The Nakamoto Consensus
Author: Christian Nyumbayire
In the first article we explained the game theory, mechanism design and the peer-to-peer networks to understand the blockchain technology better. We’ve ended up saying that the Nakamoto Consensus, the set of rules that govern Bitcoin and other systems, has been to first solution to the Byzantine generals problem applied to peer-to-peer networks open to anonymous nodes.
What we haven’t explained yet is why it has been so important to have a digital currency based on peer-to-peer networks, why the network needs to be open and why the nodes have to be anonymous. To answer all of this, first we have to make an historical digression, after which we’ll go into detail about the Nakamoto consensus.
During the ’90s there have been many attempts to build digital currencies. Since the beginning of the Internet, libertarians groups already understood its emancipative power. In a short time, a particular group was born, the cypherpunks or crypto-anarchists, that saw this technology and cryptography as instruments that could have lead to the birth of virtual communities and digital economies resilient to political attacks. Math would have guaranteed authenticity, authorship and data privacy, while Internet would have made impossible to close down these communities and economies, because it would have been impossible to do so without damaging the entire network. Digital currencies and cryptographically strengthened contracts would have guaranteed the economic freedom that was not possible in the ‘real’ world.
Other technologies, such as virtual reality, artificial intelligence, 3d printers and nano/bio technologies would have made sure that their ideas would become reality.
Among these people we can find David Chaum, a famous cryptography professor. In 1983 he invented the blind signature, a cryptographic tool that allows to send and sign a numeric value that can then be verified without being revealed. This innovation is at the root of the Chaumian currencies and what we now call confidential transactions.
In 1990 Chaum started a company in Holland called Digicash, with the intention of bringing the chaumian currencies in the financial industry. The solution was still centralised, and would have needed to be accepted by the Dutch central bank before being able to spread. The company included people of significant importance in the blockchain sector today, such as Nick Szabo and Bryce “Zooko” Wilcox-Ahearn, founder of Zcash. Chaum attempted to be funded by the Dutch central bank, but long negotiation time lead Digicash to bankruptcy.
In 1996 E-gold was born, an American company that managed and distributed a digital currency, e-gold, that could be converted into gold. E-gold started to grow around 2000, and in a short time reached a 2 billions evaluation. Despite this, in 2009 it closed down. Regulations regarding economic transactions had been tightened and company users, subscribed to the company mailing list, have been target of hacking campaigns from Russian and Ukrainian hackers. Furthermore, the currency started to be used by scammers and criminals, undermining its reputation.
At the end of the decade, three other American companies started their business in the digital money industry.
Benz and Floor were born in 1998 and 1999 respectively. Both aimed to integrate with the booming world of ecommerce and developer payment systems and incentivised some users behaviours based on their own centralised digital currency. They were never able to carry out their business because of 1999 dot-com bubble. Paypal on the other hand, born in 1998, was aiming to create a new global currency free from financial engineering, but eventually decided to change their focus to online payments, making use of the company fortune.
What what bring together these experiments is:
— lack of intrinsic value
— where these company succeeded to provide a working service, they have been target to legal and electronic attacks, the rest had to close down because they couldn’t reach profitable margins.
In 2004, Hal Finney, a well known cryptography professor, invented RPOW (Reusable Proofs of Work), a centralised payment system working on top of a currency based on proof-of-work.
POW is a protocol to cryptographically verify that a computer spent an amount of resources to compute an output. The solution is represented by a solution to a cryptographic puzzle hard and computationally expensive but easily verifiable. To produce this, Finney used hashcash, an Adam Back algorithm (famous cryptographer, now CEO of BlockStream), which requires the use of a configurable amount of CPU resources.
Despite the fact that, at that time, there used to be a number of proposal for cryptographical digital currencies, (bit-gold by Nick Szabo and b-money by Wei Dai), only RPOW was able to implement it, but it remained just an experiment.
We will now see how this technological revolution enabled the birth of cryptocurrencies, the digital cryptographic currencies.
The Nakamoto Consensus
It’s now clear that anyone that wanted to build a digital currency at the beginning of this century had to find a way to make it decentralised, hard to attack and with a real, intrinsic value. In 2008 Satoshi Nakamoto was able to deliver all of this in a peer-to-peer network, a shared data structure (blockchain) with a set of rules that we call Nakamoto Consensus.
As we’ve seen in the previous article, the only knows way to make a p2 network tolerant to byzantine problem before Nakamoto’s paper was to have a closed group (or semi-closed) of known nodes.
A network like this can be very useful in some contexts, like distributed databases, but not in a context that handles transactions with an economic value between agents that don’t know each other or are competing and could therefore have an incentive to rob one another.
