There is little doubt that there is a necessity to provide a high degree of decentralization in distributed networks. That said, the decentralization itself has to be secured by the protocol itself via the so-called ‘consensus algorithm. Likewise, the very fact that ‘real-world conditions’ are subject to change must be taken into account as the protocol itself can scarcely address such issues if they emerge as future changes are impossible to be forecasted. If such a situation arises, an intervention of the development team is needed so that they can adjust the rules of consensus in the protocol so that they would reflect the state of affairs in the real world, effectively enabling the protocol to retain its quality.
Here, it must be noted, significant differences in the concepts of PoW and PoS exist. Therefore, let’s look at the ‘degree of decentralization’ history of Bitcoin, consider its current status and draw a comparison with the potential of Cardano PoS ‘consensus algorithm’, Ouroboros.
How to measure to what degree is the network decentralized?
A distributed network is a kind of network where more nodes make a consensus over data change. We refer to it as ‘distributed consensus’, in other words, an agreement of more entities on the protocol rules.
Firstly, let’s look at the definition of decentralization itself. The degree of decentralization is determined by the independence of its nodes. This is because, in theory, all nodes of a distributed network could have a single owner. In such a case, despite it being distributed network, it would be considered fully centralized. Arguably, in terms of an ideal scenario, each node should have a different owner, rendering the network both distributed and decentralized.
Secondly, let’s assume the geographic perspective. In terms of a globally distributed network, the desired state is such when the nodes are equally distributed across the globe. This is because, potential security risks such as all kinds of attacks and hacking endeavors, for example, by the national states have to be seriously considered and, subsequently, preemptive measures are taken. This is the reason why having all nodes in a single country, especially one with a rather authoritative, restrictive or unstable political regime, is far cry from ideal.
In the introduction, we mentioned that a protocol must reflect and react to occurring ‘real-world’ changes on the project management level. Therefore, a decentralized network calls for a decentralized and fully transparent team so that user requirements can be accounted for, that is to say, a team eager to do everything on behalf of the protocol.
For our further inquiry into the issue, it can be concluded that the higher the decentralization is, the larger is the number of independent entities with the right to propose a particular block. Accordingly, with a higher number of such entities, the risk of censorship is largely diminished as the decision-making power is distributed amongst far more ‘players.’ This vastly increases the odds that the majority will display honest behavior and conduct which will, in turn, increase the trust of users in the protocol. And the element of trust is fundamental to the larger adoption of any protocol as during peer to peer transactions, the protocol itself serves the role of an intermediary through the nodes in the network. In a nutshell, users trust pool operators who are supervised by the protocol.
Bitcoin and PoW
As far as PoW is concerned, two key variables effectively decide who wins the race to add a block; hash-rate and coincidence. However, the winner of such a race can be predicted with a high degree of probability as a higher hash rate presents a considerable advantage. Imagine, if there were only two entities, the first one with 70 % of hash-rate, the latter with the remaining 30 %. In such a scenario, the entity with a higher hash-rate will not mine 100 % of blocks, but rather 90% and the less powerful entity will have to rely on the factor of coincidence whilst searching for the right hash.
That being so, PoW unveils a major disadvantage in terms of the decentralization concept. The degree of it progressively decreases as hash-rate, with dedicated mining machines aggregated in large halls, soars. Accordingly, minor miners are less and less motivated to mine as the mining has become unprofitable with CPU and GPU utilizing miners and nowadays, in many countries, the profitability of utilizing ASIC miners comes into question as well unless the individual has an access to inexpensive electricity. With the emergence of mining pools, miners started to delegate their power so nowadays there is a new trend of purchasing hash rate from a large hall with fiat currency, effectively violating the concept of decentralization. Mining pools, its operators, respectively control hash rate and thus they gained a substantial power they now wield.
Utilizing Stratum protocol, the pools provide small miners who work on solving the given problem in a given scale, with a block template. By distributing work between individual miners, the pool increases the odds to successfully mine the targeted block and since the pool is fully responsible for creating a block and selection of transactions, therefore it can likewise apply censorship on them, adding transactions according to preference without considering the fee, or they can opt to ignore a particular transaction in its entirety. There are just ordinary people behind the pool operators and they might be forced by some attacker to do something wrong.
From the decentralization perspective, a protocol should eliminate every single point of failure. Thus, also all possible attack might be eliminated. Bitcoin pool operators are single points of failure.
From the standpoint of the protocol itself, the decentralization is not being checked at all. In the fledgling phase of crypto-projects, it did work relatively well though as there were far fewer miners who were mining on computers of comparable performance. Thus, Bitcoin used to be decentralized and resistant to censorship. This, however, no longer holds as the PoW consensus algorithm does not take into account the sheer fact of gradual centralization of mining operations with performance being delegated to large pools. The algorithm itself is not capable of identifying and so, when being presented with a valid block (from a transaction standpoint), it simply adds it into the blockchain. In other words, the PoW consensus algorithm completely ignores the possibility that the blocks could have come into existence in a centralized way or the fact that a particular entity could have censored particular transactions. The protocol has been working in such a way for years and the team around it has not addressed the changes in the environment, namely, the inception of ASIC miners, large mining halls as well as mining pools. This could be viewed as a failure of the team.
