Ugh. He completely misunderstands what PoW (or PoS) are for. The <i>entire point</i> of PoW is deciding between two valid & correct blockchain states.<p>Alice owns a bitcoin. Alice validly signs a transaction transferring that bitcoin to Bob. Alice also validly signs a transaction transferring that same bitcoin to Charles.<p>WHICH IS CORRECT? Neither is a forgery. Both signatures are valid. If Dave downloads the blockchain, or receives both transactions, he can't just look at them and determine one of them is fake. Neither is fake. He needs a way of arbitrating who actually has the bitcoin now - Bob or Charles.<p>PoW is that arbitration process. Dave looks at the competing blockchains (one with Bob having received it, and one with Charles having received it) and can trust that everyone in the world will respect the chain with greater PoW behind it.<p>Paul's system has no way of addressing this other than "trust the central authority to process transactions in the order they receive them". Thanks, pal, that's called e-cash, and was invented by David Chaum in 1983.
The catch is at the end: "There are some downsides to losing decentralized consensus. A ledger-backed service could manipulate the order in which it handles requests, or reject some requests altogether, and clients would have a hard time proving it." Calling that a "secure ledger" is kind of a stretch.
Security can be extremely simple and efficient when you just have to trust a third party. The author is describing Linked Timestamping [1], which has been detailed since the early 90's.<p>Removing the need for trust is what takes all the energy.<p>[1] <a href="https://en.wikipedia.org/wiki/Linked_timestamping" rel="nofollow">https://en.wikipedia.org/wiki/Linked_timestamping</a>
It's fun to see this here after I've just spent some of the afternoon 'pitching' 'Centralised Ledger Technology'. Single source of truth, verifiable, secure, permissioned, efficient, scalable, the advertising copy writes itself (or would if you needed it to, rather than just taking any of the copy from hyperledger or simlar and fixing it up a bit). Any of the people selling private block chain solutions will generally tell you that there needs to be a strong political actor within a 'business network' that can insist on the use of the distributed ledger. The truth of course is that Mr Car Loader or Mr Fruit Picker who is lent on to run a node on the distributed ledger really couldn't care less about whether they are verifying other peoples transactions or not, they'd be just as happy with a web site that they fill the details in, or a signed email system. Indeed, they might ask - why should I be expected to run computation to secure bits of the value chain I never see, I just care about confirming what I've received and what I've passed on, and I can do that by digitally signing a transfer note.<p>I don't particularly think that using a central secure ledger is surprising or new, but I do think that politically the furor around DLT (and who knows, maybe one day CLT too) has provided us with a fantastic political opportunity to actually fix some of the horrendousness in financial software systems.<p>To my mind, even if the relevant technological change is pretty minor or nonexistent, this is an opportunity for us to replace a bunch of miserable systems duct taped together with more modern systems that have externally accessible APIs baked in from the start.
So if there is no proof of work how do you avoid forks? The author says something about splits being detectable but that doesn't really help us decide on which side of the split is correct.
I would agree that <i>many</i> use cases that imply a distributed ledger, do not need a proof-of-work.<p>Perhaps cryptocurrency still need it, but not many of the 'non-cryptocurrency' use cases.<p>My argument is centered around a following nuance:<p>If the use case allows to assume that 'originator' of a particular event is trusted, then the distribution of that event across multiple untrusted servers/access points, <i>does not</i> require a proof-of-work.<p>The example of how this works is explained in paper
"
Balloon: A Forward-Secure Append-Only Persistent Authenticated Data Structure<p>by Tobias Pulls and Roel Peeters<p>Abstract: We present Balloon, a forward-secure append-only persistent authenticated data structure. Balloon is designed for an initially trusted author that generates events to be stored in a data structure (the Balloon) kept by an untrusted server, and clients that query this server for events intended for them based on keys and snapshots.<p>"
<a href="https://eprint.iacr.org/2015/007" rel="nofollow">https://eprint.iacr.org/2015/007</a>
The author apparently doesn't understand sh&t about the computer science
background of blockchain, since he constantly throws "decentralized consensus"
term to mean as a wrong thing. Blockchain does not do that (consensus problem,
as stated by computer science, requires the protocol to actually terminate
with an output; then, Lamport et al. in their original paper over thirty years
ago <i>proved</i> an impossibility theorem that blockchain would break if it was
solving the stated consensus problem).<p>All that blockchain does is to timestamp documents (transactions), the
purpose of which is to tell which of the two documents was earlier. Then, the
only purpose of proof of work and its derivatives is to artificially slow down
signing the documents (transactions), so everybody would have about the same
processing speed. This single assumption (that no single entity has computing
power comparable to a significant portion of all the others combined) is what
allows to choose longer chain in the case of double-spend incidents. When this
one breaks, the whole protocol breaks.<p>There are also other dumb ideas, like that "blockchain is supposed to have
a single linear history of transactions". It's not. It would if there was only
one party that issues the transactions, so of every two transactions one would
be marked as earlier than the other. It's wrong, since there can be
incomparable transactions (usually concerning unrelated wallets).<p>> With proof-of-work, you can have multiple computers make additions to a blockchain without having them trust each other. That’s decentralized consensus.<p>No. That's distributed timestamping. Again, consensus is totally different
problem (and well-defined at that), but author apparently doesn't know that.<p>> Instead of a network of miners, you use a single host. That host maintains a secure ledger which contains the host state and its activity log, including all requests and their results. That ledger is then published for clients to actively sync and monitor.<p>Congratulations, you have developed a centralized timestamping service and you
have discovered that centralized service is functionally equivalent to
a distributed one. Mind you, you're not the first to think about those.
