INOM
EXAMENSARBETE TEKNIK, GRUNDNIVÅ, 15 HP
STOCKHOLM SVERIGE 2020,
Energy Consumption and Security in Blockchain
ELEONORA BORZI
DJIAR SALIM
Abstract
Blockchain is a Distributed Ledger Technology that was popularized after the release of Bitcoin in 2009 as it was the first popular blockchain application. It is a technology for maintaining a digital and public ledger that is decentralized, which means that no single authority controls nor owns the public ledger. The ledger is formed by a chain of data structures, called blocks, that contain information. This ledger is shared publicly in a computer network where each node is called a peer. The problem that arises is how to make sure that every peer has the same ledger. This is solved with consensus mechanisms which are a set of rules that every peer must follow. Consensus mechanisms secure the ledger by ensuring that the majority of peers can reach agreement on the same ledger and that the malicious minority of peers cannot influence the majority agreement. There are many different consensus mechanisms. A problem with consensus mechanisms is that they have to make a trade-off between low energy consumption and high security. The purpose of this report is to explore and investigate the relationship between energy consumption and security in consensus mechanisms. The goal is to perform a comparative study of consensus mechanisms from an energy consumption and security perspective. The
consensus mechanisms that are compared are Proof of Work, Proof of Stake and Delegated Proof of Stake. The methodology used is literature study and comparative study by using existing work and data from applications based on those consensus mechanisms. The results conclude that Proof of Work balances the trade-off by having high
energy-consumption and high security, meanwhile Proof of Stake and Delegated Proof of Stake balance it by having low energy consumption but lower security level. In the analysis, a new factor arose, decentralization. The new insight in consensus mechanisms is that decentralization and security is threatened by an inevitable centralization where the ledger is controlled by few peers.
Keywords
Blockchain, consensus mechanism, sustainability, security, decentralization, Proof of Work
Sammanfattning
Blockchain är en så kallad distribuerad huvudbok teknologi som fick ett stort genombrott med den populära blockchain applikationen Bitcoin i 2009. Teknologin möjliggör
upprätthållandet av en digital och offentlig huvudbok som är decentraliserad, vilket betyder att ingen ensam person eller organisation äger och kontrollerar den offentliga huvudboken. Huvudboken i blockchain är uppbyggt som en kedja av block, dessa block är datastrukturer som innehåller information. Huvudboken distribueras i ett nätverk av datorer som kallas för noder, dessa noder ägs av en eller flera personer. Problemet är att alla noderna i nätverket måste ha identiska huvudbok. Detta problem löses med en uppsättning av regler som noderna måste följa, denna uppsättning kallas för konsensus mekanism. Konsensus mekanismer säkrar huvudboken genom att möjliggöra en
överenskommelse bland majoriteten av noderna om huvudbokens innehåll, och ser till att oärliga noder inte kan påverka majoritetens överenskommelse. Det finns flera olika konsensus mekanismer. Ett problem med konsensus mekanismer är att de är tvungna att göra en avvägning mellan låg energianvändning och hög säkerhet. Syftet med denna rapport är att undersöka och utreda relationen mellan energianvändning och säkerhet i konsensus mekanismer. Målet är att utföra en komparativ analys av konsensus
mekanismer utifrån energianvändning och säkerhet. Konsensus mekanismerna som jämförs är Proof of Work, Proof of Stake och Delegated Proof of Stake. Metodologin som används är litteraturstudier och komparativ analys med hjälp av existerande metoder och data från applikationer som använder konsensus mekanismerna. Resultatet visar att Proof of Work väljer hög säkerhet på bekostnad av hög energianvändning, medan Proof of Stake och Delegated Proof of Stake väljer låg energianvändning men på bekostnad av lägre säkerhet. Analysen ger en ny inblick som visar att centralisering är en oundviklig faktor som hotar säkerheten.
Nyckelord
Blockkedja, konsensus mekanism, hållbarhet, säkerhet, decentralisering, Proof of Work
Table of contents
1 Introduction 6
1.1
Background 61.2 Problem 7
1.3 Purpose 8
1.4 Goals 8
1.5 Research Methodology 8
1.6 Delimitations 9
1.7 Ethics and Sustainability 9
1.8 Structure of the Thesis 10
2 Background 11
2.1
Blockchain 112.2 Consensus in Blockchain 15
2.3 Proof of Work 16
2.4 Proof of Stake 21
2.5 Delegated Proof of Stake 23
2.6 Related Work 25
2.7 Summary of the Consensus Mechanisms 27
3
Methodology 28
3.1 Research Process 28
4 Analysis of Different Consensus Mechanism 30
4.1 Proof of Work 30
4.1.1 Energy Consumption Analysis 30
4.1.2 Security Analysis 31
4.2 Proof of Stake 33
4.2.1 Energy Consumption Analysis 33
4.2.2 Security Analysis 35
4.3 Delegated Proof of Stake 37
4.3.1 Energy Consumption Analysis 37
4.3.2 Security Analysis 38
5
Results and Discussion 40
5.1
Summary Table 405.2 Discussion and Comparison 41
6 Conclusions and Future Work 44
6.1 Conclusions 44
6.2 Limitations 45
6.3 Future Work 45
1 Introduction
Blockchain is a technology for maintaining a digital and public ledger that is decentralized, which means that no single authority controls nor owns the public ledger [1]. It is a chain of data structures that are called blocks and each block contains information. For instance, in cryptocurrencies with virtual coins, the information kept in blocks are transactions and the chain of blocks is the total transaction history (ledger). A transaction can be defined as a trade between two users. The chain is created and maintained by a network of
interconnected users as nodes and each node is a computer that is run by an individual or an organization. These nodes are also called peers and they can send or receive
transactions. This network structure enables each peer to broadcast new transactions to other peers so that the transaction is added to everyone’s copy of the ledger.
Before adding the broadcasted transactions to the ledger, the transactions are first added into blocks that are then broadcasted [1]. When a block is added, it cannot be removed or altered. The block creation is decentralized and public, all peers have the right to create new blocks. The consequence of a public block production is that peers are constantly racing against each other to create the next block, this results in conflicting blocks that claim to be the next block in the chain [1]. These conflicting blocks might contain the same transactions and only one of them can be added to the ledger. Peers have to achieve a majority agreement on which block is the next one so that their copies of the ledger are identical. Each blockchain application has a set of rules that, if followed, will ensure a majority agreement. This set of rules is called the consensus mechanism and there are many different ones and different concepts of achieving agreement [1].
1.1 Background
The irreversible property of blockchain ensures that the current data in the ledger will never be removed or altered. This requires that all peers agree on the new information by having a set of rules that decides if the new data is valid or to be discarded. This set of rules is called the consensus mechanism [2]. Consensus mechanisms are used to make all the peers agree on the same ledger but also to avoid anyone to take control over the ledger. The
three most popular consensus mechanisms used in cryptocurrencies are Proof of Work, Proof of Stake and Delegated Proof of Stake.
