This is the first installment in a series on consensus. We will discuss the definition of consensus, why it is important, existing models for consensus and their tradeoffs, and Findora’s innovations in distributed consensus.
Consensus protocols are manifest in organizational design. Even centrally controlled organizations feature elements of consensus. The processes for electing officials in a national government or the members of a company board and deciding on national policies or company direction are all forms of consensus protocols. An autocracy has no consensus protocol; an autocratic leadership is overthrown only through revolution, which is an inherently chaotic form of change. Revolutions have high social costs, often inhibiting their formation. A consensus protocol is an algorithmic way to make organizations more elastic and reduce the cost of change.
In the context of blockchains, a blockchain network’s underlying consensus protocol defines the process in which changes to the blockchain state are proposed and agreed upon by network stakeholders. These network stakeholders are formed by a distributed set of machines, and thus blockchain protocols each utilize their own version of distributed consensus. Via the distributed consensus protocol, state transitions are confirmed, including batches of new transactions or even changes to the consensus protocol itself.
Before we discuss distributed consensus, let’s first understand what decentralization is. One commonly touted benefit of public blockchains is decentralization—but what is decentralization, and why do we need it?
Consensus protocols vary greatly depending on the organizational goals as well as participation. Decentralization broadly describes a consensus participation that is more open and distributed. Pure democracies are more decentralized than republics. Cooperatives (e.g. credit unions) are more decentralized than privately-held corporations. The minting of new Bitcoins is arguably more decentralized than the printing of US dollars. Anyone with access to electricity can participate in Bitcoin mining. On the other hand, Bitcoin minting in practice is dominated by mining rigs in China and highly influenced by developer protocol updates. There is no uniform definition of decentralization.
Risks of Centralized Control
When a financial ledger is operated by a single privately-held company, this company has full control over operating the ledger correctly and fairly, including setting transaction prices. If the company sets prices too high, censors transactions, or is caught accepting invalid transactions, then the only recourse users have is to join a new ledger system operated by a competitor. Similarly to a revolution, this may come at prohibitively high cost to the user. If PayPal suddenly raised transaction fees and put restrictive limits on account withdrawals, users may be simply unable to transfer their assets cheaply to their banks.
While something this dramatic may seem unlikely to happen to US domestic users, it is a realistic concern with cross-border services as well as in countries with less stable monetary regulations. In mid-2019, the popular Binance cryptoasset exchange announced a 90-day grace period until its US users will no longer be able to trade assets in their accounts or withdraw beyond limits. Furthermore, financial ledgers have so-called “network effects”, just like social networks, where the value of using the network increases with the number of users. Once dominant, network effects allow monopolies to thrive in spite of popular disapproval (e.g. the 2017 Equifax data breach, Facebook’s data sharing revelations).
Analogy to Co-op
Findora’s vision for a public financial infrastructure is akin to a large financial cooperative with free worldwide participation, owned and democratically controlled by its users and operatives. A financial ledger controlled by a cooperative is already more immune to the risks of privately-managed centralized ledgers.
A cooperative is run democratically and can vote to replace deviant operators. One might have a board elected by its members, which appoints an operator to run the ledger system. If the operator misbehaves the board can remove the operator and appoint a new one. If the board is lax to replace an unpopular operator, its members may re-elect the board. While this might work in an idealized setting, it presupposes an unspecified mechanism to facilitate the member voting and operator replacement processes. In practice, without a trusted facilitator the process of replacing operators would likely be slow and disorganized. The ledger system would be unstable while voting to replace operators. Furthermore, running a fair election in a truly open-membership cooperative is notoriously difficult due to “Sybil attacks”. A single individual could join the cooperative under many different member identities in order to amass more votes. This would be difficult to prevent at global scale. A well-designed operation-level consensus protocol helps solve these problems without relying on a trusted facilitator.
Operation-level Consensus Protocol
The purpose of operational-level consensus is to integrate voting/re-election more seamlessly with day-to-day operation. In most blockchain ledger systems this is feasible because operators play a simple and objective role. Operators run automated transaction validation software and append any valid transactions to the ledger on a first-come-first-serve basis. Furthermore, operators are replaceable: anyone should be able to play the role of an operator without special permission. This stands in contrast to a traditional financial infrastructure, where operators must be trusted institutions and authorized to handle private information. In a blockchain ledger there is no differentiation between the information an operator can see versus the public. Even in a private ledger, such as Findora’s, operators are able to verify transaction validity without seeing the transaction’s private contents, using the magic of cryptography.
The operational-level consensus protocol should provide an efficient mechanism for all members of the cooperative to vote on each batch of transactions appended to the ledger. It introduces “competition” among operators that favors low prices and correct, objective behavior. However, there are difficult choices to be made when selecting a consensus protocol. In the following posts we will survey the diversity of options in state-of-the-art consensus protocols.
Consensus is an evolving area of research and therefore the protocol may be subject to engineering changes over time. Furthermore, it may change with input from the Findora cooperative participants, who will ultimately be running the consensus protocol. It is more important to establish the goals of the protocol from the beginning than the details of its implementation. The manifesto of a community is most resilient to change.
continued in part 2 Distributed Consensus and the Byzantine Generals Problem