Likewise, it is important to bear in mind that blockchain fork is possible with pools being those who determine which branch of the fork the operations will continue. Here, there lies a significant danger in a possibility of blockchain reorganization in accordance with a particular idea and if 3 or 4 stronger mining pools decide to cooperate in such an endeavor, such a feat is feasible, especially in an environment, where there are no more than ten strong pools, with the majority of them being Chinese. Therefore, the aforementioned risk is relatively high.
The core of this threat lies in the fact that the right to create a new block effectively has but a few censorship-capable mining pools and the foundation of gaining such a right lies in the hash-rate power competition, which got gradually centralized around the pools. Also, this position was further fortified by delegating hash-rates from smaller miners towards the pools. We can draw a comparison with a scenario of a country facing general elections with no good party to vote, leaving the citizens to opt for a choice of a lesser evil. To make matters worse, unlike in politics, the vote is entirely undemocratic as the pools own their mining halls and no one truly knows what share of hash-rate truly belongs to the pools and how much of it is delegated.
Shouldn’t the core team have already intervened and attempted to reach a viable solution related to the pools? Unfortunately, we see no such efforts; the initiative to tackle this problem only comes from individuals (Stratum 2, BetterHash). In theory, though, the core team would have had a much better position to solve the problem as they are far closer to the protocol. Such a solution would, however, call for fundamental changes. Also, there is a question of whether the number of pools will increase or decrease in future, an answer to a question, which, as of now, is hard to predict
Can Cardano PoS be better in terms of decentralization?
As far as the Cardano PoS consensus algorithm, Ouroboros, is concerned, the capability to safeguard decentralization is far larger. This is possible thanks to the specific setting of the whole economic model that favors the existence of a large number of pools which will be balanced in terms of influence, in other words, a chance to produce a new block. Furthermore, there will be an entirely randomized pool selection with the right to produce a new block. The key to a large degree of decentralization and restrictions of a possibility of censorship provides a guarantee of the emergence of a vast number of entities with the right to create a block. In the case of Cardano, it is the pools who will be delegated coins and thus supported by the users. The economic model will be set in a way so that the largest pools, when they reach a certain degree of saturation, will be given the lesser reward for producing a block, despite their best efforts to do otherwise. Consequently, whilst pools will be mining blocks most frequently, users will be motivated to delegate their coins to smaller pools, where the reward will be larger with a lower number of produced blocks within a given period.
This mathematical recounting will be incorporated within the protocol itself. Accordingly, it is presumed that the users, aiming to maximize their profits will delegate their coins in a way that will offer the largest economic benefit. Here, wallets seem to be a useful instrument.
The Protocol is built upon mathematical models, game theory as well as predicted market behavior development, which, in theory, prevents the emergence of large, dominant pools. However, as we have already unexpected development in the case of PoW, making accurate predictions is rather elusive. That said, the only effective solution is a swift reaction on a particular problem, ideally, though decentralized development, as thanks to randomized pool choice, a hypothetical deceiver would have largely limited opportunities as there is no guarantee of successful mining of more block in a row, making it impossible to reorganize blockchain.
Here, coin distribution is essential. A deceiver could own more pools and if he had a large number of coins at his disposal, his prospects to commit a successful fraud would be equally large. Owing to randomized choice elements though, the degree of uncertainty in terms of committing a successful attack would be relatively high and accordingly, if people became aware of such fraudulent behavior, they would be able to delegate their coins elsewhere and so, hinder an influence of the deceiver.
The benefit of PoS could also be seen in the fact, that the consensus algorithm can be adjusted, had it not worked as planned. With PoW, on the other hand, it is far more complicated to adjust the algorithm because the winner is determined by the sheer power of hash-rate, with the respective pools competing against each other. An analogy to a sprint run can be made. After the start, the runners dash off, however, only one person can be the first, the winner. And with PoW there is no second or third place, the winner takes everything. To make matters worse, because of network latency, some “runners” can rush out sooner and thus, increase their odds to claim victory.
The inception of a new block in Ouroboros Genesis
In Cardano, time is divided into specific logical integers called ‘epochs.’ Each epoch is split into 21 600 time slots with each slot lasting approximately 20 seconds, therefore, each ‘epoch’ lasts approximately 5 days. In each time slot, a node called ‘slot leader’ can create a new block. Before the beginning of any epoch, all slot leaders are drawn randomly in a way that no one can foresee when they will get the right to mine the particular block. Rewards are paid off after the end of each epoch, not after every mined block, as is the case with PoW. If a particular node wants to partake on consensus, it has to connect to the network and synchronize the ledger. Afterward, the node is registered to the Global Clock function, which is utilized by the protocol for timing. Global Clock function provides the node with the information saying in which epoch and slot the ledger is.
At the beginning of each epoch, a snapshot of blockchain is made to find out, how are the coins distributed to stake. The snapshot reflects the state of distributed staked coins in the last block 2 epochs ago. Here, the Follow-the-Satoshi mechanism is applied, in which each staked Lovelace (a term for 0,000001 ADA) is something like a winning ticket that could win the right to create a block. The more tickets the user has in the game, the higher the odds of winning. The snapshot here is an input to generate an element of coincidence.