Proof of Work (PoW) [3] is a consensus mechanism used in Bitcoin and other blockchain applications. In Proof of Work, peers must first solve a cryptographic puzzle that requires computational power before creating a block. The probability of solving the puzzle is higher if a peer has more computational power. The peer who first solves the cryptographic puzzle will add the block to the chain, this leads peers to compete against each other. In PoW, peers agree on the longest chain since it has the most computational power put into it. The only way to create fraudulent blocks is to achieve 51% of the total computational power in the network [2]. In Proof of Stake (PoS) [4], a virtual resource, called coin age, is used to create blocks. The coin age is the amount of coins that a peer owns multiplied with the number of days the coins have been unspent. As in PoW, all the peers agree on the longest chain because it has the most coin age spent on. However, the use of a resource with less energy consumption has led to security flaws called:
Nothing-at-stake [5] and Long-range attack [6]. Delegated Proof of Stake (DPoS) [7] is a consensus mechanism where peers elect block producers who have the task of creating blocks. The block producers take turns to create blocks without competing against each other. However, having block producers in charge of block production can lead to a centralized system.
1.2 Problem
The most popular consensus mechanism, PoW, requires high energy resources to secure the chain. PoW makes sure that no one can take over the chain without achieving 51% of the total computational power in the network. Other consensus mechanisms avoid high energy consumption by trying to secure the chain without using computational power. The outcome is that energy consumption decreased, but security flaws arose.
There is a clear trade-off between energy consumption and security in consensus mechanisms. This means that if a consensus mechanism achieves lower energy
consumption, its security level will not be high and vice versa. This trade-off is due to the type of work that peers need to do in order to agree on the same ledger. Several consensus
mechanisms have been created and for each of them, the balance between energy
consumption and security is different. This trade-off has resulted in several problems when trying to achieve a balance that meets the requirement of the application.
This problem leads to the question “What are the dynamics of the balance between security and energy consumption in consensus mechanisms?”. In other words, how energy consumption and security influence each other in the trade-off.
1.3 Purpose
The purpose of this report is to explore and investigate the relationship between energy consumption and security in consensus mechanisms, with the focus of achieving a clearer picture of how this trade-off affects consensus mechanisms. The exploration can highlight the key components in this trade-off that can be further explored in future investigations.
1.4 Goals
The goal is to perform a comparative study on consensus mechanisms from an energy consumption and security perspective. The comparative study helps to achieve new
insights in the trade-off and other factors that are related to the trade-off. Moreover, it can show how different consensus mechanisms have balanced this relation.
1.5 Research Methodology
The research methodology is of qualitative type because the information found for each consensus mechanism differs in type and amount. The methods used are literature study and comparative study and it can be divided in four phases:
1. Literature study about blockchain and its problems.
2. Selection of consensus mechanisms that are then analysed. The consensus
mechanisms are chosen based on their popularity and how much information can be found.
3. Analysis of energy consumption and security in each consensus mechanism.
Analysis of energy consumption is based on:
● Previous studies and experiments
● The energy consumption in applications using the consensus mechanism
● Inductive analysis when no study, research or application is found for a given consensus mechanism
Analysis of security level is based on:
● Investigate theoretical security attacks
● Investigate performed security attacks
4. Comparison of the results from the analyses in phase 3. The comparison focuses on the balance between energy consumption and security in each consensus
mechanism.
1.6 Delimitations
This report has some delimitations. One of them is that the report does not aim to suggest a new consensus mechanism with low energy consumption and high security. It only investigates already existing consensus mechanisms. Another delimitation is that the report focuses on security but not on privacy because it is out of the scope. Privacy is related to how personal information is handled and available, while security in blockchain includes the process of securing the public ledger from being tampered.
1.7 Ethics and Sustainability
There are some ethical aspects that need to be taken in consideration when studying and comparing different consensus mechanisms. The conclusion drawn from a comparison has to take into account the variety and quality of information for each consensus mechanism.
In this case, the type and the amount of information found for each consensus mechanism is not the same. For example, one consensus mechanism can have been studied for several years making it easier to find information about the energy consumption. On the other hand, trying to find information about a consensus mechanism that has not been studied
as much is not as easy. The report can mislead the reader into conclusions that are incorrect or based on incomplete observations if this is not taken into consideration.
Another ethical aspect concerns the use of assumptions in the analyses of energy consumption and security. In this report, assumptions are used due to lack of information.
Information such as the scale of a network and what devices are used. The issue with these kinds of assumptions is that they can induce conclusions that misrepresent reality. This paper tries to reduce the risk of misrepresentations by using assumptive reasoning carefully and critically while explaining the reasoning behind each assumption.
The potential sustainability impact of this report is that the understanding of the trade-off between energy consumption and security is increased. This can in turn help future efforts to shift or eliminate the trade-off and decrease the environmental impact. An example of how this trade-off affects environmental sustainability is the cryptocurrency Bitcoin. It is estimated to cause 34 Mt CO2 emissions each year and 71 TWh energy consumption annually [15]. The total yearly carbon emission is similar to emissions from the country Denmark and the yearly energy usage is similar to Austria’s. Bitcoin uses a consensus mechanism that has a high energy consumption and a high security level. If the trade-off can be mitigated, then it could be beneficial to the environment.
1.8 Structure of the Thesis
Chapter 2 provides an introduction to blockchain and consensus mechanisms.
Furthermore, PoW, PoS and DPoS are explained and two related works are introduced.
The methodology is described in chapter 3 and the analyses for each consensus mechanism is found in chapter 4. The results are summarized in a table in chapter 5 and a comparison of results is found in the same chapter. Lastly, chapter 6 summarizes the report and includes the derived conclusions but it also introduces future work.
2 Background
This chapter gives an overview of blockchain, the concept of consensus mechanism and the chosen consensus mechanisms. Related works are presented at the end of the chapter to provide an overview of existing methods and approaches of evaluating consensus
mechanisms.
2.1 Blockchain
Blockchain is a Distributed Ledger Technology (DLT) that increased in popularity after the launch of the digital currency Bitcoin in 2009 [8]. To understand this technology it is more practical to use cryptocurrencies as examples, in this case Bitcoin. The total transaction history of Bitcoin is kept in a ledger. In simpler terms, the Bitcoin ledger consists of
announcements such as “I am Bob and I gave Sara X bitcoins”. In a group of five friends, it would be easy to maintain such a ledger without any sophisticated blockchain technology.
All the friends would together own the ledger and be able to add new transactions. Most importantly, the friends would believe that all the transactions are true since they are friends and trust each other. The problem that blockchain technology solves is when, instead of a group of five friends, millions of strangers want to share the same ledger. Trust is no longer reliable for securing the ledger from dishonest transactions. One simple
solution is to allow a trusted public organization to control the ledger and transactions, but that is the same as a bank system. The founder of the underlying blockchain technology of Bitcoin argued how the technology could enable a public decentralized digital currency [3].
Decentralization is the opposite of a bank or another single authority controlling the ledger, all the control belongs to the people that are participating in the ledger. To fully understand the basic structure of blockchain, it is best to continue with the example of digital currency.
All communication between the ‘strangers’ in blockchain is peer-to-peer (P2P). In contrast to the classic client-server model of communication where there is a client that requests data from a server, P2P communication is directly between the computers [9].
The owner of a computer can be an individual or an organisation. Blockchain is often represented as a P2P network with connected computers (see Figure 1) that are called
peers or nodes. Every peer on the blockchain has a copy of the ledger. These peers are strangers to each other in the sense that they do not know each other’s real identity, but each peer is known to others by their unique public key [8]. A public key is a long unique sequence of numbers that is used to identify a peer and it is important when providing a signature on transactions. In the simple example “I am Bob and I gave Sara X coins”, the peer must provide proof that he truly is Bob in the form of a signature. Each peer has two unique keys that are used when signing a transaction [1], the public key that is public and the private key that only the peer knows. These keys are related in such a way that when a message is encrypted with the private key it can only be decrypted with the public key. This relationship is used to make a digital signature by encrypting a part of the transaction with the private key.
Figure 1. A network of computers that are connected as nodes
Before explaining digital signatures, it is important to introduce hash functions.
Hashing can be defined as taking a sequence of characters of any length and converting it into an output of a fixed length, called a hash [10]. The properties that a hash function must fulfil are the following: it must be deterministic, hashing the same input will always give the same hash; it must be a fast computation; it must be infeasible to find the input of the hash function by analyzing the hash; if the input slightly changes then the output must drastically change; and two different input should never result in the same hash [10].
Peers provide a signature on transactions by encrypting the hash of the
transaction with their private key [1]. Any other peer can determine if a signed transaction
is authentic or not by using the public key to decrypt this signature and calculate the correct hash value of the transaction. If the decrypted result and their own calculated hash value are identical, the signature is authentic. This is a safe method to prove ownership of public keys because it is computationally infeasible to calculate a private key from the public key.
If Bob wants to send coins to Sara, he has to know Sara’s public key. A transaction can only be announced with the receiver's public key, which in this case is Sara’s public key. A simplified version of the transaction is: “I am #BobsPubK and I gave X coins to
#SarasPubK. Signed: #BobsSignature”. PubK is the public key and Signature is the hash value encrypted with the private key. This is then broadcasted by Bob to as many other peers as possible. Other peers might broadcast their transactions at the same time, so it is possible that there are multiple broadcasted transactions occurring in the network
simultaneously [3]. The broadcasted transactions are not yet a part of the ledger itself. A peer must collect these transactions into a new block and then broadcast the block, only then the block with transactions can be added to the ledger [1].
Blocks contain the collected transactions and also a header [1] that describes the block. The header in the new block will specify, among other things, what block in the ledger is the previous block. This is why the ledger is a chain of blocks, as shown in Figure 2, hence the name blockchain.
Figure 2. Blocks with a header and transactions, linked to each other and form a blockchain. The utmost right block is the top of the chain
The chain structure ensures immutability, which is the second key property of blockchain after decentralization [1]. The content of an immutable ledger cannot be changed, the only possible change is adding new blocks with new information. This is
partly true in blockchain because conflicting blocks can emerge. Two blocks are in conflict with each other when they both point to the same block as the previous one, which results in a fork as illustrated in Figure 3. This is possible because two peers can collect different transactions and broadcast them as the next block [3]. The question is, what should a peer do when they receive two conflicting blocks? Keeping both blocks is not a reasonable solution since that would result in two different ledgers. If the peer decides to keep one block and discard the other, they have to be sure that all other peers made the same decision. Furthermore, how should a peer reason when discarding a block? These issues are a few examples of problems that are solved by using a consensus mechanism.
Figure 3. The chain has forked in two chains and there are two versions of the ledger. One of the chains must continue and one has to be discarded
A consensus mechanism is a set of rules that the peers are expected to follow. When not followed, the peers cannot participate in the ledger [1]. Consensus mechanisms decide how blocks are created and added to the chain. All peers in the network can be sure that their copy of the ledger is identical to others’ by following the rules. Consensus
mechanisms ensure consensus among peers on what the ledger currently contains [[11].
There are many different consensus mechanisms that have different rules and approaches, but the ultimate goal of consensus mechanisms is for all peers to agree on a single chain of blocks that form the ledger. The concept of consensus mechanisms is further introduced in chapter 2.2.
2.2 Consensus in Blockchain
In computer science there is a popular problem called the Byzantine Generals’ problem [12]. The backstory is that several generals, each with their own division of soldiers, are planning to attack a city. The premise is as follows: the attack is successful only if the majority of generals reach agreement on the same strategy. All communication between the generals is done by messengers. The problem is that some of the generals are traitors that will spread misinformation. This misinformation, if spread to many generals, can prevent agreement on the same strategy and cause total failure. The generals must follow certain rules that will ensure agreement and adversary tolerance. The adversary tolerance enables loyal generals to receive misinformation from traitors and discard it. This is the fundamental problem that consensus mechanisms solve in blockchain. The peers are the generals and the strategy of attack is the ledger, all peers want to agree on the same ledger.
Dishonest peers, the traitors, will never be able to influence the ledger because they are outnumbered by honest peers. The rule of thumb is that the ledger is always decided by what the majority agrees on, the consensus determines the official ledger.
As mentioned in the previous chapter, trust is not considered a reliable source for securing the ledger. Furthermore, centralized control of a public ledger is not what
blockchain aims for. Both trust and centralized control is avoided by using a consensus mechanism, in particular using incentives [1]. Creating incentive for maintenance is an important part of the consensus mechanism. The incentive involves more peers to
maintain the network and it helps to spread consensus [13]. One example of an incentive is transaction fees [11] in digital currencies. Whenever a transaction is broadcasted by a peer it must contain a transaction fee, this fee is given as a reward to whomever includes the transaction in a block. The peers that collect transactions into blocks are rewarded with all the transaction fees. In case of a fork in the blockchain, the peer that is creating the next block has to carefully choose which chain to continue on. If the block is added to the wrong chain which will be discarded later on, then the rewards will be lost since the transactions never happened according to the ledger. The longest chain is the one that every peer agrees on but it can happen that a new chain becomes the longest and discards the former longest chain. Transaction fees also incentivises peers to verify previous blocks on the chain, peers can continue on a fork if the previous blocks are not valid. Peers verify blocks by
controlling that each transaction in the block is correctly signed and that the transaction sender has sufficient balance. Peers’ balance can be calculated by exploring the ledger.
