The Decentralization Myth

I have often observed that disagreements between smart people inevitably devolve into a difference of opinions based on assumptions which are either ignored by one or both sides or insufficiently proven, which leads to the construction of a belief system built on top of nothing more than reasonable guesses.  Because of this, it takes a long time before one can peel away the layers of conditional truths before you reach the core assumptions over which the principle disagreement is erected upon. (one needs to look no further than the renewed flat earth movement to see how you can rewrite your entire belief system to support your theory). Over the last month as I have debated with the decentralists on the foundations of their “decentralization is the most important thing about Bitcoin”* argument, I believe I have finally discovered the crux of the dispute, the mistaken assumption, upon which all other conclusions are derived upon, the genesis block of the debate, if you will.

Network_topologiesThe problem comes from the fact that the term decentralization has been overloaded to mean so many different things.  From topological point of view the old graphic from Paul Baran (1964) (inset  right) may seem to provide a good enough definition but only from the perspective of a network topology which is certainly not the common usage of the term today.  More recently some folks have improved upon the definition to more clearly indicate that it is the notion of control (the little puppet master hands in the diagram) of the network nodes that make them more or less decentralized.

networksv2

Looks better. But where are the little hands on each one of the individual nodes in the Decentralized and Peer-to-peer models?

This explanation, which I credit for adding richer meaning to the term decentralization in its own right, unfortunately misses the mark and fails to address the real issue at hand, the core basic assumption which I alluded to above…  which is that it is not really decentralization that we want.

What we really want, is network security.  Security from corruption, and collusion. Security against that evil puppet master hand taking control of things.  Let’s measure this thing and call the quantity the net Cost of Corruption (CCR) of the network.  What we want is to maximize this. The higher the CCR is, the more difficult and thus more unlikely it will be for a malicious puppet master to take over the network.  Decentralization certainly helps in increasing the CCR, or does it?  Not enough academic study has been done on the topic to say for sure, but I can empathize with the decentralists that in absence of solid theoretical or empirical evidence, it sure feels like increasing decentralization should increase network security.  Right?

Well I’m not a PhD in economics so I will leave the heavy lifting to others on this, but I can certainly outline the framework by which I would start to examine this quantity of network security, or its Cost of Corruption.

Let the cost of a failed collusion attempt for a mining node be

Screen Shot 2016-02-05 at 17.08.11

Which broken down into all the assets which would be lost if the collusion is discovered, sunk capital costs, legal costs, expected future profit stream, and potential reputational damage

Screen Shot 2016-02-05 at 17.08.41

What a node gains for a collusion, i.e. the bribe amount, in % of current profits we shall call the gains

Screen Shot 2016-02-05 at 17.09.21

Now there is a cost to contacting every node in a network to coordinate a collusion, it increases the more independent nodes the network supports.  This is quite a dynamic variable, as costs could drop if methods for coordinating an attack could be more efficiently employed, such as anonymous posted bounties, or use of social media, or use of viral spreading techniques.  But as those methods can only reduce the cost of coordination, I will assume for now the worst case scenario where it is constant, and only linearly increasing with just the number of nodes.

Screen Shot 2016-02-05 at 17.09.54.png

Let the cost the cost of corruption be defined by

Screen Shot 2016-02-05 at 17.11.19

Where each node’s CCR is defined by

Screen Shot 2016-02-05 at 17.12.19

Where the expected costs of a failed collusion are

Screen Shot 2016-02-05 at 17.12.46

And the expected gains of a successful collusion are

Screen Shot 2016-02-05 at 17.13.13

The theory is that as the network becomes more decentralized, (more independently controlled nodes controlling an increasingly smaller portion of hash power), the cost of coordinating a collusion increases, but the cost of a failed collusion drops

Screen Shot 2016-02-05 at 17.13.40

Because smaller miners make less profits, and in the extreme case of teenagers in their basement, they also have little reputation or capital assets at risk.

Recall that:

Screen Shot 2016-02-05 at 17.14.10

Worse, if all nodes were anonymous, then colluding and being caught doing so would not even affect their future profits, so the biggest factor in the cost(fail) is practically zero. Contrast this to a large mining business, where their future revenue stream is likely the largest component of their cost(fail).

Let d be a configuration of network decentralization which results in a specific cost of coordination for the whole network, and a cost of failure for each node

Screen Shot 2016-02-05 at 17.14.52

It is also the case that the configuration of the network changes with the number of N nodes which will comprise more than 51% of the network hashing power.