The node gets registered to the Global Random Oracle function which generates, in each slot a random number “V”. Oracle generates an element of coincidence based on the blockchain history and unique node identification. As we will see further on, “V” numbers will be added to the block by the chosen slot leader. Now, try to imagine that we are at the beginning of a new epoch in the first slot. Each node searches at the beginning of a new slot, whether it is the leader or not, with the answer being provided through the Verifiable Random Function, which is based on modern cryptography. Here, a query towards Random Oracle is raised, with the response of the “V” number. To get the response, however, several inputs are needed — Actual slot index, timestamp, the key of a given node, coin distribution 2 epochs ago, once for a given epoch and random seed.
Random Oracle will take random “V” numbers that are included in the first 2 thirds of slots from the previous epoch, hashes them and accordingly, a random seed is created. The last third of the blocks are not taken into account as these blocks do not have the necessary number of verifications and are still subject to change. Based on the query from the node, Random Oracle provided the random “V” number.
Thanks to VRF a lottery, which will provide the node with the final answer to the question whether it is the slot leader or not, can be conducted. If the “V” number has a lower value than a certain threshold value, it becomes the slot leader. They are two important outputs stemming from VRF. Apart from the “V” number, a proof “P” is generated, which is then put by the slot leader into the suggested block. By combining “P” with “V” number, other nodes can verify, if the given node truly had the right to create a block in the given slot. A deceptive node, therefore, cannot randomly suggest a block as it does not have a chance to generate the right combination of “V” and “P”, making it easy for other nodes to expose a deceptive one.
From then on, everything is simple for the winning node. The slot leader takes transactions that are put into a block and it adds “V” and “P” variables. Afterward, the node generates a new private key to sign for the next block, for which it will accountable (Key Evolving Signature). While the public key remains the same, the private key to sign the next block is changed and the old private key is deleted. Thanks to this measure, it is impossible to counterfeit the key, effectively making it impossible to rewrite the history as every block is signed by a unique private key, with only the node responsible for the added block knowing the private key used for the signature. Mathematically, it can be proved that even if the node made the key public or if it was stolen, other nodes would follow, so if there are enough honest nodes in the network, the attackers cannot utilize the knowledge of the key for their advantage.
Slot leader inserts a random “v” number into the suggested block so that when the block is verified, the number will be part of the process of creating new seed in the next epoch, influencing the choice of slot leaders. The protocol uses itself for the sake of decentralization of generating coincidence and therefore, external resources are not needed.
A distributed protocol is not entirely revolving around the concept of decentralization, there are also other important factors such as security and scalability to be accounted for. Ouroboros PoS is better in terms of scalability as the new block is created within seconds, while it takes 10 minutes with PoW. Historically, PoW is more successful in terms of security, however, this does not mean that we will not conclude within 10 years, that Ouroboros is equally safe, if not safer. And when one ponders deeper, the degree of decentralization is vital in terms of security as how much it truly matters that it is difficult with PoW to create a block, if such creation can be centralized to a larger degree. Consequently, if PoS manages to retain its high degree of decentralization, simultaneously, it will increase its security. What PoS has to tackle is to avoid the risk of deceptive blocks as it is relatively cheap and fast to create new blocks. Here, everything boils down to the capability of the Cardano team to effectively implement everything based on research and theory and if successful, blockchain trilemma will be sorted out.
Again, an emphasis on the role of the team and the community to keep the protocol up-to-date has to be made. The team has to be able to react on all possible changes flexibly so that the protocol would retain its long term quality. Sadly, this has been a long term issue and failure with Bitcoin where such attempts have never come to fruition, or, have not even been seriously made and we can only hope that eventually, there will be a change for the better. Cardano, conversely, seriously tries to build decentralized project management and thus far, the team has proven itself to be highly capable, delivering on the promises, therefore we trust their ability to effectively react on all possible changes and threats.
Another difference that increases our trust is the mechanism of reward distribution by participating in consensus and security. While with PoW, it is the pool operators who distribute rewards to smaller miners and these have no choice but to put their faith in the pool, Cardano reward mechanism is directly built within the protocol, ensuring that there is no risk for the users to lose their coins as everything is secured by the protocol itself.
Lastly, from the geographical perspective, PoW mining is largely dependent on inexpensive energy, therefore these undergoing are centralized into countries with cheaper electricity. This makes for another argument for a large possible degree of decentralization with PoS, as maintaining an operational computer as far less expensive than the repetitive purchase of the state-of-the-art ASIC miner each year.
In conclusion, when we compare PoW and PoS, we could see that the concept of PoW is relatively simple, whilst PoS is quite complicated. Complex systems will always be more prone to mistakes as it is far more complicated for the team to have everything fully under control. Nonetheless, we sincerely believe that the IOHK team is fully competent to tackle such a challenge as well as we acknowledge that they rather take their time than rush the project. If the PoS Ouroboros project comes to fruition, it will be a massive leap forward in terms of decentralized technologies and would pose a strong challenge for Bitcoin.