How can we overcome Bitcoin's waste of electricity and tendency to concentration of mining power by using a different commodity than computation?

The idea of an electronic form of cash had been around since the 1980s, but it was only a few years ago that it saw wide-spread deployment. While all prior proposals still considered banks that issue coins, Bitcoin drastically changed the economic model. Both creation and validation of coins are decentralised using a blockchain, which records all monetary transactions. Anyone who adds a new block to the chain is rewarded with freshly minted coins, but to do so, "miners" must solve a puzzle, which requires computational effort; a solution can therefore be considered a "Proof of Work" (PoW). The chances of mining the next block are proportional to a miner's invested computation. This way, PoW ensures distributed consensus in Bitcoin, and its security relies on no adversary gaining more computing power than the honest miners.

Although a market capitalisation of currently over 25 billion Euro has made Bitcoin the most successful electronic currency ever deployed, its expansion has come at a price. Its limited block size impeding scalability is widely discussed, but there are also concerns about long-term stability and sustainability, both directly stemming from the use of proofs of work. Bitcoin mining today is only profitable on specialised hardware, which implies high start-up costs for new miners and has resulted in a vast concentration of computing power in the hands of a few big players. This goes against the initial intent of decentralising control by letting small users benefit from spare CPU cycles to mine Bitcoin. From an ecological perspective, Bitcoin mining has led to a questionable waste of electricity in the order of hundreds of megawatts, most of it burnt in large-scale mining farms powered by application-specific integrated circuits (ASICs), which have no other use.

The first proposed alternative to PoW in the mining process was proof of stake, as used by Peercoin. There, a miner's chances to mine the next block are proportional to the amount of currency held by the miner. Unfortunately, there are attacks against such schemes that leverage precisely the fact that mining is "cheap", in that it requires no computational effort. Proof-of-stake-based currencies also suffer from a lack of participation, as for the system to function, sufficiently many currency holders must be online and mine. In order to separate mining of a currency from just holding it, an extrinsic commodity is needed, which for Bitcoin is computation.

SpaceMint [1] is a cryptocurrency proposal by researchers from Inria/ENS, IST Austria and MIT, which replaces PoW by proof of space. Instead of computing power, miners must invest disk space, and the amount of space dedicated to mining determines the chances of adding a block. To start mining, one must first initialise one's space, which for one terabyte takes about a day. Once this is done, miners only spend a fraction of a second per block mined. While miners are incentivised to invest in hard-disk capacity, this is a one-time cost, in contrast to the perpetual electricity expenditure for Bitcoin. SpaceMint mining does not use up resources, and hard disks can be repurposed, unlike Bitcoin mining equipment. Since almost everyone has unused disk space and SpaceMint can be mined at very low setup and maintenance costs, this will lead to a well-distributed mining power.

Many cryptocurrencies, such as Litecoin or Ethereum, use PoW schemes that are less "ASIC-friendly" than Bitcoin in order to counter concentration of computing power; yet they all rely on consuming large amounts of energy. Permacoin is a currency that tries to claim back some utility via a concept called "proof of retrievability", which requires miners to store useful data while still solving PoW. Burstcoin is the only existing cryptocurrency that uses disk space as its main mining resource. However, as shown in [1], it succumbs to time/memory trade-offs, meaning that with some extra computation miners can succeed using only a fraction of the prescribed memory. The system thus potentially degenerates to a PoW-based scheme with all the above-mentioned drawbacks.

SpaceMint disincentivises any additional work via the concept of "proof of space", first introduced in [2]. It is an interactive protocol between a prover and a verifier, which needed to be adapted for the cryptocurrency setting. Furthermore, since creating a proof is easy (which inherently is not the case for PoW), miners can try to mine on many branches of the blockchain in parallel, which impedes fast consensus on the legitimate branch. Not using PoW also enables "grinding" attacks where deviating from the protocol can be beneficial. SpaceMint prevents such behaviours by specific design choices and a new blockchain format. Replacing work by space can thus make cryptocurrencies greener and more egalitarian.

[1] S. Park et al.: "SpaceMint: A Cryptocurrency Based on Proofs of Space",‚ÄČ Cryptology ePrint Archive report 2015/528
[2] S. Dziembowski et al.: "Proofs of space", CRYPTO 2015