Bitcoin: Anchor of Trust in the Ocean of Blockchain

Bitcoin possesses numerous properties, such as trustlessness, permissionlessness, transparency, and immutability, which give it utility and value.

When you broaden your view of Bitcoin from a currency and payment system to a secure historical ledger, it becomes clear that these properties combined can lead to powerful applications.

The 'blockchain is not bitcoin' argument continues to grow, and we can see this is because many existing commercial and financial use cases do not see the need for trustlessness and permissionlessness. Traditional financial institutions have had semi-trusted permissioned connections for decades, and their goal is to rebuild these connections using new technologies to make coordination more efficient and powerful. Public ledgers like Bitcoin have become problematic for financial institutions because the verification of transactions is done by a potentially unknown party, and financial institutions are often legally required to review every transaction that passes through them.

Some properties of Bitcoin are difficult to fully describe.

While permissionlessness (no one needs to ask for permission to use the system and can use it without fear of censorship) and transparency (everyone can review the ledger) are clear, trustlessness and immutability are more complex.

Bitcoin advocates often interpret trustlessness as 'you don't have to trust anyone', which is a bit of an oversimplification.

Consensus systems like Bitcoin distribute power to control how the system runs among a large group of people - developers, miners, merchants, users, etc. A properly decentralized system is difficult to make any changes that are not beneficial to the majority of participants. But at the root of the system, there is still trust, and you must believe that the majority of power in the system belongs to users who have the same moral and rational consciousness as you.

Immutability is also a very complex property.

Bitcoin advocates often simplify immutability to mean that no one has the power to change the history of the blockchain.

Let’s take a closer look at the factors that influence immutability.

Proof of Immutability

Bitcoin is the strongest permissionless blockchain in terms of computational security because it has the most resources that can be expended to ensure its security through a proof-of-work (PoW) algorithm.

While PoW critics point out that the algorithm is extremely ‘inefficient’, inefficiency is the whole point. PoW makes it very expensive to attack the consensus mechanism of the Bitcoin protocol, which is what makes its historical record highly trustworthy and immutable.

Unfortunately, quantitatively comparing different consensus algorithms to rank and identify the best one is very difficult.

As Rootstock developer Sergio Demian Lerner said: “It is very difficult to compare them. Their real security depends on honesty, ethics, legal risks, not just economics. — Sergio Demian Lerner (@SDLerner) May 29, 2016”

However, a few reputable people have made valiant efforts to do so over the years.

Andrew Poelstra defended PoW in the publication Dynamic Membership Multiparty Signatures (DMMS), also known as a distributed consensus algorithm that anyone can participate in.

Poelstra divides the DMMS algorithm into three parts:

1. Cost Function

2. Signature Function

3. Validation Function

Poelstra also argues that the most secure (fair) DMMS is one that does no better than simply repeatedly executing the signature function. For Bitcoin, the cost function is defined as the 'number of hash function calls', which is a direct result of energy expenditure (a scarce resource) that comes from outside the system being protected.

“Because Bitcoin’s DMMS is computationally and therefore thermodynamically expensive, alternatives have been proposed that seek to be economically and environmentally more efficient,” he wrote. “One popular alternative, proof-of-stake (PoS), is often proposed as a cheap mechanism for distributed consensus.”

POS uses cryptographic signatures to demonstrate that the owner has a vested interest in the system and, therefore, has theoretically “paid” to acquire the token at some point in the past.

According to Poelstra, POS has a problem with its cost function.

This is mainly a matter of time: blockchains have no sense of time, so if you are faced with a seemingly valid historical blockchain, you cannot be sure that this blockchain is not one of many blockchains created by an attacker. This is because it is relatively cheap for an attacker to recreate an entire POS chain himself - all he needs is a private key that is valid at a certain point in the blockchain's history.

This creates a security vulnerability.

