NeuCoin: The First Secure, Cost-efficient and Decentralized Cryptocurrency
Abridged Version 1.0
Below is a highly abridged (5-page) version of the white paper which removes substantial background information, mathematical arguments and references from the original. The unabridged (39-page) version can be found on this link.
NeuCoin is a decentralized peer-to-peer cryptocurrency derived from Sunny King’s Peercoin, which itself was derived from Satoshi Nakamoto’s Bitcoin. As with Peercoin, proof-of-stake replaces proof-of-work as NeuCoin’s consensus mechanism, effectively replacing the operating costs of Bitcoin miners (electricity, computers) with the capital costs of holding the currency. Proof-of-stake also avoids proof-of-work’s inherent tendency towards centralization resulting from competition for coinbase rewards among miners based on lowest cost electricity and hash rate.
NeuCoin increases security relative to Peercoin and other existing proof-of-stake currencies in numerous ways, including: (1) redesigning the stake modifier parameter to change over time for each stake, defeating preprogrammed and grinding attacks; (2) utilizing a client that punishes nodes attempting to mine on multiple branches with duplicate stakes, ensuring ongoing consensus on transaction history; and (3) incentivizing nodes to continuously stake coins over time through substantially higher mining rewards and lower minimum stake age, bolstering security against all attack vectors.
The white paper addresses all “nothing at stake” objections and demonstrates mathematically how NeuCoin’s design defeats all commonly cited attack vectors against proof-of-stake. The paper also reviews many of the flaws of proof-of-work designs to highlight the potential for an alternate cryptocurrency that solves these flaws.
The cryptocurrency community has generally become aware of drawbacks with Bitcoin that spring from its PoW design, including:
- the prospect of higher transaction fees in the long run in order to maintain security
- the increasing centralization and corporate control of mining
- the divergence of interests between miners and Bitcoin holders
PoW in Bitcoin mining is simply “proof” that a miner did the “work” of running a software program that used electricity and computing power. Consensus security in Bitcoin is based on the amount of computing power spent by the miners. The more resources spent, the more secure the network.
Bitcoin miners expend resources to secure the network because they earn coinbase rewards (newly created Bitcoin given to miners) plus transaction fees. Today, the daily coinbase rewards equal roughly $995,000 (3,600 Bitcoin at $275 each) and the transaction fees roughly $5,000 (100,000 transactions at $.05 each), generating total payments to miners of roughly $1 million per day. Miners deploy a huge amount of computing power to reap a share of these rewards, and Bitcoin is highly secure because of it.
Today, that one million dollars paid to miners for securing 100,000 transactions backs into a cost of $10 per transaction. Bitcoin end users are currently unaffected by these high costs because high coinbase rewards pay for the costs of the system. However, coinbase rewards are designed to decline steadily over time (halving every 4 years), reaching close to zero in 40 years.
To keep Bitcoin security from declining, total payments to miners must be maintained. As coinbase rewards decline, there are only three ways to make up the difference: Bitcoin’s price can increase, transaction volumes can increase, and/or fees per transaction can increase.
Unless one is willing to rely on transaction volume growing by 1,000 times its current level, it seems likely that transaction fees will have to rise substantially to maintain security, undermining one of the primary potential benefits of a digital currency.
In Bitcoin’s early years, mining was highly decentralized among thousands of individuals using consumer-grade computers. This true peer-to-peer nature was considered one of Bitcoin’s core benefits. But as Bitcoin’s price increased so did the value of coinbase rewards, turning mining into a highly competitive business with huge economies of scale, and only one dimension along which to compete: cost. Bitcoin mining is rapidly becoming controlled by a few companies with tens of millions of dollars of the most efficient specialized computers, operating from facilities with the lowest electricity and cooling costs on the planet.
Centralization of PoW mining is problematic because it represents a severe security risk. Any entity (or entities working together) that controls 51% or more of the network’s computing power can seriously harm the network. In addition, when there are only a few, highly-capitalized corporate entities that control the network, the entire network becomes susceptible to government control through regulation. While governments might take a hands-off approach to tens of thousands of geographically dispersed miners processing transactions for peers, they could decide to heavily regulate the few giant miners that dominate transaction processing.
Bitcoin miners are now largely distinct from Bitcoin holders. Most miners sell the Bitcoins they earn in order to pay for energy costs and to invest in more advanced ASIC chips.
