by Malcolm MacLeod, Lead Developer at Gulden.com
For those who don’t already know about Gulden; Gulden uses a unique consensus algorithm which we call PoW² that combines traditional “proof of work” mining with a secondary system of “witnesses” to greatly enhance security. To be a witness coin holders must lock substantial funds up for a lengthy period of time (up to three years). More information on this system: article on security implications, basic guide to being a witness, simple graphical high level overview, some FAQS, detailed paper .
On October 16th we activated SIGMA our new hash algorithm at the centre of the “proof of work” portion of our blockchain consensus. The reasons behind the design of and change to SIGMA were numerous but a non exhaustive list of some of the major reasons were as follows:
- Lack of decentralisation — A single pool was frequently finding more than 50% of the blocks, with almost all blocks split between only several pools.
- Long block times — It had started to become extremely common to see blocks taking 20 minutes or more to come in instead of the target of 2.5 minutes. To the extent that sometimes only 500 blocks were found in a day instead of the expected 576. Erratic block times like this presents usability issues for our users as well as having potential security implications.
- High barrier to entry — It was expensive/impractical for potential new users to get involved in mining. This was a waste of a potential way to grow our user base and interest in the coin.
- Shrinking hash rate — Our Scrypt hash rate was shrinking over time meaning that security was slowly diminishing. While it was not at a point where it was problematic it also was not ideal going forward.
- Toxic mining community — We have found over the years (with some exceptions of course) that the community of people who own scrypt mining hardware and run Scrypt mining pools is very small, shows zero actual interest in the coins they mine at the best of times, and is outright toxic a lot of the time. It seemed it would be in the best interests of the coin to lose these miners and to attract instead fresh people in their place.
A look into performance so far
We are now three weeks past the switch over, so how are things going? Obviously a lot will still change as things mature, so we are watching with interest, but we are far enough past the initial activation that we already have some data that we can start to look at.
For those in a rush jump ahead to the end a short summary (tl;dr) of the article.
Under Scrypt the majority of blocks were being found by only one or two pools. With it not being uncommon for a single pool to be controlling 50% or more of blocks. The below screenshot (July 2019) nicely demonstrates this.
This is not good at all, however to be clear this is not a Gulden specific problem, in fact as bad as the below screenshot is, the majority of PoW coins are in an even worse position…
It is also worth noting that for Gulden a single miner having 50% of the hash is a lot less of a problem than for a regular coin, the reason being that each block still requires a witness from our large and diverse pool of witnesses (834 accounts and growing).
A week after SIGMA activation, some screenshots of the same chart but with SIGMA data started doing the rounds. The chart shows a completely different picture with the daily blocks shared out between over 200 different miners the absolute largest of which controlling only 4% of the blocks.
This represents an almost ideal situation that every blockchain should be striving to achieve.
Three weeks in things have changed a little bit. The largest miner is now larger at around 16% but still a reasonably healthy size. The four largest miners controlling only 25% of the blocks between them. The remaining 75% of blocks keep an almost ideal distribution shared out amongst hundreds of miners.
Of interest is that the largest miner has peaked at a higher percentage (around 20%) and then declined, and that this has happened more than once. This potentially indicates that the larger miners are not finding the profits they are hoping for.
For an ordinary blockchain there are various factors that push towards centralisation, greedy mining being one. However Gulden is immune to this and this may be playing a role in the above effect.
It is still early days so we will be watching with interest how things progress.
Before SIGMA activation our block times were not looking great. Our block target is 150 seconds a block but we were seeing daily averages as high as 170. Post activation things are looking quite a bit better with the average around 147 — while we are still slightly off the target there are some technical reasons for this (that are not the fault of SIGMA itself) and we have good reason to believe that once we activate phase 4 of witnessing we will be able to achieve even more optimal block timings.
However although when people look at blockchain projects they tend to focus on the ‘average’ (mean) block time, this is actually not the most useful measurement to be looking at. Of far greater interest is the median, the minimum and the maximum. We have a built in command in Gulden `dumpblockgaps` that anyone can use to look at this sort of information.
For Gulden if I grab a random day in the past (e.g. 4 months ago) we see the following stats for the day:
- max: 2158s (The longest block for that day took 36 minutes)
- min: 1s (The quickest block took only 1 second)
- mean (average): 162s (On average blocks took 162 seconds to find)
- median: 56s (Half of the blocks for the day took less than 56 seconds to find, the other half more)
While the average looks ‘reasonable’ in reality what we have is bursts of extremely quick blocks (half the blocks coming in at under a minute, a good portion of them likely in seconds) — Followed by some extremely long blocks, the longest of which was 36 minutes.
These bursts and then stalls mean that users have to wait a long time for a confirmation, and in general it makes the experience of those using our blockchain not great.
