This is a quick post aimed at a reader who does not necessarily have an understanding of the state-of-the-art of cryptocurrency research, and is concerned about environmental and energy usage properties of cryptocurrency. This is not a comprehensive deep-dive into the tradeoffs of different consensus algorithms of participation mechanisms.
“Cryptocurrency boils the oceans in order to create collectable Pogs”. “Idling your car to produce coins that can be swapped for heroin”. These types of takes are very frequent on Twitter and other social media platforms. Successful activist campaigns have emphasized the environmental concerns around cryptocurrency. Tesla famously withdrew support for Bitcoin transactions to buy their vehicles over environmental concerns related to mining.
So, cryptocurrency must inherently consume unbounded amounts of energy and is thus an intrinsically planet-destroying invention, right?
No. In fact, most of the cryptocurrency technology funded, researched, and released in the past few years are specifically engineered to use minimal energy, requiring about the same amount of energy usage as a small datacenter at full scale. Energy usage is a property of specific participation mechanisms. To understand what’s going on here and how this is different from Bitcoin, you have to understand a little bit about how cryptocurrencies work.
Consensus
A critical aspect of most cryptocurrencies is distributed consensus: every cryptocurrency consists of a network of computers, and every computer in the network has to eventually realize the same state. This is an old problem with a rich academic history, going back to Leslie Lamport in the 1970s. Distributed consensus algorithms have a vast field of applications and use cases, and there are a variety of tried and tested solutions such as Paxos and Raft. Many of these distributed consensus algorithms run on the servers of huge tech companies. You probably indirectly used one of them today! Yet, they don’t seem to be apocalyptic energy-consumers, so what gives?
Participation Mechanisms
A fundamental problem in distributed systems is the fact that digital identities, without any other mechanisms, are infinitely and costlessly duplicatable (commonly referred to as the Sybil attack, in turn a reference to the book Sybil). In any consensus system there is generally a threshold of misbehaving or evil nodes at which the network can not come to a safe and consistent view of the global state. In the case of classical BFT (byzantine fault tolerant) consensus schemes, this threshold is 1/3. So, if you deploy a BFT consensus scheme openly, an attacker can hijack it by simply duplicating their identities until they reach the 1/3 threshold.
In the traditional context, like in a big tech company, the way to resolve this is to require every participant in the consensus scheme to be permissioned, that is, approved by a single entity. This works! But, now we have a closed consensus system where participants must be authorized by some central authority. This is incompatible with the ideal that most cryptocurrencies networks aim for: a decentralized network, with no central authorities, intermediaries, or gatekeepers, which values open participation.
Proof of Work
One of Bitcoin’s central contributions was the realization that Hashcash, originally an anti-spam mechanism, could be used to create an automatic cost for duplicating identities in a distributed consensus system. Hashcash, a.k.a. “Proof of Work”, can be used to create a consensus protocol which has an open, permissionless participation model: “one CPU one vote”. For an attacker to duplicate their identities, they would have to provably do some hashing. This introduces an economic cost to the Sybil attack, which allows Bitcoin to function to this day.
This is also where the energy usage comes in: because provable computational work is the security mechanism that allows open participation, the security of the network is directly related to the amount of energy being spent participating in it. Thus, the “planet boiling energy usage” is a function not of the particulars of the distributed consensus scheme. Instead, the energy usage is a property of the model used for open, permissionless participation. Also, energy usage scales not with chain usage (a common misconception), rather it scales with the value of the coin (and thus, the total network value).
Proof of Stake
There is an alternative! Instead of introducing explicit ACL permissions or computational cost to rate-limit participation, an alternate mechanism can be used. The most popular alternate mechanism is Proof-of-Stake: your participation is linked to the amount of digitally scarce stake, some token on the ledger, you have dedicated towards participation. This requires no more energy than running a typical permissioned consensus scheme. This also gives some benefits to security: since stake is on-chain and fungible, active penalties can be applied for misbehavior, instead of just loss of revenue. This article doesn’t go deeply into the various minutia of Proof-of-Stake and Proof-of-Stake security. For that, this great article by Vitalik Buterin does a much better job. A good way to think about Proof-of-Stake is that essentially removes a level of indirection: instead of using funds to buy hardware in order to participate in consensus, you instead use your funds directly.
But this must be a pipe-dream, right? Nothing has deployed with this, right?
Stake of the Art
Tendermint proposed a working modern synthesis of BFT consensus with proof of stake in 2014:
Since then, the Cosmos ecosystem has launched and currently protects at least $170B in value. In addition to Tendermint/Cosmos, Avalanche, Solana, Polkadot, Near, Celo, Mina, and many others have launched using Proof-of-Stake as their participation mechanism. Ethereum has launched the beacon chain in production, which uses Proof-of-Stake with Casper the Friendly Finality Gadget (the merge, which moves the execution layer of Ethereum to this already-running beacon chain, has yet to occur). These chains collectively function today, and power a wide variety of applications, while consuming no more power than a typical small datacenter and imposing no long-term energy requirement.
Energy usage is not a fundamental property of cryptocurrency. In fact, alternate participation mechanisms such as Proof-of-Stake are here today, are mature components, and are also the default for most new chains in development. Many of the people who built these systems did so specifically with the environmental concerns of long-term Proof-of-Work mining in mind.