As a result, a new node joining the network cannot trust all valid chains, as there are an infinite number of valid chains. Instead, the node must check with its peers to ensure that they are on the same chain, which opens a vulnerability to Sybil attacks. Contrast this with Bitcoin's security model, where a new node only needs to connect to a single honest peer, as the chain with the most accumulated proof of work is obviously the legitimate chain.

Bitfury also published an article to conduct an in-depth analysis of PoW vs PoS, pointing out that naive PoS suffers from the ‘nothing at stake’ problem - if a stakeholder is aware of multiple blockchain forks, the most rational thing to do is to mine each fork, because it does not cost more, and this cost is the electricity consumed by PoW miners, the ‘external resources’ of the network.

On the other hand, POS miners use an 'internal resource', their account balance, which consumes far less than 'external resources'. This makes the PoS system inherently untrustworthy in the eyes of many cryptocurrency enthusiasts. Attackers can try to fork the blockchain, for example, create a longer blockchain than the existing chain, and only spend a small amount of 'real' resources. Attackers can even get help from other miners, so they don't need to spend any 'real' resources.

By forking, an attacker can invalidate certain transactions and perform double spending.

Attacks can be roughly divided into two categories: short-range and long-range. In short-range attacks, the most recent blocks are replaced, while in long-range attacks, the attack goes deeper and attempts to replace the history of the network, possibly even attacking the genesis block.

“Pure proof-of-stake poses substantial security threats that cannot be recreated in a proof-of-work system. These issues are inherent to the proof-of-stake algorithm because proof-of-stake consensus is not fixed in the real world.”

Ethereum founder Vitalik Buterin explained a few years ago why he loves PoS and proposed some modifications to PoS to thwart short-range and long-range chain re-attacks.

Buterin argues that these protections are good enough for everyone except new nodes joining the system, which need to get a blockchain checkpoint from a trusted entity (likely someone in a social network). From his point of view, this is acceptable because consensus algorithms simply automate the existing process of human consensus, which is built on social networks.

Through Ethereum's proposed future POS algorithm Casper, Buterin believes that neither PoW nor POS can provide perfect 'settlement finality' (immutability), but Casper provides 'economic finality'.

“We can’t guarantee that X will never be recovered, but we can guarantee that ‘either X will never be recovered or a large group of validators will voluntarily destroy hundreds of dollars of their own funds,’” he wrote.

Interestingly, Buterin said: “One of the unpleasant aspects of mainstream ideology is that centralization leads to a permanent aristocracy, which has led to the popularity of cryptocurrencies.”

In another post, Buterin wrote: “All ‘pure’ proof-of-stake systems eventually become a perpetual aristocracy, where the members assigned at the genesis block always have the final say. No matter what happens 10 million blocks from now, the members of the genesis block will always be able to come together and start an alternate fork with an alternate transaction history and take over this fork.”

Daniel Larimer, reviewing Casper, believes that “It is impossible for people without enough stake to participate and profit, and furthermore, those with the most stake will have the highest profit rate. The end result of this economic policy is that only a small number of people who participate in Casper will be able to profit, perhaps a dozen or less.”

This sounds a lot like the ‘nobility problem’ that Buterin has mentioned many times. While similar arguments can be made for Bitcoin, I have previously written about why the centralization of Bitcoin mining may only be a short-term phenomenon.

Paul Sztorc offers a unique perspective, arguing that PoW is in fact cheaper than PoS. According to Sztorc, all versions of PoS are just fuzzy versions of PoW - there is always some amount of work that can be used to increase revenue. Therefore, unless the consensus algorithm is completely independent of all possible human activities, it will inevitably become a form of PoW.

Sztorc thinks the same is true for Delegated Proof of Stake (DPOS): “DPoS is a big player who uses (but neither spends democracy nor risks capitalism) money to elect 100 senators who sign blocks in order, thus securing an almost P2P network. If voting for learning to take away the workload, then voters will be easily influenced by the “work” even without bribes.”

In a permissionless consensus system, a validation algorithm is needed to introduce scarcity.

PoW is rooted in the physical world and is quite similar to mining physical resources, such as gold, silver, and iron. One could argue that the scarcity of many of these natural resources is due to the difficulty of obtaining them.

