Elastos employs a dual consensus mechanism to secure and update its blockchain. The main component of its consensus mechanism is called merged-mining (AuxPoW), though it uses a secondary component called Delegated Proof of Stake (DPoS) as well. DPoS depends on a democratically nominated assembly of nodes to vet for valid blocks before posting them to a blockchain. Merged-mining, on the other hand, is a method of securing one blockchain by utilizing the mining efforts conducted on a separate blockchain . In order to successfully implement merged-mining, two related blockchains must use the same consensus mechanism. Elastos uses PoW (Proof of Work) as its underlying consensus mechanism and merged-mines with the Bitcoin blockchain. In order to cultivate a comprehensive understanding of merged-mining, it is important to first examine the infrastructural architecture of the Bitcoin blockchain.
Blocks And Blockchains
If not otherwise stated, the information presented in the following section refers to the Bitcoin blockchain.
A block is essentially a bunch of data. This data includes the block header and a full list of valid transactions.
The block header contains several items. Among them is the timestamp of the block, the hash of the previous block, the Merkle Root, the difficulty level, and an arbitrary input value called a Nonce. A hash is a long string of numbers and letters which is used to uniquely identify a block. The hash of a block can be likened to a “Social Security Number” of sorts. No two blocks have the same hash value, just as no two US citizens have the same social security number.
A timestamp contains the specific date and time data that identifies when the block was published.
A Merkle Root is a particular method of consolidating all of the transactions in a given block, so as to represent them with a single hash value in the block header.
Hashes are created by deterministic algorithms called hash functions. A hash function is a mathematical process that takes input data of any size, performs an operation, and returns output data of a fixed size. The output data is called the “hash” of the input data and generally consists of a string of letters and numbers. Bitcoin uses the SHA256 hashing function, which indicates that the fixed size of the data output is 256 bits. A bit is the smallest unit of data stored in a computer, represented by either 0 or 1.
Rather than expressing the hash as a string of 256 zeroes and ones, the output is converted to hexadecimal numbers. Hexadecimal numbers are expressed in the form of alphanumeric characters (0-9 and A-F), where each alphanumeric character accounts for 4 bits – that is, a series of 4 digits that are either 0 or 1. For instance, the hexadecimal number “2” represents 4 bits as “0010.” For a given input, the output of the SHA256 hashing function will always produce the same, unique string of 64 alphanumeric characters corresponding to that data. While the output is deterministic, it has no observable relation to the input, and thus cannot be used to source the original input. Even a minor change to the input data results in a hash value that is entirely different and does not resemble the previous output. Thus, a hash can be thought of as the “digital signature” of a particular set of data. For example, an input value of “Elastos” produces a completely different hash than does the input value “ElastOS.”
When a newly formed Bitcoin block is published to the blockchain, its unique hash is formed by inputting all of the data in the block header into the SHA256 hashing function.
The Nonce is a 32-bit arbitrary random number in the block header. Unlike the rest of the elements in the block header, the Nonce is chosen at random by the miner who is constructing a block and can be continually modified. Because hashing functions only require a minor change in input to produce a totally different hash output, block producers continually modify the Nonce in an attempt to arrive at a valid hash output, as specified by the difficulty target.
The difficulty level is a field in the block header which determines how challenging it is to find a valid hash for the current block. The difficulty target sets a quantitative threshold underneath which the hash output must fall by requiring that the hash begins with a minimum number of leading zeros. To understand the implications of a given difficulty level, consider that each bit in a 256-bit hash output is represented by either a 0 or 1. If the difficulty specifies that the hash must contain 12 leading zeros, it requires that the first 48 bits be zeroes, as “0” in hexadecimal translates to “0000.” The likelihood of producing a hash with 48 leading zeros can be equated to a coin flip landing on heads 48 times in a row. Such an outcome corresponds to a probability of (½)^48, or 1 in 281.5 trillion!
A Blockchain is a string of time-stamped blocks that are cryptographically linked by a hashing algorithm. Each successive block contains the hash of the previous block, and each block’s own hash is formed in part from the hash of its predecessor. The result: a chain of blocks linked by one another’s hashes.