All of the Bitcoin design is based on the premise that external and internal rational agents have an incentive to destroy or attempt to destroy the network or rob one another to increase their profits or to avoid any losses. On these premises, which are quite realistic, a simple peer-to-peer network would have never been useful.
The Nakamoto consensus includes a set of rules, most of which regard transactions’ validation and transactions’ blocks. The latter are transaction groups close in time, cryptographically concatenated to compose the blockchain. Despite their importance, there are not the set of rules that guarantee the security and value of the Bitcoin blockchain. Those are: mining, deflation trend and block selection rules.
Mining is the process through Bitcoins get created. It’s a proof-of-work similar to RPOW, and its difficulty increases with the usage of the network. The process is strictly related to the creation of new blocks, and the produced bitcoin quantity is recognised only by the approval of the associated block. Nodes that can “mine” bitcoin, earn the mined quantity, but with time this quantity diminishes, up to a point where the network will have produced 21 million bitcoins. Block selection rules deal with choosing which one to add to the blockchain. With Bitcoin, the blocks are selected to obtain the blockchain with the higher amount of work, meaning the most computing time spent in the mining process.
How can these simple rules guarantee the security of the network and the bitcoin value?
With Bitcoin, anyone can host a node and connect to the network. Nodes are anonymous to make them harder to target and compromise. In an open an anonymous environment it’s not possible to punish single nodes for malicious behaviour, so it has to be discouraged.
The mining process is stochastic, so it’s not possible to accurately know who will find the solution, even if the increasing difficulty of the process makes the amount of nodes able to carry out the calculations smaller. This makes mining like a lottery where participation costs are always increasing. This discourages all agents not willing to invest economic value from participating to the game. While the usage increases, and thus the value, the difficulty increases as well, discouraging anyone who wants to compromise the network. Furthermore, the increasing value forces the “honest” agents to invest more in securing their nodes and, consequently, the network.
The validation rules make sure that no honest agent is going to accept malformed blocks, because this would damage the whole network. Block selection rules make sure that only valid blocks that have enough work invested into (as in computational resources) are accepted. Even if malicious nodes wanted to promote a blockchain that benefits them, this would require an ever increasing need of resources, and consequently economic resources as well. The produced blockchain would then have to compete with blockchains produced in years and with a high amount of other very competitive nodes. This conditions secure the network, which in turn strengthens the value of the currency, given the deflations and the costs of computational resources (CPU, storage, …) and consequently economic resources (users, servers) of the mining process.
What does this have to do with mechanism design?
The mining process of Bitcoin is variant of what we call random serial dictatorship in mechanism design.
One of the most important problems in mechanism design is the resource allocation (houses, contracts, work, etc). In these cases, each agent has informations about its own preferences, which once revealed, could make it easier to execute the mechanism. Sadly, this is often not enough, because actors’ preferences are very similar if not identical between them. In these cases the best strategy is to use a random allocation.
The random serial dictatorship means that for each iteration a “dictator” gets randomly chosen and it decides what to do based on the informations it posses. It’s a random variant of the serial dictatorship. The latter sorts through a list of “dictators” based on an arbitrary (but not random) criteria, creating equity problems and increasing the probability of defection o missing participation from actor that could otherwise have participated. Bitcoin adds to this mechanism a preselection-based costly commitment.
Mining is expensive and its cost will increase as the network acquires a higher economic value. Without a similar mechanism, anyone would have an incentive to propose oneself as “dictator”, even with malicious intent or without having the capacity and requirements to secure the network.
Bitcoin forces agents that want to mine to reveal their willingness to become candidates by spending resources that may not be recovered, since the “dictator” selection mechanism is random.
In turn, deflation reinforces this mechanism, since it ensures that participants that won the lottery in the past used resources that will have a higher value in the future, as long as the network works.
The game theory shows us how it’s not possible to guarantee the resolution of non-cooperative games using just one iteration, but with sequential games (meaning more than one interaction), there are a number of possible strategies to line up incentives. The majority of these strategies is some form of collusion between agents (pacts, corruption, cartels, etc). Bitcoin lines up incentives between agents in the long term simply by using deflation, avoiding the need for expensive transactions and “political” solutions. This guarantees, in the long term, the value of the network since there’s not risk that agents find a consensus.
As we’ve seen, Bitcoin is a innovative solution to the Byzantine generals problem, a solution that allows and requires the creation and exchange of economic value in order to work. The economic value is justified by the computation resources used by nodes that intend to create money. Deflation guarantees that the interest of the network stay the same in the long term thanks to agents. The money allocation mechanism used by Bitcoin is famous to be compatible at the incentives level, but Satoshi made it stronger by implementing an expensive pre-selection process.
In the next article we’ll see the economic and social consequences of this innovation, then in the one after we’ll analyse the most relevant alternatives to the Nakamoto consensus and open blockchain.