Therefore, natural resources are a PoW; for thousands of years, this mechanism was considered to be extremely valuable.

Mining physical resources is labor-intensive, and its product is a proof of work.

Is POS dead? Probably not, as some smart developers are still improving the concept — and POS may be good enough for some purposes.

When Bitcoin Core developer Gregory Maxwell was asked about his thoughts on PoS, he stopped short of saying that it could never work, but he said 'With PoS, it's clear that you don't get the same [security model] as Bitcoin, but it's not clear that what you do get is actually useful.'

The cost of immutability

Permissionless and permissioned blockchains have very different security models. However, permissioned blockchains tend to have a consortium of less than a hundred validators, while permissionless blockchains have orders of magnitude more. From a single validator attack vector, permissionless blockchains have superior security because an attacker needs to expend more resources to corrupt or subvert a sufficient number of validators.

1. As of press time, purchasing enough new hashrate to capture 50% of the Bitcoin network (1,487,398 TH/S) would cost 114,415 Antminer S9s (13 TH/S) at $2,500 per unit, or $286 million in hardware costs, 1.4 KW * 114,415 * $0.08 KW/H, or $12,815 per hour in electricity costs.

2. To buy 50% of the Ethereum network hashrate (3,700 GH/S), you would need 142,307 AMD Radeon R9 390 (26 MH/S) at $300 each, or $42 million in hardware costs 0.3 KW * 142,307 * $0.08 KW/H hashrate, or $3,415 per hour in electricity costs.

3. To purchase 50% of Litecoin’s full hashrate (1,362 GH/S), the required resources are 45,400 Zeusminer Thunder X3 (30 Mh/s), each costing $250, for a hardware cost of $11.3 million, or 1 KW * 45,400 * $0.08 KW/H, or $3,632 per hour in electricity costs.

This is a naive model, as it might not even be possible to buy so many ASICs and GPUs.

There are a ton of other costs not included in this model, such as hosting infrastructure, cooling, and human management costs. For simplicity, let's assume these costs scale similarly to the number of hash units under management. Electricity costs can vary as well, but will change each result proportionally.

Quantitatively speaking, it is clear that Bitcoin is more secure against a resource-intensive attack on the consensus algorithm than even the next most popular cryptocurrency. However, this does not mean that Bitcoin is completely immutable.

Even the wealthiest entities in the world have considered calculating the cost of an attack, and the human layer of consensus must be taken into account when evaluating the immutability of a blockchain.

Immutability and social consensus

The immutability of blockchains is not only protected by the sheer cost of attacking the consensus algorithm. There are also political and philosophical components to this.

For example, the recent DAO breach prompted the Ethereum community to perform a hard fork in order to prevent the attacker from absconding with a large amount of ether.

While such a hard fork would probably never be proposed by Bitcoin developers due to their views on immutability and fungibility, Buterin’s view that consensus is a social mechanism means that Ethereum will evolve from a different set of principles. As a result, more Ethereum developers are finding it acceptable for the community to change the state of the ledger if it is for the common good.

Many claim that the Ethereum hard fork sets a bad precedent that will forever hurt Ethereum’s commitment to immutability.

I think this argument is flawed for several reasons:

1. Every blockchain is based on some form of social consensus. That is, humans must first decide what protocol to run before machines execute it. So if the physical world reaches a consensus, people can decide to change the protocol.

2. A distributed consensus protocol can be forked for many reasons - it can be to solve a problem in the protocol layer, to solve problems above or below the protocol layer, or to solve problems external to the system.

3. Public distributed consensus domains are rooted in anarchy, with no institution bound to follow precedent. Each institution will be judged uniquely, and likely by completely different people, depending on who is participating in the system at the time, and past performance is not indicative of future results.

4. If you want to be pedantic, a blockchain hard fork is not a situation where a group of people forcibly steal the benefits of others. Instead, a hard fork occurs when the majority of users find that the current state of the blockchain is not in the best interests of the system, so they voluntarily leave that blockchain and obtain a more ideal state.