These incentives are great for securing consensus and the ledger, as long as dishonest actions are less beneficial than the incentive itself. Blockchain technology is mostly used in the financial domain, in particular digital currency which is also known as cryptocurrencies. Cryptocurrencies are prone to attacks since successful attacks are often more profitable than consensus rewards. These attacks can be summarized as dishonest changes in the ledger where the attackers steal money. Several blockchain applications have experienced malicious attacks in the past years, in 2018 $1.7 billion were stolen in cryptocurrencies [14]. Consensus mechanisms must provide an infrastructure where all peers can verify blocks and distribute consensus, thereby maintenance, among many peers.
By doing so, the dishonest changes are less probable to be accepted by the consensus.
Besides the security concerns in blockchain, there is a concern of the
environmental impact of some blockchain applications. Bitcoin is estimated to contribute 34 Mt CO2 emissions, 71 TWh energy consumption and 9 kt electronic waste each year [15]. The total yearly carbon emission is similar to emissions from Denmark, the yearly energy usage is similar to Austria’s and the amount of electronic waste is similar to
Luxemburg’s [15]. There are other blockchain applications that share the same issues [16].
These applications have high energy consumption which is a side effect of the consensus mechanism they are using, which is called Proof of Work and the next chapter is dedicated to it.
2.3 Proof of Work
Proof of Work (PoW) was introduced by Cynthia Dwork and Moni Naor [17] to combat Junk Mail but then it was developed by Satoshi Nakamoto [3] to be used in a Peer-to-Peer Electronic Money System, which is now called Bitcoin. The method that PoW introduces is to make every peer agree on the chain with most computational work put into it [3].
As mentioned in chapter 2.1, when transactions are broadcasted, they are put into a block by block creators. The blocks are then broadcasted to the network. In PoW [3], the
block creators must solve a cryptographic puzzle in order to create and broadcast the block.
Solving this cryptographic puzzle is called mining and the block creators are called miners.
Before explaining the cryptographic puzzle, it is important to understand what type of information a block in PoW contains. Some information that a block contains are the following:
● the previous block hash, which is the hash of the previous block’s header and this connects the blocks;
● the difficulty target, which sets the level of difficulty of the cryptographic puzzle and;
● the nonce, the variable in the cryptographic puzzle.
The miners’ task is to find a hash of the header that is smaller than the difficulty target, this task is the cryptographic puzzle. As shown in Figure 4, if the miner is successful then the block is added to the chain. If the miner is unsuccessful, the nonce is increased by one and a new hash is calculated.
Figure 4. A flowchart of steps taken when mining a block in PoW
In Bitcoin, the specific algorithm used for hashing is called SHA-256 [3], but any other secure hashing algorithm can be used. The block is successfully mined when the hash is smaller than the difficulty target, which means that the hash in binary must start with the required amount of zero bits set in the difficulty target [18]. If the difficulty target is set to require 20 zero bits, the hash must start with 20 zero bits. Nakomoto explains this choice by stating that “The average work required is exponential in the number of zero bits required” [3] which means that if the number of zero bits increases the average work required increases, and if the number of zero bits decreases the average work also decreases. The nonce is the only variable that is changing in every hash attempt, which means that the cryptographic puzzle is about finding the nonce that gives you the right solution [3]. The cryptographic puzzle can be seen as a guessing game where the miners are guessing the right nonce.
As soon as the miner finds the nonce, the miner broadcasts the block to the other peers so that the ledger is updated. The first miner that finds the nonce will receive a reward when the other peers accept the new block, but what should peers do in the event of a fork? The answer in PoW is that the chain with the most computational work put into should be trusted, which is always the longest chain [18]. The peers will keep track of every branch created just in case one of the chains will become longer later on, but they will always accept the longest one. Accepting a block means that the nodes will create the next block using the accepted block as the previous block. Nakamoto [3] summarizes how the network works in 6 steps:
1) New transactions are broadcast to all nodes 2) Each node collects new transactions into a block
3) Each node works on finding a difficult proof-of-work for its block 4) When a node finds a proof-of-work, it broadcasts the block to all nodes
5) Nodes accept the block only if all transactions in it are valid and not already spent 6) Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.
The difficulty target plays an important role in PoW as it sets the problem’s
difficulty level. In Bitcoin, this is set up so that every 10 minutes a block is created and the difficulty target is adjusted by using the timestamp of the previous blocks [13]. The
timestamp of a block is the date it was proposed and it can be found in the block header.
The difficulty target changes depending on how fast the previous blocks are created, if it took more than 10 minutes to create the block, the difficulty decreases, if it took less than 10 minutes then the difficulty increases. This means that even if more peers join the network, and even if they use the latest and fastest hardware, the block creation time will still be 10 minutes [2]. The difficulty target can always be calculated by exploring recent blocks in the ledger, which means that peers can verify that other peers have used the right difficulty target when mining.
The miners compete against each other to be the first one to solve the problem. The miners that have access to more hardware with higher computational power are more likely to solve the problem faster as their hash rate is higher [13]. The hash rate is the
number of hashes performed per second, which roughly translates to how many nonces can be guessed per second. Miners can collaborate with each other to increase their profit [13].
This means that they create pools and share their computational power with each other to increase the chance of finding the nonce. The reward is then divided among the miners within the pool depending on how much hash rate they contributed with. The popular hardware used for mining is called Application-Specific Integrated Circuit (ASIC) which has better performance than the Central Processing Unit (CPU) and the Graphics Processing Unit (GPU) [19]. The CPU is the part of the computer that has the role of storing information, performing calculations and instructions [20], while the GPU is responsible for doing tasks that consist of repetitive and highly-parallel computing, such as graphical rendering [21]. These ASICs can be defined as computers that are designed to be efficient in mining since their hash rate is high [5].
The cryptographic puzzle ensures security in the chain. In order to understand how it secures, it is easier to use a double spending attack [2] as an example. A double spending attack is when, for instance, a peer called Bad Bob sends Sara X bitcoins for Y dollars, Sara sees the bitcoin transaction on the ledger so she sends the dollars to Bad Bob through her bank. Bad Bob wants to undo his transaction and creates a new block that creates a fork.
The first chain has the X bitcoin to Sara while the new chain does not include the transaction. Bad Bob needs to make his new chain the longest of them all to succeed because the longest chain is the one all peers agree upon. If Bad Bob succeeds, the X bitcoin transaction will not be a part of the ledger and he will keep the Y dollars from Sara and his bitcoins. To do so, he must have 51% of the computational power of the whole network. This can be achieved if the number of miners in the network is low, but as soon as more miners join the network, the amount of computational power that Bad Bob needs will increase to a level that is infeasible to achieve for a single peer. As stated before, as more miners join the network the difficulty of the cryptographic puzzle increases. The energy required to perform the calculations increases as well, which results in high energy consumption. The cryptographic puzzle is beneficial for ensuring security but demands high energy consumption to do so.