Perhaps more remarkable is that as bad as the above sounds these numbers are actually ‘good’, in that they have historically been a lot worse in the past for Gulden and that for most competing projects today those numbers are much worse right now. It took a lot of work from the Gulden team to get the median as high as 56s/60s and to keep most of the longer blocks below 40 minutes…
So how do these numbers look post SIGMA? The stats for the previous day:
- max: 785s (The longest block for the day took 13 minutes)
- min: 1s (The quickest block took only 1 second)
- mean (average): 148s (On average blocks took 148 seconds to find)
- median: 100s (Half of the blocks for the day took less than 100 seconds to find, the other half more)
While still not perfect this represents a massive improvement, the higher median means that blocks are coming in at more regular intervals, with less fast blocks and less stalls. The longest stall is13 minutes (only 5x longer than block target) which is the longest any user would have had to wait.
Things are running much smoother, the even better news is that we can still improve on this further, phase4 brings some further improvements in this regard (with the witness timestamps being used for more reliable difficulty adjustment). Our difficulty algorithm Delta has also not yet been adjusted at all for SIGMA (it was finely tuned for Scrypt over the years) and with some minor tweaks its reasonable to expect it to do better.
I am therefore extremely pleased with these results.
Barrier to entry/New mining community
The barrier to entry has quite clearly being lowered for now. With Scrypt to start mining Gulden an ‘investment’ in specialist hardware was required — while currently right now anyone with a reasonably new laptop or desktop machine can download the wallet, run it and expect to eventually find a block.
Granted they may find only 1 block a day, or a block every 2 days or similar, nobody should be under any illusion that they will become millionaires from mining Gulden… However this was never the point, the point was always that anybody who wants to try mining should at least be able to do so, and in this SIGMA is a wild success.
I would previously describe the bulk of our mining community as highly toxic. While there are one or two exceptions for the most part there was zero overlap between those who mined Gulden and those who used Gulden, with the miners mostly dealing only with pools and likely many of them not even knowing anything about Gulden.
We would never hear from most miners/pools unless it was to complain about something, threaten us about developments we were making or so on, we have had very little positive interaction with or contributions from the Scrypt mining community over the years; #mining on our slack was a ghost town.
In contrast since launching Gulden #mining on our slack has been far more active than ever more, dozens of different miners have reached out to assist me in various ways whether that be assistance with testing. A minor code bug fix from one miner, questions about how they could help support the development team in future and so on.
Our new miners also contribute to the network in a positive way, with new nodes/peers popping up all over the show, our entire network is looking much healthier than it has in quite some time.
If we look at some user generated statistics on mining we see that over the course of a week we had some 433 different miners. Some of these miners will carry on mining, others will learn about witnessing and decide that witnessing is more suitable for them while others may just have been curious and after mining a block or two may instead decide to just buy some Gulden and become regular users.
For every miner that leaves other new miners will likely take their place, transforming mining into not just a way to keep the network secure but also a much needed method of bringing in new people/blood/interest to the project. This effect can already be seen in the increase in network witnesses/witness weight since SIGMA activation.
Shrinking hash rate
Under SIGMA the previous Scrypt hash rate is of course no longer relevant. We have started again from zero (so to speak) with the hash rate of the new algorithm, and we are still in the early days.
Still, so far the hash rate is in a healthy upward trend — which is what we should expect to see.
Impact on coin security
The above all sounds good, but has it come at the cost of security? If so that would likely not be good.
Before the swap over our Scrypt network hash rate was in the region of 150gh/s. Although in reality this would have fluctuated a lot over the course of the day (pools switching away for higher difficulty blocks and coming back to quickly mine easier ones). An attacker only needs to succeed when the chain is at its weakest, not on average so in reality our ‘security’ was likely only 50gh/s maybe even less. Regardless lets work on 100 gh/s.
An antminer L3+ achieves around 0.5 gh/s of Scrypt hashing power, using 880W of energy and can be purchased for around $209. For 100 gh/s it would be necessary to purchase 200 of these $41800. (Total energy usage 176kW) However the Litecoin network had a peak of 500 Th/s and is now at only 180 Th/s there is therefore over 320 Th/s or more of ‘idle’ hardware out there that can be rented cheaply, bought second hand cheaply, or which a potential attacker might already own and just use for an attack.
To rent 100 gh/s of Scrypt hash rate is as little as $270 a day or $11.25 an hour, so our Scrypt miners were providing as little as $11.25 (or even lower potentially) in terms of network security…
Thankfully because of PoW² our effective security is/was much higher than this, otherwise like most other PoW coins we would effectively have no security. As I‘ve covered this in a prior article I’m not going to go into details on the amplified security here.
So how does SIGMA fair? Our network hash rate currently sits between 1.4 gh/s and 2 gh/s but lets work on 1.4 gh/s.
A relatively high end computer — AMD thread ripper 2950x, is able to achieve a constant hash rate of 12 Mh/s at about 340W energy usage. The purchase price of such a machine is around $1200. It would be necessary to purchase around 116 of them for a total of $139000 or around 4x the price of the Scrypt hardware. (And around 39.4 kW) Like with Scrypt cheaper second hand options theoretically exist on the market.
How about rental? Pricing rental for SIGMA is a bit more difficult as there is a much wider variety of conventional computer rental out there, many of them with tough/strict rules on number of instances and many of which may kick you off for mining at any moment. Still a fair indicative price can be had.
A roughly equivalent machine to the above thread ripper 2950x (12 Mh/s) can be rented from Scaleway for $0.66 per hour; which works out too around $76.56 per hour for 1.4 gh/s.