Bitcoin has forked in the past to address its flaws:

1. Bitcoin 0.1.0 implemented a hard fork to change the "best chain" logic from the longest chain to the chain with the most accumulated proof of work.

2. On August 15, 2010, a soft fork (and 5-hour chain reorganization) was implemented, and someone exploited the value overflow vulnerability and created 184 billion BTC.

3. In March 2013, a machine consensus failure led to an unintentional fork, and social consensus was quickly adopted to restructure the blockchain back to the original chain fork.

Bitcoin, NXT, Vericoin, and Ethereum have all found themselves facing the same dilemma of large-scale thefts, and each community has responded differently. Bitcoin has experienced multiple major thefts, but has never considered forking to reverse the theft.

Although the exchange rate of Bitcoin has dropped every time a theft occurs, it always recovers eventually.

List of major Bitcoin thefts

In July 2014, the MintPal exchange was hacked and 30% of the total supply of Vcoins, worth $2 million, was stolen.

As a result, the developers of Vircoin implemented a hard fork and recovered the stolen coins.

After that, its exchange rate was not very good.

In October 2014, BTer was attacked and lost 50 million NXT, worth $1.75 million, accounting for 5% of the NXT supply.

The developers and community chose not to conduct a hard fork. Its exchange rate did not perform well either.

On June 17, 2016, a vulnerability in The DAO’s smart contract caused nearly 4 million Ether worth tens of millions of dollars to be siphoned away; in the following days, the exchange rate was cut in half.
On July 20, Ethereum executed a hard fork, returning funds to the original owners. The exchange rate rose by 15% in the following days.

History shows that there is no clear answer as to how an emergency hard fork would affect user confidence in a cryptocurrency.

I suspect that an emergency situation would only expose the robustness of the human consensus behind the blockchain. If the humans are a cohesive group, they can fork or not fork and remain in consensus. Otherwise, they can have a contentious fork that only undermines the machine consensus.

Marc Andreessen once predicted that “libertarians will turn to Bitcoin”. He said this was due to the misconceptions that many initially held about Bitcoin’s privacy. I think Andreessen’s prediction may come true, but I think for different reasons.

Cryptographers will continue to improve Bitcoin’s privacy; this will interest libertarians. However, as Bitcoin becomes more mainstream, the social consensus around it should be able to change.

If this happens, we may not see as many libertarians turning to Bitcoin as Bitcoin turns to libertarians. It is for this reason that I believe we teach users the history behind Bitcoin as a way to instill cypherpunk values ​​in them.

“A blockchain can only be as immutable as its community wishes. Physical world consensus trumps machine consensus. — Jameson Lopp (@lopp) June 20, 2016”

The benefits of immutability

While Bitcoin is still primarily viewed as a digital currency, it is essentially a timestamped log with special properties.

Therefore, it can have many more uses besides payments and value storage. I proposed some alternative use cases a few years ago, and the list is growing.
Factom Chief Scientist Brian Deery has written an excellent history of timestamping, arguing that a secure timestamping record is not feasible until secure digital value exists.

Deery wrote:

“There needs to be a way to attract people to the strong hash chain, and a good way to do that is to give them money.”

While some purists may claim that Bitcoin is just a currency and should not be used for non-monetary purposes, the system itself is agnostic. From the Bitcoin protocol, as long as there is a competitive transaction fee that allows users to 'buy' limited block space to confirm transactions, there will be no spam transactions.

“The Bitcoin blockchain is finally starting to fulfill its promise for non-monetary uses — Arvind Narayanan (@random_walker) July 12, 2016.”

“The use of op_return is growing steadily, with at least 10 major protocols using it. — Harry Kalodner (@hkalodner) July 11, 2016”

You can easily take advantage of this timestamping functionality through user-friendly services such as Eternity Wall , Virtual Notary , P roof of Existence , and BlockNotary .