Screen Shot 2016-02-08 at 13.33.40

But since we cannot enforce the number of mining nodes in the network N, (and if we did it would alter the cost(fail(d)), then it follows that we should optimize decentralization such that the net Cost of Corruption is maximum for any given N, which is the most secure network state.

Screen Shot 2016-02-05 at 17.15.25

It should be obvious from above that maximizing decentralization (maximizing N) alone, does not produce the maximum security, in fact it may start to hurt network security beyond a certain point due to decreasing the cost(fail) for each node.  As we get more nodes, the cost(coord) may go up, but the CCR(n) for each node will drop.  We should in fact be trying to find the optimal d.  In addition, if we modelled the cost(coord) more accurately, accounting for more efficient ways to coordinate independent nodes to collude, then the result would even be stronger against decentralization being the most important factor in network security.

This is the decentralization myth.

* -“and this is why we need smaller blocks! Because big blocks hurt decentralization!”(would be the common “False Effect” argument built on top of this assumption)

 

Tip me with ChangeTip!

Please donate!

 

 

 

12 thoughts on “The Decentralization Myth

  1. You know how the human body has several “vital organs” that are called that because without any one of them a human would die?

    Bitcoin is kinda like that. It has several vital organs, of which decentralization is not only one, but it is literally the most important one. And the analogy is surprisingly good, because if Bitcoin had a heart, decentralization would be it. And just like you can never have “too good of a heart”, and hearts only get worse over time (and eventually fail), decentralization is just like that. There is no such thing as “too good of a heart”, and eventually it will die.

    Now, let’s go through your equations and see if we can identify where the flaw is. From our analogy above it’s pretty easy to spot the problem sentence from which we can work backwards:

    > It should be obvious from above that maximizing decentralization (maximizing N) alone, does not produce the maximum security, in fact it may start to hurt network security beyond a certain point due to decreasing the cost(fail) for each node.

    What should jump out to your readers immediately is the “N” you’ve created. Smart readers would ask themselves the following question: “Is David’s ‘N’ really an accurate representation of Bitcoin’s decentralization? Because if it isn’t we can immediately go home and go back to what we were doing.”

    The article makes it clear that N refers to mining nodes and not full nodes, even though full nodes are an essential part of measuring Bitcoin’s decentralization. Just for fun, let’s assuming that the number of full nodes is high and therefore isn’t the limiting factor. I’m sure there are still more flaws to be found (and I doubt I’ll find them all in the limited time I have).

    > Now there is a cost to contacting every node in a network to coordinate a collusion, it increases the more independent nodes the network supports.

    Well, do we need equations or can we estimate how many “nodes” an attacker would need to contact? We can [1], and the number is about 2 to 3. They happen to be in the same country, so it’s not a super high cost (especially for a government if it views Bitcoin as a threat).

    For handy reference, let’s make our N = 2 (a realistic figure).

    What’s interesting about this N is that an N=2 isn’t super useful with the equations we have since they ignore national boundaries, but for the sake of argument let’s assume that information was packed away in CCR_n.

    > The theory is that as the network becomes more decentralized, (more independently controlled nodes controlling an increasingly smaller portion of hash power), the cost of coordinating a collusion increases, but the cost of a failed collusion drops

    Sure, we can accept this as having some truth to it, although it’s not clear why it leaves out the fact that *both* the cost of failure *and* the expected `gains` from collusion drop as decentralization goes up.

    > But since we cannot enforce the number of mining nodes in the network N, (and if we did it would alter the cost(fail(d)), then it follows that we should optimize decentralization such that the net Cost of Corruption is maximum for any given N, which is the most secure network state.

    Here is where everything starts to fall apart.

    Note the confusion here: “we should optimize decentralization such that the net Cost of Corruption is maximum for any given N”.

    And yet, the author has equated “N” with decentralization. The author just assumes that the “net Cost of Corruption” is separate from decentralization but never proves it.

    How can you de-couple “decentralization” by “optimizing it” for “any given N”, when N itself is mining decentralization? That’s nonsense. You just increase N. That’s what it means to “optimize decentralization”. Decentralization (as measured in terms of miners), *is* N. You can’t “wiggle” or “optimize” it “around N”, that doesn’t make any sense.

