The Major Risk to Bitcoin That Many Bitcoiners Ignore
Introduction
It is said that if an attacker attained 60% of Bitcoin’s hash power, they wouldn’t be able to selectively censor a transaction because the blocked transaction would be processed by the remaining 40% of honest miners. All that a majority hash-rate attacker could accomplish would be a small delay in confirmation times.
This is completely and utterly false.
The Reality Of Censorship By a Majority Miner
In reality, a miner or group of miners that commands >51% of Bitcoin’s hash power can censor transactions at their will, for as long as the following conditions remain:
-The attacker doesn’t lose 51% of the hash rate.
-Nakamoto Consensus is respected, i.e. there is no intervention at the social layer.
The censorship attack
Bitcoin achieves distributed consensus through the “rule of the chain with the most Proof of Work (PoW),” which always applies. Thus, if an attacker gains control of more than 51% of the hash power, they can always produce the chain with the most PoW, allowing them to arbitrarily reject blocks (and therefore transactions) by simply refusing to mine on top of any block containing them. As the attacker controls the majority of the hash power, they will always build the chain with the most PoW (the consensus chain), causing blocks that contain censored transactions to be left behind in minority hash rate chainsplits.
In this scenario, the game theory of Proof of Work is turned upside down, and honest miners have an incentive to join the censor since failing to do so would result in their block being orphaned and the loss of 100% of the block reward.
Since the attacker wouldn’t be breaking any of the rules of Nakamoto Consensus, full nodes would accept the censored blocks as valid and automatically sync with the chain with the most POW (i.e., the attacker’s chain).
To read more on censorship and other miner attacks I recommend the following articles:
https://es.braiins.com/blog/bitcoin-mining-attacks-explained
Why are people confused about this?
There are probably several reasons why many bitcoiners are ignorant of this threat to Bitcoin’s censorship resistance. In my experience, it generally boils down to a lack of understanding of how the protocol reaches consensus. For instance:
- Andreas Antonopolous is a great Bitcoin educator but in the past, he has understated and minimized the risks and implications of a 51% attack. Videos such as this and this show him making false claims which have wrongly shaped the beliefs of many bitcoiners (including myself in the past).
- Some have misinterpreted the following article to claim that the “chain with most POW” rule only applies when two blocks are found simultaneously. This is wrong, the “chain with most POW” rule applies always, it is how the system finds distributed consensus.
- Confusion around the hash rate wars: Some believe that the hash rate wars proved that miners have no power and that full nodes have all the power. This is conflating the issue; the hash rate wars dealt with changes to bitcoin’s consensus rules, namely to the block size. In this article we are assuming no changes to the consensus rules, the system would be operating according to Nakamoto Consensus.
- It is claimed that, in the past, China already represented 51% and no attack happened hence, no attack will happen in the future: This objection is a non-sequitur, an invalid inference. The fact that an attack didn’t happen when the hash rate was concentrated in underground mining operations in China doesn’t mean it won’t happen if the hash rate is concentrated under different circumstances (e.g. if it is concentrated in a handful of publicly listed north-American companies.)
In reality, there is nothing novel to what I’m saying. Satoshi himself asserts in the whitepaper that: “The system is secure as long as honest [mining] nodes collectively control more [hash] power than any cooperating group of attacker nodes…”
Source: Bitcoin Whitepaper
On the Likelihood of a Censorship Attack
The more sophisticated Bitcoiners accept that a censorship attack is possible but deem it extremely unlikely for several reasons;
5.1. An attacker could never buy all the equipment.
This presupposes the attacker would need to buy the ASICS, the more likely and costless manner for a State to successfully undertake the attack would consist in:
- Enacting miner-friendly regulation in one’s territory that attracts the majority of the hash rate.
- The above is much easier if other jurisdictions (E.G. China and the EU) enact regulations hostile to proof of work.
- Once most of the hash rate is in one’s jurisdiction, declare proof of work mining a national security industry and enforce censorship regulation.
One could even argue that the data suggest the distribution of Hash Power is already showing a very worrisome trend towards entity and jurisdictional centralization in a handful of publicly traded, north-American, Bitcoin miners:
The above trend should be concerning for all bitcoiners who value censorship resistance; it should be terrifying to read announcements such as Marathon Digital Holdings’ plan to reach 24 EH/S by next year (10% of the current hash rate).