Although each block contains the hash of only the previous block, it depends upon all of the blocks that came before it. The current block’s hash depends upon the previous block’s hash, which itself depends upon the previous block’s hash, which itself depends up the previous block’s hash, all the way back to the blockchain’s seminal block, often referred to as the Genesis Block. Consequently, if any block prior to the most recent is altered in any way, the hash of every subsequent block must change accordingly in order for the chain to remain valid.
So, to rehash (get it?): a blockchain is essentially a chain of blocks, each of which contains a list of valid transactions and a few other pieces of information. In other words, it is a ledger containing every transaction that has ever occurred in a particular blockchain network. While a blockchain is defined by the sound structural elements described above, the magic of its myriad use cases lies in how it is secured and updated.
Miners, Consensus, and Proof of Work
Blocks are added to the blockchain by entities called miners. Miners validate transactions, construct blocks, and record them on the blockchain ledger. They also keep a copy of the blockchain ledger on their hard drives. Anyone with the proper hardware who downloads the relevant software can become a miner. Each blockchain has its own rules concerning what constitutes a valid transaction, and how blocks are added to the chain. In order for a new block to be added to the chain, the majority of miners must reach a consensus as to its validity.
Consensus is achieved when the majority of miners in a blockchain network agrees on the addition of a new block. A consensus mechanism determines the process and rules by which the network of miners reaches consensus regarding the addition of a new block and the state of the blockchain as a whole.
Bitcoin uses a consensus mechanism called Proof of Work. Proof of Work (PoW) is an algorithm which requires miners to perform work in the form of CPU power, and then provide proof of the work they performed in order to add their candidate block to the blockchain. A candidate block is a block that has been successfully constructed by a miner, but which has not yet been confirmed as valid by a consensus of the network. Every miner in the network is competing to ‘solve’ the next block to add to the chain. A miner’s ability to “solve” the next block is contingent upon its capacity to arrive at a satisfactory hash output for the current block. In other words, each miner works to create a candidate block whose hash falls below the present difficulty level.
Here’s how the process unfolds:
- Each miner constructs a candidate block by gathering all valid transactions from recent transaction pool and building a block header. It is the job of each miner to ensure the transactions are valid – that is, to ensure the user attempting to send bitcoin actually has the available funds. If a transaction is invalid, miners will not include the transaction in their respective candidate blocks.
- When a miner inputs its newly created block header into the SHA256 hashing function, it outputs a 256-bit hash, expressed in hexadecimal.
- The miner then checks the newly created block’s hash to determine if it satisfies the conditions set forth by the current difficulty level, as set by the Bitcoin network. Recall that the difficulty specifies the minimum number of leading zeros that must be present in a block’s hash.
- If a miner hashes the candidate block and the hash does not meet the difficulty criteria, the miner must rehash the block. However, in order to change the hash output, the miner must make at least one change to the hash input. In a block header, all information describes the precise contents and nature of the block itself, save for the nonce. Because the nonce is a random arbitrary value, the miner can modify the nonce without compromising the integrity of the block, and then rehash the block in the hopes of outputting a hash that satisfies the present difficulty level.
- Once a miner inputs a Nonce that produces a valid hash for its candidate block, the miner broadcasts its solution to all the miners in the network. The other miners confirm the validity of the hash by inputting the values in the block header for themselves. If the majority of miners confirm that the solution is, in fact, valid, they reach a consensus, and the block is added to the chain. The Nonce serves as Proof that Work was done. This consensus algorithm is called “Proof of Work” in reference to the fact that the only way to find a Nonce that solves the current candidate block is through random guesswork, which requires a great deal of computing power.
Block Times And Difficulty
As discussed earlier, difficulty is effectively a built-in mechanism that enables the Bitcoin network to autonomically adjust how challenging it is to find a valid hash for the next block. Functionality aside, the difficulty level plays a major role in maintaining a block time of 10 minutes. When more miners join the network, total computing resources – and as a result, hashing power – increases, and miners are able to input many more nonces in a given time interval. As a result, blocks are solved and posted to the blockchain at a faster rate. In order to temper the speed of block generation, the Bitcoin network reassesses the difficulty level periodically – every 2,016 blocks, or every 2 weeks’ worth of 10-minute blocks, to be exact. If the Bitcoin network determines that blocks are being produced too rapidly or too slowly, it will increase or decrease the difficulty respectively, by adding to or subtracting from the leading zeros required of the hash output.
