In a research paper titled “Majority is not Enough: Bitcoin Mining is Vulnerable“, Professor Emin Gün Sirer and Dr. Ittay Eyal of the Department of Computer Science at Cornell University, revealed the Selfish Mining attack on Bitcoin’s blockchain back in 2014.
In this interview, Professor Sirer and Dr. Ittay Eyal demystify Bitcoin and other crypto currencies and provide a first glimpse into the blockchain revolution.
The interview was conducted by Anna E Kobylinska with contribution by Filipe Martins.
This interview was conducted in 2014.
CloudInsidr.com: Why are so many people interested in Bitcoin?
Prof. Emin Gün Sirer: This is a very good question. Bitcoin offers a number of advantages that various user groups are looking for that aren’t being provided by the mainstream [financial institutions]—the Visas and Mastercards of the world. In particular, the ability to easily transact with other people, the ability to pay people just once and not to have to give them the capability to charge you forever afterwards, and the ability to use cash online anonymously. These are a few of the unique advantages that Bitcoin offers.
CI: What do you consider to be the biggest problem with Bitcoin?
Prof. Sirer: The biggest problem? There are quite a few. I would classify them as falling into one of three separate categories.
[Tweet “The biggest problem with Bitcoin? There are quite a few.”]
The first category are socioeconomic problems, such as social and regulatory aspects of virtual currencies, their adoption, and image-related problems. How do we get the people at large to understand this new kind of currency and make it work for them easily? The society at large needs to be educated. The Bitcoin Foundation is doing its best to try to educate the public.
The second category are problems at the protocol level. These are kind of fundamental and they have far reaching ramifications. Selfish Mining, the problem that we identified, is one of these. They need to be fixed. Fortunately, these protocol-level problems are not being taken advantage of at the moment. Therefore, there is some time for the developer community to address them as they come up.
There are other protocol issues as well, such as the problems that came to forefront when Mt. Gox was going down—these are also protocol-level issues. They are fixable. If we think hard about them, then we can fix them.
In addition to protocol-level problems, we have infrastructure problems. These are really difficult. For example, the fact that every couple of months one of the major Bitcoin exchanges goes down, or is the target of an attack, that people come in and steal other people’s money, or the fact that there is malware specifically targeting Bitcoin users’ wallets, these are technological problems, and they require more than just the Bitcoin developer community. They require our computing infrastructure to be secure, and that’s the harder challenge if you ask me.
These problems come in two flavors. On the server side, you’ve got to have servers you can trust. On the client side, you’ve got to have wallets that are both usable and secure. I see a lot of reasons to be very concerned.
I see these three areas as being distinct. They require expertise of different kinds.
The first one is essentially a wider community issue. What does the society want of its currency? We do want to be able to transact with negligible transaction costs. We do want to be able to send money to other people without having to be victimized afterwards. We do want to do all these nice things that Bitcoin enables us to do, and we don’t want money laundering. I don’t want money laundering. I don’t want people to be able to engage in illegal transactions.
The second problem is highly specific to Bitcoin, it just takes Bitcoin developers to handle the protocol issues.
The third one requires the Microsofts, the Apples, the Googles of the world to be “in on the game“—to provide us a better computing infrastructure.
We do have to find solutions for this technology. We do have to process, internalize the technology.
This hasn’t happened yet.
Dr. Ittay Eyal: Famous heists are almost never due to Bitcoin issues, but rather due to other software and protection methods used by exchanges and companies.
CI: How would you characterize the current user demographics of Bitcoin?
Prof. Sirer: Going by the polls I have seen, this is a young crowd between the ages of twenty and thirty-five, mostly male, mostly tech-savvy, mostly libertarian, and very enthusiastic about the idea of a cryptocurrency.
CI: Bitcoin is not centrally controlled by any organization. That’s at least the prevailing assumption. The original inventors have managed to remain anonymous. Is there a danger that an organization, be it a (foreign) government or a criminal organization, gains control over the virtual currency without the knowledge of the public?
Prof. Sirer: Absolutely. I think there is a very great danger of indeed that outcome.
