>The only truth that is guaranteed by the recording of a given information on a given blockchain, is that this particular information is written on this particular blockchain.
The second part is that $X worth of real-world resources have been consumed in building this blockchain, so this one blockchain and the particular information inside is worth paying attention to. Whether or not you feel that this resource consumption is worthwhile, it is at least an objective way to stack-rank the proof-of-work blockchains.
So I have this factory that builds objects. Building an object requires $X of energy. Because of a temporary malfunction in the factory, a few of them required 10 times that amount of energy.
Are you saying that these selected objects that were built during the malfunction, and which are otherwise identical to all other objects produced in this factory, are more valuable because of that?
It’s a market. Anyone that spends more than the value of the information they are recording on the blockchain, will eventually be unable to do so, because they’re bankrupt. On a short timeline garbage can be written, but at the limit it should be flushed out.
Believing this necessitate to blindly trust market economy. Market economy is what makes NFT works. It always needs new places to expand to, even if those are entirely virtual. What makes mining profitable for some is not the value of the information stored on the blockchain they're mining for, it purely is speculation.
If the information has no value then surely the market will eventually price the whole chain at $0. The short term is just noise, ‘price discovery’, whatever.
Again, this is true only if you have a complete trust in market economy to make reasonable decisions. I don't. And evidence support that it doesn't always do that (I'm sorry I only have French ressources on this subject).
What’s the alternative? Centrally planned economies lead to people dying, messing with them via regulation hasn’t seemed to help at all, just leads to some financial crisis.
This is not true. The trust you are talking about is the "solidity" of the blockchain, i.e., it's immutability feature, what (supposedly) makes it a trustable source.
But it is not PoW that makes the blockchain immutable. A lot of people are saying that, but they're wrong, I'm sorry.
What actually makes the blockchain immutable is that it is distributed and that it cannot be done to rewrite it's history discretely. People will notice because the hash of the blocks would change.
The same is true for a Git repository. If you have a Git repository that everyone mirrors regularly (so that it is distributed, just like a blockchain), then you can't rewrite it's history without having people notice: the new log will be incompatible with the history they already have all the commits hash will be different.
The only solution would be, in both case, to find entire collision for each block/commit. This is waaaaay more expansive than mining to find new valid hashes for a given blockchain.
You’re talking about the problem after the network has already reached consensus on a block.
Problem is, if you’re downloading new blocks from the blockchain, and you’re getting two sets of history, which one do you pick? With Git, it’s trivial to recreate history differently, albeit with different hashes. With crypto, you pick the chain with more resources put into its creation.
Otherwise, any random person can spin up a hundred Bitcoin nodes and start spoofing the latest transactions pretty easily.
Yes, this is true in a decentralized and adversarial environment. This is exactly the problem that blockchains have been invented for! In such an environment, we do not have solutions to reach "consensus" apart from blockchains.
My point is that apart from cryptocurrencies (where the blockchain is enough because it defines the truth), since you need some form of trusted third-party to make what's written on the blockchain relevant, then you're not in a decentralized and adversarial setting. So you can do things more efficiently, you don't need a blockchain. You don't have to solve the distributed consensus problem.
> But it is not PoW that makes the blockchain immutable. A lot of people are saying that, but they're wrong, I'm sorry.
You are incorrect. The proof of work mechanism is central to ensuring the immutability of the blockchain.
As a concrete example, suppose there are N blocks in the blockchain, and I want to change a transaction in the (N - 2) block. Obviously, this will change the hash of the (N - 1) and N-th blocks, so the decentralized network will not accept this arbitrary change.
However, if I can produce four PoWs corresponding to the new (N - 2), (N - 1), N, and (N + 1)th blocks, then I can convince the network to accept. Of course, I have to produce these four PoWs before the honest users on the network mine the next block at index (N + 1). This is extremely difficult by design. In theory, you would need the majority of the network’s computing power to carry out this attack.
In other words, the security level of the proof of work is directly related to the difficulty in modifying the blockchain.
