自比特币现金( Bitcoin Cash )以来 44 个比特币分叉代币列表

摘要:尽管比特币在 2018 年可能已经不再被这个问题所困扰,但在关于共识分叉和区块链分叉的第六篇文章中,我们提供的列表含有 44 个代币,这些代币是自比特币现金拆分以来所有从比特币链条中分叉的代币。

(资料来源: gryb25

从 2015 年底到 2017 年底,比特币社区对区块链分叉非常关注并进行了重点分析,最终推出了比特币现金,继而推出了大量其他代币。我们已经在下列五篇文章中分别介绍了这些分叉的相关内容:

在第六篇文章,我们列出了 44 个从比特币分叉出来的代币。

 

自比特币现金以来所有比特币分叉代币列表

名称 URL/来源 分叉区块高度
Bitcoin Cash https://www.bitcoincash.org 478,558
       Bitcoin Clashic http://bitcoinclashic.org (从比特币现金分叉)
       Bitcoin Candy http://cdy.one (从比特币现金分叉)
Bitcoin Gold https://bitcoingold.org 491,407
Bitcore https://bitcore.cc 492,820
Bitcoin Diamond http://btcd.io 495,866
Bitcoin Platinum Bitcointalk 498,533
Bitcoin Hot https://bithot.org 498,777
United Bitcoin https://www.ub.com 498,777
BitcoinX https://bcx.org 498,888
Super Bitcoin http://supersmartbitcoin.com 498,888
Oil Bitcoin http://oilbtc.io 498,888
Bitcoin Pay http://www.btceasypay.com 499,345
Bitcoin World https://btw.one 499,777
Bitclassic Coin http://bicc.io 499,888
Lightning Bitcoin https://lightningbitcoin.io 499,999
Bitcoin Stake https://bitcoinstake.net 499,999
Bitcoin Faith http://bitcoinfaith.org 500,000
Bitcoin Eco http://biteco.io 500,000
Bitcoin New https://www.btn.org 500,100
Bitcoin Top https://www.bitcointop.org 501,118
Bitcoin God https://www.bitcoingod.org 501,225
Fast Bitcoin https://fbtc.pro 501,225
Bitcoin File https://www.bitcoinfile.org 501,225
Bitcoin Cash Plus https://www.bitcoincashplus.org 501,407
Bitcoin Segwit2x https://b2x-segwit.io 501,451
Bitcoin Pizza http://p.top 501,888
Bitcoin Ore http://www.bitcoinore.org 501,949
World Bitcoin http://www.wbtcteam.org 503,888
Bitcoin Smart https://bcs.info 505,050
BitVote https://bitvote.one 505,050
Bitcoin Interest https://bitcoininterest.io 505,083
Bitcoin Atom https://bitcoinatom.io 505,888
Bitcoin Community http://btsq.top/ 506,066
Big Bitcoin http://bigbitcoins.org 508,888
Bitcoin Private https://btcprivate.org 511,346
Classic Bitcoin https://https://bitclassic.info 516,095
Bitcoin Clean https://www.bitcoinclean.org 518,800
Bitcoin Hush https://btchush.org 2018 年 2 月 1 日
Bitcoin Rhodium https://www.bitcoinrh.org 未知
Bitcoin LITE https://www.bitcoinlite.net 未知
Bitcoin Lunar https://www.bitcoinlunar.org 未知
Bitcoin Green https://www.savebitcoin.io 未知
Bitcoin Hex http://bitcoinhex.com 未知

(资料来源: BitMEX 研究,分叉代币网站, findmycoins.ninja

请注意,谨慎处理这些新的分叉代币非常重要。特别是,我们强烈建议您不要将比特币私钥导入任何新的分叉代币钱包,直到先将比特币向不同私钥的关联输出发送几次且成功后,以免您的比特币处于被盗取风险中。

 

 

 

欢迎转载,请注明文章来自

BitMEX (www.bitmex.com)

List of 44 Bitcoin fork tokens since Bitcoin Cash

Abstract: Although in 2018 Bitcoin may have somewhat moved on beyond this issue, in this sixth piece on consensus forks and chainsplits, we provide a list of 44 tokens which seem to have forked away from Bitcoin since the Bitcoin Cash split.

(Source: gryb25)

From late 2015 to the end of 2017, there was significant focus and analysis in the Bitcoin community about a chainsplits, finally resulting in the launch of Bitcoin Cash and then a plethora of other tokens. We have already covered some of topics related to these splits, in the five articles below:

In this sixth piece we list 44 Bitcoin forked tokens.

List of Bitcoin forked coins since Bitcoin Cash

Name URL/Source Fork Height
Bitcoin Cash https://www.bitcoincash.org 478,558
       Bitcoin Clashic http://bitcoinclashic.org (Forked from Bitcoin Cash)
       Bitcoin Candy http://cdy.one (Forked from Bitcoin Cash)
Bitcoin Gold https://bitcoingold.org 491,407
Bitcore https://bitcore.cc 492,820
Bitcoin Diamond http://btcd.io 495,866
Bitcoin Platinum Bitcointalk 498,533
Bitcoin Hot https://bithot.org 498,777
United Bitcoin https://www.ub.com 498,777
BitcoinX https://bcx.org 498,888
Super Bitcoin http://supersmartbitcoin.com 498,888
Oil Bitcoin http://oilbtc.io 498,888
Bitcoin Pay http://www.btceasypay.com 499,345
Bitcoin World https://btw.one 499,777
Bitclassic Coin http://bicc.io 499,888
Lightning Bitcoin https://lightningbitcoin.io 499,999
Bitcoin Stake https://bitcoinstake.net 499,999
Bitcoin Faith http://bitcoinfaith.org 500,000
Bitcoin Eco http://biteco.io 500,000
Bitcoin New https://www.btn.org 500,100
Bitcoin Top https://www.bitcointop.org 501,118
Bitcoin God https://www.bitcoingod.org 501,225
Fast Bitcoin https://fbtc.pro 501,225
Bitcoin File https://www.bitcoinfile.org 501,225
Bitcoin Cash Plus https://www.bitcoincashplus.org 501,407
Bitcoin Segwit2x https://b2x-segwit.io 501,451
Bitcoin Pizza http://p.top 501,888
Bitcoin Ore http://www.bitcoinore.org 501,949
World Bitcoin http://www.wbtcteam.org 503,888
Bitcoin Smart https://bcs.info 505,050
BitVote https://bitvote.one 505,050
Bitcoin Interest https://bitcoininterest.io 505,083
Bitcoin Atom https://bitcoinatom.io 505,888
Bitcoin Community http://btsq.top/ 506,066
Big Bitcoin http://bigbitcoins.org 508,888
Bitcoin Private https://btcprivate.org 511,346
Classic Bitcoin https://https://bitclassic.info 516,095
Bitcoin Clean https://www.bitcoinclean.org 518,800
Bitcoin Hush https://btchush.org 1st February 2018
Bitcoin Rhodium https://www.bitcoinrh.org Unknown
Bitcoin LITE https://www.bitcoinlite.net Unknown
Bitcoin Lunar https://www.bitcoinlunar.org Unknown
Bitcoin Green https://www.savebitcoin.io Unknown
Bitcoin Hex http://bitcoinhex.com Unknown

(Source: BitMEX Research, Forked coin websites, findmycoins.ninja)

Please note it is very important to handle these new fork tokens with caution. In particular, we would strongly advise you not to import your Bitcoin private key into any new fork token wallets without first spending the Bitcoin to a new output associated with a different private key after the token snapshot point, so that your Bitcoin is not at risk.

 

 

新的以太坊矿工可能会改变游戏规则

摘要

我们将探讨比特大陆的新型以太坊矿机,并了解与 ASIC 相比,它的效能可能低于大众的预期。我们探讨这个产品可能将赋予矿机对新型更先进的技术的兼容性,新型矿机的技术效能虽然低于 ASIC ,但在某程度上可以降低 PoW 算法变化可能带来的冲击。然后我们得出这样的结论:无论这个特定的以太坊芯片是否能够做到这点,这种类型的技术可能最终会终结为了改善去中心化而使用 ASIC PoW 算法变更的时代,导致最终加密社区不得不接受 ASIC 。

概述

比特大陆最近推出了一款新的以太坊矿机,被广泛认为是 ASIC ,预计将于 2018 年 7 月底发货。然而,以太坊社区中的很多人反对 ASIC 并更喜欢以 GPU 来挖矿,因为生产 GPU 的公司的主要经营重心在于电脑游戏产业而不是加密产业,这应该意味着硬件分布将更加广泛和公平,从而改善去中心化。因此比特大陆的风险可能是以太坊社区可能决定以硬分叉来改变 PoW 算法,这可能会使比特大陆的矿机贬值并导致其投入的研发费用石沉大海。

在本报告中,与以太坊社区相比,我们推测比特大陆可能先行一着。比特大陆可能已经从门罗币那里学到了教训, 门罗币最近进行了 PoW 变更,导致比特大陆的 ASIC 芯片大幅贬值。开发特定的芯片需要一笔相当可观投资,因此我们认为比特大陆可能已经采取了一些对策来避免重蹈覆辙。比特大陆可能已经设计出了一种新型采矿芯片,其 ASIC 效率较低,但将不受 PoW 变更的影响。这会导致以太坊就 PoW 变更做出的硬分叉毫无意义。

 

最近门罗币就对抗 ASIC PoW 的变更

2018 年 4 月初, 门罗币社区决定透过硬分叉来改变 PoW 算法,试图令 ASIC 无用武之地,并使 门罗币更加偏向 GPU 挖矿。由于散列率急剧上升,如图 1 和图 2 所示, 门罗币社区认为, ASIC 制造商秘密开发了门罗币 ASIC ,并正在开采门罗币代币。

如图 2 所示, 2018 年初 90 日滚动哈希率增长率达到了约 300% (根据 7 日滚动平均数计算)。即便考虑到门罗币价值的急剧上涨,这个增长率也是非同寻常。在门罗币程序员宣布硬分叉的计划之后,比特大陆便开始在官网上出售门罗币 ASIC ,表明他们可能的确一直在秘密开采。如图 1 所示, PoW 变更后,门罗币散列率显着下降。

硬分叉之后, 门罗币分裂成两条链,原来规则的代币被称为门罗币原链( XMO )。虽然这枚硬币的价值比门罗币的低,但它的散列率更高,因为除了门罗币原链外,这个 ASIC 没有什么其他代币可挖掘的。这次分叉虽然没有重放攻击保护,但门罗币增加了环签名限制,因此可以通过在门罗币原始链上以较少(少于 7 个)的环签名交易来拆分门罗币和门罗币原链。

 

图 1 – 门罗币的散列率与价格相比

资料来源: Coinmarketcap , BitMEX 研究

 

图 2 – 门罗币的散列率与价格相比 – 7 日移动平均的 90 日滚动百分比

资料来源: Coinmarketcap , BitMEX 研究

备注:在 PoW  硬分叉之后的 7 天内,散列率滚动平均排除了硬分叉前的数据

 

比特大陆的新以太坊矿机

正如我们上面提到,比特大陆最近推出了一款新的以太坊矿机,预计将于 2018 年 7 月底发货。鉴于门罗币的历史以及以太坊社区中许多人,包括那些在家里采用 GPU 挖掘以太币矿工们)可能对比特大陆的新产品感到不满,比特大陆对此可能会感到担忧。新矿机的一个缺点是可能促使矿工中心化,但除此之外,现有矿工们持有的 GPU 赋予他们的既有经济利益也可能会为该产品带来敌意。比特大陆的管理层并不愚蠢,因此我们认为该公司可能会谨慎行事,并可能已采取措施来缓解部分风险。

 

图 3 – 比特大陆新的以太坊矿机: 蚂蚁矿机 E3

矿机规格:

  • 功耗: 800W  
  • 哈希率: 180MH / s

资料来源:比特大陆

 

该产品的规格如上。根据下表所示,与其他代币 ASIC 的效率增益进行比较,此新型以太坊矿机的效率低于人们对于 ASIC 矿机的期望 。比如比特币 ASIC 的效能比 FPGA 高约 521 倍,而门罗币 ASIC 的效能比 GPU 高约 88 倍。相比之下,新的以太坊矿机效能只比 GPU 高约 1.4 倍。这可能表明新的以太坊矿工根本不是 ASIC ,而只是一种比现有 GPU 矿机更高效的新设备。然而,虽然下表是一个粗略计算,忽略了许多关键的变量和因素,例如以太坊开采算法的记忆密集型特性,但尽管计算结果不是绝对精准,这些数字仍然可以说明观点:

