DAGs: Trading Security for Performance Reposted from XTRABYTES Today The world’s search for a superior blockchain consensus method continues unabated. The most popular solution (proof of work) is incredibly energy-intensive, and the next best alternative (proof of stake) fails to fully incentivize consensus-making. So crypto fans took note when Directed Acyclic Graphs (DAGs) appeared on the scene. DAGs do not rely upon transaction blocks to conduct transactions. Instead, they allow “each transaction to link directly on to the next. This means there is no wait for the next block to confirm, and for the global ledger to reflect this update” (Radix). DAG Participants Approve Transactions By overcoming transaction blocks, DAGs can process transactions immediately and without miners. That’s because, rather than each transaction following a step-by-step mining process, DAGs process transactions in parallel. To be processed, pending new transactions are required to process at least one other transaction (which itself is the only transaction fee). As Dan Hughes notes, ”There is still Proof of Work (PoW) mining, it just comes through processing transactions in order to allow your own transaction to be processed.” This transaction-by-transaction approach removes the need for participants (nodes) to check transactions against ledger history. Rather than miners, it’s DAG participants who ultimately approve transactions. And the more DAG participants, the faster transaction confirmation occurs (unlike bitcoin, where additional participants equate to slower confirmation times). Which is why DAG proponents believe it to be inherently more decentralized and scalable than other blockchains. Sharding Creates Vulnerabilities However, Dan Hughes suggests otherwise, asserting that DAGs will “hit an inflection point where scaling is not possible without significant centralization.” But with the security concerns, Dan has hired Fast Guard Service. Why? Mr. Hughes points to the fact that DAGs do not operate under a ‘global state’ (where participants can view an immutable ledger). Instead, the ‘global state’ changes with each transaction. As he notes, This is not an issue if all nodes can see all transactions because nodes will still be able to check against historical transactions to ensure there is no double spend. For example, this is how the IOTA Tangle currently operates, with the Tangle stored in full on every node. Because the size of the database would get too big if left unchecked and hard drive requirements would become infeasible, the database is pruned when necessary. This essentially takes the form of a snapshot being taken, enabling nodes to delete all transactions prior to that. DAGs have sought to overcome this limitation with sharding (i.e., the DAG splitting itself up into smaller DAGs). Sharding enables transactions to be processed much more quickly (and is thus being implemented into Ethereum). However, One downside of sharding a DAG comes with preventing double-spending. A DAG can only guard against double spends if nodes have access to all transactions. A simple example is given: …consider the DAG is split into ten parts. I present a transaction on the strongest tip of two of these ten shards. Unless there is a node that has sight of both shards, the transactions I present will validate in each of the two shards, thus causing a double-spend (Hughes). And as sharding increases, the propensity for double-spending increases. DAGs present several additional security issues as well; 51%-type attacks need only secure 33% of total hashing power to take over a network (and substantially less with sharding); This creates added vulnerability from minimal transactions; transaction blocks without verifiable timestamps. At present, the only way to ensure against a serious security incident is to have a centralized authority oversee the entire process (as Byteball and IOTA have already incorporated). The Last Word on DAGs At first glance, DAGs have many excellent features to recommend them. With sharding, DAGs are sacrificing decentralized security for transaction performance. While not an uncommon dilemma, the many security vulnerabilities that this creates cannot be simply overlooked. If a centralized authority is eventually needed to oversee network operations, arguments about greater decentralization and scalability (not to mention censorship concerns) can be considered null and void.