If this trend continues, it doesn’t seem implausible that a point is reached when it becomes possible for the US and Canadian governments to enforce regulations that ban certain addresses on a majority of bitcoin miners.
5.2. It’s not rational to perform the attack
The world is full of non-rational actors, States go to war all the time… Furthermore, from the perspective of the State, it seems perfectly rational to attain control over a tool that allows for the perfect freezing of adversarial assets.
The whole point of bitcoin is to resist attacks by adversarial, non-rational actors. That’s why bitcoiners tolerate low speed, high fees, and low throughput.
5.3. Maintaining the censorship attack would be too costly for the attacker:
The attacker would still collect the totality of the block reward except the fees corresponding to the censored transaction.
The honest miners would be forced to comply with the censor since attempting to include the censored transaction would result in the orphaning of their block and the loss of all revenue.
Censorship Attack Example
Imagine a hypothetical future in which Bitcoin is the world’s monetary asset, and there is credible evidence that a public or private entity (e.g. a rogue state or a terrorist group) has planned a brutal, unprovoked aggression that will lead to a massive civilian death toll.
Whether it’s a terrorist group or a State is unimportant, the key elements of the aforementioned scenario are:
- The aggression is capital intensive, to finance it, the aggressor needs to sell their coins via an on-chain transaction.
- The aggression will predictably result in a large civilian death toll.
- Censoring or freezing the aggressor’s bitcoins would prevent the aggression, saving countless lives.
- A State or a coalition of states that commands >51% of bitcoin’s hash rate enforces regulations that force miners to block the aggressor’s coins in an attempt to prevent the aggression.
Potential defenses
As was stated at the start of the article, in the above scenario the attacker would be able to sustain the censorship attack unless:
- They lose control of the majority of the hash power.
- There is an intervention on the social layer, a divorce from Nakamoto Consensus.
So any attempt to regain censorship resistance would require the following:
- The censoring entity loses control of the majority of the hash power.
One argument for how the censor’s share of the hash power could be diluted — and censorship resistance recovered — involves the existence of transaction fees. The censored entity could increase their transaction fees, which would remain in the mempool, incentivizing new honest hash rate to come online and collect the aggressor’s fees, diluting the censor in the process
In this article, Eric Voskuil explains how in the future, as the block reward falls, and transaction fees represent a higher percentage of miner revenue, the fee market will have a greater effect on preventing censorship:
“The subsidy portion of the block reward does not contribute to censorship resistance because the censor earns the same subsidy as other miners.”
Going back to our hypothetical censorship scenario, there are reasons to doubt that the fee mechanism would succeed in attracting sufficient hash power to dilute the attacker’s majority share:
- Firstly, it is entirely conceivable that a non-rational actor subsidizes the censored chain in order to advance non-monetary goals (e.g. saving lives or destroying a rival).
- Secondly, other miners could join the censor because they assign higher utility to non-monetary ends (e.g. saving lives) than to gaining the censored transaction fees.
The fee-incentive argument would be valid if humans were automata that responded mechanically to monetary incentives. However, this narrow view of human action — so typical of neoclassical economists — is simply false. In reality, human action isn’t subordinated to monetary profits, instead, it responds to a variety of incentives, including preventing the loss of innocent lives. There is simply no way to know the motivations of each actor and how much utility they would assign to saving human lives vs receiving a high monetary reward.
As Eric Voskuil asserts in his article:
“It cannot be shown that the economy will generate sufficient fees to overpower a censor. Similarly, it cannot be shown that a censor will be willing and able to subsidize operations at any given level. It is therefore not possible to prove censorship resistance”
Alas, it becomes evident that bitcoin’s censorship resistance isn’t inherent to the system. Instead, it is dependent on the moral and ethical preferences of the individuals running the ASICS and whether censoring entities collectively command more mining capital than the honest, non-censoring miners. If enough capital is willing to mine the censored chain — foregoing the high transaction fees to save innocent lives — bitcoin would remain censored.
Unless of course, there’s an Intervention at the social layer.
