In our last piece on setting forth a definition for what a blockchain is, we briefly explored the concept of a permissionless trust model versus a permissioned trust model. We initially looked at a simple breakdown of four broad categories of consensus protocols, as shown in the chart below.
Permissionless vs Permissioned
Explicit Token HashCash / Proof of Work / Proof of Stake
No Explicit Token *Magic* Organization as a Blockchain
Keeping in mind that we’re only looking at the consensus portion of the larger picture, let’s quickly summarize what each of these look like before diving into pros and cons.
In order to contribute to the processing of transactions and have your ‘vote’ counted, you do not need a previous relationship with the ledger, and your vote does not depend on having a prior identity of any kind within the ledger.
Transactions are validated and processed by those who are already recognized by the ledger. Your vote counts proportionally against everyone else’s, based on the specific rules of the ledger.
HASHCHASH / PROOF OF WORK (POW)
This is the mining model Bitcoin uses. The basic overview is that the network participants agree that the fork with the lengthiest proof of work behind it at a given time is deemed the correct fork.
This proof of work is a probabilistic proof that a given amount of computation has been put behind a chain of blocks, leading back to a hardcoded genesis block. Assuming >51% of this computational power is acting in good faith (although it’s more complicated than just that), you can assume the current state of the ledger is valid.
We use the word ‘Permissionless’ to describe this model because there is no need to register in any way before providing computational power toward extending the blockchain, and you do not need to have an entry in the ledger before doing so.
We can also think of this as being an external security model. As we allow anyone to provide hashing power to the network, we depend on actors external to the network to validate and include transactions in mined blocks. In return, successfully finding a block is rewarded with tokens on the ledger.
PROOF OF STAKE (POS)
On the other hand, PoS derives its consensus from nodes that already have membership status in the network. Assuming a sufficient proportion of nodes (weighted by stake) is acting in good faith, you can be assured the current state of the ledger is valid.
We call this a ‘Permissioned’ model due to the fact that you must first be acknowledged by the network before you can contribute to validating blocks and updating the ledger. This “permission” can result from purchasing tokens or can be a representation of an agreement in the outside world.
Likewise, this form of protocol can be thought of as having an internal security model for the same reasons. We rely on consensus coming internally from existing actors in the network, and weight their vote based on their share of the tokens in the network. In return for acting in good faith, we reward honest validators with tokens on the ledger, much as PoW blockchains reward miners.
ORGANIZATION AS A BLOCKCHAIN
The way we see this concept playing out is that we would use the same technology as we do for Proof of Stake, but instead of validators being weighted based on their balance in the system, validators are weighted based on their ownership share of the company or organization.
Customers of that business would be (in the background) interacting with the blockchain that business is built upon, even if they are unaware they are technically using a very specialized cryptocurrency to do so.
Tokens would be assigned to those involved in the company to independently act as validators for the company as it conducts business on its built-to-purpose blockchain.
People can be added or removed from the ownership list based on predefined rules in the built-to-purpose blockchain, allowing membership to change dynamically based on real-world changes in the organization.
This category is one that doesn't make any sense. I've written quite a bit about why that is, so I won't go into detail here. The important summary is that it’s impossible to come to a distributed consensus without some form of incentive in place.
While usually claimed as a feature of permissionless protocols, privacy provided by any of these systems is out of the scope of this article. Any privacy assurance would be handled at a different layer of the stack than the consensus protocol and requires as much a lifestyle change as it is a technology choice.
At any rate, the arms race in datamining versus obscuring transaction history hasn't really taken off yet, and it’s unlikely that most current cryptocurrency users have effectively unlinked their identity from their transaction history at this point in time.
Of course, all of this so far is (high level) implementation details. It tells us nothing about what the pros and cons these implementation choices have on the end system or end users.
Naturally, all these systems aim to prevent blockchain forks, but all accept different costs and limitations in pursuit of that goal.
Proof of Work
At a basic level, the original design goal of permissionless consensus networks is to avoid censorship and counterparty exposure, while allowing open membership globally. This is accomplished under the assumption that more than half the hashing power putting resources into lengthening the blockchain is acting honestly and not censoring transactions or attempting to double spend.
While we still have yet to see how these incentives will play out in the long run, current permissionless networks appear to be achieving those goals, albeit at a high cost. As your only method of recourse against a rogue miner is to withhold the block reward, your payment for security must necessarily, at best, equal your punishment to defecting validator nodes.
This additionally comes with the ecosystem expense that you are only able to safely support one major blockchain offering per distinct hashing algorithm (a bit more complicated than that actually), and your hashing network must be large enough to fend off any attacking network.
Merge mining is usually sold as a panacea to this issue; however, it’s more complicated than that. It is true that if you convince a sufficient percentage of existing hash power to point it at your blockchain as well, the cost of an outsider to attack your network rises, but it also increases the difficulty in starting your network in the first place. Merged mining also allows for costless attacks against your blockchain if there’s any reason for a pool owner or current miners to dislike your project. We have seen this happen in the Bitcoin world, where a prominent hashing pool pointed their pool’s hashing power at an alt-chain in order to maliciously hard fork it.
Distribution of the tokens generally happens via inflation, as a reward to the nodes that find valid blocks. This depoliticizes the distribution method to a degree, as there isn’t a central organization collecting the resources expended, rather money is spent in the outside world on electricity, hardware, and hosting and being compensated with tokens in exchange.
Proof of Stake
Proof of Stake consensus is also censorship resistant and counterparty risk, under similar conditions to Proof of Work. However, the conditions then rest on the nodes themselves to be sufficiently distributed and not susceptible to outside influence.
Costs to secure the network can be greatly reduced to network participants as the only computational work needed to be performed by validator nodes is to validate transactions, rather than requiring hashing power to mark a block as valid. While you can still pay out block rewards to validators, there is less need to so heavily subsidize validator nodes.
The fact that validator nodes are already present in the ledger allows you to decouple the reward for maintaining consensus from the punishment for defecting. Unlike Proof of Work, you can simply reward nodes for the processing power they contribute and the opportunity cost of tying up resources, while the punishment for defecting can be a significant portion of their bonded stake.
A Proof of Stake system requires that tokens be distributed before the network can go live. This is traditionally done through a presale (annoyingly called an IPO by many), but the initial distribution can be chosen in a wide variety of ways. In general, the proceeds go to the group who created the cryptocurrency in the first place, generally intended to fund future development efforts.
The explicit tradeoff here is that you lose much of the ability to bootstrap the distribution process via the mining mechanism, but you gain the ability to gain the ability to have multiple, coexisting networks that utilize the same consensus method without worrying about larger game theory issues or requiring that you ask permission of an existing mining network.
An additional tradeoff not present in Proof of Work blockchains is there are certain long range attacks that can be performed against a) users that only update very infrequently, b) if an attacker gains a majority share of private keys sometime in the past, and c) if they are vulnerable to a Sybil attack from that attacker. This can be solved at a practical level by either syncing to the network periodically or confirming a recent valid state out of band. In practice, this is a much lower bar of security to meet than sourcing a non-malicious client binary.
ORGANIZATION AS A BLOCKCHAIN
An organization that exposes its services as a built-to-purpose blockchain can decide for itself exactly what its censorship policy is, what tokens can be deposited on its platform, and how it interacts with the outside world.
As censorship is handled on a more case by case basis, you’re relying on at least one option for a given good or service to accept your payments, rather than censorship being a global, binary state.
An Organization as a Blockchain wouldn’t generally have a token given to end users (ignoring things such as in-game currencies or rewards points) as any funds used in this system would be deposited from an external ledger. So, the only aspect that needs to be distributed before the network can begin working are the permissions to be a validator. This would likely be decided based on ownership share or similar.
As the validating nodes are inherently trusted by the organization, and by proxy end users for the duration of the relationship, private data can ostensibly be accepted and shared as necessary to conduct business, while not exposing the data to those who aren’t authorized to view it.
This also allows for relatively uninhibited scalability, as your end users will rarely need information that isn’t specifically related to their account, even if you technically allow them to access the full information on your chain. This also does not preclude you from providing cryptographic proof of solvency and transparency that you’re operating your service according to the set upon rules, allowing for minimal trust when using a given provider.
In theory, this could be run on Proof of Work consensus instead, but you would need to convince a sufficient quorum of miners to merge mine on your blockchain. Other options include running as much of the core business logic on a blockchain where this flexibility is built in, such as ethereum, which may be appropriate for your use case. You also lose out on the scalability and privacy benefits of leaving open the possibility of not replicating the full ledger to end users.
The cost for transaction on such a network depends wholly on the price of the service offered by the company, rather than being more fundamentally tied to the cost of maintaining the underlying protocol, much like traditional server based web services today.
Each of these models has fairly distinct tradeoffs that are made available to those building on top of them, and will all likely find use in the coming months and years.
If you need to bypass government currency controls today, use Bitcoin, assuming you can onboard. If you want more frictionless ways to spend USD/GBP/EUR/etc, come back in 12 months once more of the ecosystem has been polished up. If you want to crowdsource an entire business, build it into a blockchain and let the protocol enforce your agreements.
If you have an compelling idea for a new token-based ledger, you’re willing to subisidize miners through inflation, and you can convince the large hashing pools to legitimately merge mine on your chain, built it into a Proof of Work chain. The bitcoin.it wiki will walk you through the process. If any of those properties don’t hold, build it on top of one of the newer Proof of Stake protocols and figure out an initial distribution process.
The important thing to keep in mind is that blockchains are as much a social experiment as they are a technical experiment, and this leads to unintuitive and surprising emergence as things play out in the real world.
We saw this in Bitcoin Proof of Work mining over the past several years as the incentives to centralize mining operations became clear, and as the community realized the network would not be able to handle micropayments as usage grew. We are sure to find additional surprises as Proof of Stake and intercommunicating blockchains rise in prominence and usage.
Anyone who claims to know exactly how this will play out as these systems grow and evolve is selling their own book rather than providing insight. The real answer is that a variety of tools are being experimented with and built up as we speak, and it will come down to using the right tool for the job for a given use case. There is no silver bullet.