But Why 10 Minutes?
The Bitcoin blockchain serves as a platform which supports the seamless and secure storage and exchange of value in digital form. Bitcoin’s native token, bitcoin, is the currency by which value is secured and transferred. Therefore, in order to make its network useful, Bitcoin leverages the mining process to not only secure its network and record transactions but also to distribute its coins in a just and merit-based fashion. For whenever a miner successfully solves a block, he or she is presented with a block reward. A block reward refers to the bitcoins that a miner is allowed to grant his or herself upon solving a block. At the outset of Bitcoin in 2009, miners were allotted block rewards of 50 BTC per block, though that number rests at 12.5 BTC per block 9 years later, as block rewards halve every 4 years.
10 Minute Blocks, 50 BTC Block Rewards, 4-Year Reward Terms: What Gives?
Don’t be fooled – these values are far from arbitrary; each serves a powerful economic purpose in the Bitcoin ecosystem. For any currency, an inflation schedule – the rate at which the currency’s supply is expanded – must be carefully implemented and sustained over the long term. If a currency is inflated too quickly, it enters a state of hyperinflation, and its rapid devaluation becomes so severe that individuals refrain from holding it, thus killing the entire ecosystem. On the other hand, if inflated too slowly, a currency experiences a steep rise in value, which incentivizes individuals to hold it rather than spending, which diminishes its economic utility and can be equally damaging to the ecosystem.
Bitcoin debuts a unique currency the world has not yet seen: one that is not managed and controlled by the constituents of a central bank but rather is governed by trustless code. Because bitcoins are rewarded to miners who solve blocks as opposed to being manually printed and distributed by the trusted figures at the head of a central bank, the speed at which its blocks are created and posted directly affects the rate at which the supply of its currency is expanded. Thus, in order to ensure a steady rate of inflation within each 4-year term, the Bitcoin network continually reevaluates block generation times and adjusts the difficulty level accordingly every 2,016 blocks. In order to slow down inflation over time as Bitcoin advances toward mainstream adoption, the block rewards continue to be halved at 4-year intervals.
In addition to nailing down sound economic principles and monetary policy, Bitcoin’s 10-minute block time establishes a sufficient time interval in which miners can become aware of recently posted blocks, and begin building on them. Once a miner successfully solves a valid block and posts it to the blockchain, the rest of the miners that are in the process of solving blocks that contain the same transactions as does the posted block are effectively performing obsolete work. It may take up to one minute for these miners to receive notice that a block has been produced so that they can begin sourcing transactions from the new transaction pool and work on solving the next block. A 10-minute block-time offers all miners sufficient time to continually respond to blocks posted by other miners, and to continue to redirect their efforts to the next block in sequence. The result: very little time – and thus energy – is wasted producing obsolete blocks. In this way, a periodically adjusted difficulty level serves to both establish sound monetary policy and optimize systemic energy efficiency within the Bitcoin Network.
So then, What’s the Purpose of PoW?
Proof of Work’s most vital role is to ensure the immutability of the transaction ledger and thereby maximize network security. Imagine the current block height is 50, and a malicious entity intends to modify a transaction from block 10. Recall that all transactions in each block are combined into a single hash called the Merkle Root. If the malicious entity modifies even a single transaction from block 10, block 10’s Merkle Root will be altered, which will, in turn, alter the hash of block 10. However, since each successive block contains the hash of the previous block, the entire chain of blocks beyond block 10 will be altered as well. The new hash of the now-tempered block 10 will not match with the old hash of block 10 stored in block 11. To add to the chaos, block 10’s newly modified hash will be random, and it is therefore astronomically unlikely that its new hash will satisfy the corresponding difficulty level, therefore rendering it invalid.