>it would be profitable for Bitcoin miners to burn through over 24 terawatt-hours of electricity annually<p>So 0.02%[1] of the global per annum energy consumption? <snore> I'll gladly trade that to run an economy without violence and bring financial inclusion to 6 billion unbanked people.<p>[1] 24/109613*100
<a href="https://en.wikipedia.org/wiki/World_energy_consumption" rel="nofollow">https://en.wikipedia.org/wiki/World_energy_consumption</a><p>>Because you don’t need permission to buy hashing power and participate in Bitcoin, there’s no way a “51% attack” can be stopped, except by outbuying your competitors<p>Incorrect, this author doesn't understand the miner<->node relationship. Miners do what users value or else users change the consensus system they value. DoubleSHA256->Script or Equihash etc etc<p>>In Bitcoin, acceptance of a change is signaled by the miners - once some percent of the miners agree, the change is accepted. This means that hashing power is used as a measure of voting power, and so the political system is essentially plutocratic.<p>Incorrect again. The author is mistaking how consensus-level changes, that users want, are coordinated among miners. BIP 9 was a method where users said "we'll wait for you all miners to coordinate amongst yourself a consensus change" which was used to delay. In the future Bitcoin will use BIP 8 which is "Miners prepare to have your old consensus rejected at flag point X or else your blocks will be orphaned.<p>>Bitcoin has been wildly unstable, with controversies and forks happening quarterly.<p>The bitcoin network is stable as a table. Bitcoin can't deny anyone from creating their own fork from consensus. This is a critical feature not bug, to be able to easily exit from the system. It prevents lock in that plague trusted third parties.<p>>I’d explain proof-of-stake here, except that I don’t totally understand it yet.<p>If you don't understand the second most prominent proposal for decentralized consensus, why are you writing a critique about blockchains? PoS is inherently broken from an economic perspective because it is no more "efficient" than PoW. Marginal Cost = Marginal Revenue.<p>If you have an incentive mechanism that says, "Do X and you get Y money" you're going to spend X<Y amount of economic work to get Y money. <a href="http://www.truthcoin.info/blog/pow-cheapest/" rel="nofollow">http://www.truthcoin.info/blog/pow-cheapest/</a><p>PoW = destroy X value in fiat space to gain Y value in Bitcoin space
PoS = destroy X value in Ethereum-PoS space (via TVoM, meat-space work) to gain Y value in Ethereum-PoS<p>The value in PoW is that it's very hard to 'more efficiently' consume electricity than your competitor. All that PoS does is push that wasted work into hidden area or human space.<p>>Instead of a network of miners, you use a single host. That host maintains a secure ledger which contains the host state and its activity log, including all requests and their results. That ledger is then published for clients to actively sync and monitor.<p>Ah, So digicash. Which when it went out of business the market died because there was no coordinator any more to check double spends. Let's assume that the business never can go out of business. If I want to destroy the network, I can compromise one system and control the entire state of the database. Ok let's assume the system is uncompromisible. Oops the state just censored your 'secure' ledger because someone did something with it that the political class didn't like. "We'll host it in a country with 'just' laws" There is no such thing as "the public good" where all people benefit from a certain action. There will always be winners and losers in any policy decision. Now value is sapped from the system by constantly having to pay lawyers to defend your rights from encroachment by the state.<p>The author is right to question if everyone application needs to run on a blockchain (hint: they don't). But if you need trustless, robust, decentralized, uncensorable state to be agreed on by multiple parties, you're gonna need a blockchain
Straw man. Blockchain consensus algorithms don't only use proof of work. We have proof of stake, delegated proof of stake like LISK, proof of Correctness like Ripple (my personal favorite), and so on.<p>No need for a wasteful arms race just to elect a leader who can be DDOSed.