 

图 4 – 矿工效率计算(约值)

矿机 散列率 (GH/s) 功率 (W) 散列能耗 (J/GH)
比特币 (SHA256)
CPU 0.0005 100 200,000
高端 GPU 0.5 300 600
FPGA 0.8 40 50
高端 ASIC 14,000 1,340 0.096
效率提高 521x
以太币 (Ethash)
高端 GPU 0.032 200 6,250
蚂蚁矿机 E3 0.18 800 4,444
效率提高 1.4x
门罗币 (CryptoNight)
高端 GPU 0.0000001 200 2,000,000,000
ASIC 0.000022 500 22,700,000
效率提高 88x

资料来源: BitMEX 研究,比特大陆

备注:数据是大约数

 

采矿芯片类型和矢量处理器( VP )

如下图 5 所示,比特币在 2009 年推出时,一般采用 CPU 进行采矿。但是, GPU 和 FPGA 的体统结构在处理重复散列时的操作更为高效。因此,网络首先转移到 GPU ,然后转移到 FGPA 。 2013 年,出现了特定散列函数的 ASIC 。与 CPU , GPU 和 FPGA 相比, ASIC 在运行特定散列时的效率更高,但 ASIC 其他散列上的效率非常低或实际上完全无用。

 

图 5 – 加密币芯片类型的发展时间轴

资料来源: BitMEX 研究

备注:在 2018 年底能否投入矢量处理器( VP )仍待观察

 

比特大陆可能已经开发出一种新型芯片 – 矢量处理器。该芯片的体系结构可以用于一般的 PoW 散列函数,但不适用于特定的散列函数。这些芯片可能比 GPU 和 FPGA 更高效,但效率低于 ASIC 。与 ASIC 相比,其优势在于它们在某些方面可能不受 PoW 更新的威胁。新的以太坊矿机就是基于这类芯片,即便这只是我们的猜测。

 

图 6 – 加密币芯片类型的演变

芯片类型 中央处理器( CPU ) 图形处理器 ( GPU ) 矢量处理器 ( VP ) 专用集成电路 ( ASIC )
加密币例子 比特币 ( BTC ) – 2009 至 2011 比特币 ( BTC ) – 2012 至 2013
以太币 ( ETH ),
门罗币 ( XMR )

以太币 ( ETH ) – 2018 后

比特币 ( BTC ) – 2014 至今,
门罗币原链 (XMO)

制造商 英特尔,
超微半导体

英伟达, 
超微半导体
比特大陆 比特大陆, 
嘉楠耘智, 
翼比特, 
采云比特
生产商

台积电, 三星,
格芯, 中芯国际

台积电, 三星,
格芯, 中芯国际
台积电 台积电,
三星,
格芯
主要用途 运算 游戏 加密币挖掘 加密币挖掘
对 PoW 更新免疫 潜在免疫

较率越高


比特大陆新的以太坊矿机可能是为 Ethash 量身定制的,因为矿机内部的元件如电路,电源控制设备,存储器和控制模块等都可以专门为以太坊采矿进行校准。然而芯片本身,也这是迄今最需要投资的领域,可能会更大众化且不用专门为以太坊设计。因此,如果以太坊进行 PoW 变更,当芯片离开生产商时可以将芯片组装成新设备,或者甚至可能将老设备中的芯片用在新的以太坊矿机内。尽管至今这些仍只是我们的猜测。

 

人工智能( AI )技术

2018 年 4 月 19 日,在台积电新季度的绩汇报上,联席首席执行官 Mark Lie 表示:

[比特大陆] 在区块链技术上做了许多贡献,比如 AI 。他们做得很好。我们预计他们会慢慢转向 AI 领域。

资料来源: Q1 2018 earnings call

 

“ AI ” 的含义很广。虽然目前还待确认,但新的矢量处理器芯片可能是台积电表示的 “人工智能技术” 。因为这类芯片可以在散列算法之间切换,所以在一定程度上我们可以认为这芯片属于 AI 的范围。矢量处理器芯片到底是只能编程,就像现代 GPU 一样,还是普遍来说可以比 GPU 更高效仍有待观察。如果真的出现了这种芯片,这先进的技术能力可能被视为比特大陆的一项重大成就。这种技术的研发成本可能更高,而且比专用集成电路技术更专业化,这会使挖矿中心化问题更加严重。

 

以太坊散列率增长 – 新芯片仍未部署的证据

尽管如此,我们还没有看到在以太坊网络上有意欲部署新芯片。 如下面的图 7 和图 8 所示,以太坊的算力(在广义上说)在价格波动的情况下仍遵循正常的趋势。

 

图 7 – 以太坊散列率与价格和英伟达 GPU 销售相比

资料来源:彭博, Etherscan.io , Coinmarketcap ,英伟达, BitMEX 研究

 

图 8 – 以太坊散列率与价格 – 7 日移动平均的滚动 90 日百分比增长

资料来源:彭博, Etherscan.io , Coinmarketcap , BitMEX 研究

 

结论

在讨论比特大陆新的以太坊矿机是不是 ASIC 以及新芯片可能对 PoW 变更免疫时, Vitalik Buterin 告诉我们:

我自己也是这么看的

尽管我们上面已经说过,本文中的大部分内仍是根据我们的猜测。然而,即使我们对这款特定芯片的认知存在错误,我们仍然认为在未来比特大陆或其他公司可能会开发出通用的散列芯片,该散列芯片效能在任何散列算法下都将比 GPU 更高 。此时,对抗 ASIC PoW 变更的时代可能已经结束,加密社区必须在两个坏苹果之间做出选择:

  1. 允许 ASIC ,或者,
  2. 允许通用散列芯片,而其技术和生产能力可能更加中心化。

除非 PoS 系统经过证明足够强大。

 

免责声明

虽然本文许多内容为引用资料,但我们并不保证其准确性。欢迎提出指正。

 

 

 

欢迎转载,请注明文章来自

BitMEX (www.bitmex.com)

New Ethereum Miner Could be a Game Changer

Abstract

We look at Bitmain’s new Ethereum miner and notice that it may be less energy efficient than one might expect for an ASIC. We explore the possibility that this miner contains a new more advanced form of technology, which is less efficient than ASICs, but potentially partially immune to PoW algorithm changes. We then conclude that whether this particular Ethereum chip is capable of this or not, this type of technology may eventually end the era of anti-ASIC PoW changes designed to improve decentralisation, such that crypto-coin communities may have to accept the inevitability of ASICs.

Overview

Bitmain have recently launched a new Ethereum miner, widely believed to be an ASIC, and it is expected to ship in late July 2018. However, many in the Ethereum community oppose ASICs and prefer GPU mining, since GPU companies are primarily concerned with gaming rather than crypto-coins, which should mean that the hardware is distributed more widely and fairly, improving decentralisation. Therefore a risk to Bitmain could be that the Ethereum community decide to hardfork to change the PoW algorithm, which could devalue the Bitmain machines and result in a large wasted investment.

In this report, we speculate that Bitmain may already be one step ahead of the Ethereum community. Bitmain may have already learnt a lesson with Monero, two coins which recently conducted PoW changes, potentially resulting in large devaluations of Bitmain’s ASIC chips. Developing a custom chip requires a considerable financial investment and therefore we think Bitmain may have taken some countermeasures to avoid another loss. Bitmain could have designed a new type of mining chip, less efficient that ASICs, but immune to PoW changes. This could make an Ethereum hardfork PoW change mostly pointless.

The recent Monero anti-ASIC PoW change

At the start of April 2018 the Monero community decided to hardfork and change the PoW algorithm, in an attempt to “brick” ASICs and make Monero more GPU-friendly. Due to sharp increases in hashrate, illustrated by Figure 1 and 2 below, the Monero community believed that ASIC manufacturers had developed Monero ASICs, in secret, and were mining the coin.

As Figure 2 shows below, the rolling 90-day hashrate growth rate reached c. 300% in the early part of 2018 (based on 7-day rolling averages). Even after factoring in the sharp increase in value of the Monero coin, this is an extraordinary growth rate. After Monero developers announced plans for a hardfork, Bitmain began to sell Monero ASICs on their website, indicating that they could indeed have been mining in secret. After the PoW change, as Figure 1 shows, the Monero hashrate dropped off significantly.

After the hardfork, the Monero chain split into two, with the original rules coin being called Monero Original (XMO). Although this coin had a lower value than Monero, it had a higher hashrate, since there was little else for the Monero ASICs to mine. There was no replay protection implemented for the split, however Monero increased the ring signature limit, therefore one can split Monero and Monero Original by first initiating a transaction on the Monero Original chain with fewer ring signatures than are allowed on Monero (less than 7).

Figure 1 – Monero hashrate compared to Monero price

Source: Coinmarketcap, BitMEX Research

 

Figure 2 – Monero hashrate compared to Monero price – Rolling 90-day percentage growth of 7-day moving average

Source: Coinmarketcap, BitMEX Research

Note: In the 7 days following the PoW hardfork, the hashrate rolling average excludes the period prior to the hardfork

Bitmain’s new Ethash miner

As we mentioned above, Bitmain has recently launched a new Ethereum miner, which is expected to ship around late July 2018. Given the history with Monero and the fact that many in the Ethereum community, including those mining Ethereum at home on GPUs, are likely to be unhappy at a new Bitmain product, Bitmain may be concerned. One downside to the new miner could be increased miner centralization, but in addition to this, the product may also receive hostility from some in the Ethereum community due to their financial interests in the existing Ethereum miners, GPUs. Bitmain’s management is not stupid, and therefore in our view the company is likely to act with caution and may have taken measures to mitigate against some of these risks.

Figure 3 – Bitmain’s new Ethereum miner: the Antminer E3

Specifications:

  • Power consumption: 800W
  • Hashrate: 180MH/s

Source: Bitmain

The advertised specification of the product is disclosed above. As the table below illustrates, a back -of-the-envelope calculation could imply this new Ethereum miner is less efficient than one would expect if it was an ASIC, based on comparisons with the efficiency gain measured on some of the other ASICs related to other coins. For instance a Bitcoin ASIC is c. 521x more efficient than an FPGA, while the Monero ASIC is c. 88x more efficient than a GPU. In contrast the new Ethereum miner is only c. 1.4x more efficient than a GPU. This could indicate that the new Ethereum miner is not an ASIC at all, but merely a new device more efficient than the existing GPU miners. However, we appreciate that the below table is a crude approximation which ignores many crucial variables and factors, such as the memory-intensive nature of the Ethereum mining algorithm. But although the calculation is inaccurate, the figures can still potentially illustrate a point:

Figure 4 – Approximate miner efficiency calculations

Miner Hash rate (GH/s) Power (W) Energy per hash (J/GH)
Bitcoin (SHA256)
CPU 0.0005 100 200,000
High end GPU 0.5 300 600
FPGA 0.8 40 50
High end ASIC 14,000 1,340 0.096
Efficiency gain 521x
Ethereum (Ethash)
High end GPU 0.032 200 6,250
Antminer E3 0.18 800 4,444
Efficiency gain 1.4x
Monero (CryptoNight)
High end GPU 0.0000001 200 2,000,000,000
ASIC 0.000022 500 22,700,000
Efficiency gain 88x

Source: BitMEX Research, Bitmain
Note: Figures are approximations

Mining chip types & Vector processors (VPs)

As Figure 5 below illustrates, when Bitcoin launched in 2009, mining was conducted using CPUs. However, the architectures of GPUs and FPGAs are more efficient at processing repetitive hash operations. Therefore the network shifted, first to GPUs and then to FGPAs. In 2013, ASICs designed for specific hash functions emerged. Compared to CPUs, GPUs and FPGAs, ASICs are far more efficient at running a particular algorithm, however excluding this, ASICs are far less efficient or actually totally useless.

Figure 5 – Crypto-coin chip type timeline

Source: BitMEX Research
Note: The inclusion of Vector Processors (VPs) towards the end of 2018 is speculative

It might be possible that Bitmain has developed a new type of chip, a Vector Processor. The architecture of this chip could be designed for PoW hash functions in general, but not for a specific hash function. These chips could then be more efficient than GPUs and FPGAs, but less efficient than ASICs. The advantage over ASICs is that they could be, in some respects, immune to PoW changes. It is possible that the new Ethereum miner falls into this category of chip, although this is mostly speculation on our part.