When the malicious entity broadcasts a block modification, all miners are quick to see that the hash of block 10 contained in block 11 no longer matches, and will refuse to accept or acknowledge the change. After modifying a transaction in block 10, the malicious entity would have to re-mine block 10 – by way of continually inputting nonces – in order to find a hash that satisfies the difficulty level, and then use that hash to create a new block 11 with a consistent hash. Since block 11 would then change, the entity would need to re-mine block 11 and use that hash to make a new block 12. The ill-intentioned entity then has to repeat this process up through the current block.
Under such a scenario, modern computing speeds make it rather easy to change the hash of a block, and quickly to update the hashes of subsequent blocks, creating the illusion that the chain was never broken. In actuality, hashing is a very simple operation, and in this example, from block 10 to block 50, only 40 hashes are required. To put that in perspective, the fastest mining machine on the market can perform 1.29 trillion hashes per second!
But it is here where Proof of Work reveals the genius that lies at the heart of its complexity. Proof of Work requires miners to perform work in the form of electricity-generated CPU power in order to solve and add blocks to the blockchain by requiring that the each block’s hash falls below a predetermined difficulty level. By virtue of this conditionality, a miner must repeatedly input nonces until it produces an astronomically rare hash, as set by the Proof of Work consensus algorithm. It is hard enough to solve one block, let alone tens, hundred, or even thousands in sequence. Thus, the malicious entity must expend computing power in order to solve Block 10 after changing the transaction within it. Then, the malicious entity must recreate the entire blockchain from block 10 to present by producing tens, hundreds, or even thousands more valid hashes, all while significantly outpacing the rest of the network, which continues to dedicate all of its computing power to mining new blocks on the original, valid blockchain.
The involved electricity costs make block generation an exceptionally expensive process. The deeper an entity goes in the Blockchain to make a change, the more blocks it must reproduce, and so the harder and more costly it becomes to make that change. At a certain point, it becomes practically impossible. This is why PoW Blockchains become more secure as the total hash rate of the network increases. A higher total hash rate means the difficulty of adding blocks to the chain increases, and thus the costs for a malicious entity to recalculate those blocks also increases. For a blockchain like Bitcoin that has amassed truly immense hashing power, solving even one block is incredibly labor-intensive and costly. It is for this reason that PoW blockchains with sufficient cumulative hash rate are considered practically immutable and therefore provision superlative security to the participants in their networks.
Double-Spends, 51% attacks, and Economic Incentives
Bitcoin is an amalgamation of several technologies that predate its inception. Bitcoin’s primary innovative triumph lies in its intrinsic solution to the problem of “double-spend.” The double-spend problem arises from a digital currency’s intrinsic, intangible attribute. Because digital currencies have no physical form, they are easy and near-costless to duplicate, leaving their networks prone to having a single unit sent to two different addresses – in other words, a double-spend. While some fortunate users may get away with temporarily doubling their buying power, such an exploit would make Bitcoin’s use as a currency unfeasible. Fortunately, Bitcoin leverages blockchain technology to prevent double-spend, as illustrated in the following example:
Suppose an individual attempts to spend the same Bitcoin twice. The spender creates two transactions (Transactions A and B), and enters them into the pool of transactions awaiting confirmation. The scenario holds two potential outcomes:
- Transaction A is included in the next block and added to the blockchain, while Transaction B remains in the transaction pool yet to be confirmed. When a miner attempts to add Transaction B to the next block, it is immediately identified as invalid, as that bitcoin has already been spent by the same address in Transaction A. Transaction B is discarded, with no harm done.
- Two different miners each add one of the transactions to their respective candidate blocks. They both broadcast their blocks to the network at nearly the same time. This causes the network to split into two chains; one containing the Block which holds transaction A, and the other containing the Block which holds transaction B. The result produces what is known as a fork. A fork describes a condition in which a blockchain temporarily branches off in two directions when two valid blocks are produced simultaneously. In this circumstance, only one chain can be considered valid, otherwise, a double-spend may occur.
Note that a single miner will never include both Transaction A and Transaction B in the same block, as that is one of the transaction validation checks.
