A Striking Exchange From The Ethereum Core Dev Discussion Of Block Rewards

Today, the Ethereum Core Dev team held a meeting to discuss lowering the block reward given to Ethereum miners. The primary motivations for this seem to be:

  1. The cost to the network in the form of inflation
  2. The environmental impact of energy spent on mining

To their credit, the team invited a number of miners of varying sizes and scales to give their input on the various proposals on the table. One such person was Xin Xu, who represented a large, China-based mining operation. He made this point [1:20:07]:

I want to point out...it’s more of a network security level. I posted a link before in the chat about crypto51.app, which is a website that helps you to calculate how much it costs to actually, do a, do a 51% attack to the network. For Ethereum, it’s not that much. However, why is there no one attacking the Ethereum network?

I think from my perspective, or our study as a whole team, is there isn’t any hashrate you can use in the market to attack the Ethereum network…. So, like there are a lot of people [saying] on the internet, “What if we cut the issuance? How much hashrate will go out?” However, at least to me, it’s not like if you’re going to cut [the block reward from] 3 to 2, only 1/3rd of the hashrate will go out, or maybe we’ll cut the Ethereum network’s security to 2/3rd.

It’s more like now we have 100 soldiers, and that’s all the soldiers we have in the world. But if we cut 40 of them out, then it’s not about if the enemy or the bad people have enough soldiers to attack us. Because before they had 0. Now they have 40.

They have the chance, once they have the capital, they always have the choice to hire those soldiers, or those hash rate, to attack, then. So my major point is, the Ethereum network has been secure or safe to now. It’s not because attacking Ethereum costs too much, it’s simply because now all the hashrates are on the Ethereum network, and no one has extra hashrate to attack it. So even if you have enough money, it’s not going to happen.

The issue he brings up is rather interesting. Essentially, he's arguing that attacking the Ethereum network is difficult today primarily because the world is hardware constrained. There literally aren't enough GPUs for you to buy, or hire, to achieve the hash rate needed to attack.

Thus, when considering the security effect of forcing some percentage of miners off the network, one can't simply look at the hash rate reduction. One also has to consider that a bunch of GPUs suddenly become available for attack that weren't before.

I'd take this a step further and point out that new GPUs will continue to be manufactured. If these are no longer profitable for mining, they won't be bought up for mining, and will become less expensive and more widely available. This makes it significantly easier and cheaper for a would-be attacker to acquire the hardware that would actually be needed to attack the network.

In short, Xin Xu is making the case that considering security to be equivalent to the hash rate is naive. The network hash rate must be put in context of the global supply of GPUs and other mining hardware, and that supply is itself effected by the issuance rate.

To my surprise, no one engaged Xin Xu on his point. In fact, the very next person to speak was Carl L., who had this to say [1:22:14]:

The point I wanted to make was that, going forward, I think we can sort of concern ourselves with the current hashrate and the current miners and their running efficiency. In order to….you know, do we need additional hashrate? Like are we talking about wanting to continue to grow the hashrate? Is that desirable?

In my mind, that’s absolutely not desirable. And in that case, looking at the kind of equipment cost, we want to be discouraging that equipment, that investment in new equipment. And one way to do that is to, you know, to lower the block reward, and that you know, worsens the economic argument for that investment.

In case it wasn't crystal-clear that discouraging investment in mining was an explicit goal, Tim Coulter had this to say [1:25:28].

If people are continuing to invest in mining, then I completely agree that we should de-incentivize that.

As I've said before, I'm rooting for the Ethereum Foundation to achieve it's goal and bring a secure, truly decentralized PoS network into the world, even though I remain skeptical.

While we wait for PoS to materialize, it seems prudent to tread carefully with regards to network security. I was disappointed today that no one engaged Xin Xu on this discussion of the second-order effects a reward reduction might have on hardware availability, and thus network security.

Ethereum, Proof-of-Stake, And The "Free Hard Fork" Problem

This post will outline an issue with the aspiration to move the Ethereum network to full Proof-of-Stake. Vlad Zamfir currently leads one team researching that effort, which is known as Casper "Correct By Construction", or CBC. Previously, a hybrid PoS system called Casper FFG had been planned-- this issue does not apply to such a system. To the extent new plans for a "beacon chain" involve a full PoS system, this issue might apply to said chain. (The technical details of that effort are still unclear to me, so I hesitate to make any pronouncements).

It's worth noting at the outset that it's entirely possible the point laid out in this post has indeed been made before and discussed, perhaps on the boards of ethresear.ch, for example. If it has, then I'll be happy to have someone point me toward that discussion. I've been unable to find it.

Still Nothing At Stake

Simply stated,  the "free hard fork" problem is the "nothing at stake" problem moved up to the level of pre-planned, possibly-contentious hard forks.

 
Proof-of-Steak. Get it!?

Proof-of-Steak. Get it!?

