Don't roll your own consensus algorithm, and the dangers with pre-consensus for Bitcoin Cash

17 521
Avatar for noise
Written by
3 years ago

There's a famous saying in the world of cryptography that states that you should never roll your own crypto. It's popular because it's extremely hard to get it right, and you should in 99.999% of all cases use an existing algorithm or library instead of creating your own.

Writing your own cryptography should only be done in extreme circumstances, and only by experts who dedicate their lives to cryptography. And even they get it wrong and vulnerabilities in existing algorithms and implementations are found routinely.

Even Bitcoin, which I consider one of the biggest inventions in modern times, did not roll it's own cryptographic functions. It only uses plain, boring and most importantly old cryptography. It's battle-tested so we know it's solid. And if, god forbid, public-key cryptography is broken we have bigger problems, as it would break the whole internet.

But Bitcoin did contain one big innovation; the consensus algorithm. Aligning the miners' incentives with that of the network's by using proof-of-work (POW) is the true genius of Bitcoin, and is to me the important property that must not be compromised. Therefore I'd like to adapt the saying for us in the cryptocurrency space:

Don't roll your own consensus algorithm

There is nothing better than POW

There have been many attempts at improving POW, such as proof-of-stake (POS), delegated proof-of-stake (dPOS), proof-of-capacity (PoC) and more. They've all promised impressive improvements over POW, like massive scaling or fee-less transactions, but to this day they all suffer from serious unsolved flaws. With POW for example you have to continually invest to stay relevant, both in energy cost and new mining equipment, but with POS you do nothing but sit on your coins. Once you capture a majority in a POS system, you'll be able to keep it for a long time, and there's not a whole lot people can do about it.

I understand the want to solve the problems with POW, such as the large waste of energy, but it seems it's just really hard to come up with anything as good as POW, and I don't think people have fully grokked this yet.

Take Avalanche for example. It's a very cool idea that in theory can confirm transactions in just a few seconds. That's an amazing upgrade over Bitcoin where it's expected to take around 10 minutes for a confirmation. But the flaw is that Avalanche doesn't actually work by itself, for the system to work it needs to be augmented with a mechanism for sybil resistance, such as POW or POS.

The dangers with pre-consensus

Given the very nice benefits Avalanche could give us, it's attractive to try to leverage it for Bitcoin Cash. Perhaps as a form of pre-consensus, which would help make 0-conf much more secure and help miners synchronize their mempools, making blocks propagate faster and increase our scaling potential.

Amazing!

But hold on, first there's a big decision we need to make:

Should Avalanche be allowed to orphan blocks?

If the answer is no, there's no issue here. It may cause Avalanche to lose effectiveness, but there's no real danger with using it for Bitcoin Cash.

But if the answer is yes, then our Spidey Sense should tingle. What we're really saying is that Avalanche consensus can cause miners to ignore the longest chain rule and say that a shorter chain is the one we should mine on. This introduces more weak subjectivity that subverts Bitcoin's consensus algorithm, and substitutes it with rules that you can only follow if you're online and record the actions on the network.

This means that when you bring a node online, the longest chain is not necessarily the one you should follow! It's not like the Bitcoin and Bitcoin Cash split where each chain have different rules and your client can tell that one is invalid. Here both chains are valid, it's just that one is wrong for reasons you cannot identify. This is why the longest chain rule is so important, otherwise poor users such as you and me are completely lost.

As an aside ABC (and also BCHN) already subverts the longest chain rule by finalizing the chain after 10 blocks, which could in theory lead to a chain split. The difference with the Avalanche case is that a 10 blocks advantage is quite unlikely to happen, but with Avalanche the difference would be immediate from block #1.

If we do want Avalanche to orphan blocks, we still need to answer two questions:

  • How should Avalanche sybil resistance be decided?

    Should it use the latest 100 blocks and rely on POW? Or should we use some version of POS?

  • When should miners following a shorter chain switch back to the longer?

    If a block that's rejected by Avalanche still manage to be part of the longer chain, when should miners switch over?

    Should it do so after a difference of 2 blocks? 6 blocks? 10 blocks? Never?

(Note that these important questions are as of yet unanswered. Almost feels similar to how the routing problem with LN weren't addressed before it was being pushed as the solution to world peace.)

This comes very close to rolling our own consensus algorithm, which might have dangerous and unintended consequences.

For instance we run the risk of introducing the drawbacks with POS into the system, where large coin holders such as shady exchanges could capture the consensus and gain a large power over the network.

Or if Avalanche should use coin-days as sybil resistance, we run the risk of a miner with a very large amount of BCH be given dangerous power over other miners. (A while ago it was said Bitmain had over 1 million BCH.) If the miner could gain control over Avalanche consensus, they might for example be able orphan the blocks of competing miners. The miners could of course start mining empty blocks, but as the block reward moves to zero, this is in practice the same as forcing them out of business.

What if Avalanche designates a transaction as a double-spend, but a miner thinks it has a too low fee and includes so it includes it's double-spending transaction, should the miner be punished for it? Who should decide what fee is just right?