A blockchain fork is very similar to a fork in a path, where the path essentially represents a split in the network of nodes. In other words, all miners are not in agreement, and have to decide which block to build on – that is, which path to take. For the Bitcoin blockchain, miners follow the rule that the longest path is the correct path, and always continue to build upon that path by linking new blocks to it. When the two blocks – one containing Transaction A, and the other, Transaction B – are broadcast to the network, some miners will receive the block with Transaction A first, while others will receive the block with Transaction B first. When a miner receives either block, it considers the block valid and starts working to solve the next block. If the miner does successfully solve the next block, it will add the block to its side of the path, and so increase its length. The first chain to add another block becomes the valid chain, as the network will observe that chain as the longest. The other chain is discarded, along with the transaction which would now be considered a double-spend. If both chains again add the next block simultaneously, then the first one to add an additional block becomes the valid chain. Adding a block is considered a confirmation, and the more confirmations that occur after a certain block, the more certain a user can be that the transactions in that block will be permanently added to the chain. It is for this reason that it is said that one should wait for at least 6 confirmations in order to be absolutely sure that a transaction is considered valid.
While this process solves the problem of double-spend, it still remains vulnerable to potential exploits, the most notable of which is referred to as a 51% attack. A blockchain network becomes prone to a 51% attack when an entity gains control of more than 50% of its total hash rate. Under this condition, the entity controlling the majority of the hash rate can produce blocks at a faster rate than the rest of the network. Recall that in the case of Bitcoin, the longest chain is considered the valid chain. A malicious entity controlling 51% of the hash rate can produce blocks privately until it surpasses the length of the public chain. At its discretion, the malicious entity may then broadcast its private chain, and all miners have no choice but to accept it as the valid chain. Such a plot – if executed successfully – enables a malicious entity holding 51% of the hash rate to engage in nefarious tactics:
- Double-Spend: The malicious entity spends some Bitcoin to purchase goods, waits for the transaction to be confirmed on the network, and then posts its own private chain, which does not contain a record of the transaction. In this scenario, the malicious entity effectively makes away with stolen goods, as its payment never goes through to the merchant.
- Transaction Censorship: The malicious entity effectively blocks certain transactions from being executed on the network by creating its own private chain and omitting transactions from certain addresses.
The attacker cannot:
- Reverse other users’ transactions
- Change the number of coins generated per block
- Create coins out of thin air
- Send coins which it never owned
A 51% attack presents a serious blow to the integrity of a blockchain. If users are to trust a Blockchain, the likelihood of a successful 51% attack must be slim to none. For Bitcoin, the entry opportunities for malicious entities are bleak and extremely labor-intensive, because acquiring 51% of the total hash rate in the Bitcoin network is both highly competitive and expensive. However, there is yet another factor that serves to deter bad actors from even attempting to overthrow Bitcoin’s blockchain network. Rather than warding off malicious entities with preventative measures, Bitcoin leverages the Proof of Work consensus mechanism to employ a profound cocktail of competitive dynamics and incentive structures to diminish the potential for network attacks.
To do this, the Bitcoin Blockchain incorporates basic ideas from Game Theory. Game Theory is essentially a branch of mathematics concerned with examining strategies for dealing with competitive situations involving multiple rational decision makers. It aims to predict the choice of a player in a situation where the outcome of a player’s choice critically depends on the choices made by other players. Game Theory’s most famous economic example is known as “The Prisoner’s Dilemma,” though a quick google search will provide lots of great examples.
As a quick example, imagine playing a game of poker where every player can see the cards held by each of the other players. Additionally, the only winning hand is a full-house. In this scenario, where transparency is compulsory, a player’s chances of winning are reduced to the luck of the hand he or she is dealt. Now imagine the game’s rules allow each player to draw as many cards from the pack as he or she likes, drawing one at a time, and discarding another in its place. But each time a player draws a card, he or she must pay a fee. Suddenly, competition has been introduced into the game as players can now race to have the best hand. The more cards a player draws, the greater the chance of creating a winning hand. However, the more often a player draws a card, the more money he or she has to spend, meaning there’s a greater cost to players who draw more cards. In addition, If a player is caught cheating, he or she is immediately eliminated from the game, and therefore loses all the money he or she has invested in an assembling a winning hand. If the player remains honest and manages to win the game, his or her reward covers all costs and provides him or her with a healthy profit.