Figure 6 – The evolution of crypto-coin chip types

Chip type Central Processing Unit (CPU) Graphics Processing Unit (GPU) Vector processor (VP) Application Specific Integrated Circuit (ASIC)
Example crypto-coins Bitcoin (BTC) – 2009 to 2011 Bitcoin (BTC) – 2012 to 2013
Ethereum (ETH),
Monero (XMR)

Ethereum (ETH) – 2018 onwards

Bitcoin (BTC) – 2014 to present,
Monero Original (XMO)

Manufacturers Intel,
AMD
NVIDIA,
AMD
Bitmain Bitmain,
Canaan Creative,
Ebang,
Innosilicon
Foundry

TSMC, Samsung,
Global Foundries, SMIC

TSMC, Samsung,
Global Foundries, SMIC
TSMC TSMC,
Samsung,
Global Foundries
Primary use Computing Gaming Crypto-coin mining Crypto-coin mining
Immune to PoW change Yes Yes Potentially No

Higher efficiency

 

It is possible that Bitmain’s new Ethereum miner is tailored for Ethash, in that the components inside the miner such as the electric circuits, power control devices, memory and control modules could all be specifically calibrated for mining Ethereum. However the chip itself, which is the area that requires by far the most financial investment, could be more general and not specifically designed for Ethereum. Therefore if Ethereum conducts a PoW change, it could be possible to direct the chips into a new device as they leave the foundry or perhaps even recover the chips from the old device put them into a new Ethereum miner. Although again, at this point we are speculating.

Artificial Intelligence (AI) technology

At TSMC’s latest set of quarterly results on 19th April 2018, Co-CEO Mark Lie said the following:

[Bitmain] is doing a lot of things on blockchain technology, like AI. They are doing very well. We expect them to slowly move to the AI area.

Source: Q1 2018 earnings call

“AI” is a term with many meanings. Although at this point the situation is unclear, it is possible that any new Vector Processor chips could be what TSMC mean by AI technology. Since any such chip may be able to switch between hashing algorithms, at a stretch, one could argue this falls within the scope of AI. It remains to be seen if the chip is merely programmable, like modern GPUs, or if there is a trick up its sleeve that could give it an efficiency gain vs. GPUs in most cases. If present, this advanced technological capability is likely to be seen as a major achievement for Bitmain. Such technology may also be even more expensive to develop and more specialised than the technology in ASICs, which could make the decentralisation problem even worse.

Ethereum hashrate growth – No evidence of deployment of the new chips

Despite the above, we have not yet seen any strong indications of the deployment of the new chips on the Ethereum network. As Figures 7 and 8 below indicate, Ethereum’s hashrate appears, broadly speaking, to be following a normal trend given the price volatility.

Figure 7 – Ethereum hashrate compared to Ethereum price and NVidia GPU sales

Source: Bloomberg, Etherscan.io, Coinmarketcap, Nvidia, BitMEX Research

 

Figure 8 – Ethereum hashrate compared to Ethereum price – Rolling 90-day percentage growth of 7-day moving average

Source: Bloomberg, Etherscan.io, Coinmarketcap, BitMEX Research

Conclusion

When discussing the possibility that Bitmain’s new Ethereum miner isn’t an ASIC and that the new chip may be somewhat immune to PoW changes, Vitalik Buterin told us:

I have a very similar impression myself

Despite what we have said above, most of the content in this article should be considered guesswork. However, even if we are wrong about this particular chip, we still think it is reasonably likely that at some point in the future, Bitmain or another company, will develop a general-purpose hashing chip, which is more efficient than GPUs for almost all hashing algorithms. At this point the era of anti-ASIC PoW changes could be over, with crypto-coin communities having to make a choice between two potentially unfavourable outcomes:

  1. Allowing ASICs, or,
  2. Allowing general purpose hashing chips, where technologies and production capabilities could be even more concentrated.

Unless of course proof-of-stake systems prove robust enough.

 

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

 

权益证明( Proof of Stake )的完整指南 – 以太坊的最新提案和 Vitalik Buterin 的采访

摘要

在这篇文章中,我们分析了权益证明( PoS )共识系统。我们就它的理论优势和弱势进行了研究。然后,我们分析了迄今为止尝试过最著名和新颖的 PoS 提案的具体细节,在这些提案细节中,我们发现有些提案使得纯 PoS 系统变得越来越复杂以至看起来有点不切实际。我们也就最新的以太坊提案进行了分析,以往的尝试相比,我们认为这是一项重大的改进,它可以为以太坊网络安全性提供优势。然而,该系统仍然严重依赖于工作证明( PoW ),区块的生成仍然依赖于该证明,并且我们不清楚 PoS 在该过程中是否有助于确保节点汇聚在一条链上。因此,我们对以太坊未来能否大幅减少对 PoW 系统的依赖持怀疑态度。

 

 

引言

在深入探讨权益证明( PoS )的具体细节之前,重要的是要了解建立这些共识系统时想要达到什么目的。本质上,他们试图构建的数据结构需要具有以下属性:

  1. 数据的内容不被任何一个实体控制(去中心化的数据存储和数据验证是不够的);
  2. 数据库可以演化(卡斯帕术语:“有活力”);另外重要的是
  3. 参与者对数据内容是有共识的,即当冲突发生时节点有一种机制来决定哪一条是有效的区块链(卡斯帕术语:“安全”)


当两个有效竞争的链条冲突时, PoW 使用积累的工作规则来决定哪一条有效(分叉选择规则)。这不仅为上述第三点提供了解决方案,另外 PoW 机制自身也解决了区块生产和区块产出的时间问题。总的累积工作是分岔选择规则,但区块生产者也需要在每个区块中包含一个 PoW 元素,这个过程是随机的,因此每个区块的生产者以及每个区块的生成时间问题也可以透过 PoW 解决。

PoS 是一个基于积累权益(即拥有最多加密币支持,投票或投注的)分叉选择规则的概念。然而,与 PoW 不同的是, Pos 无法直接解决谁生产区块或生产区块的时间问题。因此这些问题需要通过其他机制来解决。然而, PoW 同时解决了加密币分配的问题,所以 PoW 也是 PoS 系统中可行的替代方案之一。

 

PoS 的理论概述

拜占庭将军问题

 

拜占庭将军问题说明了在尝试构建具有上述属性的数据结构时涉及的一些主要挑战。本质上,主要问题是关于区块产出时间及如何确定应该先更新分类帐上的哪些数据。实际上,如果三分之一以上的参与方有问题,那么从数学的角度来看,这个问题是无法解决的,正如 Leslie Lamport 在 1982 年所证明的那样。

它表明,仅在起码有三分之二以上的将军是忠诚的情况下,口头协议才能有效;换句话说,一个叛徒可以混淆两个忠诚的将军

资料来源:拜占庭将军问题( 1982 )

 

因此, PoW 可以被认为是一个不完美的方案,它有一个相当强大的拜占庭容错系统,但在统计数学上便相对弱一些。正是在这种情况下,由于系统不完善,人们应该像分析 PoW 那样分析所有其他 PoS 的替代品,因为这些系统也会有它们的缺陷。

 

在 PoS 中有两个竞争的哲学。其中一个来自 PoW 。基于此的加密币包括 Peercoin , Blackcoin 以及之前的以太坊 PoS 提案迭代。第二个哲学更多的是基于 20 世纪 80 年代 Lamport 的学术研究,并且基于 Lamport 认为建立拜占庭式容错系统需要大于三分之二。以太坊目前对卡斯帕( Casper )提案偏向了第二个哲学方案。

 

PoS 的优势

PoS 通常在 PoW 的背景下进行研究,作为解决或减轻基于 PoW 的系统中的负面外部因素或问题的替代方案:

 

更环保

也许 PoS 系统中最被广为流传的优点是它不像 PoW 需要经过一个能源密集型的消耗过程。如果 PoS 的系统可以具有与 PoW 系统相同特性,则可以避免对环境损害。这对 Po​​S 来说是一个重要正面的因素,尽管在实际上此问题可能被夸大了,就如我们在比特币能源消耗方面的文章所提到的那样,因为矿工们根据成本考量会使用成本较低的能源或再利用其他能源作为动力来源,从而降低了对环境的损害。

 

激励措施更紧密一致

PoW 系统的另一个主要问题是矿工的利益可能与加密币持有人的利益不一致,例如,矿工可以出售他们的加密币,然后只关心短期而非长期加密币价值。另一个问题是哈希率可能会被出租,而承租人对于系统的长期前景又没有经济利益。而 PoS 直接将共识代理人与加密币的投资联系了起来,理论上来说投资者与共识代理人之间的利益是一致的。

 

采矿中心化和 ASIC

PoS系统的另一个关键优势是可能改善中心化。 PoW 采矿有许多中心化的优势在 PoS 系统中是不适用的:

  • ASIC 生产成本昂贵且被垄断(比特大陆占有很高的市场份额);
  • 芯片代工厂昂贵且被垄断(台积电,英特尔,三星和中芯是仅有的规模厂商);
  • ASIC 相关技术有可能会被专利垄断;
  • 廉价能源有限,并且无法轻易获取;和
  • 采矿的许多层面将形成规模效应,例如维护成本和能源成本,从而实现中心化。

 

PoS 的缺陷和经济弱点

不完整的解决方案

正如我们在上面提到的那样,中本聪的 PoW 系统似乎是一石四鸟:

  • 区块链选择(分叉选择规则),
  • 加密币分配,
  • 谁生产区块,和
  • 区块生产时点。

PoS 似乎只是提供了的区块链选择的解决方案,而没有就其他问题提出有效方案。

 

一种“不公平”的经济模式

对 PoS 系统最常见的批评之一是它按现有持币比例分配新资金。因此,与它的代替品–更为公平的 PoW 相比“富人变得更富了”,并且导致少数富有的用户拥有更高比例的财富。如果一开始就投资于 PoS 系统,您可以保持您的财富份额,然而在 PoW 系统中,您的财富将被稀释,因为新的奖励将分配给矿工。事实上,如果奖励按现有持币比例分配,人们可以辩论它其实不算是通货膨胀,这种情况下的奖励制度在经济层面上相当于为货币尾数加多了个零而已。因此,人们甚至可以声称奖励制度毫无意义,本质上根本没有任何奖励。然而,这只适用于当所有用户及资金都纳入了 PoS 系统的情况下,而实际上有些用户会希望将新资金用于其他目的。

 

资金损失的风险

另一个问题是,权益证明需要连接到互联网的系统上并递交签名信息。因此,持币人需要有一个“热钱包”,这会增加资金遭受黑客盗窃的风险。虽然有可能通过让私人密钥只在短时间内持有权益来减轻这一不利影响,然后将余额返还给所有者。尽管如果有一个削减规则(惩罚就两个相互冲突的链条都进行投票的行为),即便使用了这种缓解策略,黑客还是可以透过其他行为来破坏资金安全性。另一个潜在的缓解策略可能是创建专用硬件来实行权益证明。

 

PoS 的技术和收集的弱点

免权益证明(“免费午餐”)

共识问题的核心是时间和交易顺序。如果两个区块同时生成, PoW 通过随机的过程解决问题,无论哪个区块建立在第一个区块之上都可以带头,然后激励矿工们在多区块的工作链上工作。 PoW 需要能源,在现实世界中这是一种有限资源,因此矿工必须决定将该资源分配到哪个区块链上。

相反, PoS 系统中的这个过程并不清晰。如果同时生成两个区块,则每个冲突块都可以建立权益。最终,一个区块可能比另一个区块拥有更多的权益,这可能使其成为赢家。这里的问题是,如果允许持币人改变主意而支持赢家,这样系统就会集中在同一条区块链上,那他们为什么不将权益分布在多条区块链上?

然而,所有的权益都只是区块链上的资源,与现实世界没有联系,因此可以在两个相互冲突的区块链上投放相同的权益。这就是所谓的“免费午餐”问题,我们认为这是 PoS 面临的最重要的问题。

 

“免费午餐” 问题

“免费午餐” 问题 权益不会增加系统的收集性,因为相同的权益可以应用到多个竞争链中,这是一种无风险的方式,可以增加他们的奖励。相反,在基于 PoW 的系统中,消耗的能源是真实的世界有限资源,因此 “相同” 的工作不能应用于多个竞争链。 
辩护论点一 这个问题可以避免或减轻。该协议可以进行调整,若一个冒名者在多条链上投放相同的权益,第三方可以提交该证明给任一条区块链,从而实行惩罚,例如没收权益(削减条件)。或者,与其惩罚它,还可以使作弊者失去潜在的回报,或将其排除在权益池之外。
PoS 怀疑论者的回应 上述辩护是不恰当的,并可能将惩罚本身合法及必要的行为。例如,如果一个持币人首先接收到一个区块,而大多数人首先接收到另一个区块,那么该持币人可能会改变主意并转而遵从大多数。事实上,容许改变主意和投靠大多数确保网络趋同的过程是共识系统的要点。如果这种行为受到惩罚,系统如何整合?

要么惩罚的经济价值高于切换跟随多数的奖励,要么低于。因此,免费午餐的问题意味着 PoS 系统永远无法对系统整合作出贡献,因此这个想法从根本上是有缺陷的。

辩护论点二 上述明显的困境可以通过以下几个方法解决,比如:

  • Casper 的早期建议使用了多轮投注。在初期改变一个人的想法可能是合理的,惩罚也许很小,而在后来的几轮中,在多个竞争链中使用相同权益的惩罚可以增加,使得最终用户对系统的最终性有高度的保证。
  • 最新的 Casper 循环旨在容许验证者改变他们的想法,但只在 “合法“ 的情境里而非 “非法“ 的情境里。 
PoS 怀疑论者的回应 通过添加多轮投注机制,大大增加了系统的复杂性。这只是增加了一些混乱的层面来掩盖免费午餐的问题,而没有解决根本问题。
辩护论点三 没有一个系统是完美的,实际上建立一个完美的系统在数学上是不可能的,因此免费午餐的问题无法得到完美解决,然而上述措施的确可以缓解该问题,因此这些理论性问题不太适用于现实世界。

 

远程攻击共识问题

PoS 的另一个潜在问题是所谓的 “远程攻击” 问题。例如,攻击者可以购买一个过去拥有大量加密币的私钥,然后根据这一点生成另一个历史记录,从而根据 PoS 验证向自己颁发越来越多的奖励。由于攻击者获得了大量的奖励,他可以生成比现有区块链更高的权益链,并且可以重组过往这么多年区块链。

这个问题的解决方案是检查点(checkpoint),即一旦达到某个特定的关联阈值就锁定在某个链状态的过程,使其永远不会重组。批评者认为,该解决方案需要随时保持其节点上网,因为脱机节点不能检查点。有人声称,如果一个人离线,安全模式将退为 “询问友人”,因为人们依赖于查询他人的检查点。尽管过去比特币的模式包含了检查点,但其目的是加速初始同步,尽管这种影响可能会导致 “询问友人” 安全模型开启。

然而,我们认为这取决于系统更看重什么了。如果最终希望每个用户都充分验证系统的所有规则和状态,那么只依靠这些检查点是不够的。事实上,中本聪的最初愿景似乎暗示希望节点被关闭再接入网络时,依然可以验证其消失时系统发生了什么是很重要的:

节点可以随意离开并重新加入网络,接入工作证明链来验证它们离开网络后发生的事情

资料来源:比特币白皮书

 

尽管生态系统在不断扩大,但许多企业和交易所都 24 小时不间断的运行着,因此必须始终保持节点运行,且可以执行检查点设置。有大量的激励措施阻止它们进行大规模的链上重组。对许多人来说,这有足够的安全性,因此远距离攻击问题带来的风险是不相关的或者只处于理论层面的。

 

权益磨削

在一个纯 PoS 的系统中,权益人也需要生产区块。这些系统通常通过从池子中选择一系列授权区块生产者来开展工作,其中概率与权益持有成正比。这里的问题是共识系统内部需要随机性。如果区块本身用于生成熵,那么权益人可以尝试操控区块中的内容将未来的区块分配给他们自己。然后,权益人可能需要越来越多的计算能力来尝试越来越多的替代区块,直到他们被分配到未来的区块。这基本上又变回了 PoW 系统。

在我们看来,与“免费午餐问题”相比,权益磨削问题对于 PoS 来说不是一个根本性的问题。解决这个问题所需要的只是网络中熵的来源,或像以太坊这样的任何人都可以参与的智能合约 – RanDao 就可以解决这个问题。

 

案例研究 –   Peercoin 和以太坊的 Casper

 

1 –  Peercoin  – 2012 年

概述

Peercoin 是一个PoW 和 PoS 系统的混合体,建立在加密币年龄的理念之上。分叉选择规则是选择那条加密币年龄最大的区块链。

加密币年龄被简单定义为加密币数量与持有周期的积。在一个简单易懂的例子中,如果鲍勃从爱丽丝那儿收到了 10 个加密币并有了 90 天,那我们可以说鲍伯的加密币年龄已经累积到了 900 个加密币日。

资料来源: Peercoin 白皮书

在 Peercoin 中,一些区块是纯使用 PoW 而生产的,而另一些区块的 PoW 的难度根据矿工在交易中摧毁的加密币年龄(基于 coinstake 而不是基于 coinbase 的交易)进行调整。“例如,如果鲍勃有一个钱包输出积累了 100 个加密币年的年龄,并预计它在 2 天内产生一个[ PoS 区块],那么爱丽丝可以大致预计她 200 个加密币年的钱包可以在 1 天内产出一个[ PoS 区块]。

 

分析

弱点 概要
免费午餐 该协议的目的是通过忽略第二个相互冲突的链条来防止矿工在多个连锁链条进行 coinstake 交易时使用相同的加密币。然而,这是不够的,并且如果它们以不同的顺序接收冲突区块,则会导致节点分叉。
区块生产 通过使用 PoW 生成区块来解决
远程攻击 这是 Peercoin 的一个重要漏洞,攻击者可以通过不支出加密币来增加加密币的年龄,然后发起重组攻击。

这是通过中央系统每天广播数次检查点来解决的。因此 Peercoin 是一个集中系统。

权益磨削 这可能不是个问题,因为从验证者池中没有选择的问题,因为始终需要 PoW 系统并且加密币权益改变了 PoW 的目标。

 

结论

就当时来说 Peercoin 是一个有趣且新颖方法,但是该提案产生了一个中心化的系统,无法匹配 PoW 的属性。

 

2 – 以太坊 –  Caper 全 PoS 系统 –  2015 年

概述

这是一个完整的 PoS 建议,基于“通过赌注达成共识”的美学。

  • 区块由区块生产者池里产生,随机数生成器用于选择轮到哪个生产者生产区块,然后给生产者一个时间窗,在该时间段内他们可以生成有效区块。
  • 有一组绑定的验证人,投注人必须先被绑定才能投注区块。
  • 然后验证人可以对区块进行投注,每次投注会有一个概率提供,代表潜在回报。
  • 在几轮下注之后,随着概率接近 1 或 99% ,该区块就被认为是最终的。

资料来源:以太坊博客

 

投注策略

根据以太坊博客,默认情况下应该使用以下策略进行投注:

  • 如果该区块尚未产出,但当前时间非常接近该区块应该发布的时间,请下注 0.5 。
  • 如果该区块尚未产出,但自该区块应该发布以来已经过了很长时间,则下注 0.3 。
  • 如果该区块存在,并且按时产出,则押注 0.7 。
  • 如果该区块存在,但它产出的时间或者太早或太迟,下注 0.3 。
  • 为了帮助防止 “卡住” 情况,应增加一些随机性,但基本原则保持不变。

默认的博弈策略有一个公式(如下所示),以便将概率推离 0.5 ,这样链将向前移动,使得预期概率更接近零或一。

设 e(x) 是使 x 更“极端”的函数。即,将值从 0.5 推到 1 。一个简单的例子是如果 x> 0.5 ,则分段函数 e(x)= 0.5 + x / 2 否则 x / 2

如果验证人在概率为 99% 时下注,则回报非常小( 1% 用作计算回报的度量),相反,在 50% 的概率投注获胜后代表 100% 的回报,这会从奖励池中获得更高的回报。

分叉选择规则就是所有加权概率的总和超过了一定的阈值,比如 0.99 。例如,一个 5 个区块的链条,每个区块显示 5 分的概率均为 1 。任何在 0.99 阈值之后改变主意并将权益投放在多个链条上的验证人可能会被惩罚(削减)。而若在阈值前改变主意将不会被惩罚。

 

分析

我们认为,这个提案非常复杂,而其复杂性是最主要的缺点。

弱点 概要
免费午餐 该协议旨在通过惩罚机制来防止矿工在多条链上使用相同的加密币下注,一旦被发现,验证人将失去其存款。我们认为,这可能会损害系统的收集性,尽管下注程式可能会将概率降到 0.5 以下,进而助于缓解问题。
区块生产 RanDAO 合同可以用来提供熵来选择区块生产者。然而,这只能提供一个时间窗口,在这个时间窗口中可以生产区块,但对于该区块是否是在时间窗口内生产是没有共识的,在此之后,投注过程应该能够解决该争议。
远程攻击 一旦达到某个概率阈值,节点便会检查点区块。远程攻击问题在节点关闭期间仍然可能发生。
权益磨削 RanDAO 合同可能可以解决权益磨削问题。

结论

以太坊未采纳该提案。我们认为该提案从未完成,因为该系统的一些参数和方面缺乏规范。尽管通过权益达成共识很有趣,但它似乎太复杂,而且存在太多的不确定性。这种方法说明了在构建完整的 PoS 系统时将遇到的困难,以及在试图解决其缺陷时,它会导致问题越来越复杂,直到系统变得不可行。

 

3 – 以太坊 – Casper 最新版本 –  PoW / PoS 混合系统 – 2018 年

概述

与早期所提出的一些 PoS 系统相比,目前的 Casper 提案反映了哲学上和技术上的变化。它回到了 20 世纪 80 年代 Lamport 的学术工作以及 Lamport 的定理:当且仅当系统中三分之二的代理人诚实时,才能使这些系统有效工作。因此,目前的 Casper 版本比以前更加雄心勃勃。 PoS 不再用于生产区块或决定区块的时间,这些仍然由 PoW 矿工完成。 PoS 系统将作为检查点。在我们看来,这个建议优于早期相对复杂的 Casper系统。

 

该系统的工作原理如下:

  • PoS 系统仅在每 100 个区块间才会启用,作为检查点提供 PoW 系统额外的保证。
  • PoS 系统的参与者将他们的以太币发送到 “验证者池” ,并且每隔 100 个区块将其权益放在一个区块之后。如果池中三分之二的资金支持提案,则该区块将被视为最终提案,若有争议,此提案将优先于 PoW 。
  • 验证人投票仅在最后一个检查点区块之后12 个确认内有效。
  • 如果没有达到三分之二的门槛,该链条将继续完全基于 PoW 系统操作。
  • 如果有任何权益者作出违规行为,第三方可以提交以下的证明,若该证明属实,骗子们将失去全部权益/存款,同时第三方可以得到 4% 的回报作为激励:
    1. 在同一高度上为多重矛盾区块投票
    2. 在不同高度上为多重矛盾区块投票,但使用矛盾参照区块,除非新的参照区块有更多的高度。

 

以太坊奖励结构将进行调整,以便 PoS 验证人得到除了 PoW 矿工之外另一部分支付费用。据我们所知,这个新分配的细节尚未确定。

 

分析

我们认为, Casper 的最新版本与早期版本相比有了显着的改进,主要原因是复杂度较低且对 PoW 系统更加依赖。

理论上,新提案只有三个实际问题:

  1. 当超过三分之一的权益人拒绝参与 – 在这种情况下,我们回到了 PoW 的系统
  2. 当权益人在定案后会改变他们的想法,以至于三分之二以上的权益人支持了替代链 – 远距离攻击问题
  3. 当三分之二多数的权益人支持比当前领先的 PoW 链短的链,这是导致重组的一种新方式。我们认为这是该提案的最大缺点。

这个系统背后假设的核心是它的 PoW 推动了链的发展,并且 PoS 系统只是在 PoW 矿工已经锁定了一个链条的情况下才会启动, PoS 投票在 12 名矿工确认之前甚至是不生效的。事实上,如果三分之二的多数支持无法实现,那么这条链会继续保持原来的状态。

因此,我们得出这样的结论,即最新的 Casper 提案的核心特征是 PoW 系统先行,只有其后,若出现PoW 矿工恶意破坏行为, PoS 系统可以为链条重组提供额外保证。因此, PoW 仍然提供系统收集性, PoS 机制可以抵御矿工重组威胁。因此,尽管 PoS 提供了这种安全性,但正如上面第三点所指出的那样,它也提供了额外的风险,因此我们不清楚整体好处是否大于坏处。

弱点 概要
免费午餐 验证人若同时投票支持相互冲突的检查点区块, 他们可能会失去他们的权益。收集问题通过 PoW 挖掘来解决。
区块生产 PoW 矿工生产区块,因此不存在与选择区块生产者相关的问题。
远程攻击 一旦验证者池中的三分之二的权益投票通过区块,节点最终将确定该区块并且不能重组。但远程攻击问题在节点关闭期间仍然存在。
权益磨削 PoW 矿工生产区块,因此不存在权益磨削问题。

 

其他潜在的未解决问题

在硬分叉和链条分裂的情况下,如果新的链条改变了验证人检查点的投票的格式,那么三分之二的验证人可以在原始链上进行破坏性的重新组织,同时由于使用新的投票格式而避免收到惩罚(削减)。因此,验证人可以摧毁原始链条,同时仍然继续推进他们所选择的新的链条。因此,该系统被关闭的防御性相对较弱一些。

 

BitMEX 研究团队独家采访 Vitalik Buterin 关于最新的 Casper 提案

问题 1  – 即使 PoS 系统可以提供比以前更多的保证,在达到 34% 的投票门槛之前,重组风险可能会更高,因为重组可能通过 PoS , PoW 或以更多方式发生。您担心这个潜在问题吗?

我并不担心。有充足的理由相信它不应该对系统的稳定性产生负面影响。未锁定链条的评分规则是 “最终确定时期 + 总难度 * ε” 。这里有一篇论文指出,任何“单一”链条评分规则都是纳什均衡;我们的评分规则显然是单调的,所以它是纳什均衡。矿工和验证人都使用链条评分规则,所以矿工和验证人都会自然地帮助链条增长,而不是试图重组。 Casper FFG 以这种方式进行了设计,以 “基于链条” 的共识以及 BFT 理论使得系统 “跑的舒服” 。

 

可能使 “重组风险更高” 的情况是:

 

  • 当大多数验证人比大多数矿工更不诚实
  • 如果 Casper 特定的代码有错误

我们相信,如果上述任何一点是真的,那么 Casper FFG 的风险会增加。

问题 2  – 您认为用户和交易所会如何反应?交易所是否应该在存入存款之前修改其做法,例如 2 次确认外加得到 34% 验证人的投票?

如果是我管理的交易所,我会做一些安排,比如要求高达 1 万美元的存款需要等待 12 个确认,及在存款金额更大的情况下要求区块锁定。

问题 3  – 是否会有总体评分指标供交易所使用,一个结合了 PoW 和 PoS 影响的指标?

我想有可能会创建一个。以下是我可以想到的几个不同的确认阶段:

  • 交易已被纳入一个区块,这是区块头
    • 这是头的第 N 个祖先
    • 这是一个检查点 C 的始祖。它是头的祖先。验证人已​​经开始对 C 进行投票。
  • 验证人认证了 C 。
  • C 的孩子 –  C’ 存在,并且验证人已经开始对 C’ 进行投票来确定C
  • C’ 的孩子有超过 1/3 的选票。在这一点上,至少有一个验证人需要实际上被削减,以便将情况恢复,使 C 到达最终状态。

结论

我们认为,这个最新的 PoS 提案是迄今为止最好的。我们认为这可能会被以太坊采纳,并可能为该系统的安全性做出积极的贡献。但是,该系统仍然依赖 PoW 采矿,至少在中期阶段。在 PoS 过程发生之前,系统需要依赖 PoW 首先解决任何拜占庭问题。因此,该系统依靠 PoW 进行区块生产,并确保系统在一条链上收集的特性。虽然 PoS 开采可能会缓解一些风险(敌意的 PoW 开采),但是它是否对系统收集性或安全性做出了净贡献仍不清楚。因此, PoS 的批评者可能会认为,从 PoW 矿工重新分配给权益者的任何奖励都会不必要地削弱系统的收集性和安全性。

 

尽管我们认为目前的提案具有可操作性,但 “免费午餐的问题” 可能是一个重大挑战。这个新机制是否解决了这个问题,至今仍未有定论。因此,尽管计划将此提案作为一个垫脚石,作为逐步转向全面 PoS 系统的先行计划,但要达到全面 PoS 系统可能比以太坊社区中的某些人认为的更难实现。

 

免责声明

虽然本文许多内容为引用资料,但我们并不保证其准确性。欢迎提出指正。

 

 

 

欢迎转载,请注明文章来自

BitMEX (www.bitmex.com)

 

Complete guide to Proof of Stake – Ethereum’s latest proposal & Vitalik Buterin interview

Abstract

In this piece we examine proof of stake (PoS) consensus systems.  We look at their theoretical advantages and weaknesses. We then analyse the specific details of some of the most prominent and novel PoS systems attempted thus far, where we learnt that some pure PoS systems becomes increasingly complex, to the point which they became unrealistic. We review the latest Ethereum proposal, which we think is a significant improvement compared to previous attempts and it could provide net security benefits for the Ethereum network. However, the system may still be reliant on proof of work (PoW), which is still used to produce the blocks and at this point it is not entirely clear to us if the PoS element of the process contributes to ensuring nodes converge on one chain.

Introduction

Before diving into the specifics of Proof of Stake (PoS), it’s important to clarify what one is trying to achieve when building these consensus systems. Essentially one is trying to construct a data structure with the following properties:

  1. No one entity controls the content of the data (distributed storage and verification of the data is not sufficient);
  2. The database can move forward, (Casper terminology: “Liveness”); and crucially
  3. Participants agree on the content of the data i.e. nodes have a mechanism to decide between conflicting valid chains (Casper terminology: “Safety”)

PoW uses the most accumulated work rule to decide between competing valid chains (fork choice rule). This is not only an apparent solution to criteria three above, but the PoW mechanism also inherently solves the block production and block timing issue. While total accumulated work is the fork choice rule, a block producer is also required to include an element of PoW in each block, a stochastic process, and therefore the issue of who produces each block and when each block is produced, is also be addressed by PoW.

PoS is the general concept of a fork choice rule based on the most accumulated stake (i.e. the chain with the most coins backing, voting or betting on it). However, unlike PoW, this does not necessarily directly address the issue of who produces each block or when blocks are produced. Therefore these issues may need to be addressed by alternative mechanisms. PoW is also a solution to the coin distribution problem, something which may also require an alternative solution in PoS based systems.

Theoretical overview of PoS

The byzantine generals problem

The Byzantine generals problem illustrates some of the  main challenges involved when attempting to construct a data structure with the properties mentioned above. Essentially the issue is about timing and how to determine which updates to the ledger occurred first. Actually if one third or more of the actors are disruptive, the problem is provably unsolvable, from a mathematical standpoint, as Leslie Lamport proved in 1982.

It is shown that, using only oral messages, [reaching agreement] is solvable if and only if more than two-thirds of the generals are loyal; so a single traitor can confound two loyal generals

Source: The Byzantine Generals Problem (1982)

PoW can therefore be considered as an imperfect hack, which seems a reasonably strong Byzantine fault tolerant system, but certainly not a mathematically robust one. It is in this context, of imperfect systems, which one should analyse PoS alternatives, as like PoW, these systems will also have flaws.

In PoS there are two competing philosophies. One of which is derived from PoW. Coins based on this include Peercoin, Blackcoin and earlier iterations of Ethereum’s PoS proposals. The second philosophy, is based more on Lamport’s academic research from the 1980s and embraces the conclusion Lamport reached that a two-thirds majority is required to build a Byzantine fault tolerant system. Ethereum’s current iteration of the Casper proposal adopts this second approach.

Advantages of PoS

PoS is typically looked at in the context of PoW, as an alternative which solves or mitigates against negative externalities or problems inherent in PoW based systems:

More environmentally friendly

Perhaps the most widely cited advantage of PoS systems is the absence of the energy intensive process which PoW requires. If PoS based systems can achieve the same useful characteristics as PoW systems, environmental damage can be avoided. This is a significant positive for PoS, although as we discussed in our piece on Bitcoin’s energy consumption, the problem may be slightly overstated, due to the incentive to use lower cost or otherwise failed energy projects as a source of power, limiting environmental damage.

Stronger alignment of incentives

Another major problem with PoW based systems is that the interest of miners may not align with that of coin holders, for example miners could sell the coins they mine and then only care about the short term, not long term coin value. Another issue is that hashrate could be leased, with the lesee having little or no economic interest in the long term prospects of the system. PoS directly ties the consensus agents to an investment in the coin, theoretically aligning interests between investors and consensus agents.

Mining centralisation & ASICs

Another key advantage of PoS based systems is potentially improving decentralisation. PoW mining has a number of centralising forces which are not applicable to PoS:

  • ASIC production is expensive and centralised (In Bitcoin Bitmain has a high market share);
  • Chip foundries are expensive and centralised (TSMC, Intel, Samsung & SMIC are the only players with scale);
  • ASIC related technologies can potentially be patented;
  • There may be a limited number of cheap energy sources, with restricted access; and
  • Many aspects of mining can have economies of scale, such as maintenance costs and energy costs, resulting in centralisation.

General and economic weaknesses of PoS

An incomplete solution

As we alluded to above, Satoshi’s PoW systems appears to kill four birds with one stone:

    • Chain selection (the fork choice rule),
    • Coin distribution,
    • Who produces blocks, and
    • When blocks are produced.

PoS only appears to be a proposed solution to the chain selection problem, leaving the other problems open. Although these other issues could be less significant than the chain selection issue.

An “unfair” economic model

One of the most common criticisms of PoS systems is that they allocate new funds in proportion to the existing holdings. Therefore the “rich get richer” and it results in a few wealthy users holding a higher proportion of the wealth than the more egalitarian PoW alternative. If one invests in a PoS system at the start, you can maintain your share of the wealth, alternatively in a PoW system your wealth is diluted as new rewards are distributed to miners. Indeed, if rewards are allocated in proportion to the existing holdings, one could argue its not inflation at all and that the reward is economically equivalent to adding more zeros to the currency. Therefore one can even claim the reward system is pointless and does not provide an incentive at all. However this only applies if all users become PoS validators, while in reality some users will want to use the funds for other purposes.

Risk of a loss of funds

Another issue is that staking requires signing a message from a system connected to the internet. Therefore stakers are required to have a “hot wallet” which increases the risk that funds are exposed to theft from hackers. Although it may be possible to mitigate this downside by having a private key only entitled to stake for a short period of time, after which the balance reverts back to the owner. Although if there is a slashing rule (punishment for voting on two conflicting chains), a hacker could conduct action which destroys the funds even if this mitigation strategy is used. Another potential mitigation strategy could be the creation of specialist hardware for staking.

Technical & convergence weaknesses of PoS

Nothing at Stake

Core to the consensus problem is timing and the order of transactions. If two blocks are produced at the same time, PoW solves the problem by a random process, whichever block is built on top of first can take the lead and then miners are incentivised to build on the most work chain. PoW requires energy, a finite real world resource and therefore miners have to decide which chain to allocate this resource to.

In contrast this process in PoS based systems is not entirely clear. If two blocks are produced at the same time, each conflicting block can build up stake. Eventually one block may have more stake than the other, which could make it the winner. The problem here is that if stakers are allowed to change their mind to back the winner, such that the system converges on one chain, why would they not use their stake on multiple chains?

After-all stake is a resource inherent to the chain and not linked to the real world, therefore the same stake can be used on two conflicting chains. Herein lies the so called “Nothing at stake” problem, which we view as the most significant issue facing PoS.

The “Nothing at Stake” problem

The Nothing at Stake problem Stake does not add to the convergence of the system, since the same stake can be applied to multiple competing chains, which is a risk free way of stakers increasing their rewards. In contrast, in PoW based systems, energy is a real world finite resource and therefore the “same” work cannot be applied to multiple competing chains.
Defense 1 The issue can be avoided or mitigated against. The protocol can be adjusted such that if a staker uses the same stake on multiple chains, a third party can submit a proof of this to either chain, resulting in a punishment, such as the confiscation of the stake (slashing conditions). Alternatively instead of a punishment, the cheater could lose potential rewards or be excluded from the staker pool.
Response from PoS sceptic The above defence is inappropriate and punishes what may be legitimate or necessary behavior. For example if a staker receives a block first, while the majority receives an alternative block first, it may be legitimate for that staker to change their mind and switch to follow the majority. Indeed the process of changing your mind and switching to the majority to ensure the network converges is the point of the consensus system. If this behavior is punished, how does the system converge?

Either the economic value of the punishment is higher than the rewards for switching to follow the majority, or it isn’t. Therefore the nothing at stake problem means PoS systems can never make a contribution to system convergence and the idea is therefore fundamentally flawed.

Defence 2 The apparent dilemma above can potentially be  resolved in various ways. For instance:

  • Earlier proposals from Casper used multiple rounds of staking. Changing one’s mind in the early rounds can be legitimate and perhaps the punishment is small, while in later rounds the punishment for using the same stake in multiple competing chains increases, such that eventually users have a high degree of assurance over the finality of the system.
  • The most recent iteration of Casper aims to allow validators to change their minds, but only in “legitimate” scenarios and not when its “illegitimate”.
Response from PoS sceptic By adding multiple rounds or criteria in which validators can change their minds one is increasing the complexity of the system. This is merely adding layers of obfuscation to conceal the inherent weaknesses illustrated by the nothing at stake problem, without solving the fundamental issue.
Defence 3 No system is perfect, indeed it’s mathematically impossible to construct a perfect system and therefore the nothing at stake problem is not solved, however the measures identified above mitigate the problem, such that these theoretical issues are unlikely to apply in the real world.

The long range attack consensus problem

Another potential issue with PoS is the so called “long range attack” problem. This is the idea that attackers could, for instance, buy a private key which had a large token balance in the past and then generate an alternative history from that point, awarding oneself more and more rewards based on PoS validation. Due to the large amount of rewards given to the attacker, one could then generate a higher stake chain than the existing chain and a large multi year chain re-organisation could be performed.

The solution to this problem is checkpointing, which is the process of locking in a certain chain state once a certain stake threshold has been met, such that it can never be re-organised. Critics argue that this solution requires one to keep their node online at all times, since an offline node cannot checkpoint. Some claim that if one goes offline, the security model therefore degenerates to “ask a friend”, since one is dependent on asking others for their checkpoints. Although in the past the Bitcoin reference implementation included checkpoints, the purpose of these was to speed up the initial sync, although the impact of this could be said to result in an “ask a friend” security model.

However, in our view this is a matter of different priorities. If one wants each individual user to fully verify all the rules and the state of the system, then relying in these checkpoints is insufficient. Indeed, the Satoshi’s original vision appears to imply that the ability of nodes to be switched off and then verify what happened when was was gone is potentially important:

Nodes can leave and rejoin the network at will, accepting the proof-of-work chain as proof of what happened while they were gone

Source: Bitcoin Whitepaper

Although the ecosystem is expanding, many businesses and exchanges operate 24×7 and are therefore required to keep a node running all the time, and can therefore do checkpointing. There are strong incentives preventing them from allowing a large chain re-organisation. To many, this is sufficient security and the risks posed by the long range attack problem are therefore irrelevant or too theoretical.

Stake grinding

In a pure PoS system, stakers also need to produce blocks. These systems have often worked by selecting a sequence of authorised block producers randomly from a pool, where the probability is proportional to the stake. The issue here is a source of randomness is required inside the consensus system. If the blocks themselves are used for generating the entropy, stakers could try to manipulate the content in blocks in order to allocate themselves future blocks. Stakers may then need more and more computing power to try more and more alternative blocks, until they are allocated a future block. This then essentially results in a PoW system.

In our view, the stake grinding problem is less of a fundamental problem with PoS, when compared to significant issues like the nothing at stake problem. All that is required to solve this problem is a source of entropy in the network and perhaps an Ethereum smart contract like the RanDAO, in which anyone can participate, can solve this problem.

 

Case Studies – Peercoin & Ethereum’s Casper

1 – Peercoin – 2012

Overview

Peercoin is a hybrid PoW and PoS system, built on the idea of coin age. The fork choice rules is the blockchain with highest total consumed coin age.

Coin age is simply defined as currency amount times holding period. In a simple to understand example, if Bob received 10 coins from Alice and held it for 90 days, we say that Bob has accumulated 900 coin-days of coin age

Source: Peercoin Whitepaper

In Peercoin, some blocks were produced purely using PoW, whilst other blocks were produced using PoW where the difficulty adjusts based on the coin age destroyed by the miner in the transaction (the coinstake transaction as opposed to a coinbase transaction). “For example, if Bob has a wallet-output which accumulated 100 coin-years and expects it to generate a [PoS block] in 2 days, then Alice can roughly expect her 200 coin-year wallet-output to generate a [PoS block] in 1 day.

Analysis

Weakness Summary
Nothing at Stake The protocol aims to prevent miners using the same coins in a coinstake transaction on multiple chains by ignoring the second conflicting chain. However this is not sufficient and can result in nodes diverging, if they receive the conflicting blocks in a different order.
Block production Solved by using PoW to produce the blocks
Long range attack This was a critical vulnerability for Peercoin, an attacker can simply save up coin age by not spending their coins and then launch a re-organisation attack.

This was solved by centrally broadcasting checkpoints several times a day. Peercoin was therefore a centralised system.

Stake grinding This may not have been an issue, since there was no selection from a validator pool as PoW was always required and coin stake altered the PoW target.

Conclusion

At the time Peercoin was an interesting early novel approach, however the proposal resulted in a centralised system, not able to match the properties of PoW.

2 – Ethereum – Caper full PoS system – 2015

Overview

This is a full PoS proposal, based on “consensus by bet” methodology.

  • Blocks are produced from a pool of block producers, a random number generator is used to select whose turn it is to produce a block and then the producer is given a time window in which they can produce a valid block.
  • There is a set of bonded validators, one must be in the set to make or take bets on blocks.
  • Validators can then make or take bets on block propositions, providing a probability each time, representing the return betters can make.
  • After several rounds of betting, as the probability approaches 1 or 99%, the block is considered final.

Source: Ethereum Blog

Betting strategy

According to the Ethereum blog, betting should occur using the following strategies by default:

  • If the block is not yet present, but the current time is still very close to the time that the block should have been published, bet 0.5.
  • If the block is not yet present, but a long time has already passed since the block should have been published, bet 0.3.
  • If the block is present, and it arrived on time, bet 0.7.
  • If the block is present, but it arrived either far too early or far too late, bet 0.3.
  • Some randomness is added in order to help prevent “stuck” scenarios, but the basic principle remains the same.

The default betting strategy had a formula (given below), to push the probability away from 0.5, such that the chain would move forward, with the probability expecting to either approach zero or one.

Let e(x) be a function that makes x more “extreme”, ie. pushes the value away from 0.5 and toward 1. A simple example is the piecewise function e(x) = 0.5 + x / 2 if x > 0.5 else x / 2

If a validator bets when the probability is 99%, the return is very small (a 1% return used as a measure from which the reward is calculated), in contrast a winning bet placed placed with odds of 0.5, represents a return of 100%, which results in a higher return from the rewards pool.

The fork choice rule then is the sum of all the weighted probabilities, which have crossed a certain threshold, say 0.99. For instance a chain of five blocks, each with a probability of 1 will represent a score of 5. Any validator who changes their mind after the 0.99 threshold has been crossed, can be punished (slashed) for staking on multiple chains. While changing your mind before the threshold is considered legitimate and there is no punishment in that scenario.

Analysis

In our view, this proposal is highly complex, which we consider as the main downside.

Weakness Summary
Nothing at Stake The protocol aims to prevent miners using the same coins to bet on multiple chains by using a punishment mechanism, in which validators would lose their deposit. In our view, this could harm the convergence of the system, although betting formula may move the probability away from 0.5, which is designed to help mitigate the issue.
Block production The RanDAO contract could be used to provide entropy to select the block producer. However, this only provides a time window in which blocks could be produced, it is possible there is a lack of consensus over whether the block was produced within the time window or not, after which the betting process is supposed to resolve the dispute.
Long range attack The nodes checkpoint blocks once a certain probability threshold has been reached. The long range attack problem remains for periods in which nodes are switched off.
Stake grinding The RanDAO contract may solve the stake grinding issue

Conclusion

The proposal was not adopted by Ethereum. In our view the proposal was never complete, as some parameters and aspects of the system lacked a specification. Although the consensus by bet approach was interesting, it seemed too complex and there were too many uncertainties. This approach illustrates the difficulties involved when constructing full PoS systems and how when one tries to address the weaknesses, it just results in more and more complexity, until the system becomes unfeasible.

3 – Ethereum – Latest version of Casper – The hybrid PoW/PoS System – 2018

Overview

The current Casper proposal represents a change in philosophy or a pivot, compared to some of the earlier PoS systems. It returns to the academic work of Lamport in the 1980s and Lamport’s theorem that these systems work if and only if two-thirds of agents in the system are honest. Therefore the current version of Casper is less ambitious than before. PoS is no longer used to produce blocks or decide on the timing of blocks, which is still done by PoW miners. The PoS system is used as a checkpointing process. In our view, this proposal is superior to the more complex earlier iterations of Casper.

The system works as follows:

  • The PoS system is only used every 100 blocks, to provide an extra layer of assurance over PoW, as a checkpointing system.
  • Participants in the PoS process send their Ether into a “validator pool”.
  • Every 100 blocks validators put their stake behind a checkpoint block, whilst also referencing a previous checkpoint block. If two-thirds of the funds in the validator pool support a proposal, the block is considered “justified”.
  • Once a block is justified, it can be used as a reference for future votes. Once two-thirds of the stake use a justified block as a reference, this justified block is considered finalised and this finality takes precedence over PoW.
  • Validators votes are only valid 12 confirmations after the last checkpoint block.
  • If the two thirds threshold is not met, the chain continues to progress based entirely on PoW.
  • If stakers do any of the following banned behaviors, in return for a small 4% fee, a third party can submit a proof of this, such that the cheater loses their entire stake/deposit (slashing):
    1. Votes for multiple conflicting blocks at the same height.
    2. Votes for multiple conflicting blocks at different heights, but using conflicting reference blocks, unless the new reference block has more height.

The Ethereum reward structure will be adjusted, such that PoS validators also receive a share of the rewards, in addition to the PoW miners. As far as we can tell, the details of this new allocation have not been decided yet.

Analysis

The latest iteration of Casper is a significant improvement from earlier versions, in our view, primarily because of lower levels of complexity and greater reliance on PoW mining.

In theory, there are only three problems with the new proposal:

  1. Over one third of the stakers refusing to participate – in which case we are just back to a PoW based system
  2. Stakers changing their mind after finality such that more than two thirds supports an alternative chain – the long range attack problem
  3. Stakers reaching two-thirds majority support for a lower PoW chain than the current leading PoW chain, a new way of causing a re-organisation. We view this as the most significant downside of this proposal.

Core to the assumption behind this system is that its PoW which drives the chain forwards and that the PoS system only comes into play, once the PoW miners have decided on a chain, PoS votes are not even valid before 12 miner confirmations. Indeed, if the two thirds majority cannot be achieved then the chain continues on a PoW basis.

Therefore, we conclude, that the core characteristic of this latest Casper proposal is that the PoW happens first, and only after this does PoS potentially provide an extra assurance against a chain re-organisation, orchestrated deliberately by a hostile PoW miners. PoW therefore still provides computational convergence, with the PoS mechanism defending against the threat of a human/politically instigated miner re-organisation. Therefore although PoS provides this safety, as point three above indicates, it also provides extra risk, therefore its not clear if there is a net benefit.

Weakness Summary
Nothing at Stake Validators can vote on multiple chains, but not at the same height. This is designed to allow validators to change their mind, but only for “legitimate” reasons.

For the hybrid version of the model, the convergence issue may be solved by relying on PoW mining.

Block production PoW miners produce blocks and therefore there is no issue related to selecting the block producer.
Long range attack Once two-thirds of the stake in the validator pool has used a block as a reference for voting, nodes finalize the block and there cannot be a re-organisation. The long range attack problem remains for periods in which nodes are switched off.
Stake grinding PoW miners produce blocks and therefore there is no stake grinding issue.

Other potential unresolved issues

In the event of a contentious hardfork and chainsplit, if the new chain alters the format of the validator checkpoint votes, two-thirds of the validators could conduct destructive re-organisations on the original chain, while avoiding punishment (slashing) due to the new voting format. Validators could therefore destroy the original chain, while still moving forward on a new chain of their choice. The system could therefore be less resilient to being shut down.

Exclusive BitMEX Research Interview with Vitalik Buterin on the latest Casper proposal

Question 1 – Even though the PoS system may provide more assurance than before, prior to the 34% voting threshold being reached, re-organisation risk may be higher, since a re-organisation can occur in more ways, both via PoS and via PoW. Are you concerned about the negatives of this?

I would say no. There are plenty of reasons to believe that it should not negatively impact stability. The pre-finalization chain scoring rule is “highest finalized epoch + total difficulty * epsilon”. There is a paper here that points out that any “monotonic” chain scoring rule is a Nash equilibrium; our scoring rule is clearly monotonic so it’s a Nash equilibrium. Both miners and validators use the chain scoring rule, so miners and validators would both naturally help the chain grow, not try to revert it. Casper FFG was deliberately designed in this way, to “play nice” both with “chain-based” intuitions of consensus as well as BFT-theoretic concepts of finality.

 

The only way in which “re-organisation risk may be higher” is either:

 

  • If validators are more likely than miners to be majority-dishonest
  • If the Casper-specific code has bugs

We accept that if either of these are true then Casper FFG can add risks.

Question 2 – How do you expect users and exchanges to behave? Should exchanges modify their behavior before crediting deposits, for example 2 confirmations plus 34% of validator votes?

If I ran an exchange I would do something like “wait 12 confirmations for deposits up to $10k, and finality for anything higher”

Question 3 – Will there be an overall confirmation score metric, combining both the impact of PoW and PoS, which exchanges can use?

I suppose it’s possible to create one. Here are a few distinct stages of confirmation that I can think of:

  • A transaction has been included into a block, which is the head
    • which is the Nth ancestor of the head
    • which is an ancestor of a checkpoint C which is an ancestor of the head. Validators have started voting on C.
  • Validators have justified C.
  • A child of C, C’, exists, and validators have started voting on C’ to finalize C
  • The child of C’ has >1/3 votes. At this point, at least one validator needs to actually be slashed for the transaction to be revertedC is finalized.

Conclusion

This latest PoS proposal is the best proposal so far, in our view. We think it may be adopted by Ethereum and it could make a net positive contribution to the security of the system. However, the system remains reliant on PoW mining, at least at the interim stage. PoW is relied on to resolve any Byzantine faults first, before the PoS process occurs. Therefore the system relies on PoW for both block production and for the crucial property of ensuring the system converges on one chain. Although PoS mining may mitigate some risks (hostile PoW miners), it is unclear if it makes a net contribution to convergence or security. Critics of PoS could therefore argue that any rewards redistributed from PoW miners to stakers unnecessarily dilutes system convergence and security.

Although we think the current proposal could work, the nothing at stake problem could still be a significant challenge. The jury is still out on whether this new mechanism solves this problem. Therefore despite the plan to use this proposal as a stepping stone, as part of a gradual shift towards a full PoS system, this could be more difficult to achieve than some in the Ethereum community think.

 

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

 

比特币价格:与标准普尔 500 指数相关性创新高

摘要:我们从 2012 年开始研究比特币与一些传统金融资产价格之间的相关性,并注意到与过去几个月其与股票的相关性达到了历史新高,尽管以绝对值来看该相关性仍然属于较低水平。我们得出结论:“新的无相关性资产类别”的加密投资论文的确有些道理,但是如果生态系统扩张,其相关性可能会提高。以目前与股票的相关性看来,若发生金融危机时,比特币可能无法提供下行保护,跟有些人的期望不同。

 

概述

我们计算了自 2012 年以来比特币与各种传统金融资产之间 180 天滚动每日价格百分比变化相关性。如下图所示,相关性从未真正显着地脱离 -0.2 至 +0.2 的区间,这是一个相当低的水平。

比特币与各种传统资产价格的相关性 – 180 天滚动期间的每日价格百分比变化。 (资料来源: BitMEX 研究,彭博, Bitstamp )


比特币与标准普尔 500 指数和黄金

与标准普尔 500 指数和黄金相比,比特币价格相关性似乎经历了几个阶段。

  • 在 2013 年 3 月的比特币价格上涨过程中,当时那些评论员认为部分原因是由塞浦路斯金融危机所造成的,比特币与黄金的价格相关性开始提高并且一直维持到 2014 年 1 月比特币价格暴跌。
  • 在 2016 年比特币价格上涨过程中,中等偏强的黄金价格相关性再次出现,黄金和比特币均表现强劲。这表明相同的基本经济因素和政治不确定性(中国经济放缓,英国脱欧和特朗普总统当选)可能是导致这两个资产价格波动的重要因素。
  • 在最近的比特币价格上涨过程中,情况似乎有所不同,比特币和股票之间的价格相关性达到创纪录水平(接近 0.25 )。我们认为,比特币似乎在这次反弹中获得了一些 “风险开启” 特征。在一定程度上,投资者的流动性水平提高以及对新技术的青睐可能推动着股票和比特币的价格走势。因此,在金融崩溃或股市下跌的情况下,比特币不太可能提供保护,而这点一直被认为是比特币潜在优势之一。再者,与黄金的价格近期相关性略为负数。

标准普尔 500 指数与黄金价格之间价格的关联性 –  180 日滚动期间的每日价格百分比变化。(资料来源: BitMEX 研究,彭博, Bitstamp )

 

统计显著性

比特币与其他资产的 R 平方值很低,如下表所示,在最近的价格上涨过程中,与标准普尔 500 指数的最高值仅为 6.1% 。除此之外,我们还无法用任何可靠的统计方法来证明比特币与任何传统资产之间每日价格变动的相关性是显着的。因此,科学地说,这篇文章是站在一个推测的角度。

 


标普 500 指数与金价价格 R-Squared  – 180 天滚动期间的每日价格百分比变化。(资料来源: BitMEX 研究,彭博, Bitstamp )

 

近期价格走势

虽然很难根据稳健的统计方法得出任何结论,部分原因是因为数据量有限,但比特币价格与标准普尔 500 指数在过去几个月的图表显示出强烈的正相关,这很难被忽视。

比特币价格与标准普尔 500 指数比。(资料来源: BitMEX 研究,彭博)


事实上,正如彭博社在下面的图表中指出的那样,比特币价格的最高点实际上与标准普尔 500 指数中预期收益估值率的最高点一致。这一比较可能有误差,因为股市实际在 1 月底达到高位(而比特币在 12 月份达到高位),而到 2017 年底,市场对 2018 年 12 月底的盈利预测重新回到较高水平。

比特币价格与标准普尔 500 指数的远期市盈率相比。(资料来源:彭博

 

以太币和莱特币

我们还研究了以太币和莱特币价格与比特币价格每日变化的相关性。这些加密币与比特币之间的价格相关性显然远高于传统资产,并且可以用数据统计来证明。在 2017 年的大规模加密币大涨期间,与比特币的价格相关性大幅下降至 0.1 水平,因为竞争币总是以比特币来交易,而且可以更独立地自由转出。 在 2018 年的价格调整开始后,它们的价格相关性开始上升,加密币似乎再次往同一方向移动。

  • 莱特币 – 相关性通常较高,在 0.5 左右。 2015 年价格相关性下降至 0.2 左右,当时莱特币的价格没有太大波动。
  • 以太币 – 以太币推出后,该系统规模较小且面临着一些独特的风险,例如启动性风险和向创始团队提供资金的模式等问题。因此,它一开始与比特币的价格相关性较低,最终达到与莱特币类似的水平。


以太币和莱特币与比特币的价格相关性 –  180天滚动期间的每日价格百分比变化。(资料来源: BitMEX 研究,彭博, Bitstamp )

 

结论

加密币支持者有时会提到加密币是一种 “新的无相关性资产类别”,可以为传统基金经理的投资组合提供对冲。而这些传统基金经理可将加密币分配到他们的投资组合中,这可以导致其价格进一步升值。

 

似乎比特币在历史中一直是一个无相关性资产类别。然而,在最近几千亿美元估值的涨势中,其资产风险的相关性开始提高。

 

虽然加密币与传统资产价格无相关性的假设有它的道理,但如果加密币的价格继续上涨或进一步成为全球金融体系的重要组成部分,那么与传统资产的相关性提高将是不可避免的。

 

加密币是否属于 “新” 资产类别则是另一个话题了。目前尚不清楚作为 “新” 资产类别是否有任何好处,但更重要的是,加密币能否为市场提供任何创新独特的东西。

 

 

 

 

欢迎转载,请注明文章来自

BitMEX (www.bitmex.com)

Bitcoin price correlation: Record high against the S&P 500

Abstract: We look at the price correlation between Bitcoin and some traditional financial assets since 2012 and notice that the correlation with stocks in the last few months has reached record high levels, although it remains reasonably low in absolute terms. We conclude that a crypto-coin investment thesis of a “new non-correlated asset class” may therefore have some merit, although correlations may increase if the ecosystem expands. Due to the current correlation with stocks, Bitcoin may no longer offer downside protection in the event of a financial crisis, which some people may expect.

Overview

We calculated the 180-day rolling daily percentage price-change correlation between Bitcoin and a variety of traditional financial assets since 2012. As the chart below demonstrates, the correlation never really significantly escaped the -0.2 to +0.2 range, which is a reasonably low level.

Bitcoin price correlation versus various traditional assets – daily price percentage change over a rolling 180-day period. (Source: BitMEX Research, Bloomberg, Bitstamp)

Bitcoin vs. the S&P 500 and gold

Focusing on just the S&P 500 index and gold, it appears as if Bitcoin has experienced several periods of correlation.

  • During the Bitcoin price rally in March 2013, which commentators at the time suggested was partially caused by the Cypriot financial crisis, the Bitcoin price correlation with gold increased and remained somewhat elevated until the January 2014 Bitcoin price crash.
  • During the 2016 Bitcoin price rally, a moderately strong gold-price correlation returned again and gold and Bitcoin both had a strong year. This indicates that the same underlying economic factors and political uncertainty (the economic slowdown in China, Brexit, and the election of President Trump) may have contributed to price movements of both assets during this period.
  • During the recent Bitcoin price rally, things appeared somewhat different, with the price correlation between Bitcoin and stocks reaching record levels (almost 0.25). In our view, Bitcoin appears to have obtained some “risk-on” characteristics in this rally. Increased levels of liquidity available to investors and the amount of enthusiasm for new technology, may be driving price movements in both stocks and Bitcoin, to some extent. Therefore Bitcoin may be less likely to provide protection in the event of a financial collapse or fall in equity markets, something traditionally considered one of Bitcoin’s potential strengths. In addition to this, the price correlation with gold recently became slightly negative.

Bitcoin price correlation between the S&P 500 index and gold – daily price percentage change over a rolling 180-day period. (Source: BitMEX Research, Bloomberg, Bitstamp)

Statistical significance

The R-squared between Bitcoin and other assets in the chart below is low, peaking at only 6.1% with the S&P 500 during the recent price rally. In addition to this, we have not been able to prove the statistical significance of any daily price-change correlation between Bitcoin and any traditional asset using any robust methodology. Scientifically speaking therefore, this article is speculative.

Bitcoin price R-Squared between the S&P 500 index and gold – daily price percentage change over a rolling 180-day period. (Source: BitMEX Research, Bloomberg, Bitstamp)

Recent price movements

Although it’s difficult to make any conclusions based on robust statistical methodology, due in part to the limited number of data points, a chart of the Bitcoin price versus the S&P 500 in the last few months shows a strong positive relationship, which is difficult to totally ignore.

Bitcoin price compared to the S&P 500 index. (Source: BitMEX Research, Bloomberg)

Indeed, as Bloomberg pointed out with the graph below, the peak of the Bitcoin price actually coincided with the peak forward earnings valuation ratio in the S&P 500. This comparison may be somewhat spurious, since the stock market actually peaked at the end of January (while Bitcoin peaked in December) and earnings estimates reset to higher levels for the year ending December 2018 at the end of 2017.

Bitcoin price compared to the S&P 500 index’s forward P/E ratio. (Source: Bloomberg)

Ethereum and Litecoin

We also looked at the rolling Bitcoin daily price-change correlation between Ethereum and Litecoin. The price correlation between these coins and Bitcoin is obviously far higher than for traditional assets and it is statistically significant. During the massive crypto-coin rally in 2017, the price correlation to Bitcoin fell dramatically to the 0.1 level, as altcoins traded against Bitcoin and moved more independently. After the price correction started in 2018, price correlations have began to climb as the coins seem to move together again.