    > It should be obvious from above that maximizing decentralization (maximizing N) alone

    Here we seem to suddenly awaken to the reality that what was written in the previous sentence didn’t make any sense.

    > does not produce the maximum security, in fact it may start to hurt network security beyond a certain point due to decreasing the cost(fail) for each node.

    That it “does not produce the maximum security” is never proven. Just because cost_fail drops, that doesn’t have anything to do with security on its own. This ignores entirely the fact that `gains` drop as well. And it doesn’t even make sense to look at this from the perspective of each node. Beyond a certain N it simply becomes silly to think in those terms as the cost_coord goes to infinity (go on, try rigging a city’s election by going door-to-door and bringing every resident of the city, see how long you survive before you’re thrown in jail). There *is NO* N above which the cost *TO YOU* magically goes down.

    > As we get more nodes, the cost(coord) may go up

    Not “may”, it *definitely* goes up.

    > but the CCR(n) for each node will drop.

    So what? That’s not the perspective that matters as explained above.

    There’s nothing left to dissect really. The idea of an “optimimal d”, above which the cost of attacking the network magically goes down, just doesn’t have a shred of sense to it.

  2. To be fair, I shouldn’t entirely spend my comments on criticizing you. I am just a bit incensed at how you don’t seem to understand that by posting things like this you are playing with fire without realizing it (and harming Bitcoin).

    Here’s a compliment:

    Thanks for sharing Paige’s graphic on decentralization. She put a lot of work/thought into it, and you and I also both noticed and agree on the method in which that graphic can be improved when you say in your caption:

    > Looks better. But where are the little hands on each one of the individual nodes in the Decentralized and Peer-to-peer models?

    • If critical thinking and having a high bar of skepticism is “harming Bitcoin” then Bitcoin is too fragile to serve as the monetary reserve for the planet. It it our duty to put all things to the rigors of scientific scrutiny.

      • > If critical thinking and having a high bar of skepticism is “harming Bitcoin” then Bitcoin is too fragile to serve as the monetary reserve for the planet.

        Just because someone’s ego will survive your insulting them, doesn’t mean you should.

        If you’re such an advocate of critical thinking you should put that critical thinking to work on your own words and see whether you are selling people BS and thereby harming Bitcoin in the process, or doing the community a service.

  3. I agree with the premise that we should focus on network security rather than “decentralization”.

    It’s far too premature for equations though.

    “Security from corruption, and collusion. Security against that evil puppet master hand taking control of things.”

    Before you go any further than this, you have to break down those adjectives into something concrete. Obviously no one wants a node to be “corrupted”, but what does it mean?

    If a node in the network has been corrupted then somehow its behavior must be different than non-corrupted nodes.

    In what way, specifically, does that behavior differ? In what way does that difference damage other users besides the owner of that node? How much does that corrupted behavior cost? What benefit does it provide to the attacker? How much does it cost to defend against?

    That’s where to start – first we need to figure out what an attack actually looks like before we start designing defences.

    If you see the video which another commenter linked, you’ll find an embarrassingly bad leap of logic that basically goes, “all an attacker needs to do is knock x% of doors and suddenly Bitcoin is completely broken.” There’s a kind of sloppy reasoning that says that if an attacker with some percentage (usually 50%+1/inf) of some category of network resources (usually mining) under their control, then their capability for damage suddenly jumps to infinity.

    Nobody ever bothers, however to actually validate that premise with any kind of rigour.

    I haven’t published the kind of rigorous analysis that would definitely show they are wrong, but they clearly haven’t shown they are right and don’t even acknowledge the need to do so. Anyone who is making any kind of positive claims about Bitcoin security and network architecture has no objective basis for doing so yet.

    • Yes, these were meant as a sketch to illustrate how decentralization isn’t the be all and end all of all our problems. I feel that sometimes equations speak louder than words though the questions you raised are all of the relevant sort that need to be explored. Too much of what Bitcoin is supposed to be has been steeped in mystery and distrust of the establishment to the point where a lot of people start believing in a premise without actually analyzing it, because it “sounds right”. If we trade our skepticism for faith in experts, then we are no better than a religion at best, a cult at worse.

  4. Pingback: Decentralization comes with People! | Wall Street Technologist

  5. Pingback: Ouija Board Consensus – Decentralization Myths: Part 4 | Wall Street Technologist

Leave a Reply

Your email address will not be published. Required fields are marked *