Incentive-Based Security: How Blockchains Stay Secure

Blockchain technology is considered to be a relatively secure alternative to traditional, centralized systems. Yet precisely because blockchains are designed as decentralized systems, the creator of the blockchain can’t directly enforce good behavior. So how do they encourage the users of their systems to behave? Well, that would be greed. The security of blockchain technology is based off of making it too expensive to attack or by making the rewards of good behavior greater than those of misbehaving.

The decentralization problem

This is most evident in the mechanisms by which new data is added to the blockchain. Users of blockchain technology each keep a copy of the distributed ledger and add new data to it on a regular basis. These blocks of data are created by one user in the network and validated by the rest before they add them to their copy of the ledger.

From a security perspective, the main concern of the blockchain is ensuring that control of the blockchain is decentralized. If one user creates all of the blocks in the ledger, they have the ability to rewrite history by publishing an alternative version of the chain that other nodes will accept. Blockchains operate using the longest block rule, which states that if two conflicting versions of the ledger exist, whichever one is “longer” wins. If an attacker can create a version of the blockchain that’s longer than the real one, other nodes will replace their current version with the new one

Blockchain maintains decentralization in two ways: using a consensus algorithm that tries to ensure that no user creates too many blocks and using incentives to encourage users to participate in the block creation process (increasing security) and to abide by the rules.

Security via scarcity

Many different consensus algorithms exist for blockchain technology. Proof of Work (used by Bitcoin, Ethereum, and many other systems) was the first and uses mining, a process in which users race to find a solution to a puzzle, to determine who creates the next block in the blockchain. Other algorithms, including Proof of Stake, Proof of Space, Proof of Activity, and many others, exist and use very different methods to choose a block creator. However, all of them boil down to the same underlying concept: security via scarcity.

In Proof of Work, all miners are trying to find a solution to a puzzle that can only be solved by random guessing.  Since guess-and-check is the best and only way to solve the puzzle, the more quickly that you can make guesses, the more likely you are to win the race to solve the puzzle. This means that the miner with the most computational resources has the greatest chance at finding a solution, creating a block, and having partial control of the blockchain.

Computational power is a scarce resource. There are only so many computers in the world and many uses for them, meaning that they are in high demand. If an attacker wants to increase their control over a blockchain, they will need to purchase more of these computational resources, further increasing the demand for them. Any economist will tell you that increased demand for something with a fixed total supply causes the price to rise. This is how Proof of Work blockchains protect their decentralization. Trying to purchase and run enough computers to control a blockchain (which requires more than every other miner put together) quickly becomes financially impossible for an attacker.

While blockchain consensus algorithms may look very different on the surface, all of them use this same concept of equating control of a scarce resource to control of the blockchain. In Proof of Stake, the scarce resource is the cryptocurrency used for staking. In Proof of Space, it’s computer memory rather than CPU cycles.  Once a blockchain has become large enough, the cost of accumulating enough of the resource is too high to pay or outweighs the benefits.

Incentivizing good behavior

Beyond the consensus algorithm, blockchains use financial incentives to ensure that users act in the best interests of the blockchain network and the distributed ledger. The majority of public blockchains include two types of payments for a block creator: block rewards and transaction fees.

Block rewards are a set reward designed to reward users for participating in consensus and creating a block. All a user needs to do to earn this reward is create a valid block that is accepted by the rest of the network. This need for acceptance is how blockchain uses block rewards to incentivize good behavior.  If a user creates an invalid block, legitimate users won’t accept it, so they won’t get their reward. Users can misbehave and try to pass off invalid blocks, but, as long as the network is mostly honest, they won’t be accepted and the attacker will lose money for an unsuccessful attack.

Transaction fees are designed to incentivize fair selection of transaction to include within a block. Users can pay for their transactions to be prioritized within a block. A greedy block creator will want to maximize their rewards, so they fill the block with the highest-value transactions available. A block creator can deliberately ignore a high-value transaction to hurt its creator, but it will cost them the difference in transaction fees.

Greed-based security

Blockchain technology is designed to incentivize good behavior and disincentivize bad.  Consensus algorithms are designed to maintain decentralization by making attacks expensive, and the process of updating the ledger is designed to encourage users to play by the rules.