2. There is an intervention on the social layer, a divorce from Nakamoto Consensus.
If the attempts to dilute the attacker’s hash rate below 51% are unsuccessful, censorship resistance might be restored by intervening at the social layer, i.e. by abandoning Nakamoto Consensus.
Going back to the scenario at hand, it should soon become clear how social layer interventions become a thorny issue that elicit a number of uncomfortable questions for each individual node operator and coin owner:
- What does one do, as a particular node operator? Does one remain committed to immutability and stay on the censored protocol or does one reject the censored chain and move to the terrorist/uncensored chain by abandoning Nakamoto Consensus? (E.G. via invalidate block or a change to the consensus algorithm)
- Does one sell their censored bitcoins for uncensorable (but terrorism-financing) bitcoins?
- Would the censored chain lose its value? Or would it remain valuable because of its predictable full-node-enforced monetary policy?
- But isn’t the whole point of a blockchain to be resistant to censorship? If not, why are we tolerating the slow speed, transaction throughout, and massive resource expenditure?
- When push comes to shove, what has primacy: censorship resistance or saving lives?
- And what about the children?
The promise of Bitcoin and specifically, Nakamoto Consensus, is to free us from having to ask ourselves these sorts of questions; censorship is not supposed to be an option, Bitcoin is supposed to be neutral.
However, if a hash rate majority starts censoring transactions and defense is attempted at the social layer, the heterogeneity of human values risks a slow death by 1,000 forks and a failure to regain distributed consensus. Nick Szabo has pointed out the scaling failures of social consensus, as well as the need to commit to radical immutability.
Conclusions:
Bitcoin claims to be neutral, uncensorable, “F-you money”, however, a majority hash rate entity can arbitrarily censor transactions as long as:
- They don’t lose 51% of the hash rate.
- Nakamoto Consensus is respected, i.e. there is no intervention at the social layer.
The first defense mechanism, consisting of diluting the censor’s hash rate, is not guaranteed to restore censorship resistance. This is especially the case in complex ethical situations, where human action isn’t guided by monetary incentives.
The second defense mechanism, consisting of social layer interventions, faces serious consensus challenges. Given the heterogeneity of human values, a divorce from Nakamoto Consensus makes decentralized consensus an extremely challenging, perhaps futile enterprise.
Can we confidently assert that Bitcoin is neutral money when a majority hash rate can freeze adversarial funds? If the current trend continues and a majority of Bitcoin’s hash rate becomes concentrated in US and Canadian public miners, can we expect rival nations such as Iran or China to place their reserves in an asset that can be censored by their enemies at a whim?
If the ideas put forth in this article are correct, censorship resistance is not an essential, permanent characteristic of Bitcoin but a contingent, political and ethical choice. If enough humans with sufficient capital deem censorship to be an ethically desirable end, Bitcoin will be censored.
In order for censorship to be an unlikely outcome for Bitcoin, (albeit never 100% inevitable) hash rate should be maximally decentralized across jurisdictions and entities. Just like having a decentralized array of full nodes is necessary to prevent arbitrary rule changes, a decentralized array of miners is essential to preventing arbitrary censorship.
Follow me on Twitter @gaelsansmith. Thanks to @joekelly100 for laying the groundwork for a deeper understanding of POW and Nakamoto Consensus. Thanks to @bitcoinpierre for reading the article and providing valuable feedback.
References
Joe Kelly: On Bitcoin’s Fee-Based Security Model — Part 3: Bitcoin vs. The State:
Braiins: Bitcoin Mining Attacks Explained: https://medium.com/r?url=https%3A%2F%2Fes.braiins.com%2Fblog%2Fbitcoin-mining-attacks-explained
Arcane Research: Bitcoin’s hashrate is going public: https://arcane.no/research/bitcoins-hashrate-is-going-public
Nakamoto Institute: Money, Blockchains, and Social Scalability https://nakamotoinstitute.org/money-blockchains-and-social-scalability/
Eric Voskuil: Censorship Resistance Property https://github.com/libbitcoin/libbitcoin-system/wiki/Censorship-Resistance-Property
Mises Institute: The Homo Economicus Straw Man
https://mises.org/wire/homo-economicus-straw-man
Bitcoin Whitepaper