Today, corporate miners and Bitcoin holders share the same goal - to increase the price of Bitcoin - because 99.5% of miner revenues are newly created Bitcoin. Looking into the future, as miner revenues shift from coinbase rewards to transaction fees, Bitcoin holders will still want to maximize the value of Bitcoin, but miners will want to maximize their revenues from transaction fees and other sources (such as opportunities to sell data, offering different pricing tiers for faster transactions, etc.).
Transaction fees are just one issue. Miners also have veto power over any changes to Bitcoin’s protocol. It is hard to foresee how the dynamics will play out between Bitcoin’s miners, core developers and holders, but miners have the upper hand.
Bitcoin is not cost-efficient, it is becoming more and more centralized, and the miners who control the network have diverging interests from Bitcoin holders.
Bitcoin holders, acting rationally to protect their interests, downplay these fundamental problems. They tend to dismiss competitive technologies as “not secure enough” or “not decentralized enough” without producing details or mathematical proof to support their claims. They hope that Bitcoin’s network effects are strong enough to prevent challengers from arising.
NeuCoin believes that Bitcoin may have a bright future as a store of value, but superior technologies and currency distribution methods will be necessary for digital currencies to develop their highest potential utility and reach mass adoption.
Pioneered by Peercoin in 2012, PoS emerged as an alternative to PoW that addresses the three inherent problems with PoW discussed above.
There are two fundamental differences between PoS and PoW.
First, in PoS, miners compete for newly issued coins based not on the amount of electricity and computing resources spent, but rather on the number of coins owned. This crucial difference effectively eliminates the operating costs incurred in PoW mining, replacing them with the capital costs of holding coins (the “stake”).
Second, coinbase rewards (called coinstake reward in PoS) are typically not a fixed amount (as in 25 per block in Bitcoin) but proportionate to the number of coins owned and the amount of time held by the miner. As such, they are akin to “interest payments” on the miner’s coin holdings.
Based on these two differences, PoS completely solves the three problems with PoW that were presented in the preceding section:
- With virtually no operating costs in PoS, transaction fees can be far lower than in PoW in both the short run and long run, regardless of transaction volumes. The only reason they are above zero is to prevent transaction spam.
- PoS doesn’t suffer from gradual centralization as PoW does, because all PoS miners earn the same rate of return on their coins (the “interest rate”) regardless of computing hardware or electricity costs.
- There can be no misalignment between miners and coin holders, since they are by definition one and the same.
In spite of these benefits, PoS has not been embraced by the cryptocurrency community. Detractors often dismiss PoS on the grounds that it can’t work because there’s “nothing at stake.” What they mean is that since PoS mining does not consume any outside resources (electricity, computing power), miners have no costs, so nothing prevents them from endlessly trying to commit double-spends, or mining on multiple branches, no matter how low the odds of success.
This stance neglects to acknowledge that PoS security does have a cost: the capital cost of acquiring and holding coins. The brilliance of PoS is that it turns all coin owners into security providers, and requires any would-be attacker to purchase a large amount of the currency to attempt an attack, which would be an attack on his own wealth.
The PoW community has also envisioned scary-sounding attack vectors that would not require owning a large portion of the currency supply - grinding through the blockspace, rewriting history with old private keys, pre-programmed double spends. But the critics never explained how these attacks would be conducted or how they have more than an infinitesimal chance of success. NeuCoin did analyze these attack vectors in detail and its white paper demonstrates mathematically how they are definitively blocked by NeuCoin’s design. The following two sections of this abridged paper briefly cover NeuCoin’s design and how it stands up to the PoS attacks.
NeuCoin forked the original PoS design created by Peercoin and made 6 key modifications to increase security. (See unabridged white paper for details.)
- Mining reward rates: NeuCoin dramatically increased coinstake rewards for mining in order to maximize the percentage of coins being mined at all times, which is the bedrock of security in any PoS cryptocurrency. NeuCoin’s rewards start at a 100% annual interest rate and decline steadily over a 10-year period to a 6% rate - versus just 1% per year in Peercoin.
- Minimum stake age: NeuCoin’s design uses a 1.6 day minimum stake age versus 30 days in Peercoin. This increases mining participation by making a miner’s coin holdings eligible for awards after 1.6 days of acquiring them (or getting a reward) instead of having to wait 30 days.
- Role of coin age in the mining equation: NeuCoin does not utilize coin age (dayweight) in the mining equation as a factor for determining the probability of generating a block. This change increases mining participation because if miners are more likely to create a block only after mining days or weeks, they lose incentive to mine constantly and may instead only mine when their chances of a reward are higher.