 

Casper CBC aims to solve the nothing at stake issue by slashing validator deposits for bad behavior. To greatly simplify a complex, work-in-progress protocol, the network will take funds from validators who vote on multiple chains. The goal is-- at a minimum-- to recreate the incentive structure of Proof-of-Work.

For the sake of this discussion, let's assume the CBC, or some other research effort, is successful in developing an algorithm that is secure, decentralized, and replicates the incentive structure of PoW within the network.

The issue is, tautologically, the network can only punish you for activity on the network. In a pre-planned hard fork, node software can be programmed to begin validating multiple chains that are invisible to each other at a given block height. The network parameters can simply be changed.

This is important. It means to execute a possibly contentious hard-fork, you don't have to convince miners to dedicate scarce resources (hardware & electricity) to your fork instead of the consensus chain. You need-only to convince validators to run software that will validate your chain in-addition to the consensus chain.

And why shouldn't they? There is no marginal cost to do so. Even if the fork ends up worth a small fraction of the main chain, this is "found money" to the validators.

Stated another way, when a PoW chain hard forks, it is (nearly) guaranteed that one chain will be significantly less secure than the other. In a post-PoS world, you can hard fork and end up with two chains which are equally as secure as the original.

Have we fully considered what that might mean for the ecosystem? Might we be headed down a path that results in a proliferation of Ethereum forks?

Objections

In the next section, I'll enumerate some objections to this point and respond to them. 

Validators won't bother to install and run specific software for hard forks

They probably won't bother to run any old software that purports to create a fork, true. But if a moderately prominent developer or company in the ecosystem decided to hard fork, my guess is a very sizable percentage would. Again, why not? This is found money for very minimal effort.

A parallel can be seen in Dogecoin, which is merge mined with Litecoin. Litecoin miners happily run software that mines both, because they can do so for free. I doubt many care about Dogecoin. But why not take free money?

No one in the ecosystem with any credibility will attempt a contentious hard fork

This is incredibly naive and obviously wrong. In fact, not only is it inevitable that multiple hard forks will eventually be attempted due to pure community disagreement, the ability to hard fork for free also brings up some interesting legal and moral questions.

One example: in a world where it's shown hard forks can be executed with shallow consensus, might Parity have a fiduciary duty to create and champion a hard fork that unlocks customer funds lost in their multi-sig wallet fiasco? Many customers had significant amounts of money lost. If executing a fork can result in even a small percentage of that value being returned, ought they not try to do it?

Validators won't support contentious hard forks because it would hurt the ecosystem, devaluing their investment

This is a silly argument which is clearly false from a game-theoretic perspective. If it were true, Proof-of-Stake would already work in a fully decentralized way, and we wouldn't need efforts like CBC in the first place.

Validators will only run the software the Ethereum Foundation approves

If this is true, then the detractors who claim Ethereum is centralized because of the Foundation's outsized influence are right. We might as well shut the thing down and just let the Ethereum Foundation run some servers for us. It will certainly scale better.

We can find a way to punish validators who vote on other networks

There are a few things that you might mean by this, so let's take them one at a time:

1. A centralized oracle controlled by [some group] will report dishonest validators

Seriously? Just get out!

2. A decentralized oracle, something like an Augur market, will report dishonest validators

Well, I guess this is theoretically possible, but boy, we're adding whole new layers of complexity to the game theory involved-- let alone the technical challenges.

3. We'll use [magic cryptography] to punish validators when they vote on other networks

The idea here would be some form of cryptographic mechanism which would force the validator to reveal some information on the non-consensus chain that could be used by a self interested party on the main-chain to claim a chunk of the validator's stake.

I'm not aware of any mechanism that could accomplish this, but I admit to being far enough out of my league on advanced cryptography to know it's definitely impossible. zkSnarks still feels like magic to me, so maybe it can be done.

OK let's assume you're right. Who cares? Is having lots of forks actually a problem?

This is a good question. I don't know, and the truth is nobody does. It'd be an experiment in game theory at a grand scale, thats for sure.

My instinct tells me that if you make it much easier for a community to fracture, then it will probably fracture. A lot.

Protestantism might be an odd-but-interesting historical analog. Because it made it theologically painless to create a new church, a single splinter off the Roman Catholic Church has subsequently self-divided into 30,000+ unique denominations.

Do we care if that happens? What happens to Ethereum(s) in that case, in a world where Bitcoin and other cryptonetworks also exist?

Basically ¯\_(ツ)_/¯

So...what? I'm not sure. Am I missing something obvious that makes this a non-issue? Maybe! Has this issue been discussed and resolved by folks smarter than me already? Possibly!

Do we just proceed full steam with PoS, recognizing this limitation but hoping it turns out not to matter too much? Well, maybe...but that sure makes me nervous.

I don't have a profound conclusion here. Basically...¯\_(ツ)_/¯