2.4 Proof of Stake
In 2012, Sunny King and Scott Nadal proposed a new consensus mechanism called Proof of Stake (PoS) [4] and they argued that it would replace PoW. Motivated by the issue of high energy usage in PoW, the proposed mechanism is driven without the cryptographic puzzle that is fundamental in PoW. PoS replaces computational power with virtual resources.
Instead of proving that expensive calculations have been made when creating a new block, peers consume a virtual resource. This virtual resource is called coin age and its purpose is to simulate computational power.
A peer’s coin age is equal to their balance multiplied by the number of days the balance has been unspent. If a peer has a balance of 10 coins and they have been unspent for 30 days, then the peer’s coin age is 300. Peers can gain the right to produce the next block by destroying their coin age. The coin age is destroyed whenever the peer does a transaction, but this does not mean that the peer has to transfer coins to another peer when creating a new block. If peers want to produce the next block they can collect broadcasted transactions into a new block, similar to PoW. The difference in PoS is that peers have to include a special transaction that destroys their coin age. The exact details of this transaction are not identical in all PoS applications, but in general it is a ‘dummy’
transaction where the peers transfer coins to themselves and thereby destroy their coin age.
Collecting transactions and creating blocks in PoS is called minting [4], and peers that are minting are called minters. Before minting a new block, minters have to
accumulate enough coin age. PoS favours minting by the most invested peers, both in time and capital. The intuitive reasoning behind this is that the most invested peers have the strongest incentive to secure the blockchain [1].
Similar to PoW, minting a block is a probability game, but in PoS the more coins a peer owns, the higher the probability is to mint a block. A block is minted when the peer’s coin age satisfies the following [22]:
(1) roofhash oinage arget
p < c × t
The target value is similar to the difficulty target in PoW, it adjusts the difficulty level of minting the block based on previous blocks [23]. Proofhash can be described as the hash of
the block header, very similar to PoW header hash, but the only part of the header that changes the proofhash is the block timestamp. Recall that blocks in PoW are mined by incrementing the nonce until the header hash is less than the difficulty target. There is no nonce in a PoS block, the only valid method of changing the proofhash is to wait and try a new timestamp.
Timestamps, in some PoS applications, count time in intervals such as 16 seconds [22]. Minters are restricted to try one hash per time interval, so the hash rate does not matter in PoS. The computational power competition, which is causing high energy usage in PoW, does not exist in PoS. Figure 5 illustrates the steps taken when minting a block.
The proofhash is only changed with a different timestamp.
The only factor that increases minters' probability of minting the next block is their coin age. The probability of minting is linearly proportional to the coin age [4]. A minter with 200 coin age is roughly twice as likely as a minter with 100 coin age to mint the next block. However, it is still possible that the next block is minted by a minter with less coin age. This is because proofhash is unpredictable and unique for each block, even if they have the same timestamp and previous block.
When a minter has minted a new block, it is broadcasted [22] to other peers as the next block. Other peers verify the block by controlling the transactions and calculating if the minter’s coin age is sufficient using the equation (1). The coin age is calculated by finding the last time the minter made a transaction in the ledger, then multiplying it by the minter’s amount of coins. Then the target is calculated by analysing previous blocks and lastly the proofhash is calculated for the block. The relationship between these three values can be tested according to the mentioned equation (1). If the transactions are valid and the coin age is sufficient, then the block is accepted. Forks are possible and they are solved by similar reasoning as in PoW [22]. The longest chain is the one that the peers agree on. This is because the sum of the coin age, that the peers have consumed when creating the blocks on the chain, is the greatest. Given that a minter has minted an accepted block, PoS rewards the minter with the transaction fees and new coins as an effort to incentivize maintenance [4]. Receiving new coins from minting is the only way the total supply of coins increases.
Figure 5. Flowchart that illustrates the steps of minting a block in PoS
2.5 Delegated Proof of Stake
Delegated Proof of Stake (DPoS) is a consensus mechanism that was introduced by Dan Larimer [7]. DPoS can be explained with an example of the Byzantine Generals’ problem [12] which was introduced in chapter 2.2. The problem is about a group of generals that wants to attack a city and have to agree on the same strategy by communicating through messages. In this example, the generals have agreed beforehand that it is more time
effective to elect a general they trust as the leader. The leader will have more authority, thereby decisions can be made faster. The problematic consequence is that the strategy would rely on the leader. Generals can after the election discover that the leader is corrupted and a traitor, or due to circumstances, become unable to perform his duty. In any case, the generals must quickly elect a new leader. They need to have a voting process that can be done anytime. Peers in a DPoS blockchain vote on who should have the right to produce blocks.
The DPoS consensus mechanism [7] is divided into two parts , the first one is the voting process and the second one is block production. Both processes are
continuous and never terminate as long as new transactions are broadcasted in the
network. In the voting process, each peer can vote on peers they think should produce new blocks. The number of votes that each peer has is equal to the amount of coins they own.
Votes are added into blocks together with transactions, which can be regarded as special transactions where votes are transferred.
If a peer has a balance of 1000 coins, the peer creates a vote transaction [24] where 1000 votes are casted and then signs it before broadcasting it to others. The vote’s
authenticity and validity are controlled, similar to how transactions are controlled, and it is eventually added to a block in the ledger. Peers can split their votes between multiple peers they trust and do not have to vote on a single peer. All votes are collected as transactions which makes the voting process continuous and allows peers to change their votes anytime.
Since all the votes are also recorded on the ledger, the winners can be calculated from the ledger. The top X most voted peers are the block producers that have the right to produce blocks. The exact number of block producers that are elected is different in different DPoS applications.
The block producers take turns to produce blocks, each of them has a scheduled time slot when they are allowed to produce blocks [25]. The production schedule is known by all the block producers and other peers. The block producer collects broadcasted transactions and votes into blocks. Instead of having multiple peers creating blocks
simultaneously, only one block producer at a time creates blocks which reduces the energy consumption. DPoS blocks are valid when the header contains a signature from the block producer and a timestamp from the scheduled time slot. Block producers broadcast the new blocks to other block producers and peers in the network. Forks are possible in DPoS
[7] and they are either due to consensus disagreement, which means that a block producer might disagree on the validity of the recently added block; or it is due to a failed block broadcast, the previous block was not received by the next block producer. Forks are resolved by the longest chain rule, the production of new blocks is done on the longest chain.
Peers are incentivized to become block producers [26]. As the producers add new blocks to the ledger and stay elected, they receive new coins as rewards. Block producers are risking these rewards when they misbehave since the peers can effectively vote them out by moving their votes to other peers. The peers can vote out block producers that include invalid transactions, produce blocks out of their scheduled time, produce blocks on both chains of a fork or for any other undesired behaviour. The voting process in DPoS secures the ledger by quickly electing new block producers they trust.