- Block time: NeuCoin uses a block time of 1 minute, versus 10 minutes in Peercoin, which improves user experience and enhances security against some attack vectors.
- Stake modifier: NeuCoin chose to adapt BlackCoin’s stake modifier, which constantly changes over time, rather than Peercoin’s, which permanently fixes the stake modifier after the initial stake interval for a given set of UTXOs (staked coins). NeuCoin chose this path because it believes that Peercoin’s design is susceptible to preprogrammed attacks: having a static modifier allows you to predict outcomes far into the future. Modifier interval and selection interval were substantially adjusted relative to both BlackCoin and Peercoin in order to reduce the effectiveness of grinding through stake modifiers.
- Duplicate stake punishment: NeuCoin uses a client version developed by Michael Witrant, aka “sigmike” (core developer of Peercoin and Technical Advisor to NeuCoin), that not only detects duplicate stakes so that honest nodes can reject them, but also punishes nodes that broadcast duplicate stakes by rejecting all blocks broadcast by the dishonest miner. This revision completely addresses the concern that PoS designs cannot reach consensus due to miners mining on multiple forks.
The four following paragraphs briefly describe each category of attack. See unabridged white paper for details.
A “simple double spend” attack consists of spending coins and recovering them after the merchant has given a product or value in exchange for the coins. To successfully commit a double spend the attacker must purchase a significant portion of the available currency (thereby incurring cost) and then be able to rewrite the transaction history. Specifically, he must be able to fork the main block chain and extend his side branch until it is longer than the main branch on which the rest of the network is working. The white paper shows that the odds of an attacker owning 10% of all staked currency completing this task faster than the rest of the network are 1 chance in 100,000,000,000,000,000,000,000,000,000,000,000 assuming that they can spend their coins and extract the value for that spend within one hour (for large purchases using cryptocurrencies, it’s not uncommon to wait much longer to ensure that the transaction was completed without any possible conflict in the network.)
A more serious critique concerns the possibility of rewriting transaction history using “old private keys” (i.e. coins that are no longer owned). Moreover, the old stakes could have been owned by a third party (who since sold them). The white paper shows that when creating a fork at an earlier point in transaction history with old private keys, the attacker will be starting the attack too many blocks behind to ever be able to catch up. In addition, an attacker with access to old private keys for 30% of the staked currency would not merely be competing to generate blocks with 70% of the staked currency (as would be the case if the attacker owned his 30% stake) but rather would be competing with 100% of the staked currency (because the attacker’s stake has a new owner mining on the main chain). Bottom line, an attacker with access to 90% (!) of all coins 2 days back in time has far worse odds than in the double spend attack above.
The grinding attack - where the attacker uses computational power to grind through kernels in hopes of discovering ones that enable him to outperform the main chain - is the most serious threat to PoS coins. The white paper discusses how Peercoin attempts to defeat this threat through the stake modifier and also discusses the changes that NeuCoin made to Peercoin’s stake modifier parameters. NeuCoin’s design makes grinding cost-prohibitive, requiring the grinding attacker to acquire a minimum of 30% of the staked currency in order to be successful (versus requiring 51% of the staked currency without grinding).
This attack involves putting together a collection of stakes that will perform very well in a specific time window in the future (for instance a year or more). This is a very potent attack against Peercoin that stems from the fact that the stake modifier of a given stake is static. NeuCoin’s changes to the stake modifier parameters completely neutralize this attack vector.
The white paper shows that NeuCoin’s carefully constructed PoS design, derived from Sunny King’s Peercoin, which itself was derived from Satoshi Nakamoto’s Bitcoin, is secure, cost-efficient and decentralized in the long run.
The paper also demonstrates several drawbacks of Bitcoin’s PoW design including higher transaction fees in the long term, increasing centralization of mining and a divergence of interests between miners and Bitcoin holders.
It further shows how PoS technology solves these drawbacks by (a) rewarding miners based on the number of coins owned, and (b) making mining rewards proportionate to the amount of coins owned and time held. These changes allow low transaction fees and a decentralized network in the long term.
The paper also rebuts the PoW community’s various “nothing at stake” objections to PoS and mathematically demonstrates that all commonly cited attack vectors would fail against NeuCoin’s design, which increases security relative to Peercoin and other existing PoS currencies in numerous ways.
As a result, NeuCoin’s design solves both the mounting cost and centralization problems of PoW, and the security and centralization problems with earlier PoS coins. As such, NeuCoin is the first peer-to-peer cryptocurrency, regardless of technology, that is secure, cost-efficient and decentralized in the long run.