Where we a regular PoW coin neither of these would sound particularly great, even with SIGMA having higher security both the amounts mentioned above sound tiny. Fortunately we are not a regular PoW coin, so where does all of this leave us?
Currently SIGMA is relatively new, word of it is still spreading and our hash rate still growing. Our SIGMA miners are consuming 22% of the energy that our Scrypt miners were and yet are providing up to 7x the base security (rental prices) or 4x the base security (equipment purchase prices). And the hash rate is still climbing…
After considering this amplified base security, and applying the large multiplier in security that witnessing brings to the table. And then considering the growth in witness accounts since SIGMA has launched our network is already more secure under SIGMA than it has ever been before.
Attack cost 3 confirms under current SIGMA conditions:
We now have over 90'000'000 NLG locked up in witness accounts, with a total weight of 903'582'015.
To create a single witness account that holds 1% of the network weight an attacker would need to lock up 865’000 NLG ($6610) for a period of 1 months — this would give him a 1% chance of witnessing any block he mines.
An attacker would require at least 3 such accounts ($19830) in order to attempt to attack 3 confirms.
Additionally the attacker would need additional funds with which to perform the double spend, it is a reasonable assumption that he is not going to lock up $19830 to try perform a double spend for substantially less - given the risks that a double spend has in terms of lowering the value of his locked funds.
Therefore we can assume at least an additional $20000 in coins required for the double spend.
If he were to acquire 100x the network hash rate (140 gh/s), at a rental cost of ($7656), he could mine roughly 100 blocks for every 1 the main network mines, as he would have a 1% chance of being the selected witness for each of these blocks this would give him a reasonable but not guaranteed chance of both mining and witnessing three blocks before the main network.
The above assumes that acquiring over 5'190'000 NLG in order to attempt to stage this attack does not push up the price of the coin - in reality it is almost certain it will. An increase in the coin price means that the attacker would need to spend even more acquiring the Gulden as well as that the network hash rate will increase require more expenditure on mining as well.
The attacker additionally faces various other difficulties in terms of ensuring none of this accounts are in cool down for the attack - and that such an attack is potentially detectable.
This puts the attack cost at well over $50'000 at a minimum, likely more and for only 3 confirms, for each additional confirm more witness accounts are required and the attack becomes exponentially more expensive.
In terms of other ways to attack the network SIGMA also comes out shining, the increased decentralisation makes us more secure against a ‘bribery’ based attack than even the most high market cap coins out there. We also have increased resilience against transaction censorship as a result.
The final concern might be that SIGMA itself has some kind of exploitable flaw, or that someone might be able to obtain a secret GPU or ASIC — thankfully witnessing acts to limit the damage they could do in this event. Additionally all the signs so far are that everything is working 100% correctly.
Our post-nonce distribution appears perfectly random, if there were any exploitable flaws in the algorithm we would expect to see non-random patterns start to emerge:
Our pre-nonce distribution is simultaneously both random but also biased toward lower numbers, as expected. If a different type of miner GPU/ASIC were to emerge we would expect to start to see different patterns here:
In short everything appears to be working as designed, a very reassuring sign!
With SIGMA we set out to achieve numerous different objectives/improvements. So far it has exceeded our wildest expectations.
- Network security has already increased, despite reduced energy consumption.
- Block times, and therefore overall coin usability are massively improved. With expectation of further improvements still once phase4 activates.
- Active installs/nodes/users on the network are massively up.
- A more positive mining community has emerged.
- Our community is invigorated and more alive again with new users coming in and old users having more to be positive about.
- An increase in witness accounts has also been observed.
With SIGMA and PoW² complementing one another we have one of (if not the) most decentralised blockchain projects. We are not held hostage by a small group of miners who get to dictate every development decision. Our coin is capable of remaining reasonably secure regardless of coin price, but simultaneously gets even stronger if the price does increase. We have fast and predictable block times that won’t confuse/annoy regular users who are trying to transact.
All in all I’m incredibly happy with the results so far, there is of course room for improvement and the roll out of Phase4 will bring yet more improvements in terms of block times.
We still have many further ideas for keeping mining decentralised going forward, and have many adjustments up our sleeves that can easily be made should feasible ASICs or GPU miners emerge and become dominant — we are therefore highly confident that we can keep things in a healthy space like this going forward.
Since joining Gulden the team has worked tirelessly to achieve a blockchain that is secure, has stable predictable block intervals, is robust and scalable. We have always maintained that these are the bare minimum requirements to have a feasible product and that only with this in place does it make sense to build more user visible products and really push for adoption — without constantly worrying about users having bad experiences due to chain issues.
It has been a long and hard road but I believe that SIGMA combined with our previous work (PoW², Unity and others) puts us within grasp of this goal.
The final piece of the puzzle is the new transaction format and witnessing improvements that phase4 brings, and these too are not far off.
While all this work has been crucial and difficult it is not very user visible — with these major items out the way we can focus on less difficult faster to develop but more user visible and just as important items and really push things forward.
2020 is going to be really exciting, I am very excited for what the future has in store.