2.6 Related Work
A survey on several consensus mechanisms was carried out by Shihab S. Hazari and Qusay H. Mahmud [27]. They performed a comparative evaluation and the consensus
mechanisms analysed were Proof of Work, Proof of Stake, a combination of PoW and PoS, Byzantine Fault Tolerance and Tangle. The report analyses seven different factors: energy consumption, advanced hardware requirement, centralization, double spending attack, scalability, memory requirement and security. Their results are shown in Table 2. The authors believe that consensus mechanisms can only prioritize decentralization or efficiency. Efficiency refers to energy consumption, security and scalability.
Table 2. Results of comparison between consensus mechanisms from [27]
One of the most cited works is Marc Bevand’s energy consumption assessment of Bitcoin [28]. Bevand calculated the energy consumption of Bitcoin with lower and upper assumptive bounds with respect to mining hardware, mining trends and the changing difficulty of Bitcoin’s cryptographic puzzle. The main focus of Bevand’s calculation was determining the total hash rate in the network, which roughly translates to the total computing power. The second focus was the mining devices that perform different hash rates. The key property of mining devices is joule per hash, which is a measurement of how much energy is spent per hash. With the total hash rate in the network and the estimated joule per hash of all active mining devices, the estimated energy consumption can be obtained with a simple multiplication. The author examined the Bitcoin hash rate from January 2009 to Feb 2017 and divided the timeline into 9 phases depending on when new mining hardware was released. The upper bound is calculated by assuming that all the miners use the least efficient hardware currently available at that time. On the other hand, the lower bound is calculated by assuming that the miners use the most efficient hardware available at that time. The author carried out the calculation on three different dates: 26 February 2017; 28 July 2017 and 11 January 2018. The results show that the average hash rate has drastically increased from 28 July 2017 to 11 January 2018. The author concludes the paper by stating that Bitcoin has various benefits and mining is not wasteful.
2.7 Summary of the Consensus Mechanisms
The important key concepts for each consensus mechanism are summarized in Table 1.
Proof of Work Proof of Stake Delegated Proof of Stake
➢ Creating blocks is called mining
➢ Miners create blocks
➢ Miners with more hash rate are more likely to mine the next block
➢ Mining requires high energy consumption
➢ Miners use mining devices called ASIC
➢ Creating blocks is called minting
➢ Minters create blocks
➢ Minters with more coin age are more likely to mint the next block
➢ No computational power is needed to create blocks
➢ Only the elected block producers create blocks
➢ Block producers are elected by peers through continuous voting
➢ Peers’ voting power depends on how many coins they own
Table 1. Summary of consensus mechanism introduced in chapter 2
3 Methodology
This chapter describes the methodology used for the research and how the comparative study is carried out.
3.1 Research Process
The research methodology is of qualitative type since the information found for each consensus mechanism differs in type and amount. To find and understand the problems within blockchain, a literature study is necessary. The literature study aims to give a fundamental understanding of blockchain, which helps to discover the issues blockchain faces. The quality of information is not equal for each consensus mechanism, so the data collection varies for each consensus mechanism. The research can be divided in four phases. The first phase is collecting information about blockchain in general and the problems within it.
The second phase consists of selecting the consensus mechanisms that are then investigated. The decision is based on how much information can be found about them.
Blockchain is not only used in cryptocurrencies, but also in healthcare and bank systems, but their information and data are not as disclosed as in cryptocurrency. By choosing the consensus mechanisms based on the popularity in cryptocurrency, information is found more easily.
The third phase consists of an analysis of energy consumption and security in each consensus mechanism.The analysis of energy consumption is based on previous studies and experiments. If no type of study or research is found about the consensus mechanism, a more inductive analysis is performed by finding correlations from other consensus mechanisms that are similar. The energy consumption of each consensus mechanism is calculated based on data from cryptocurrencies using the consensus mechanism. Since the type of information found for each consensus mechanism is not the same, it is not possible to use a single method to analyse the energy consumption. However, assumptions are used to perform calculations so that the results can be compared to each other. The consensus
mechanisms' security is analyzed by exploring studies that investigated potential security threats and performed attacks.
The fourth phase involves a comparison of the results from the analyses focusing on the balance between energy consumption and security in each consensus mechanism. This can give new insight into the trade-off and if any other factor influenced the trade-off.
4 Analysis of Different Consensus Mechanism
In this chapter, the consensus mechanisms that were introduced in chapter 2 are analysed from an energy consumption and security perspective.
4.1 Proof of Work
Proof of Work is one of the consensus mechanisms which requires large amounts of energy due to the cryptographic puzzle.
4.1.1 Energy Consumption Analysis
To evaluate the energy consumption of PoW, the best attempt is by using estimations performed on PoW-driven applications. In Marc Bevand’s estimation of energy
consumption in Bitcoin [28], as mentioned in chapter 2.8, the two most interesting key data points are the total hash rate in the network and the efficiency of mining devices.
By using Bevand’s estimation as a guideline, the minimum energy consumption of Bitcoin can be estimated. As of third of May 2020, an average of 128.645 exa-hashes per second was performed by Bitcoin miners in the previous 24 hours [29]. If the hash rate is stable for a year, then it is possible to estimate the minimum annual energy consumption of Bitcoin. The most efficient mining devices consume few joules per hash while
simultaneously having high hash rates. ASIC Miner Value is a web page [30] that lists mining devices by profitability which is also an indication of efficiency. The less joule per hash consumed by a device, the more efficient and profitable it is. The most efficient mining device listed on ASIC Miner Value, that computes Bitcoin hashes (SHA-256), is the Antminer S19 Pro [31]. It requires 3250 watts and does 110 tera-hashes per second.
If all 128.645 exa-hashes per second are performed by Antminer S19 Pro’s, then the total number of devices is , 69, 00. With each device needing 3250 watts,
110×1012
128.645×1018 = 1 1 5
the total power usage is 1 1, 69, 005 × 3250= 3 8, 00, 75, 00 W8 0 . The annual energy consumption is thereby
. , 00, 75, 00 W 4 hours 65 days 3, 95, 65, 00, 00 W h 3 T W h
3 8 8 0 × 2 × 3 = 3 2 6 0 0 ≈ 3
The estimated minimum annual energy consumption of 33 TWh is close to other estimations from the same day in May; Cambridge Bitcoin Electricity Consumption Index [32] estimated a minimum annual energy consumption of 36.37 TWh. However, the lower bound estimation of Bitcoin is very optimistic and does not accurately portray what mining devices are used. Despite this, a lower bound estimation sets the best-case scenario that can be compared to other consensus mechanisms. The problem with an upper bound (worst-case) estimation of the energy consumption is uncertainty, because there is no information about what kind of mining devices are used in reality. When estimating the annual energy consumption based on the most efficient mining device available, it is at least certain that the actual energy consumption is not less than the lower bound estimation.