The Bitcoin community is incredibly attuned to dangers of fiat currency. They are really worried that someone with some governmental capacity will do things to fiat currency that haven’t honestly happened in more than four decades. They are very worried that the US Dollar for example will undergo inflation at a great rate. But the fact is that it takes a lot of people to change the inflation rate for the USD.
Now when you look at Bitcoin, at the moment, just two of the largest mining pools, combining forces, they have control of more than 51 percent of the currency, and that carries a number of dangers, specific dangers for the currency itself. They can actually revoke transactions, prevent transactions from taking place. That’s a big deal.
The number of people, the number of entities, that can have a large negative impact on Bitcoin is far smaller than is the case with the USD and other fiat currencies. We have to be attuned to this in the user community. We have to make sure that nobody is in such a powerful position. We have to encourage people to mine independently and not to use these large major pools.
Dr. Eyal: Exactly. The public should take action to use smaller pools and reduce the power of huge mining pools.
CI: One oft the key concepts underlying Bitcoin is a decentralized protocol for maintaining a global distributed ledger of transactions called a blockchain. In order to add transactions to the ledger, a group of volunteering participants must solve a crypto-puzzle, a process that is called mining. It is believed that as new transactions are added to the ledger, previous transactions become immutable so long as dishonest miners do not control more than 49% of the network. You have proven that this assumption is untrue. Would you like to comment on that?
Dr. Eyal: You are referring to the 51% attack, where a majority of the miners can undo transactions. Indeed, with less than a majority of the mining power, one has little chance of undoing historical transactions.
What we showed was that when everybody else is honest, the best course of actions for miners is often not to follow the Bitcoin protocol as defined. We showed that a minority larger than 1/3 of the mining power is better off using an algorithm we call selfish mining. Smaller minorities may also benefit from selfish mining, depending on parameters of the system which are unknown.
[Tweet “A minority larger than 1/3 of the mining power of #Bitcoin is better off using selfish mining”]
Moreover, a selfish mining pool has an incentive to accept more miners, creating an ever increasing pool. Each miner would increase his or her revenue by joining this large selfish mining pool. However, there is currently no mechanism in the protocol to block this pool from growing to become a majority.
We have suggested a simple modification to the protocol that would prevent mining pools smaller than 1/4 of the network from performing selfish mining—independent of the aforementioned unknown parameters.
CI: Are all cryptocurrencies being plagued by the same flaws?
Dr. Eyal: Litecoin, Namecoin, and a very long list of alt coins with lesser impact are all based on Bitcoin’s core novelty—the blockchain. They use different parameters and different methods for generating blocks, mostly various proof-of-work techniques, but also other methods like proof-of-stake. None of these protect a currency from the selfish mining attack we have discovered. Our modification would defend them from attacks by small pools.
CI: The mining of Bitcoin is designed to mimic the mining of gold. It is assumed that the algorithm will cause the supply of Bitcoins to plateau at a certain level and never go beyond the threshold of 21 million coins. But doesn’t this mean that the concentration of mining activities will basically hand the system over to one or two largest mining pools, that there will be a process of consolidation of pools?
Prof. Sirer: No, not at all. These specific characteristics should not lead to consolidation.
Here is the thing that people thought was great about Bitcoin. It doesn’t matter if you mine in a small pool or in a large pool. The protocol was thought to be designed in such a way that you would get rewarded in proportion to your mining power. If you find a lot of blocks, you get a lot of the mining rewards. If you find fewer numbers of blocks, then you get fewer of the rewards. The exact numbers are in proportion to the size of your pool. So it doesn’t matter if they are two small pools or if they combine forces into a large pool. They will just end up getting the same proportion that they would get anyway.
But what we found with selfish mining showed that that’s not true. If these pools were to engage in selfish mining, then the incentives don’t work the way they are supposed to work. That if two small groups of selfish miners combine forces, they get more than their proportional share when they are bigger. So they get a reward for combining forces and that in itself is an enormous danger because that means that once there is a selfish mining pool that has emerged then other selfish miners will have an incentive to join that pool up until they reach that 50% threshold. So that is indeed a danger.
Dr. Eyal: Consolidation is not inevitable. There is no justifiable reason for joining a larger pool rather than a small one except in the case of selfish mining. For selfish mining, large pools are better than small pools. For honest mining, a large pool hardly offers any benefit. Even a small pool can generate daily revenue.
CI: Does this mean that Bitcoin in its current form cannot, should not be trusted because it incentivizes cheating?
Prof. Sirer: I wouldn’t say it should not be trusted. I think every system will have its weaknesses.
In the banking industry, there are lots of ways to attack regular currencies as well. We as technologists need to understand what these vulnerabilities are and we need to come up with technological fixes to them. Not just band aids, but real fundamental technological fixes. In fact, for selfish mining, we provided such fixes that keep most of the selfish miners at bay.
[Tweet “Every system is going 2have weaknesses. We need 2B able 2(…)build defenses against them. #blockchain”]
Selfish miners, below a certain threshold, with our fixes applied, will not be successful. It is a firm guarantee. So we can actually defend against these kinds of attacks and I don’t want to be alarmist here.
Every system is going to have its weaknesses and we just need to be able to objectively characterize what they are so that we can build defenses against them.
CI: How would those defenses be implemented? Since there is no institution in control, not even a group of programmers, what would it take to implement the changes the two of you proposed?
Prof. Sirer: Indeed, Bitcoin is essentially an open source project and it’s an ecosystem. There is no single body in charge. But the way these things work is once somebody identifies a problem and proposes a solution, the people, you know, who see this will adopt it because it provides a value proposition.
In this case, as the Bitcoin community comes to understand that there is indeed a threat from selfish mining, they will put measures in place in the protocol to defend against it.
It turns out that the fix we provided is backwards compatible and incrementally deployable and so the system gets better with everybody who adopts it. If sufficiently many people adopt it, then we will be able to protect against the ever-increasing percentage of selfish miners.
CI: Is the Bitcoin algorithm able to evolve? Is it too late for a meaningful change?
Dr. Eyal: That’s a very good question. The core developers are continuously making changes to the standard client. Their discussions are mostly public, and the code is open source. They are widely trusted, and their changes are accepted by the community. Should they suggest a significant change, this change may very well be adopted by the community.
CI: Bitcoin is said to eliminate the middleman. Is that so? Don’t the miners serve as intermediaries?
Prof. Sirer: Blockchain doesn’t exactly eliminate the middleman. It incentivizes the middleman to work for a very small percentage of the overall transaction value. Transaction fees with Bitcoin are tiny compared to what a bank would take for money transfers. It has got just the right incentives.
[Tweet “Blockchain doesn’t exactly eliminate the middlemen. It incentivizes them”]
CI: The process of committing transactions the blockchain (to the distributed ledger) is currently being rewarded with a fixed fee and new Bitcoins. That’s what is keeping the transaction costs down. It is basically new money being created to reward the computational expense of committing transactions to the ledger. But what happens when no new Bitcoins can be mined anymore? Wouldn’t this mean that the miners would have to be compensated in some other way, for example by getting a cut from each transaction?
Prof. Sirer: Yes, indeed. What happens right now is that the miners are incentivized from two sources. One is a fixed fee for each block they add to this global ledger known as the blockchain and the other is a set of transaction fees from all the transactions that they just added. Over time, the block fees will gradually—and exponentially—go towards zero. It is expected that the transaction fees will be the dominant source of income for miners who are adding blocks to the blockchain. So, I am not sure that the transaction percentage will go up by that time. I suspect that in fact by that time I would hope that the number of transactions we are committing per block will go up so that the percentage the transaction fees will still remain small but just that every miner will be adding many more transactions per block to the ledger. The technology for this will remain unaffected, so the work that they have to build per block is the same no matter how many transactions they add.
I suspect that the number of transactions will be able to compensate them for their effort and the energy they spend, and that those transaction fees will be simply sufficient.
By that time, who knows what Bitcoin will look like. It is so far in the future. It might still be based on the very same concepts, perhaps, but even so, it will still be different from what it is today. If we were to go back two decades and look at the initial web, and then look at the way we use the web today—it is so different now.
I think that the Bitcoin protocol is going to change so much over the next twenty to forty years that it might be unrecognizable by then.
CI: How does Bitcoin compare to some of the other virtual currencies such as Litecoin or Namecoin?
Prof. Sirer: A cryptocurrency is a very complicated set of things. When we look at cryptocurrencies, we need to look not only at the technology but also at the ecosystem that they build around each of them. Bitcoin is the most mature, the very first one of these practical cryptocurrencies. That is the ecosystem in which most of the technical advances and technical discussions are taking place.
Litecoin is an alternative, one of the first alternatives, and it was designed to use a different kind of a building block that made the mining process a little more difficult to execute on specialized hardware. I am not sure that over time it will remain true, but it is what it is: Litecoin is a Bitcoin alternative.
Then there are these weird “mean coins”. Some of them are just weird and others are actually very healthy. Dogecoin is one that I happen to like a lot because it is generally used for charity and nobody takes it seriously, it’s more of a “joke coin”. It’s got its special character. It’s got its own mascot—the Shiba Inu—this weird-looking dog that says things in some funny English…
I happen to think that Dogecoin is great because it’s being used for good purposes. But I don’t know if that’ll remain true as well.
Going forward, there are a bunch of worries about these alternative currencies. If you are using a currency that doesn’t have much mining power behind it then somebody, let’s say a Bitcoin miner who’s got only a small percentage of the hashing power in the Bitcoin world, perhaps re-targets her mining towards a more alternative currency and she gets to own your currency. This happens in the real world as well. There were currency raids against countries. George Soros made his money attacking central banks. There were the attacks against Southeast-Asian countries in 1998… raids against central banks. A similar thing can happen to an alternative currency and sort of wipe them out through targeted attacks.
There are those cryptocurrency communities and a lot of people like them, but I don’t think they are really going anywhere. I don’t think that they should be taken seriously or too seriously as technical contenders, as the technical advances are usually not happening in the alternative currency arena. Bitcoin is, I think, the most credible of those currencies and that’s why there are some technical ideas that are being propagated.
CI: What would you consider to be the most relevant advantage of Bitcoin compared to Dogecoin?
Prof. Sirer: Bitcoin is where a lot of the intellectual development of cryptocurrencies is taking place, so that’s one advantage. Technologically, the two pretty much share the same basis. Socially, there are enormous differences. Bitcoin is used by a certain type of demographic.
A lot of people in Bitcoin see it as an investment vehicle, where Dogecoin is being used mostly to tip people, for charity purposes or else for fundraising, as was recently the case where they raised money for some people in need. People could be shopping with it on some online forums. I would not say that Doge is a serious currency, but I do think that it plays a vital role in its own particular niche.
CI: What is the most relevant competitor to Bitcoin? Is there a number two?
Prof. Sirer: That’s a good question. There are lots and lots of other, you know, dozens of alternative cryptocurrencies, more than a dozen, maybe more than a hundred. It’s a funny game. In my view, it’s a winner-take-all kind of game. This number two after Bitcoin has such a small market capitalization, it’s just not…. It’s a lot smaller. Bitcoin is where the game is at, essentially.
These niche things are interesting only in so far as they have an interesting or a unique social environment build around them. Dogecoin is interesting. There are a lot of copycats. Catcoin—that one really didn’t go anywhere, I guess because of the branding. I think there are tons of these things. Litecoin is an interesting one, technically, but it’s also a very small currency.
It is a winner-take-all kind of game.
[Tweet “It is a winner-take-all kind of game #blockchain #Bitcoin #altcoins #cryptocurrency”]
A merchant wouldn’t want to support a few coins or whatever it is, some random coin. They would want to support the one with the most applications. Bitcoin, I think, is the only one that has a credible technical backing.
CI: Do you think that some of the advances in Bitcoin could be applied to transacting in conventional currencies such as the Euro or the US Dollar?
Prof. Sirer: Maybe, but it seems like a stretch. Conventional currencies are designed the way they are, because typically, a central bank wants to exercise control over the currency. Bitcoin is designed the way it is because it wants to forbid that kind of control so the two things seem to be mutually exclusive to me.
If you are willing to trust a national issuer of a currency, a sovereign, then there are many far more efficient ways to innovate than Bitcoin itself has demonstrated.
I would actually hope that the entire presence of Bitcoin will push the financial industry to come up with instruments that are cheap, though, and that have a low overhead, are easy to use, and so forth. I think that this industry has been quite happy to stay where it is, quite happy to not innovate at all, quite happy to take an enormously high percentage cut out of each transaction for many decades now. I am hoping that cryptocurrencies will be the kind of kick the financial industry needs to actually start innovating.
CI: Do you think cryptocurrencies are here to stay?
Prof. Sirer: Yes, indeed, we are going to have cryptocurrencies with us for some time because they clearly meet a market need. I don’t know whether this is going to be the Bitcoin, though. What we will actually end up with might look nothing like Bitcoin, but Bitcoin is a great start.
The way forward is going to strongly resemble the way the web has evolved. The web, when it was first invented, looked nothing like the web of today, except for some underlying concepts.
We may retain some of the same concepts with Bitcoin, for example the blockchain. We might retain some of the concepts of wallet control, cryptographic controls over addresses—these might stay with us while the underlying protocol changes.
CI: Would it be conceivable that a future virtual currency takes over the role of a global currency for borderless transactions and possibly anonymous payments with a ledger like the blockchain?
Prof. Sirer: Oh, no. I was speaking solely to the technological side of things. I cannot speak to the regulatory side of things.
Undoubtedly, any time there is money changing hands, governments will want to have some control over it, if only to stem money laundering. Yes, I would love to see technologies that would enable borderless transactions. I would love to see a whole bunch of things, but I am also sure that in a decade or so there will be regulations around all of these services and there will be some way of accounting for it. But the fact that there is new technology here does enable a set of transactions that were not happening before.
Money transfers at the moment are very, very expensive when using banks as intermediaries. These transactions take time to set up, they are painful to do, and it’s just a messy situation. Bitcoin brings an entirely different set of tools to this.
I am sure that regulatory agencies will come in and they will do whatever they want to do. They have the power to regulate. But the technology underneath is exciting. It can enable transactions with a far lower overhead.
CI: With the use of credit, debit and other types of bank cards there is always the risk of identity theft as personal data are being exposed during each transaction. Could a virtual currency such as Bitcoin reduce the misuse of personal data? Could it solve the problem of identity theft?
Prof. Sirer: Undoubtedly yes. The wonderful thing about Bitcoin is the fact that I can authorize the payment just once and be assured that the other party, even though they have my account number, does not have the ability to charge me on a recurrent basis. This is something that we do not have easily available to us here in the U.S. Bitcoin solves this problem.
You can really pay someone and do not think about further ramifications. At the moment, the credit or debit card number acts as an authenticator. It gives anyone the capability to draw from your account, and somebody who possesses it can extract money from it behind your back. That’s why you have to watch your statements from the bank like a hawk.
With Bitcoin, you have the assurance that that cannot happen.
There are a bunch of other problems with Bitcoin, but it does have this particular strength.
CI: Does this mean that with Bitcoin, no payment transaction will be executed against the will of the affected individual?
Prof. Sirer: People can steal your private key. There is a malware attack against Bitcoin. That is dangerous. But the following cannot happen: if I have my wallet in order—if I have my house in order, essentially—and I want to pay you just once, I could do that and not worry that you are going to charge me on a recurrent basis. I can also pay you in a way that keeps my identity private. I don’t need to leak my name to you, I don’t need to give you my location and you get to learn nothing about me except the fact that you got the money transferred.
CI: Sounds good. Do you think that the crackdown on Silkroad will have long-time ramifications for virtual currencies?
Prof. Sirer: Yes, absolutely. That is full of ramifications for virtual currencies. It legitimizes the currency in some way when illegitimate uses—or uses that the society has decided that are illegal—can be eliminated. It will clean up the ecosystem.
I would like cryptocurrencies to not get branded as systems for illegal transactions. I would like them to be used for legal, legitimate things that people do every day. I think it’s good to weed out things like Silkroad and assassination markets and so forth.
CI: Could you think of some really good use cases for Bitcoin? Could you imagine paying in Bitcoin for your Frappuccino?
Prof. Sirer: [Laughing] I think those are silly uses of Bitcoin. The Bitcoin community loves to play up these random small things. Apparently there is a Dorito truck in Toronto someplace that accepts Bitcoin. You know that’s wonderful, but that’s really not the use case you want to go after to see better and more widespread adoption of crypto currencies. I can see all sorts of exciting things happening with Bitcoin.
CI: Some people, particularly those who are working for one of those Bitcoin startups, receive their salary in Bitcoin. What do you say to that?
Prof. Sirer: The Bitcoin Foundation pays its people in Bitcoin, but the salaries are not denominated in Bitcoin. They are denominated in USD. There is a hurdle to overcome there and Bitcoin might never overcome this.
Are we ever going to see actual prices denominated in Bitcoin or will Bitcoin remain just a transfer mechanism? When I say this I don’t necessarily mean to denigrate Bitcoin. If it remains “just” a transfer mechanism, that’s still a valuable service because it is actually providing really frictionless transactions.
Besides this, though, Bitcoin is a platform. It can act as a foundation for all sorts of things that are difficult to do today. For example, I can enter into what is called an m-of-n transaction with you. I can say something like „I will pay person A so much money if my friend person B also signs and agrees to pay“. This is a difficult kind of a contract to enter into. When using a fiat currency, we would have to actually draw legal documents up, but with Bitcoin it is easy to do.
CI: Smart contracts.
Prof. Sirer: Yes. I can do other things like report factoids in the Bitcoin blockchain, report ownership of assets in the Bitcoin blockchain. These are really exciting things to do.
[I keep thinking] how exciting this future is with cryptocurrencies and just how many interesting things can come out of increasing the use of technological ideas to bring innovation to finance.
In particular, consumer-facing finance has been pretty stagnant. These Mastercards are very happy to charge you quite a bit and they weren’t really coming after any new products or doing any innovation. If Bitcoin serves no other purpose than to kick those giants into action and get them to think about how to offer better services, how to lower fees—that alone would be worth its weight in gold—or Bitcoin.
CI: Are there any FinTech startups built around Bitcoin that you would say are interesting and that might have a future?
Prof. Sirer: There are certainly a couple of interesting startups in the Bitcoin ecosystem. Also, a number of established financial institutions are taking a very close look at Bitcoin. The Bitcoin space is full of innovation. I don’t mention any startups by name as I don’t want to endorse them, but yes, there is a lot of activity in this space. I worry about a lot of these startups.
I look at a lot of these startups—I look at their technological infrastructure and I worry that, just historically, every six months an exchange or a wallet service has a problem, some hacking going on, either a theft or something else, and users loose Bitcoins. Or a big collapse like the one which happened with Mt. Gox. These threats are really problematic. I think we need to be able to solve these problems.
CI: Banks have problems, too. Bitcoin is open source, so whatever happens is out there in the open.
Prof. Sirer: That is true.
Bitcoin has another issue which I think is a lovely feature, which is [the immutability of the blockchain]: transactions are final.
Cyber thieves who go after money stored in Bitcoin wallets tend to get away with their theft. The same is not true with people who try to steal your credit card number. You could reverse those charges. And sure, that incurs some costs down the line but they are at least reversible transactions.
None [of the problems Bitcoin has] are insurmountable, but all of them require thought and that thought starts by identifying what the challenges are. There is no reason for people to lose half a billion Dollars at an exchange. That should not happen. And it just happened. There is no reason why we keep hearing about theft and exchange collapses, theft by insiders, theft at exchanges or whatever else is happening. We have to admit that yes, we have an issue and we need to address it.
It is not so much the merchants that I’m worried about. I am worried about the exchanges. What we need are standards of conduct for exchanges so that exchanges are less vulnerable to hacking.
Banks follow certain procedures to make sure they do not lose too much money to any single kind of threat. We can argue how effective this is given what happened in 2008, but at least we understand what those standards of conduct are for banks. We don’t really understand them for computer infrastructure. The infrastructure wasn’t designed to keep track of highly valuable assets that if stolen cannot be recovered. Bitcoin is one such asset.
We need to come up with these standards, so that I can send somebody I know to an exchange and say “You can put your money in here and I know that they have good standards of conduct and they will not be hacked”. At the moment I cannot say this. I need to be able to say this.
I also have to be able to say „Use this particular wallet in your phone“. I am worried about that. I would not use anything other than a paper wallet because they are safe. Making the infrastructure trustworthy is an ongoing challenge.
CI: Thank you.
Leave a Reply