This is the fourth part of a multi-part series on the myths of decentralization. You can read the previous installments here:
I’ve written quite a lot about the misconceptions and deliberate misdirection that some proponents in the Bitcoin community choose to spread around in order to shape the public perception of what makes Bitcoin valuable, and as a result change the fundamental value proposition of Bitcoin. As you all should know by now, “Value does not exist outside the consciousness of Man” – Carl Menger. So changing people’s consciousness by way of affecting their ideas, affects the value of Bitcoin. Thus it is important that we re-evaluate our notions of why Bitcoin is valuable every so often with a huge dose of skepticism.
In today’s article, I’d like to review what the fundamental security model of Bitcoin is, as intended by its mysterious creator, Satoshi Nakamoto, (at least in my interpretation of it) why that model is the best we can possibly hope for, and why any further attempts at adding extra layers of ‘security’ on top of this model just ends up making it less secure by making it more centralized.
Let’s begin by reviewing what the base security model is. It is what keeps Bitcoin ‘working’, in that everyone continues to operate within the rules of the system despite its decentralized nature. In a centralized system, its security model is simple. You trust the central party to act honestly, you pay them to act honestly, or they act honestly due to fear of repercussions from the legal and law enforcement agencies in meat space. For example, you trust your bank not to alter your records and tell you that you have now less money than you deposited, for no apparent reason. But this model relies on trust. Either you trust the bank directly, you trust the government to enforce penalties on them and run audits on them regularly, or you just trust that they value your continued business enough such that they would not jeopardize losing it. Bitcoin changed all of this because it was able to operate without any central authority or entity, which means its security model needs to work in a distributed fashion. You need not trust any 1 entity, but you need to trust that the collection of network participants ‘as a whole’ will act in a certain more or less predictable way. This was solved in a brilliant fashion by Satoshi Nakamoto by creating a network token (called bitcoins -small ‘b’) which was used to reward honest actors in system. Therefore, as long as a majority of the network is acting honestly and not colluding to defraud the network users, then the system is secure. This is the now infamous dubbed the “51% rule”, or said in another way the “51% attack”. So what keeps >51% of miners from attacking the network? Well simply, to defeat the network would be to destroy the value of their very own rewards which are paid in bitcoins¹. This elegant fusion of computer science, game theory (mathematics/probability), and economics forms what we collectively call “Nakamoto consensus”. Which does not actually guarantee that the system will come to consensus finality, but just that it is most likely to, and that the farther back in time you go, the harder it is to have history (consensus) changed, because there is an boundlessly increasing cost (in real world energy, paid for in fiat money) to maintain the system.
Now, for the myth!
There is a camp of believers who don’t accept that Nakamoto Consensus (“NC”) is secure enough. They want more. They come from a world of mathematics and academia and they like things which can be proven analytically with formulas and math. They were skeptical of Satoshi’s invention from the beginning, and never really believed that it could work at scale. After all, you can’t be 100% SURE that economic incentives alone will prevent a >51% malicious collusion of miners right? Perhaps a well funded state power may bribe or extort miners to break the system deliberately, as long as the bribe is sufficiently high, right? This camp of people (many of which are now prominent core devs) continually try impose additional ‘loose’ security measures on top of NC. (I use the term ‘loose’ to mean ‘less-strict’, with even weaker guarantees than NC itself can provide). This camp has introduced terms such as “Code is Law”, which is just an attempt to make people believe that the only thing keeping network participants from misbehaving is the code that they are running. Make no mistake this is a ruse. All it would take is for misbehaving actors to change their software themselves and there goes those precious rules out the window. But “wait!” you say, “miner’s don’t have the wherewithal or technical acumen to make those changes…! Not to mention they would have to do it as part of a collusion so that they would have >51%!” Well, if you assume that a determined party with limitless resources are going to be funding this corruption attempt, then I think they should be able to hire some developers to get the job done. The trick would be getting >51% of the miners to agree to do it together (so that they would still have the longest proof-of-work chain), and “aha!”, guess what, that means we are back at the base Nakamoto consensus principle again. The code that miners run has no power over how miners act. It has zero efficacy. It only seems to be true because Nakamoto Consensus is working.
Devs are the guardians of the consensus code!
The second fallacy that this camp try to enshrine is that core developers are the only ones who can understand the code, and therefore if the network wants to avoid falling prey to some strange, obscure bugs that may cause accidental chain splits and chaos, then you must trust the (self declared) experts. This is another fallacy meant to be politically deployed through the use of technical sounding rhetoric, in order to sow the idea that the drivers of consensus are the devs, and specifically the core dev team. This is likely born out of an honest desire to add extra layers of consensus ‘security’ on top of NC, but what they don’t realize (or if they do, then they are deliberately ignoring it for reasons unknown) is that these additional security measures come with a price paid for in centralization. It is not the kind that most people will notice, because it is being applied on a ‘meta’ level above NC, but it is centralization just the same. This centralization, is the belief that devs, and the code they write, are the only thing keeping the network working, and thus, places those devs in a position of power. — exactly the situation which Satoshi Nakamoto himself invented bitcoin to eliminate.
Economic nodes define consensus!