Okay so now suppose that some one finds a way to break the hash function used in a way that allows to quickly compute partial collisions.
This person is able to mine valid blocks very quickly because they can have a number of zeros at the beginning of their hashes thanks to the vulnerability they found.
So they do what you're saying and rewrite history. In a few minutes, they start with block (N - 10), and rebuild an alternative chain up to block N and then add two new blocks so their version of the chain in longer.
Yes, what is supposed to happen, in theory and according to you, is that their version of the chain will prevail.
What would happen in practice? People would notice. A fork will be decided. Such things have happened with blockchains already, either the community, or worse, the developers, decided against the rogue version to hard switch to the original version. And everyone except the attacker will agree…
So I repeat: the only way to actually modify the recorded history is to do so discretely. And that requires computing full hashes collision. Even for a single one it is much much expensive than mining hundreds if not thousands of blocks.
Another point: if PoW is what guarantees immutability, what about PoS blockchains?
The truth is: PoW and PoS are not immutability mechanisms, they're adversarial distributed consensus mechanisms: i.e., complex ways of selecting someone at random such that no one else can dispute the choice.
> What would happen in practice? People would notice. A fork will be decided.
There's nothing in the Bitcoin protocol that explicitly prevents a longer and valid chain from being accepted. Forks happen every day where miners are competing to construct the longest accepted chain on the network (it's part of the protocol).
However, the difficulty in maliciously changing previous blocks in the Bitcoin blockchain is explicitly parameterized by the security level of the PoW mechanism. There are undergrad CS courses where this analysis is probably a homework problem.
In PoS, immutability is baked into the protocol since the block selection algorithm doesn't explicitly cause forking as it does in PoW based blockchains.
Decentralization creates trust that newly added blocks contain valid transactions, not to ensure that previous blocks don’t change. This is why the finality times of Bitcoin are strictly worse than the finality times of Algorand, or other PoS blockchains. Not because one network is more decentralized than the other, but because Bitcoin’s immutability property is hamstringed by the PoW security level.
EDIT: Anticipating your response requesting citations - here are the lecture notes from the "Foundations of Blockchain Systems" course at the University of Washington, Seattle [1]. From section 3.2, I quote:
"One property of the blockchain is immutability. This means that the chain cannot be changed given the last block in the chain. This is because it is difficult to find a hash of x that is equal to hash of y in computationally feasible time (collision-resistance). We add the qualifier “given the last block” because if we disagree on which is the last block, we may have problems. With distributed mining, there is a possibility of simultaneous mining, however these ties should be resolved quickly with proper tuning of parameters. Therefore, although we may not agree on the last block all of the time, all blocks will lead back to the genesis, starting block, and the large majority of the chain will be in agreement."
This is literally proof of work. I don’t know what else I can do to explain that Bitcoin’s immutability property is directly parametrized by the security level in the PoW mechanism.
You are arguing that decentralization creates immutability. Decentralization has nothing to do with hashing.
I'm sorry, it seems you really don't understand neither what I'm saying nor the citation you used.
Collision and proof of work are really not the same thing.
Here are some Python code that compares the two. If you're not convinced, I suggest you try using it to time what is actually harder and what makes a blockchain immutable. Then come back here when you found a collision :).
No one is arguing that collision resistance and proof-of-work are the same things? The security of a PoW relies on collision resistance. Do you see the difference? It's subtle. Changing a block in the blockchain explicitly requires exploiting the collision-resistance property of a cryptographic hash. Why? BECAUSE YOU NEED TO PRODUCE VALID PROOFS OF WORK FROM INVALID TRANSACTIONS.
I really don't have a problem with people being wrong or not understanding something. I can take time to explain. But this level of stupidity paired with so much dishonesty is appalling.
> No one is arguing that collision resistance and proof-of-work are the same things.
You really just did that.
> The security of a PoW relies on collision resistance.
No. The security in the sense of immutability of a blockchain relies on collision resistance, PoW has only one goal: it is a mean of achieving distributed consensus.
> Changing a block in the blockchain explicitly requires exploiting the collision-resistance property of a cryptographic hash.
Yes! This is it! So you finally understand? It has nothing to do with proof of work: what counts is that each block contains the hash of the previous one. Just like in a Git commit log for example (a commit's hash depend among other thing on the hash of its parent commit). If you want to modify a given commit in a git log you can, but all subsequent commit will have new different hashes. If you want to be able to do that without being noticed by those who already have a copy of the repository, then you need to find collision for each commits: this is impossible.
> Why? Because you need to produce valid proofs of work from invalid transactions. (I allowed myself to modify your aggressive capitalization)
No. I just explained (maybe for the third times) why.
Finding a valid proof of work for an "invalid" transaction (why "invalid"? "different" is enough) does not require to find a collision. It is much less expansive. But if you want to edit a blockchain discreetly, what you need to do is not only to find valid proofs of work, what you need to do is to find collisions. As we just said: this is 1- a lot more expensive, and 2- not a property of proof of work but of the fact that each block's hash depends on that block's content and on the hash of the previous block. This, again, can be true without PoW (see the Git example above).
Now please actually take some time to think before you reply. You would just continue to make a fool of yourself otherwise.
Well.. this articole has some points but is not 100% fair or correct. The value of distributed ledger (aka blockchain) is given by the fact that you can find the latest version of a record in a decentralised way. This is usefull outside cryptocurencies (even for university diplomas you need a good mecanism for revocation). You can do revocation with a centralised system but a decentralised version could actualy imprive security and privacy (not with blockchains alone you need encryption and other cryprographic tools)
There are other ways of having a distributed immutable ledger than a blockchain, if you don't have the constraints of a decentralized adversarial context. You don't have this context for diplomas.
Also, neither revocation nor security and privacy does seem like good examples of what a blockchain would allow that a non-blockchain based approach wouldn't.
The adversarial context is everything, but it doesn't exist in most case, because the blockchain is not self sufficient, it needs an external authority to make what's written on it relevant.
As for diplomas, I didn't choose this example at random. A lot of startups are trying to sell exactly that. I've been approached myself multiple times about that. And some higher education institutions already do it…
Amazing, we might finally be able to solve the great university diploma verification problem.
It’s really held back society that we haven’t been able to verify diplomas issued by centralized trusted institutions in a decentralized trustless fashion. /s
Imo the point of the blockchain is that it can do many things (such as payments, storage, immutable records) all in one place which will lead to an overall increase in societal productivity.
In the case of your diploma, it's true that there are other ways to have a distributed immutable ledger that contains a signature leading to the diploma. However, by having one agreed upon global ledger for any university to upload to with a proven statement of authenticity for the degree, you then have the ability to build technologies on top of that massive ledger that would have been much, much harder if each university decided to host their own distributed ledger.
A simple example would be a hiring company (like lever.co) being able to verify degrees instantaneously on-chain instead of requesting a proof of degree from the university. This request for a proof already happens in real-life and requires a relationship between the university and the hiring company. The blockchain can then come in and allow companies to verify degrees in seconds, rather than days, leading to an overall increase in productivity.
I don't see why saying "we don't need a blockchain" would imply that we can't have one agreed upon global distributed immutable ledger. To problem to achieve that is probably more political than technical. But then if HE institutions come to an agreement, we can totally have what you suggest without a blockchain :).
32 comments
[ 3.9 ms ] story [ 77.7 ms ] thread>The only truth that is guaranteed by the recording of a given information on a given blockchain, is that this particular information is written on this particular blockchain.
The second part is that $X worth of real-world resources have been consumed in building this blockchain, so this one blockchain and the particular information inside is worth paying attention to. Whether or not you feel that this resource consumption is worthwhile, it is at least an objective way to stack-rank the proof-of-work blockchains.
Are you saying that these selected objects that were built during the malfunction, and which are otherwise identical to all other objects produced in this factory, are more valuable because of that?
I must admit that it makes no sense to me.
