Friday, August 15, 2014

Thoughts on Delegated Proof of Stake and Bitshares

Today at Decentral.Bangtown meetup we had Max Wright and Dan Larimar introduce us to the concept of the Delegated Proof of Stake (DPOS), how it compares to Bitcoin's Proof of Work, and DPOS' first implementation as a part of the BitShares platform. We were encouraged to try finding problems with the protocol, but due to time constraints we weren't able to address all of the issues. So I figured - why not write my thoughts down and let everyone discuss whether they are valid concerns or not.

Coin distribution


During the presentation, we discussed how proof of stake and proof of work secure the network from 51% attacks through different means. I wanted to point out however, that proof of work has another very important function that proof of stake can't fulfil as well - initial coin distribution.

Say Bitcoin started initially with only PoS. Satoshi got the first 50BTC. After that, he owned 100% of the network. He would get the next block, and the next block, and the next block, since at all times he would own 100% of the coins. But even saying that he was generous and gave away all of his coins to a number of people, those people would own the entire network. The rich would get richer, and the poor would get poorer.

There are ways around this problem. Some coins use a hybrid PoS/PoW model, some switch from PoW to PoS after some time, etc. BitShares distributed their initial coins by selling them at a regular interval, Counterparty used Proof of Burn for issuing currency. That's all well and good, but neither BitShares nor Counterparty would've been able to accomplish their model effectively if they were not building atop of what Bitcoin and previous network have done. Satoshi couldn't have sold his initial coins for money without sacrificing his anonymity in a pre-Bitcoin world.

As long as the initial PoS currency distribution is fair (however fair would be defined), there isn't an issue. However, a lot of people can disagree what a fair distribution is and whether the initial distribution was in fact fair...

Paying for mining


Another issue raised was that mining creates a lot of cost for the Bitcoin network. Since miners earn 25BTC every 10 minutes, in order to cover their costs they will most likely need to sell those 25BTC at an exchange to get fiat to pay their bills. This means that unless there is a new buy order for 25BTC every 10 minutes, the price of bitcoins will be going down due to that constant pressure.

In my opinion we should also consider the flip side of this issue - the labour theory of value (the value of a good is determined by how expensive it is to produce it). In other words, since it costs miners X to mine 1BTC, they will not sell their bitcoins for less than X/BTC. Provided the miners have enough patience to wait for their bitcoins to be sold at that price, the cheaper coins will be bought up until there are none below the miners' price, therefore the market would have to eventually increase the price.

DDOS on delegates


As it was explained during the presentation, DPOS operates by the network electing a pool of delegates to secure the network. For BitShares, that pool is 101 delegates. If a delegate does not perform their duties (mining blocks when it's their turn), they are kicked out of the pool of delegates and a new delegate is chosen to replace them.

This leaves a lot of room for attack on a small number of nodes. Since most delegates probably won't have a state of the art computing centre to protect themselves, they will be vulnerable to DDOS attacks, among other things. If someone was determined to disrupt the confidence in the network, they would only need to go after the delegates once by one and take their machines out of the network. Of course the delegate pool would reshuffle each time with new delegates, but if good agents are taken out on a regular basis and bad agents have a chance to replace them, it would be possible to have a disproportionate amount of bad agents disrupting the network.

Since the delegates are also supposed to be transparent public figures in the space, they would be vulnerable to a lot more attacks like the rubber-hose cryptoanalysis.

Margin delegate coercion


BitShares has a pool of 101 delegates. Delegate number 101 earns 1/101 of all fees from the network. Delegate number 102 earns nothing. Such steep drop off  can be a dangerous thing.

The situation is similar to the problem of match fixing in professional sumo, as described by Steven Levitt in Freakonomics.

Essentially, the issue boils down to this - if you are at a borderline between winning and getting everything, or losing and getting nothing, you are more likely to cut a deal with someone and secure your winnings through generally frowned upon measures, such as match fixing.

Now lets say I owned a few percent of BitShares, say, 5%, and the delegate 101 has 80% approval. I can approach anyone with 75% approval, or in some cases even 70%, and cut them a deal - you pay me 50% of your earnings, and I will give you that mining spot. I remove the votes from delegate 101 and lower, add my votes to my chosen delegates 102 and up, and I control them, at least as much as they are willing to give up for the slice of the mining pie.

I don't even need votes to bring some people down. Spreading rumours is easy on the Internet, and since most people don't fact check and act impulsively, it wouldn't be too hard to remove some marginal delegates from their ranks.

Some people just want to watch the fees burn

With proof of work, the incentive for a miner is simple - they want to have as much computing power to earn as much fees and block rewards as possible. If you want more computing power - you need to spend more money, simple enough. With DPOS, each miner wants to win as many votes as are needed so they would stay in the pool of 101 delegates so they can earn as much fees and block rewards as possible. To do that, they need to be appealing to people with a lot of votes - not the average system users, but the big hoarders with big pockets.

Asides cutting some direct deals with the hoarders, the delegates can also change the transaction fees. From what I understand, each delegate can set how high the transaction fees are, and how much of those fees is burned. By lowering the fees, you appeal to the users that transact more, making it cheaper for them to operate. If you increase the amount of fees burned, you essentially give everyone holding the remaining shares the fee in proportion of how much shares they own by decreasing the money supply.

If delegates would be incentivised to appeal to the users of the system, they would keep the fees low and the burn rates high. However, since they are appealing to the hoarders, they would want to keep the fees high while keeping the burn rates high as well. Unless the system users own the majority of the shares, they will likely be paying more and the money will end up mainly in the pockets of the wealthy minority.

Malicious wallets and services


At the moment there is only one wallet for Bitshares to the best of my knowledge. If the system catches on, we can expect a lot of alternative implementations. We'll see our Blockchains, Hives, Pheevas, or even a fair share of shared ewallets.

Now, since each share in the system is a vote, whoever has access to those shares controls the network. If someone created a malicious wallet that could be used in manipulating who is the delegate, they could have a lot of leverage in the system.

Similarly, big services with big wallets, like say, exchanges and JustDice-like gambling sites would have a large sway over the network. It might be all good if we're dealing with Bitstamps, but what if we're dealing with the MtGoxes of the world?

BitShares and lack of Gateway incentives

I recently started comparing a lot of Crypto 2.0 platforms against one another, only to find that few of them have built-in incentive for Gateways. In my opinion, having such things in the system is essential. From what I understand, instead of allowing you to create any asset on the system, BitShares allows you to lock in your price with futures contracts. This is all well and good if you want to keep the value, but don't really want the underlying asset, which is good for price speculation, but not actual use. This reminds me a lot of what Locks did - "locking" your bitcoin value to a specific asset only so you can later redeem it as bitcoins in the amount proportional to the exchange rate in the future. So if I want 1 gram of gold worth of bitcoins a year from now, I pay 1 gram of gold worth of bitcoins right now and later get the appropriate amount of bitcoins. But, what if I want to get gold instead? Well, I'm out of luck. More on that discussion here.

Conclusions


So in conclusion - DPOS is an interesting idea and it's definitely an improvement on POS, but it's by no means perfect. The pool of delegates appears to be the most vulnerable area of manipulation or attack. Too much power over the delegates lies in the hands of the richer part of the network, and their incentives don't necessarily align with the most active users of the network.
Previous Post
Next Post

0 comments: