Editor’s Note: In a longer read, Viraj Ananth explains how the existing regime of regulations for Cryptocurrency Mining Pools is inadequate.
Viraj Ananth is a third-year student at NLSIU. He currently serves as the Deputy Chief Editor of the Indian Journal of Law and Technology and is the Founding Editor of The Boardroom Lawyer. He has served as an invited member of the Karnataka Government’s Consultation Team on Innovation and Regulatory Sandboxes where he co-authored the Karnataka Innovation Authority Bill, 2018.
Cryptocurrencies (“CCs”) have gained wide acceptance and popularity as a common medium of exchange, largely due to their decentralised nature, which runs in stark contrast to traditional mediums of exchange. Most popular CCs utilise Blockchain technology and serve as distributed, decentralized ledgers, with transactions taking place directly between users (or nodes) and without the presence of an intermediary. The absence of a centralized entity makes the system trustless, such that users no longer need to rely on or trust a central entity which has the power to prioritize its own interests over that of its users. This decentralized nature also guarantees the authenticity of transactions and prevents flaws from entering into the permanent record.
Lately, there have been numerous reports of attacks on major CCs, most notably the attacks on ZenCash and Bitcoin Gold, causing significant losses to users. Such attacks are an unfortunate consequence of the widespread proliferation of mining pools in recent times, and accordingly, the increasing centralization of power in the hands of such pools. The term ‘mining pool’ refers to a group of people who mine a particular CC, i.e. who pool together their computational power over a network and in turn, share profits upon successfully verifying a particular transaction in a CC network.
What is ‘Mining’ and ‘Proof-of-Work’?
Mining is the process by which CC transactions are confirmed, using a distributed consensus system or proof-of-work (“POW”). Each miner in the network independently attempts to verify an incoming transaction and creates a bblock uponsolving the CC’s POW algorithm. Once a block is created, the same is notified to the rest of the network of miners for verification. Such verification entails repeatedly altering the block’s field value (or nonce) and cryptographically hashingthe same to obtain a value equal to or less than the mathematically necessary threshold (or target).
Once such value is reached, the block is accepted as valid and added to the blockchain. This process of altering the nonce is completely random and involves making guesses of numerical inputs until the desired hashed output value is obtained. Upon successfully mining a block, miners are rewarded with a unit of the concerned CC, and mining thus essentially amounts to a race between miners to mine blocks first. Accordingly, the hash rate, or in simpler terms, the number of guesses that can be made per unit time, is determinative of the success of a miner, and is, in turn, determined by the computational power utilized by the miner.
The structural set-up of POW CC mining is hence such that large computational power is required to mine quickly, and vast amounts of electricity are needed to support such computing. This has made the process largely inviable for individual miners, and contributes to the growing trend of such individuals joining mining pools. This trend has become particularly concerning in recent times, with the overall hash rate of numerous pools, such as GHash.io, for example, reaching uncomfortably close to 50%, which would de-facto render the CC centralised. Accordingly, any such entity would be able to exercise significant undue influence over the network.
Why is Centralisation Problematic?
Centralization hits at the heart of the principles and assumptions on which POW CCs are founded, and correspondingly, has wide-ranging consequences. In POW CCs, honest miners may generate one chain of legitimate blocks and dishonest miners may, at the same time, generate a parallel chain of fraudulent blocks. Since POW CCs operate on the principle of longest chain and on the assumption that majority of computational power is controlled by honest nodes, the chain to which the most computational power is dedicated, or the longest chain, is assumed to be the legitimate one. Therefore, as per the POW adjudication rule, the shorter (and in this case, honest) chains are pruned.
The malicious actors, who possesses more centralized power than the rest of the miners, are able to flood their private chain with fraudulent blocks, and pass off their corrupt but longer chain as the legitimate, public one. Accordingly, the malicious actor can spend his CCs but refrain from recording any such transactions in the fraudulent chain, essentially allowing the actor to double-spend.
The malicious actors may even prevent new transactions from getting confirmed and added to the blockchain, effectively monopolizing the mining of any new blocks, and claiming all rewards for themselves. Overly centralized pools may exercise unwarranted influence on the system in numerous other, indirect ways. For example, they may exercise lobbying power, essentially refusing to mine and stalling the entire network until they are paid high transaction fees. If any case, even if we assume that all mining pools are not subsumed with malicious intent, merely the risk of an attack jeopardises the absolute stability of the network, which is the distinguishing factor of CCs, and consequently, such centralisation calls for regulation.
A solution commonly proposed is that of mandating miners to sign off on blocks with their public key and programming the network such that it will not accept simultaneous blocks from the same miner. However, this solution is largely fallacious for two reasons: first, there is no certain manner of preventing the same miner from acquiring numerous keys, as a centralized mechanism will be required to keep track of the same. Second, even if every miner in a pool is uniquely registered, it is unlikely that subsequent blocks will be successfully mined by the same individual miner. Accordingly, unless the mining pool itself is given a unique identifier, which applies uniformly to all miners in the pool, mandating individual registration of and signing with public keys would be futile.
Following the 51% attack on the HorizenCC, it released a white paper, introducing the concept of fork acceptance delay. The magnitude of this ‘delay’ is determined by the amount of time that has passed between the adoption of the current public chain and the introduction of the new (and in our case, malicious) chain. Using a mathematical function, such lapse in time is translated into an additional number of blocks that must be mined on the malicious chain for it to be accepted as legitimate. Accordingly, the fraudulent miner is required to spend greater resources to successfully execute his attack and legitimate miners are given more time to address the malicious chain prior to its final adoption.
The centralization problem may also be addressed by transitioning from CCs based on the POW algorithm to the proof-of-stake (“POS”) algorithm. In POS based CCs, the probability of selection of a node for validation of a transaction is dependent on the amount of stake held by the node in that particular CC. As a result, nodes are not expected to behave in a manner that would devalue the CC and their stake in the same. However, this would still not completely crop out the problem, especially in cases where malicious actors are able to offset the loss in value of their stake but sufficiently double-spending, for example.
This issue (popularly known as ‘Nothing at Stake’) is exactly what the Ethereum team sought to tackle through the introduction of the Casper protocol. As per this protocol, nodes seeking to validate transactions must stake a certain amount of their CC, as a form of security deposit. In case the validator acts maliciously, by unduly delaying a validation, for example, the new algorithm would penalize them by automatically slashing such stake. Accordingly, a move to POS based CCs, with such appropriate security protocols, may be the answer to the worrisome centralization of power in the hands of POW CC mining pools.
Nonetheless, if all else fails, countries seeking to protect their citizens may be forced to resort to the unorthodox Chinese approach of charging significantly higher tariffs on, and restricting the sale of, electrical power to increasingly centralised mining pools, essentially restricting the computational power of such pools.
POW CCs are structured such that they incentivise centralization of power, and this runs in stark contradistinction to Satoshi Nakamoto’s vision of eradicating the very same enemy. As pools continue to accumulate the coins awarded for mining successfully, they are able to purchase more sophisticated mining equipment, further cementing their position. Harnessing increasingly sophisticated equipment also reduces the number of malicious individual actors required to execute an attack. The consequences of such centralisation are hence wide-ranging and hit at the promises of absolute stability and security of such systems, which have attracted millions of users globally.
Looking ahead, there are clearly no easy answers. Traditional forms of regulation have a high propensity to fail in the context of POW CCs simply due to the decentralized nature of the same, ironically, the very same nature originally touted as the all-encompassing solution. Even if one country outright bans the involvement with mining pools, it will only (if at all) restrict individuals from that country. Mining pools would, by and large, still flourish and wield as much centralization power. Accordingly, an answer either lies in a collated international response, or in the technology itself, through a move to POS CCs.