judgment, because the coins that can be mined with graphics cards are basically not mainstream currencies. At the same time, if a graphics card mining machine is used to join the mining pool and let the mining pool allocate computing power to the highest-priced currency, it will still be affected by the market, and the income may be higher or lower than the mainstream currency.

But here, we need to discuss not the issue of income, but——

Suppose that a certain M wants to conduct a 51% attack. Which of the above students’ computing power is easier for it to acquire?

First of all, renting computing power must be the simplest, because in fact, since A and B can rent computing power, then M can rent computing power in the same way. In fact, the POW algorithms that have been attacked before are basically blockchains where the computing power required for the attack is less than the computing power that can be obtained in the rentable computing power market.

In comparison, it is more complicated to get computing power from the students behind. Here we assume that they are all rational people, so M can definitely say: No matter how much you paid for the mining machine, I will increase the price to buy it... I guess most people will not refuse such a condition, however, this is obviously the stupidest way (but most security analysis of POW believes that attackers will use this stupidest method to obtain computing power). M can also say, I will rent you one hour of computing power at a price higher than your one hour income. But basically no one will be willing to pay attention to such a request, because the time is too short, not to mention hours, even a day may not be very attractive.

However, a smart M can tell them: I will rent your computing power for a year, but I will pay you by the day... In this way, I guess many people will be tempted. However, if they are alert enough to realize that M may have malicious intentions, they may still refuse such a request, because if M conducts a 51% attack, it may cause their income from mining machines to go to waste - this is especially true for non-mainstream mining machine owners, because mainstream mining machines can still mine other coins, while non-mainstream mining machines may lose their use.

So, in fact, from the perspective of M's acquisition of computing power, the higher the cost of miners in purchasing mining machines, the greater the loss after double payment, and the more difficult it is to acquire their computing power. But at this time, some people may realize another dimension of "difficulty in obtaining computing power" - isn't decentralization also true? Yes, maybe M can buy C or D to join him, or buy computing power from them, but there are thousands of C or D in the world that M doesn't know who they are or where they are...

So, how could M convince everyone one by one that he had no ill intentions and make them feel at ease renting the mining machines that they had bought at a high price to him?

In fact, M does not need to convince them, just giving them a slightly higher reward is enough.

Because how could F, G and H know that the mining pool they joined does not belong to M? In other words, in fact, the organizational form of the mining pool itself has very conveniently solved the two difficulties in acquiring computing power that we mentioned.

As we said before, this is not actually a problem with the mining pool. Regardless of whether the non-outsourced POW can eliminate the organizational nature of the current mining pool, this type of centralized system will eventually exist in some way, because for ordinary miners, the first priority is profit, and the second is ease of use. As for security... just look at the trading volume of decentralized exchanges.

Therefore, in fact, in POW, unless independent miners can understand their own behavior and are willing to actively maintain the security of the system, decentralization will only give malicious nodes an opportunity to obtain computing power more easily.

I know some people will argue that miners are more responsible for blockchain than regular users, but this further proves my point.

In fact, we originally hope that miners will be more responsible for the security of the blockchain, that is, the interests of the consensus nodes of the blockchain can be consistent with the system, so that we have security, and the assumption that "malicious nodes do not exceed 50%", and the entire consensus algorithm is meaningful. Whether it is POW or POS, in fact, the proof itself is to hope that the nodes can provide a "reason why I care about the security of this system" to prove that they are responsible for this system. In this regard, POW is not as good as POS, because in fact, the mining reward is only a drop in the bucket compared to the value of the entire system, that is to say, "I mined" is actually not a sufficient reason. In the public's perception, we usually think that "I bought a mining machine, and if I do evil, the mining machine will be bought in vain" is a sufficient reason, but in fact "I bought a mining machine, but I entrusted it to the mining pool" is also irresponsible behavior.

In terms of responsibility, entrusting the rights and interests to the mining pool in POS is also irresponsible. However, one thing that POS is naturally superior to POW is that if you have more rights and interests, you may suffer much more losses than POW (discussed in the previous article), so larger coin holders have more reason to take more responsibility, so "I bought a lot of coins" is a more sufficient reason for them to be willing to take responsibility than "I mined" or "I have a mining machine".

This actually leads to a conclusion that may be considered quite outrageous by Bitcoin fundamentalists, but is actually not new in the blockchain academic community:

A blockchain that everyone can join is meaningless - because including irresponsible nodes in the consensus will only reduce the security of the system, because the resources in their hands can be easily obtained by malicious nodes, whether it is POW or POS, or other consensus algorithms. Therefore, we hope that nodes can be responsible and their interests can be tied to the blockchain to some extent, so in fact all consensus algorithms need an entry threshold.

Otherwise, no matter how the algorithm guarantees, no matter how much they understand about the blockchain, no matter whether they are honest by nature, their interests in the system determine that they cannot take much responsibility in the consensus. POS will face attacks without benefits. In POW, although the cost of small miners doing evil is high, they will have a greater willingness to join the mining pool, so they actually do not contribute much to security.

In the end, we discovered a rather sad problem - in fact, the security proofs of most public blockchain consensus algorithms are meaningless, because the assumption that no one owns more than 50% of the computing power (equity) is difficult to establish in most blockchain projects.

Because the "majority" of decentralization, which is highly expected, has not really participated in the consensus, but has chosen to trust large mining pools, large miners, or exchanges, just like the centralized system, and has contributed their computing power and rights to certain centers. Therefore, it is the large miners, large mining pools, large coin holders, opinion leaders, large companies in reality, or simply the project founders and founding teams who are actually ensuring security. They have invested the most in the blockchain, and they have the biggest losses if the chain is gone, and they have to pay the highest economic and social costs for carrying out a 51% attack.

Now, there is only one last question left -

What we have said above is all from the perspective of security. So, how important is security? Is it unfair to evaluate POW and POS only from the perspective of security?

In the next and last article, I would like to discuss the following question: What kind of consensus algorithm do we really need? Students who are interested should pay attention.

Author: Maxdeath

Source: Orange Book