In the manufacturing example though, there are many examples of collectables that trade at a huge premium due to a very subtle manufacturing defect.
This is not true. The trust you are talking about is the "solidity" of the blockchain, i.e., it's immutability feature, what (supposedly) makes it a trustable source.
But it is not PoW that makes the blockchain immutable. A lot of people are saying that, but they're wrong, I'm sorry.
What actually makes the blockchain immutable is that it is distributed and that it cannot be done to rewrite it's history discretely. People will notice because the hash of the blocks would change.
The same is true for a Git repository. If you have a Git repository that everyone mirrors regularly (so that it is distributed, just like a blockchain), then you can't rewrite it's history without having people notice: the new log will be incompatible with the history they already have all the commits hash will be different.
The only solution would be, in both case, to find entire collision for each block/commit. This is waaaaay more expansive than mining to find new valid hashes for a given blockchain.
Problem is, if you’re downloading new blocks from the blockchain, and you’re getting two sets of history, which one do you pick? With Git, it’s trivial to recreate history differently, albeit with different hashes. With crypto, you pick the chain with more resources put into its creation.
Otherwise, any random person can spin up a hundred Bitcoin nodes and start spoofing the latest transactions pretty easily.
My point is that apart from cryptocurrencies (where the blockchain is enough because it defines the truth), since you need some form of trusted third-party to make what's written on the blockchain relevant, then you're not in a decentralized and adversarial setting. So you can do things more efficiently, you don't need a blockchain. You don't have to solve the distributed consensus problem.
You are incorrect. The proof of work mechanism is central to ensuring the immutability of the blockchain.
As a concrete example, suppose there are N blocks in the blockchain, and I want to change a transaction in the (N - 2) block. Obviously, this will change the hash of the (N - 1) and N-th blocks, so the decentralized network will not accept this arbitrary change.
However, if I can produce four PoWs corresponding to the new (N - 2), (N - 1), N, and (N + 1)th blocks, then I can convince the network to accept. Of course, I have to produce these four PoWs before the honest users on the network mine the next block at index (N + 1). This is extremely difficult by design. In theory, you would need the majority of the network’s computing power to carry out this attack.
In other words, the security level of the proof of work is directly related to the difficulty in modifying the blockchain.
This person is able to mine valid blocks very quickly because they can have a number of zeros at the beginning of their hashes thanks to the vulnerability they found.
So they do what you're saying and rewrite history. In a few minutes, they start with block (N - 10), and rebuild an alternative chain up to block N and then add two new blocks so their version of the chain in longer.
Yes, what is supposed to happen, in theory and according to you, is that their version of the chain will prevail.
What would happen in practice? People would notice. A fork will be decided. Such things have happened with blockchains already, either the community, or worse, the developers, decided against the rogue version to hard switch to the original version. And everyone except the attacker will agree…
So I repeat: the only way to actually modify the recorded history is to do so discretely. And that requires computing full hashes collision. Even for a single one it is much much expensive than mining hundreds if not thousands of blocks.
Another point: if PoW is what guarantees immutability, what about PoS blockchains?
The truth is: PoW and PoS are not immutability mechanisms, they're adversarial distributed consensus mechanisms: i.e., complex ways of selecting someone at random such that no one else can dispute the choice.
There's nothing in the Bitcoin protocol that explicitly prevents a longer and valid chain from being accepted. Forks happen every day where miners are competing to construct the longest accepted chain on the network (it's part of the protocol).
However, the difficulty in maliciously changing previous blocks in the Bitcoin blockchain is explicitly parameterized by the security level of the PoW mechanism. There are undergrad CS courses where this analysis is probably a homework problem.
In PoS, immutability is baked into the protocol since the block selection algorithm doesn't explicitly cause forking as it does in PoW based blockchains.
Decentralization creates trust that newly added blocks contain valid transactions, not to ensure that previous blocks don’t change. This is why the finality times of Bitcoin are strictly worse than the finality times of Algorand, or other PoS blockchains. Not because one network is more decentralized than the other, but because Bitcoin’s immutability property is hamstringed by the PoW security level.
