Lecture 2.4: Incentives and proof of work
Assumption of honesty is problematic
Can we give nodes incentives for behaving honestly?
Everything so far is just a distributed consensus protocol, but now we utilize the fact that the currency has value.
Incentive 1: block reward
Creator of block gets to
- include special coin-creation transaction in the block;
- choose recipient address of this transaction;
Value is fixed: currency 25 BTC, halves every 4 years.
Block creator gets to “collect” the reward only if the block ends up on long-term consensus branch.(It incentivizes nodes to behave in a way that they think other nodes are going to agree with in creating the next block of the block chain)
There’s a finite supply of bitcoins
Here is the total number of bitcoins in circulation:
Worth noting that this is the only way in which new bitcoins are created, there is no other coin generation mechanism, so this new block creation reward is actually gonna run out.
So does it sound a bit weird? Does that mean that system will stop working and become insecure because nodes no longer have the incentive to bahave honestly? —— There is quite another incentive mechanism.
Incentive 2: transaction fees
Creator of transaction ca choose to make output value less than input value;
Remainder is a transaction fee and goes to block creator;
Purely voluntary, like a tip;
Remaining problems:
- How to pick a random node?
- How to avoid a free-for-all due to rewards?
- How to prevent Sybil attacks?
It turns out that all these problems are related, and all of them have the same solution.
And that solution is called Proof of Work.
Proof of Work
Instead of picking a random node.
To approximate selecting a random node:
select nodes in proportion to a resource that no one can monopolize.
- In proportion to computing power: proof-of-work
- In proportion to ownership: proof-of-stake
Equivalent views of proof of work
- Select nodes in proportion to computing power;
- Let nodes compete for right to create block;
- Make it moderately hard to create new identities;
Hash puzzles
PoW property 1: difficult to compute
PoW property 2: parameterizable cost
Nodes automatically re-calculate the target every two weeks
Goal: average time between blocks = 10 minutes
Prob(Alice wins next block) = fraction of blobal hash power she controls
Key security assumption
Attack infeasible if majority of miners weighted by hash power follow the protocol.
Solving hash puzzles is probabilistic
Bernouli trials, approximated by a continuous probability process:
Overall, the network automatically adjusts the difficulty so that the inter block time is maintained at an average long-term of 10 minutes.
For indicidual miner:
mean time to find block = 10 minutes / fraction of hash power
PoW property 3: trival to verify
Nonce must br published as part of block
Other miners simply verify that H(nonce || prev_hash || tx || ... ) < target