Directed Acyclic Graph(DAG) based Cryptocurrencies are Inherently Insecure
Using Directed Acyclic Graphs to power a Decentralized Cryptocurrency sounds like a wonderful idea. I know I was excited when I first heard of them myself.
Among other things promised are:
Fast Transaction Confirmation
Everyone essentially mines as an equal
Mine using nothing more than a smartphone
Free Transaction Fees
Some even promise energy efficiency
The problem is this is only accomplished if they forget about achieving any semblance of security.
How do DAGs work? How do they back up these promises?
Let's start by making sure we're all on the same page when it comes to how DAGs work. Essentially, every time a user makes a transaction, their device is required to calculate a Proof of Work that confirms two previous transactions.
The idea is that as transactions confirm each other, long chains of mini Proof of Work transactions are formed and very hard for an attacker to defeat as he'd need to complete many more Proofs of Work than the current system. Once you have a few transactions built off of your own transaction, you may consider it validated.
Because every user is using a smartphone and is forced to mine, DAGs are supposed to be energy efficient and everyone can participate equally in the transaction verification process. And because transaction fees are not needed for spam protection, as Proofs of Work can accomplish the same task, no transaction fees are needed.
Because it doesn't matter which users build transactions off of yours, you don't need to process all the transactions for a transaction confirmation and therefore the system can scale well.
The Problem: Smartphones Cannot Compete with ASICs
The Proof of Work must execute within roughly a second on an average smartphone to achieve the desired fast transaction confirmation and the average user only executes transactions a few times a day. This is a huge problem because a single ASIC can create roughly 100 billion times more transactions than an average user will.
Think about it.. a single ASIC is more powerful than every smartphone on earth. This is a huge security issue. Do you think the entire country of China or Russia won't decide to build a single ASIC to take down the network to prevent competition against it's own currency? Let along some random millionaire who is invested in the current banking system?
This means that a single attacker with an ASIC could release so much spam that it can shut down the entire network. Alternatively, with a farm of ASICs, such an attacker can basically mine and 51% attack the network.
The only real answer to this is to allow users to mine using ASICs of their own while doing this transaction verification and to achieve a similar level of security run them 24/7. At which point, it becomes much more energy intensive than Proof of Work, costs the miners significantly more than it costs for Bitcoin miners, and barely provides them with a benefit.
In order to have some semblance of transaction confirmation security, a DAG transaction therefore must require many, many transactions to be built on top of itself. Which means that significantly secure transaction confirmation must be significantly slower and practically to achieve similar security.
And when to comes to transaction fees, users must burn roughly the amount of energy equivalent to the cost of a transaction fee in order to send the transaction. So transactions aren't actually free, just paid for in a different manner.
And because every transaction is significantly larger, more bandwidth is needed. And unlike a blockchain which can be easily trimmed by only looking at block headers and discarding large numbers of transactions, it becomes practically impossible to trim the transactions in a decentralized manner.
This means that at the end of the day, without introducing some form of heavy centralization or deciding that security is unimportant, DAGs cannot fulfill a single one of these promises and is a disaster waiting to happen.
The Promises of a DAG.. but It Works
So, is it impossible to find a coin that accomplishes these goals? No!
You are in luck, Frink is building a coin that is designed to accomplish every one of these goals.
Frink confirms individuals by paying people to link to each other forming a social network. By analyzing the social network, Frink can separate users into small interlinked communities of trusted individuals that mine their own blockchains. This means that every miner can mine as an equal for their own community's blockchain as well as take equal turns mining the main chain.
Because no energy is required and users are known, no transaction fees are needed, either in the form of money or energy.
And because the cryptocurrency is so highly split into the small communities, aka sharded, no miner needs to process many transactions.
And in fact, this may seem surprising given the rest of this article, but Frink just might decide to integrate short term Proof of Person DAGs into itself. Why does it work for Proof of Person but not Proof of Work? Because Frink's specialty is in eliminating the possibility of creating the equivalent of ASICs. Frink forces every user to mine as an equal using decentralized IDs. And by throwing away the DAG every block once the transactions are integrated into the block, Frink does not have to worry about the scaling issues that prevent trimming away transactions.