EDIT: Anticipating your response requesting citations - here are the lecture notes from the "Foundations of Blockchain Systems" course at the University of Washington, Seattle [1]. From section 3.2, I quote:
"One property of the blockchain is immutability. This means that the chain cannot be changed given the last block in the chain. This is because it is difficult to find a hash of x that is equal to hash of y in computationally feasible time (collision-resistance). We add the qualifier “given the last block” because if we disagree on which is the last block, we may have problems. With distributed mining, there is a possibility of simultaneous mining, however these ties should be resolved quickly with proper tuning of parameters. Therefore, although we may not agree on the last block all of the time, all blocks will lead back to the genesis, starting block, and the large majority of the chain will be in agreement."
[1] https://ece595uwseattle.github.io/Scribe_notes_Lecture_3.pdf
> This is because it is difficult to find a hash of x that is equal to hash of y in computationally feasible time (collision-resistance).
This is exactly what I was explaining.
You are arguing that decentralization creates immutability. Decentralization has nothing to do with hashing.
Collision and proof of work are really not the same thing.
Here are some Python code that compares the two. If you're not convinced, I suggest you try using it to time what is actually harder and what makes a blockchain immutable. Then come back here when you found a collision :).
> No one is arguing that collision resistance and proof-of-work are the same things.
You really just did that.
> The security of a PoW relies on collision resistance.
No. The security in the sense of immutability of a blockchain relies on collision resistance, PoW has only one goal: it is a mean of achieving distributed consensus.
> Changing a block in the blockchain explicitly requires exploiting the collision-resistance property of a cryptographic hash.
Yes! This is it! So you finally understand? It has nothing to do with proof of work: what counts is that each block contains the hash of the previous one. Just like in a Git commit log for example (a commit's hash depend among other thing on the hash of its parent commit). If you want to modify a given commit in a git log you can, but all subsequent commit will have new different hashes. If you want to be able to do that without being noticed by those who already have a copy of the repository, then you need to find collision for each commits: this is impossible.
> Why? Because you need to produce valid proofs of work from invalid transactions. (I allowed myself to modify your aggressive capitalization)
No. I just explained (maybe for the third times) why.
Finding a valid proof of work for an "invalid" transaction (why "invalid"? "different" is enough) does not require to find a collision. It is much less expansive. But if you want to edit a blockchain discreetly, what you need to do is not only to find valid proofs of work, what you need to do is to find collisions. As we just said: this is 1- a lot more expensive, and 2- not a property of proof of work but of the fact that each block's hash depends on that block's content and on the hash of the previous block. This, again, can be true without PoW (see the Git example above).
Now please actually take some time to think before you reply. You would just continue to make a fool of yourself otherwise.
Also, neither revocation nor security and privacy does seem like good examples of what a blockchain would allow that a non-blockchain based approach wouldn't.
As for diploma's, I'm not sure what your point is. There is nothing decentralized about them.
As for diplomas, I didn't choose this example at random. A lot of startups are trying to sell exactly that. I've been approached myself multiple times about that. And some higher education institutions already do it…
It’s really held back society that we haven’t been able to verify diplomas issued by centralized trusted institutions in a decentralized trustless fashion. /s
In the case of your diploma, it's true that there are other ways to have a distributed immutable ledger that contains a signature leading to the diploma. However, by having one agreed upon global ledger for any university to upload to with a proven statement of authenticity for the degree, you then have the ability to build technologies on top of that massive ledger that would have been much, much harder if each university decided to host their own distributed ledger.
A simple example would be a hiring company (like lever.co) being able to verify degrees instantaneously on-chain instead of requesting a proof of degree from the university. This request for a proof already happens in real-life and requires a relationship between the university and the hiring company. The blockchain can then come in and allow companies to verify degrees in seconds, rather than days, leading to an overall increase in productivity.
And if you care about revocation (why?) then you can just store the pdf on git