From an energy consumption perspective, PoW does not scale well when new miners are joining the network. As shown in Figure 6, the total hash rate in the network is increased when more miners join. The increased hash rate results in faster mining which increases the difficulty. An increase in difficulty increases computational work and energy consumption. Ultimately, the miners upgrade their mining hardware to keep up with the difficulty and the total hash rate is increased again.
Figure 6. The positive feedback loop of energy consumption and difficulty in PoW
4.1.2 Security Analysis
The most prominent attack discussed in PoW is the 51% attack, where 51% of all computational power in the network is owned by an individual or a single group of
individuals. There are two main reasons that make it a security issue. The first reason is the fact that 51% of the computational power decides the consensus and not 51% of the peers.
The second reason is the distribution of power among the peers. Where the ones earning the most can continue to expand their computational power, creating a feedback-loop in which they grow their power, which could be abused. Nonetheless, the major and sole reason that this attack is neglected is the massive cost required to perform the attack. For instance, there has not been any recorded 51% attack on Bitcoin, since such an attack would cost a vast amount of money to upgrade the mining devices.
The fact that Bitcoin has not been 51% attacked can be accredited to the large number of miners. This has made it much harder to control the majority of computational power in the network. The same cannot be said for other less popular PoW applications.
Bitcoin Gold is a cryptocurrency that uses PoW and it has experienced three 51% attacks, one in 2018 and two in early 2020, that resulted in millions of dollars stolen [33].
Ethereum Classic, another cryptocurrency based on PoW, was 51% attacked in early 2019 [34]. Other PoW driven cryptocurrencies have been 51% attacked as well [35].
The constantly increasing computational power [29] invested in Bitcoin has
favoured the network in a way that makes attacks expensive. The increase in computational power can be traced back to multiple reasons, such as the more computational power the more likely to mine blocks and get rewards. Bitcoin attracts more miners due to its popularity and the mining rewards, but there are some side-effects. The ongoing trend is that miners collaborate in large mining pools owned by companies. Currently, the four biggest mining pools for Bitcoin together control more than 51% of the computational power [36] and pose a threat to the decentralization. It is not unforeseeable that these mining pools could create cartels and deny transactions or attack the blockchain.
In contrast to an inter-pool collaborative attack, there have been records of network attacks on mining pool servers. These attacks are possibly motivated by undermining other competitors’ computational power. Furthermore, it is suggested that network attacks on mining pools’ servers are profitable from the perspective of a competitive miner, because the attacker’s share of total hash rate in the network will increase [37].
Another security threat in PoW is the mining hardware. ASICs are the most common hardware used for mining. These chips are specialized in hashing and are more profitable than using GPUs or CPUs which makes them dominating mining hardware. The
issue here is that PoW has increasingly relied on ASICs and on the ASIC manufacturers.
The network is no longer decentralized as the companies who create these hardware hold the power of ensuring security. There is evidence of manufacturers planting backdoors on the devices to be able to turn them off, to decrease the hash rate of the network [19].
Bitcoin Gold [38] is a cryptocurrency that has tried to keep PoW safe from ASICs by redirecting the computational power to the GPUs and creating a decentralized network that is free from ASIC manufacturers. The algorithm used is called Equihash-BTG and it can run on GPUs but not on ASICs because of the high memory requirements. However, this shift to GPUs has led to a security attack. As stated before, the cryptocurrency experienced a 51% attack on multiple occasions [33].
4.2 Proof of Stake
Proof of Stake has been claimed to be more efficient than PoW by reducing energy consumption. However, there are consensus flaws and theoretical attacks.
4.2.1 Energy Consumption Analysis
Calculating the energy consumption of PoS requires a different method than of PoW but a similar best-case estimation can be done. The maintenance of a PoS-driven network can be managed by ordinary personal computers, such as laptops or desktop computers because minting does not have high computational requirements [39]. Since block production is driven by the continuous process of minting, the PoS application is dependent on active and online minters. With this dependency on online minters and the minimum
requirements, the energy consumption can be estimated with some assumptions.
Assumptions are needed due to the lack of information on what computers minters are using. The number of active minters must also be assumed in a way that leads to a
meaningful estimation that is comparable to other consensus mechanisms. Given a feasible average annual energy consumption of a minter and given the number of active minters, a multiplication will relay the total annual energy consumption for the network.
The first assumption needed is the average energy consumption of a minter. In chapter 4.1.1, the minimum energy consumption of Bitcoin is estimated with the
assumption that mining is done with an energy-efficient ASIC. Similar to ASICs, some devices are ideal for minting in PoS. StakeBox sells Raspberry Pi 3B’s that are programmed for staking [40], these devices are ideal for 24/7 usage because they have low energy consumption and meet the hardware requirements for minting. A Raspberry Pi 3B consumes approximately 2.4 watts when active and performing work [41], thereby the annual energy consumption is 2.4W × 24 hours× 365 days= 2 01, 24W h. Based on the same best-case reasoning in chapter 4.1.1, the minters are assumed to use Raspberry Pi 3B for minting.
The second assumption is the total number of minters that are maintaining the network. Assuming large scale maintenance similar to Bitcoin, the calculated energy consumption can be compared fairly. There is no certainty of how many miners are maintaining Bitcoin, partly because the number is changing constantly, but it can be roughly estimated by looking at mining pools such as Poolin. With the help of Poolin live monitor page [42] and the live pool statistics [43], it is possible to calculate how many active miners account for Bitcoin’s total hash rate in the network. This method suggests that there is a linear relationship between active miners in mining pools and the pool’s percentage of the total hash rate. As of third of May 2020, the total active miners in Poolin are 628,911 and the mining pool accounts for 18.0% of the total hash rate in Bitcoin. If 628,911 miners account for 18.0%, assuming a linear relationship, the total number of miners in Bitcoin is: 10018 × 628, 119 = 3 4, 93, 50 9
The linear relationship can be further motivated when looking at another mining pool called Slushpool. As of third of May 2020, there are 172,772 active miners in
Slushpool [44] and the mining pool accounts for 5.0% percent of the total Bitcoin network [43], by using the same method of calculation these numbers suggest that the total number of miners is: 1005 × 172, 727 = 3 4, 55, 40 4
The two different calculations are in approximately 2% disagreement on how many miners are active in the network, the difference of 38,510 between the calculations possibly means that the average miner in Slushpool has better hardware and therefore higher hash rate. The total number of miners is assumed to be the average of these two calculations:
, 74, 95 , 75, 00
2
3,493,950+3,455,440 = 3 4 6 ≈ 3 4 0
If all the assumed 3,475,000 miners migrate to a new PoS driven application with the intent of maintaining the network as minters, and if each of them use one of the most ideal minting devices (Raspberry Pi 3B) that consumes 21,024 Wh annually, the total annual energy consumption would be:
, 75, 00 1, 24 W h 3, 58, 00, 00 W h .073 T W h
3 4 0 × 2 0 = 7 0 4 0 ≈ 0
There are many potential critiques against the assumptions made. One possible critique is that the assumption of the number of minters is exaggerated. In response to that critique there are two factors that need to be acknowledged. Firstly, as in PoW, there is a reward system that incentivizes minters to mint. Secondly, the purchase-barrier of minting is much lower for minters than for miners since minters do not need extra hardware.