  • Litecoin — The correlation normally tends to be high, at around the 0.5 level. The price correlation dipped to around 0.2 in 2015, when there was not much Litecoin price action.
  • Ethereum — After Ethereum launched, the system was reasonably small and exposed to some unique risks, such as uncertainty surrounding its launch and the model of giving funds to the founding team. Therefore its price correlation with Bitcoin started low before eventually reaching levels similar to Litecoin.

Bitcoin price correlation between Ethereum and Litecoin – daily price percentage change over a rolling 180-day period. (Source: BitMEX Research, Bloomberg, Bitstamp)

Conclusion

Crypto-coin proponents sometimes mention that crypto coins are a “new non-correlated asset class” that can provide a hedge for traditional portfolio managers. These traditional portfolio managers are then expected to allocate a weighting in their portfolios for crypto-coins, which may cause further price appreciation.

It appears that Bitcoin has been a reasonably non-correlated asset class throughout its history. During the recent rally to a valuation of hundreds of billions of dollars, however, correlations — and, crucially, correlations to risk-on assets — started to increase.

Although there is some merit to the hypothesis of crypto-coins not correlating with traditional assets, if crypto-coin prices remain elevated or increase further and become a significant part of the global financial system, higher correlation with traditional assets may become inevitable.

Whether crypto coins are a “new” asset class and whether this matters is another topic. It’s not clear if there is significant merit merely to being new; more importantly, perhaps, is if crypto-coins offer anything unique.

 

更新: SegWit 和比特币现金的交易容量增加方案对比

摘要: 2017 年 9 月,我们撰写了一篇关于 SegWit 容量增加的文章。在这里,我们提供了有关 SegWit 采用情况的更新,并提供了其中 6 个月的交易数据。我们还将它的交易吞吐量与比特币现金比较,后者是使用一种可替代容量增加机制。

SegWit 与比特币现金比较

2017 年 8 月,比特币网络进行了 SegWit 升级。之后,用户可以选择性升级他们的钱包并使用 SegWit ,它的优势是可以提供大约 41% 的容量扩充(假设其他用户没有进行升级)。

 

大约在同一时间,比特币现金提供了另一种增加容量的替代方案,但需要将新的钱包升级并采用新的交易格式,以获得更大的交易吞吐量,然而这与 SegWit 最主要区别在于比特币现金的方案生成了一个新的加密币。

 

比特币现金和附有 SegWit 交易格式的比特币的交易量非常相似。自比特币现金推出以来,使用 SegWit 的交易约有 610 万笔,仅比比特币现金交易累计数量多 20.1% 。这些数字非常接近 – 尽管 SegWit 容量增加方法的支持者声称比特币现金有一个月的先行优势,比特币现金区块链的交易费用也较低,因此这样的比较是不合适的。但在考虑到一个月的先行优势并做出响应调整后后, SegWit 累计交易量比比特币现金高出 31.5% ,该数虽然比 20.1% 大,但仍然相当接近。当然,在某些情况下,这些数字有被人为操纵的可能。

 

虽然数据表明 SegWit 交易比比特币现金的采用速度稍快,从而导致交易量增加,但比特币现金倡导者可能会争辩说,比特币现金的理念更多地是关注长期容量扩充能力,而不是短期内实际交易量的增加。因此,比特币现金支持者仍然可以声称,一旦比特币现金的采用率增加,比特币现金最终将比比特币交易量更大。

比特币现金推出以来的累计交易量。(资料来源: BitMEX 研究, Bitcoin Blockchain ,比特币现金数据来自 Blockchair )


正如这些图表所示,比特币现金交易量在刚推出时急剧上升;相比之下, SegWit 升级后的采用率是以缓慢渐进的方式提升。这可能与新加密币的诞生和资金流向比特币现金有关,从而导致了采用率在短期大幅提升,因为图表中的高峰值说明了这一点。比特币现金推出 3 个月后, 2017 年 10 月 31 日, SegWit 交易量超过了比特币现金,并一直保持领先。

每日交易量。(资料来源: BitMEX 研究, Bitcoin Blockchain , Blockchair )

 

下图显示,自 2017 年 8 月以来, SegWit 的采用率持续增长,随着大型机构转向使用 SegWit ,带动采用率逐步增加。采用率目前在总交易数量中所占的比例约为 30% ,然而采用率却只占了 22% 的区块空间,这可能是一个更重要的指标。

使用 SegWit 的交易的百分比。(资料来源: BitMEX 研究, Bitcoin Blockchain , Blockchair )

 

SegWit 已开始对整体网络范围的容量产生正面的影响,可能使交易费用降低,甚至可以让那些选择不升级到新交易格式的用户受益。然而,我们认为,交易费用市场仍然不成熟,交易价格可能会持续波动。

 

结论

采用新交易格式 SegWit 和比特币现金的过程相当缓慢。同时,正如我们之前的文章所表明的那样,采用新的共识规则也可能是一个循序渐进的过程。这说明了为什么以尽可能以非破坏性的方式来构建网络升级是重要的,即使是推出一个不会被用户和矿工升级的安全的升级方案。

 

免责声明

虽然本文许多内容为引用资料,但我们并不保证其准确性。欢迎提出指正。

 

 

 

欢迎转载,请注明文章来自

BitMEX (www.bitmex.com)

Tether : 波多黎各发布的新财务数据

摘要:继续我们早些时候关于 Tether 的研究文章,几个星期前,波多黎各刚刚发布了进一步的财务信息。新数据支持了我们早些的猜测:贵族银行可能是 Tether 的主要储备银行,而该地区也可能是一个重要的加密币中心。

 

 

上个周末,波多黎各金融机构专员公布了截至 2017 年的综合金融数据。包括贵族银行在内的国际金融实体(IFE)类别的银行存款为 33 亿美元,截至 2017 年 12 月季度同比增长 248% 。该类资产总额为 38 亿美元,季度增长 161% 。这种非凡的增长与加密币资产价值的大幅增长相符,这可能导致大量现金流入加密币相关银行。

 

同一时期, Tether 总流通量已增加 215% 至 14 亿美元。这个新数据支持了我们最近关于 Tether 的一篇文章,其中我们推测贵族银行是 Tether 的主要储备银行。

 

我们就以前的图表进行了更新,并加入了 2017 年底的数据。它显示了波多黎各 IFE 类别中银行存款急剧增长,与近期加密币增长一致。

 

波多黎各的 IFE 存款总额与 Tether 总流通量 – 百万美元。(资料来源: IFE 账户, BitMEX  研究, Coinmarketcap )

 

现金占资产总额的百分比(表示全额储备银行业务)在本季度也从 72.2% 上升至 85.8% 。这也表示可能受加密币或 Tether 相关活动的影响,正如我们在前一篇文章中所解释的那样。

 

波多黎各的 IFE 现金总量占总资产的百分比。(资料来源: IFE 账户, BitMEX 研究)

 

免责声明

虽然本文许多内容为引用资料,但我们并不保证其准确性。欢迎提出指正。

 

 

 

欢迎转载,请注明文章来自

BitMEX (www.bitmex.com)

Update: SegWit transaction capacity increase compared to Bitcoin Cash

Abstract: In September 2017, we wrote a piece on the SegWit capacity increase. Here, we provide an update on SegWit adoption with six more months of transaction data. We also compare the transaction throughput to that of Bitcoin Cash, an alternative capacity-increase mechanism.

SegWit vs. Bitcoin Cash

The SegWit upgrade to the Bitcoin protocol occurred in August 2017. After this, users had the option of upgrading their wallets and using SegWit, which provides the benefits of about 41% more scale (assuming no other users also upgrade).

Around the same time, Bitcoin Cash provided an alternative mechanism for increasing capacity, in which one also needs to upgrade to a new wallet and adopt a new transaction format to get the benefit of more transaction throughput, although a main difference between this and SegWit’s approach is that Bitcoin Cash resulted in a new coin.

The transaction volumes of Bitcoin Cash and the new SegWit Bitcoin transaction format have been reasonably similar. Since the launch of Bitcoin Cash, 6.1 million SegWit transactions have taken place, only 20.1% more than the cumulative number of Bitcoin Cash transactions. These figures are remarkably close — although supporters of the SegWit capacity-increase methodology could claim that Bitcoin Cash had a one-month head start and that the Bitcoin Cash chain has lower transaction fees so that a comparison is not appropriate. Adjusting for the one-month head start, SegWit has 31.5% more cumulative transaction volume than Bitcoin Cash, larger than 20.1% but still reasonably close. Of course, its possible that at some point either or both of these figures could be manipulated.

Although the data suggests that SegWit transaction have been adopted slightly faster than Bitcoin Cash, resulting in more transaction volume, Bitcoin Cash advocates could argue that the Bitcoin Cash token is more about a philosophy of larger capacity in the long term, rather than the speed of the actual increase in transaction volume in the short term. Therefore Bitcoin Cash supporters can still claim that Bitcoin Cash will eventually have more transaction volume than Bitcoin, once adoption of the coin increases.

Cumulative transaction volume since the launch of Bitcoin Cash. (Source: BitMEX Research, Bitcoin blockchain, Blockchair for Bitcoin Cash data)

As these charts indicate, there was a sharp spike in Bitcoin Cash transaction volume when it launched; in contrast the SegWit upgrade was more gradually adopted. This is likely to be related to the investment flows and excitement of the new Bitcoin Cash coin, which may have driven short term adoption, as some of the spikes in the chart illustrate. Three months after the launch of Bitcoin Cash, on 31 October 2017, SegWit transaction volume overtook Bitcoin Cash and has remained in the lead ever since.

Daily transaction volume. (Source: BitMEX Research, Bitcoin blockchain, Blockchair)

The chart below shows that the adoption of SegWit has continued to grow since August 2017, perhaps increasing in steps as large corporate entities switch to SegWit. Adoption currently hovers around 30% as a proportion of the number of transactions, although the adoption rate only measures around 22% as a proportion of block space, which is possibly a more important metric.

Percentage of transactions that use SegWit. (Source: BitMEX Research, Bitcoin blockchain, Blockchair)

SegWit has begun to meaningfully impact system-wide capacity, potentially reducing fees and benefitting even users who choose not to upgrade to the new transaction format. However, the transaction fee market is still immature and, in our view, transaction prices are likely to remain volatile going forward.

Conclusion

Adoption of both the new transaction format for SegWit and Bitcoin Cash has been reasonably slow. At the same time, as our earlier piece shows, adoption of new consensus rules can also be gradual. This illustrates why it may be important to construct network upgrades in the least disruptive way possible, perhaps an upgrade mechanism which is safe even if users and miners do not upgrade at all.

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

Tether: New financial data released by Puerto Rico

Abstract: Following our earlier research piece on Tether a few weeks ago, further financial information has just been released by Puerto Rico. The new data supports our speculation that Noble Bank could be Tether’s primary reserve bank and that the region may be a major cryptocurrency centre.

Over the weekend, the Commissioner of Financial Institutions of Puerto Rico released aggregate financial-system data for the calendar year ended 2017. Bank deposits in the International Financial Entities (IFE) category, which includes Noble Bank, were $3.3 billion, up 248% in the quarter ended December 2017. Total assets in the category were $3.8 billion, up 161% in the quarter. This extraordinary growth coincides with a large increase in value of cryptocurrency assets, which has likely resulted in large cash inflows into cryptocurrency-related banks.

Over the same period, the value of Tether in issue has increased by 215% to $1.4 billion. This new data supports the thesis in our recent piece on Tether, in which we speculated that Noble Bank is Tether’s primary reserve bank.

We have updated the chart below from the version in our earlier piece, with an initial data point for the end of 2017. It illustrates the sharp growth in bank deposits in the IFE category in Puerto Rico, coinciding with the recent cryptocurrency boom.

Puerto Rico’s IFE aggregate deposits versus the Tether balance in millions of USD. (Source: IFE Accounts, BitMEX Research, Coinmarketcap)

Cash as a percentage of total assets (an indication of full-reserve banking) also increased in the quarter, from 72.2% to 85.8%. This also indicates cryptocurrency or Tether-related activity, as we explained in the previous piece.

Puerto Rico’s IFE aggregate cash balance as a percentage of total assets. (Source: IFE Accounts, BitMEX Research)

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.