crypto -- notes to self

bitcoin paper

it’s really interesting how bitcoin rethinks our understanding of trust. instead of holding third parties accountable for verifying transactions, bitcoin leverages decentralized consensus to establish a collective truth about the transaction history.

The Byzantine generals problem arose from the scenario where a set of generals had to coordinate an attack with the possibilities of message interference and evil generals sabotaging plans. the unsolved issue was that these generals had to be semi-trusted and not completely anonymous for the case of a truly decentralized currency. If there are no “trusted higher-authorities” or notions of identity, how do we prevent single users from using multiple identities and committing harmful actions (aka a Sybil attack)?

proof of work is the mechanism proposed by Nakamoto by which we can limit identity based on the ability to compute a hard math puzzle, relying on economic and computational costs to make it prohibitively expensive for malicious actors to launch these attacks. this allows bitcoin to fulfill the Byzantine Fault Tolerance, a property in distributed computing of whether independent computers can achieve consensus despite the possibility of malicious nodes that can introduce false information (Nakamoto Consensus).

without a central figure overseeing where blocks are being added, there’s the possibility of double-spending, where users can spend the same tokens more than once. to prevent this, the timestamp server was created where hashes of previous nodes are contained in the current node (hence the name blockchain). modifying any previous block would mean redoing proof-of-work for all the blocks after it, which is very hard to maintain.

two rules to ensure this is feasible:

  1. miners are incentivized to only build blocks on the longest chain (very likely the valid dataset since the computational power is massive).
  2. transactions are never final on the blockchain as there could be multiple tree branches in which one could be the honest consensus while the others are attackers trying to outcompete the former. yet, it becomes very costly for a malicious chain to outcompete the valid one. it’s shown below how the probability that an attacker catches up drops exponentially, especially when assuming p > q.

note: if bad actors control more than 50% of the total computational power, they can dominate consensus, allowing them to double-spend, block transactions, and reorganize chains for their advantage (referred to as a “51% attack”).

incentives for miners are the following:

  1. new coins are added into circulation as miners expend their CPU/GPU time and electricity for mining.
  2. transaction fees are awarded to miners and paid by users for being able to participate in the network. the exact value operates as a market mechanism where users bid for more prioritization by the miners. most currencies will shift to this form of miner incentives as the number of coins in the blockchain is limited.

i wanted to point out this beautiful way that this system disincentivizes bad actors.

The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.