The above scenario serves well to parallel the manner in which mining incentives are built into the Bitcoin network, where drawing additional cards is analogous to buying more hash power.
Bitcoin’s incentive structure primarily serves to reward good behavior, and discourage bad behavior. Quite simply, in the Bitcoin network, it is more profitable to be a good actor than a bad actor. The primary means by which participants in the Bitcoin network earn bitcoin is by earning block rewards. Since all miners compete with one another to solve blocks, the natural outcome that arises is one where miners strive to offer the network more hash power than their peers. Consequently, the network amasses a greater cumulative hash rate, which in turn heightens barriers to entry, thus tightening the security of the Bitcoin blockchain. Since much of the value of Bitcoin is tied to its network security, a greater cumulative hash rate results in a higher fundamental value of the Bitcoin network. By increasing the value of the Bitcoin network, miners are further incentivized, which produces more competition.
This positive feedback loop has accelerated to the point where taking over the Bitcoin network has become prohibitively difficult. Today, the cost of acquiring a majority of the total Bitcoin hash rate is so high that only a few ultra-wealthy entities have the resources to attempt such a feat. However, even if an entity managed to obtain such an immense hash rate, the cost to do so would far outweigh the potential profits gleaned from making out with a few stolen goods. An entity capable of gathering such enormous hash power would, however, stand to make substantial profits if it were to use its hash power to mine on the Bitcoin blockchain, and serve the network as an honest node.
Also, malicious entities need to invest huge sums of money in specialized ASIC mining hardware in order to attack the Bitcoin network. But if a successful attack is carried out, the Bitcoin blockchain’s lack of security becomes exposed, and its users abandon the network. At this stage, the massive investment set forth by the malicious entity is no longer useful, as the giant network it once sought to conquer is now feeble and barren. Because the only reward offered by the network is denominated in BTC, attacking the network inadvertently devalues any potential reward.
In this way, Bitcoin has created an ingenious, comprehensive incentive structure where, for the first time, the benefits of acting honestly outweigh those of cheating. This is what is truly profound about Bitcoin: it does not fend off bad actors; rather, it transforms them into honest nodes.
Such an incentive structure was prophesied by Satoshi Nakamoto when he unveiled the source code back in Bitcoin’s early days:
“The Bitcoin Network might actually reduce spam by diverting zombie farms to generating bitcoins instead.” ~Satoshi Nakamoto
Now that we have covered the basics of the Bitcoin Blockchain, we can proceed to Elastos and Merged Mining.
The part two of this series will be released sometime next week. Stay tuned!
Feel free to check out more about the team that worked on this article and apply to join if you would like to get involved in the future: Join Elastos in a Nutshell team
. BeckyMH. (2018, October 22). Merged mining specification. Retrieved from https://en.bitcoinwiki.org/wiki/Merged_mining_specification
. Khatwani, S., Teddy, Appelberg, I., Palash, Juan, Lucas, . . . DJ AFINO. (2018, October 11). What is Double Spending & How Does Bitcoin Handle It? Retrieved from https://coinsutra.com/bitcoin-double-spending/
. Running A Full Node. (n.d.). Retrieved from https://bitcoin.org/en/full-node
. Judmayer, A., Zamyatin, A., Stifter, N., Voyiatzis, A. G., & Weippl, E. (2017). Merged Mining: Curse or Cure? Lecture Notes in Computer Science Data Privacy Management, Cryptocurrencies and Blockchain Technology, 316-333. doi:10.1007/978-3-319-67816-0_18
. (n.d.). Retrieved from https://satoshi.nakamotoinstitute.org/posts/bitcointalk/532/
. Namecoin. (2018, Nov. 22). Retrieved from https://en.wikipedia.org/wiki/Namecoin
. R/Namecoin – Merged Mining: Curse or Cure? (Interesting paper from SBA Research). (n.d.) Retrieved from https://www.reddit.com/r/Namecoin/comments/6xbsb6/merged_mining_curse_or_cure_interesting_paper/
Charles Coombs-Esmail[u/C00mbsie on reddit]
Amos Thomas[aka Famous Amos on youtube]
Michael Ekpo[aka adeshino on discord]