And if we say that Avalanche should always overrule the longest chain, we've essentially replaced POW with something else. We then run on Avalanche consensus, and we might as well scrap POW altogether.

If your defense then is that miners can always manually switch to whatever chain the want... Then I say we've replaced POW with proof-of-human.

Is Avalanche the future for Bitcoin Cash? Maybe. But one thing's for sure, messing with the consensus algorithm should not be done lightly.

16
$ 24.56
$ 20.00 from @MarcDeMesel
$ 2.30 from @saddit42
$ 1.00 from @ErdoganTalk
+ 9
Avatar for noise
Written by
3 years ago

Comments

True to extents,
but we should always continue to explore
how to improve on the current POW.
Which explicitly means that we need people 'out there'
considering every conceivable possibility.
We can openly examine any idea without committing to it.
(Which ABC seems to do backward - committing before openly examining.)
Like Avalanche.


The most frightening line this article:
"(A while ago it was said Bitmain had over 1 million BCH.)"
That reads like an implied POS grappling hook.

$ 0.00
3 years ago

Nice title pic...

$ 0.01
3 years ago

Picture looks out of place, but it does share your sentiments. I hope thinks work for the better, however.

$ 0.00
3 years ago

i don't really understand... why using that picture for your article? i don't get the relation between them

$ 0.00
3 years ago

change lead image

$ 0.00
3 years ago

I concur with the noise.

$ 0.00
3 years ago

nice article..but what is the connection with your image background?isnt that something to do with Mecca?Kaabah

$ 0.00
3 years ago

Different topic then why you use Mecca PIC ...Respect muslim holy places and dont use it for traffic puposes admin @Read.Cash please make some strict rules

$ 0.00
3 years ago

@noise thank you for this article. As the lead image is not in line with your content, it is advisable you change it to make your work more professional in look and thought.

$ 0.00
3 years ago

and you should in 99.999% of all cases use an existing algorithm or library instead of creating your own

@noise, first off, I'll roll whatever damn crypto I please, NO ONE TELLS ME WHAT TO DO!

aside from that (lol), this was a really great article 👏👍

there's so much attention to Avalanche these days, and I still don't fully understand it; but you made some very good points here

What we're really saying is that Avalanche consensus can cause miners to ignore the longest chain rule [...] and substitutes it with rules that you can only follow if you're online and record the actions on the network.

this is what i thought, but didn't really understand .. and I think it's CRAZY!! this is exactly why you DON'T SOFT FORK!!

For instance we run the risk of introducing the drawbacks with POS into the system, where large coin holders such as shady exchanges could capture the consensus and gain a large power over the network.

ummm .. YES!! this is where I "think" ETH 2.0 is headed, but I'll give those super-smart-dudes the benefit of the doubt, that they learnt something from EOS..

messing with the consensus algorithm should not be done lightly.

I agree .. but I'm still rolling my crypto, just because I CAN 😉

$ 0.00
3 years ago

substitutes it with rules that you can only follow if you're online and record the actions on the network.

not really, you just ask the ava validators (miner majority) which one they are mining on.

$ 0.10
3 years ago

you just ask the ava validators (miner majority)

what are "ava validators"?

$ 0.00
3 years ago

miner majority, as per last X blocks mined

$ 0.00
3 years ago

I all in favor non-orphaning Avalanche.

I am skeptical as well of Avalanche being able to orphan blocks for the same reasons as you, but we need more details before passing final judgement and information has been sparse or maybe I just haven't been following the right channels. Dunno.

$ 0.00
3 years ago

@Read.cash ..@noise why you use Mecca pic why😰??? only for traffic please dont use it again ..please change lead image

$ 0.00
3 years ago

thank you for this article. As the lead image is not in line with your content, it is advisable you change it to make your work more professional in look and thought.

$ 0.00
3 years ago

really bad article, because the answers seem obvious. Either make a stronger case or im calling this FUD.

Should Avalanche be allowed to orphan blocks? YES, in the final stage:

  1. we (nodes) have detected a double spend attempt (conflicting transactions) but we are not going to tell you which of the transactions we like more - double spend proofs
  2. we (miners) have detected conflicting transactions and we are going to tell you which of the transactions we like more, but no promises - non-orphaning ava
  3. we have detected conflicting transactions and we are going to tell you which of the transactions we like more and we guarantee it is going to be mined - orphaning ava

How should Avalanche sybil resistance be decided? POW

poor users such as you and me are completely lost? NO, you just ask the ava validators (miner majority) which one they are mining on.

they might for example be able orphan the blocks of competing miners? NOT any more they are able now. Majority of the miners deciding to attack the network invalidates the whole premise of bitcoin.

What if Avalanche designates a transaction as a double-spend, but a miner thinks it has a too low fee and includes so it includes it's double-spending transaction, should the miner be punished for it? YES

Who should decide what fee is just right? In the case of double-spends the ava validators (miner majority)

if we say that Avalanche should always overrule the longest chain, we've essentially replaced POW with something else? NO, we replaced it with the same POW dude

$ 0.00
3 years ago