The third fallacy is the notion that it is the economic nodes on the network (the non-mining nodes) that define consensus. Proponents of this theory include Peter Todd and most ardent core supporters. This fallacy is promulgated in order to support the notion that the number of independent nodes is of utmost importance to the health of the network and thus the cost of running nodes must be kept low at all costs so that individuals hobbyists can continue to run them. While the number of nodes is indeed a proxy for the decentralization level of the network, it is but just one way to measure decentralization, not the only one, which I have addressed in previous posts. Nodes themselves cannot define consensus. A network of full nodes enforcing consensus without miners would not be able to solve the double spending problem², and thus would not be able to resolve disputes between chain forks. The better way to view this is that miners define consensus, where as network nodes enforce it. Another way of looking at it is that hash power votes on network consensus rules, and the network nodes collectively act as a veto vote to those decisions. This is the basis of the emergent consensus idea that underpins Bitcoin Unlimited, and other clients which implement EC as a solution for the block size limit.
Ouija Board Consensus
What ends up happening is you end up with a kind of decentralized looking system that is akin to an Ouija board or ‘spirit board’. For those of you who don’t know, the Ouija board is a device which supposedly allows you to speak with the dead. It works by having participants lightly touching a pointing device called a planchette placed on a smooth board with letters printed on it which is allowed to slide around to spell out messages from the ‘summoned’ deceased. It is also the longest running popular scam in modern history (with respect to the game manufacturers, who laugh all the way to the bank). Due to the fact that participants are psychologically primed to ‘relax, and open their minds’ while also told to maintain only a light touch on the slider, all it takes is one person, in secret, to slightly push or pull the planchette to induced others to reinforce the movement because everyone is attempting to maintain their light contact with the pointer, and the operator can steer the planchette to where ever he or she wants, much like moving an air hockey puck across the air-table only requires but a light nudge. This phenomenon has been attributed to the ideomotor effect.
People who believe in ghosts will say this system works in communing with the dead. People who weren’t sure if ghosts exist but are open to the possibility will be reinforced into believing that ghosts may actually exist. People who don’t know the secret of the Ouija board will be more inclined to believe that it is truly working and that it is a decentralized system for communing with the unknown. (nobody is in control, so it must be a ‘spirit’ that is moving the pointer). But in truth, it is just a centralized system masquerading as a decentralized one. It is one party secretly taking advantage of the passive, submissive mental state of the participants in the system, who have been mentally primed to act (or not act, as it were) in a certain way –which is to accept authority, to not resist the movement of the planchette, and to just ‘let it happen’. Such is what can happen with Bitcoin if you subscribe to these ‘false guarantees’ that core developers (specifically Blockstreamers) are advocating.
You can even see the similarities between the failure mechanisms of the Ouija board game and a core driven consensus model of Bitcoin. For instance, what happens when more than 1 person who knows how the ideomotor response works tries to move the planchette? Well then you have a conflict and it ends up pointing to the wrong letter as both try to nudge it to where they want it to go, and we have a broken system, the message gets garbled, or a unexpected chain fork as core devs would put it. That is a failure of consensus. You can’t have more than one secret operator at a time. This fictitious consensus mechanism doesn’t work, because it isn’t robust in the face of more than 1 competing operators. This is why Satoshi Nakamoto invented Proof of Work in order decide the winner in such adversarial contests. If we forsake this process in light of one where we just trust some seemingly well meaning developers, then we have just substituted Nakamoto consensus, for Ouija board consensus.
Code is NOT the Law. There is no ‘law’ except for one’s own wealth preservation instinct. Trust in the economic incentives of the network participants to keep the system honest.
Devs are NOT the sole guardians of consensus. Miners who contribute hashpower are. If you want to have a say in defining the rules of the network, get yourself some hashpower. If you want to make profit by running a business in the system, you need to run your own full-node in order to trust nobody but yourself. You aren’t required to do any of above if you just want to be a user of the system.
A consensus system that is held together by the trust in the good will and good behavior of a small cabal of developers that advocate that everyone must believe that an overwhelming majority consensus is ultimately the most important factor in order for consensus to actually work³, is not really a consensus system at all, it is an Ouija board belief system
That is all,
¹ This, and only this, is the best security guarantee that you have when using Bitcoin. This is Nakamoto Consensus.
² Proof of Stake advocates may disagree here. But until proof of stake has been proven to work at scale, this is will remain defacto true.
³ You can see evidence of this distorted thinking in the way the core maintainer Wladimir van der Laan’s policy for admitting code changes to core repository: He says that “no controversial change will ever be merged [entered] into the code base”. Which is essentially equivalent to deciding to never having to make any hard decisions. A recipe for stagnation so long as there is always someone to object to a change. In other words, he is a maintainer that has decided not to do his job in making decisions. (beyond the first one that is!) Believing that everyone needs to agree in order to get agreement is a tautological paradox made by people who don’t understand that consensus mechanisms are a way to resolve disputes. For if everyone already agreed, then we wouldn’t need a system to mediate disagreements in order to arrive at consensus. (shouldn’t that be obvious?)
I don’t get paid to write these, so any donations will incentivize me to write more often!