4.2.2 Security Analysis
Proof of Stake was introduced as an alternative to PoW as a less energy demanding option.
However, the consensus mechanism has two security flaws: Nothing-at-stake and
Long-range attack. If the minter mints a block that is later discarded, there will not be any rewards [1]. The consensus mechanism only rewards minters and there is no penalization for minting on a wrong chain. Creating valid blocks in PoS is computationally free and does not require a cost until it is accepted to the blockchain because only then the coin age is consumed. This leads to the problem called Nothing-at-stake which is one of the biggest critiques of PoS [1]. In the event of conflicting blocks being added to the blockchain, the chain is forked into two different competing chains. The problem in PoS is that minters have no incentive to decide a chain to continue on. Ultimately it is in their best favour, as shown in Figure 7, to mint blocks on both chains because they will receive rewards regardless of how the fork is solved.
Figure 7. Flowchart that illustrates the consensus flaw of Nothing-at-stake in PoS
Since creating blocks does not require any resources, another problem arises which is called the Long-range attack [6]. In a Long-range attack, the attacker creates a fork, hundreds or thousands of blocks ago, and creates a longer alternative chain that is also valid, but not what the consensus agreed on. Peers who were active before the attack might discover this and discard the new fork, but newcomers to the network that are presented with both chains have no idea about the situation. The new chain can be incorrectly accepted by peers and minters might start minting on it. One of the reasons that Long-range attacks are plausible is due to retired peers. Retired peers are peers that no longer participate in the blockchain and are careless of how their private key is stored.
Attackers can use a set of compromised private keys to execute a Long-range attack. The alarming part is that it does not matter if retired peers have no coins at the time of
compromise, the attacker can use the keys to mint at a moment in block-history when they had coins.
None of these two attacks have been performed in PoS cryptocurrencies, possibly because the value of the network would decrease which is not in the interest of minters.
There is a critique towards the general concept of PoS. The most influential and richest peers have the highest chances to mint blocks and hence become more influential. When exploring the richest peers on popular PoS cryptocurrencies [45]–[48], it is clear that many of these peers are actually owned by few entities which makes it obvious that the popular PoS cryptocurrencies tend to be centralized. The problem is that the total supply of coins is only increased with minting. A peer that owns the majority of the total coins has higher probability of minting, thereby the peer will receive new coins and his share of the total will grow more. Other peers cannot decrease his share of the total coins if the rich peer does not sell his coins. This is a great loss of the decentralization aspect and distributed control that has always been a key property of blockchain.
4.3 Delegated Proof of Stake
The concept of DPoS is that the maintenance and authority to produce blocks is delegated to few elected peers. The elected block producers take turns to produce blocks and
therefore, each block is worked by one peer only.
4.3.1 Energy Consumption Analysis
Looking at the most popular DPoS-driven cryptocurrency EOS, the block producer GenerEOS discloses in an article [49] that the EOS block producers consumes on average 1.8 kW. In the EOS network there are 21 elected block producers that have the authority to produce blocks while many other block producers with less vote are in standby. GenerEOS, in the same article, estimated a total energy consumption from all block producers in EOS.
The number of block producers accounted for was 74, of which 21 block producers were elected and 53 were in standby. The energy consumption from 74 block producers, with an average of 1.8 kW per block producer, yields an annual energy consumption of:
. .8 kW 4 4h 65 days .0012 T W h
1 × 7 × 2 × 3 ≈ 0
EOSauthority is another block producer that has provided a total energy
consumption calculation for EOS block producers. The calculation is based on an average
block producer consumption of 15.7625 MWh, ~1.8kW, annually and with a total of 80 block producers [50]. The total energy consumption from 80 block producers with an average annual consumption of 15.7625 MWh is: 8 × 10 5.7625 MW h≈ 0.0013 T W h.
The difference in number of block producers between GenerEOS and EOSauthority can possibly be due to the number of block producers in standby has increased since the calculation from generEOS. There is no information on exactly how many standby block producers are active and running, but the calculations from GenerEOS and EOSauthority suggests that the number of active block producers is rising. Assuming that close to 100 block producers are constantly running for a year, with an average of 1.8kW annual consumption, it would yield an energy consumption close to:
. 00 4 65 .8kW .0016 T W h 1 × 2 × 3 × 1 ≈ 0
Another important aspect of DPoS is the continuous voting process where all peers are advocated to participate. The incentive is, as with any election, to contribute with your opinion regularly. There are no exact guidelines on how often a peer should vote, but the key feature of DPoS is that peers that vote do not have to stay online. This makes the energy consumption from voting negligible compared to the consumption from block production, regardless of how often peers vote.
The important attribute of DPoS is how the energy consumption scales in relation to the number of peers in the network. Peers are not competing to create the next block;
each block is created by a block producer according to the schedule. DPoS does not require all peers to be online, because block creation and consensus is driven by the block
producers. This is why as more peers join the energy consumption does not increase linearly. All work is done by the block producers and that is why the estimated energy consumption is dependent on the number of block producers, not the size of the network.
4.3.2 Security Analysis
In late 2019, a public block producer called EOS New York, disclosed on Twitter that six registered block producers were actually owned by the same entity [51]. These block producers were quickly voted out by the peers after the discovery. This illustrates the core
issue of delegating authority in DPoS. Distributed consensus would not exist if the entity was elected with five more block producers, because that would result in a majority among the twenty-one elected block producers in EOS. Another way of reasoning; if five other block producers were owned by another entity, it would be in the interest of the entities to work together and maintain majority. The reward that block producers receive strongly motivates them to maintain their status. The majority of block producers in EOS [52] are non-anonymous public organizations that can be targeted. Similar to how competitors attack each other in PoW, it is not unexpected that block producers will maintain their status as elected by sabotaging other block producers' operationality.
As mentioned above, the discovery by EOS New York was quickly resolved. The question remains, what would happen if no one discovered it? The block producers would probably still be receiving votes from peers. This is an argument of how DPoS is relying on external information and consequently fails to fully guarantee security as a consensus mechanism.
When looking at the voting statistics for the popular DPoS application EOS [53], the most influential actors are the exchange companies such as Bitfinex, Huobi, Newdex and Whalex. Together with the other top 20 richest peers in the network, these elite actors control the majority of the voting power. The centralized voting power will dictate who will become block producers. The election does not represent a true majority of peers. Steem, another application that uses DPoS, experienced an incident due to the centralized voting power. The owner of the Steemit social network used votes from several exchanges to outvote multiple block producers and choose new ones [54]. Effectively there was no consensus and the ledger was controlled by one person.
