Using Directed Acyclic Graphs to power a Decentralized Cryptocurrency sounds like a wonderful idea. I know I was excited when I first heard of them myself.
Among other things promised are:
Fast Transaction Confirmation
Everyone essentially mines as an equal
Mine using nothing more than a smartphone
Free Transaction Fees
Some even promise energy efficiency
The problem is this is only accomplished if they forget about achieving any semblance of security.
How do DAGs work? How do they back up these promises?
Let's start by making sure we're all on the same page when it comes to how DAGs work. Essentially, every time a user makes a transaction, their device is required to calculate a Proof of Work that confirms two previous transactions.
The idea is that as transactions confirm each other, long chains of mini Proof of Work transactions are formed and very hard for an attacker to defeat as he'd need to complete many more Proofs of Work than the current system. Once you have a few transactions built off of your own transaction, you may consider it validated.
Because every user is using a smartphone and is forced to mine, DAGs are supposed to be energy efficient and everyone can participate equally in the transaction verification process. And because transaction fees are not needed for spam protection, as Proofs of Work can accomplish the same task, no transaction fees are needed.
Because it doesn't matter which users build transactions off of yours, you don't need to process all the transactions for a transaction confirmation and therefore the system can scale well.
The Problem: Smartphones Cannot Compete with ASICs
The Proof of Work must execute within roughly a second on an average smartphone to make achieve the desired fast transaction confirmation. This is a huge problem because a single ASIC can accomplish the calculation roughly 1 million times faster than a smartphone.
This means that a single attacker with an ASIC could release so much spam that it can shut down the entire network. Alternatively, with a farm of ASICs, such an attacker can basically mine and 51% attack the network. In order to have some semblance of a transaction confirmation security, a DAG transaction therefore must require many, many transactions to be built on top of itself. Which means that significantly secure transaction confirmation must be similarly slow to achieve similar security.
This ultimately means that when it comes to the energy security trade-off, in order to maintain the same security as a Proof of Work blockchain, they must use roughly the same amount of energy to protect against ASICs. So energy efficiency is off the table.
And when to comes to transaction fees, users must burn roughly the amount of energy equivalent to the cost of a transaction fee in order to send the transaction. So transactions aren't actually free, just paid for in a different manner.
And because every transaction is significantly larger, more bandwidth is needed. And unlike a blockchain which can be easily trimmed by only looking at block headers and discarding large numbers of transactions, it becomes practically impossible to trim the transactions in a decentralized manner.
This means that at the end of the day, without introducing some form of heavy centralization or deciding that security is unimportant, DAGs cannot fulfill a single one of these promises.
The Promises of a DAG.. but It Works
So, is it impossible to find a coin that accomplishes these goals? No!
You are in luck, Frink is building a coin that is designed to accomplish every one of these goals.
Frink confirms individuals by paying people to link to each other forming a social network. By analyzing the social network, Frink can separate users into small interlinked communities of trusted individuals that mine their own blockchains. This means that every miner can mine as an equal for their own community's blockchain.
Because no energy is required and users are known, no transaction fees are needed, either in the form of money or energy.
And because the cryptocurrency is so highly split into the small communities, aka sharded, no miner needs to process many transactions.
And in fact, this may seem surprising given the rest of this article, but Frink just might decide to integrate short term Proof of Person DAGs into itself. Why does it work for Proof of Person but not Proof of Work? Because Frink's speciality is in eliminating the possibility of creating the equivalent of ASICs. Frink forces every user to mine as an equal using decentralized IDs. And by throwing away the DAG every block once the transactions are integrated into the block, Frink does not have to worry about the scaling issues that prevent trimming away transactions.