Going beyond the simple concept of timestamping files, more complex services are anchored to the Bitcoin blockchain to benefit from its immutability. Anchoring basically means that a service takes every meaningful piece of data in its system and computes a hash of each that can be used to verify the state of the system.

This hash is then stored periodically in the Bitcoin blockchain. This hash can be generated in different ways, a common method is to build a Merkle tree of all the data and then store the Merkle root as an anchor.

It is important to note that anchoring does not automatically make the service’s data immutable like Bitcoin’s data, but it does provide a strong guarantee that any tampering will be obvious. The recommended best practice for these services is to provide users with easy-to-use tools to verify the state of the system’s anchor.

Why is this so important? I think Factom CEO Paul Snow answered it best:

“One of the things about immutable ledgers is that they are honest, because it’s very hard to know what lie I want to tell tomorrow today. If that lie has to be in the ledger, then I won’t know what that lie is until tomorrow, and basically my ability to lie is greatly reduced.”

Some services that are anchoring to Bitcoin:

1. BitPay’s ChainDb

2. Blockstack

3. Counterparty

4. Factom

5. Openchain

6. Tierion's free API for Chainpoint

7. MIT Media Lab’s Digital Certificates Project

8. Keybase

Keybase is a great example of an effective use case for Bitcoin pegs, as it allows you to associate multiple identities around the network with your PGP key, which is then linked to your Keybase key. The service then creates a kind of Merkle tree of all Keybase keys and stores the root on the Bitcoin blockchain every 6 hours.

Blockstack initially used Namecoin’s blockchain as an anchor, but has now switched to Bitcoin because they believe no other blockchain comes close to Bitcoin in terms of completeness.

Sidechains also anchor Bitcoin to facilitate entirely new blockchains, encrypting the value of their link to Bitcoin.

You could even theoretically build sidechains of sidechains, essentially creating a ‘tree’ of cryptocurrency pegs.

Rootstock intends to anchor to Bitcoin as a sidechain through a hybrid two-way peg in order to bring more smart contracts to Bitcoin. Liquid is a Bitcoin sidechain that enables faster settlements between Bitcoin exchanges.

John Light summarized the above projects in a ‘Bitcoin Maximal’ tweet:

“Namecoin -> @BlockstackOrg
Steemit -> @YoursNetwork
Ethereum -> @RSKsmart
NXT -> @CounterpartyXCP

There is no reason to use altcoins anymore. .

— John Light (@lightcoin) July 12, 2016”

It would make more sense for many institutions to build their own blockchains rather than leaving low-level development in the hands of Bitcoin developers. The immutability of Bitcoin’s settlement layer has value to these institutions, but they may find little value in Bitcoin’s other properties, all of which they can have thanks to the peg.

The initial hype around Bitcoin has now turned to blockchain technology. But eventually the boundaries between public and private blockchains will blur.

Immutability is immutability

The strength of a distributed consensus system depends on its anchoring.

The main anchor must be a consensus algorithm that will handle the bulk of the work to keep the system together. A PoW-based algorithm should be preferred because it anchors the blockchain to the outside world through external resource consumption.

A secondary anchor for a distributed consensus system is its community and governance structure. This serves as the basis for the system to fall back to in case the machine consensus fails for some reason (is about to fail, or needs to be upgraded).

Immutability is impossible to measure precisely.

When we describe a blockchain as “immutable,” we are broadly claiming that there is a guarantee that the contents will never be changed.

However, from a machine consensus standpoint, this is a probabilistic guarantee that can never reach 100%. From a social standpoint, we can only measure the immutability of a blockchain by its history, with an educated guess about the future based on community-held values.

“Bitcoin is an anchor of trust. The system provides the most reasonable degree of certainty for a system that requires a shared opinion. — Eric Martindale (@martindale) April 24, 2016”

By using a strongly anchored blockchain as a foundation, an ecosystem of many chains can be developed.

Thus, Bitcoin can become the 'blockchain to rule them all' while fostering blockchain diversity. If you need a strong proof of your service's data integrity, don't choose the second best anchor for the most trusted chain.