Some people falsely think that the amount of hash rate is a security feature in itself. The error here stems from believing that you can never catch up from behind. Such thinking is limited, and misses the exponential nature of computational growth. The amount of computation per dollar of electricity increases exponentially, doubling every 18 months in normal computer systems. In systems such as Bitcoin, that are going through a rapid development phase, growth happens even faster.
To give an example, the entire hash rate expressed over the life of Bitcoin from its substantiation until the end of 2017 (a period of eight years) could be recreated by a rogue miner with 50% of the current Bitcoin hash rate in only a matter of weeks. It is worse when you consider that the amount of potential hash rate available on the network right now more than triples the current Bitcoin hash rate. With advances beyond Moore’s law, Bitcoin is doubling close to every 12 months in power and capacity. When it comes to price, the total BTC network has remained static for a period of close to 5 to 6 months. Yet, in the same time, computational power based on hashing alone has increased significantly.
Based merely on hash power, a rogue government or other attacker would be able to make more money attacking Bitcoin than the network could sustain. In fact, by shorting coins (bitcoin), it would be possible to both capture a direct monetary value from an attack and pay to sustain such an attack. Bitcoin, at USD100,000 each bitcoin and based solely on hash power, could be attacked profitably for around USD10-USD20 million a day, likely returning 100 times the value. In a broken copy of Bitcoin such as the BTC network, the limited block size would make the same sort of attack even simpler.
There are reasons why such attacks would not work. Carrying out an attack by purposely shorting an asset in such a manner is illegal in practically every country on earth. It is not hashing that makes the network secure. It is not hash computation that would stop a 51% miner from re-computing the blockchain going back two years. The main security structure of Bitcoin lies in the public nature of the blockchain. Bitcoin is secure because the hashes are publicly and widely distributed. People involved within the network can simply and easily detect any attack.
The network is managed by a system of commercial nodes (the miners). Such entities act as a distributed fiduciary, controlling and ensuring the integrity of the Bitcoin network. They act as agents, and are paid for their task. They do not own the network or the database. They act on a unilateral agreement or contract, following a set of rules where they agree to verify transactions and create blocks in return for a payment.
It takes time to respond to an attack. Thus, the first part of the process is made up by the maturity period: blocks that are found by nodes are not able to be claimed as revenue and spent until they are further 100 blocks old. Such an ageing process allows for any node that is attacking the network to be determined and isolated, in a manner that will allow the honest nodes to implement controls and ‘freeze out’ the attacker. When I implemented the alert key, it would allow the majority of network miners to quickly see and respond to an attack and be notified by others acting to protect the network, allowing them to implement controls.
There is the myth that an entity which does not produce blocks can be considered a node. It was made very clear in my white paper that nodes create blocks. A full node validates transactions in the blocks produced by other nodes — a validation that is done through the process of creating blocks. If you are not creating blocks that are accepted by the majority of nodes, you are not validating transactions within Bitcoin. The only full nodes that exist on Bitcoin are ones that create blocks on a regular basis. Despite the myth, there are under 20 nodes even on the BTC network.
Figure: Distribution of the BTC network, on 21st April, 2020.
Although the distribution varies across time, it is the same five or six miners which continue to control the majority of hash rate. It is not a problem; it is the method behind the design of Bitcoin. There is no irreversible hash function that cannot be controlled in Bitcoin; there is simply the publication of such values. What people fail to understand stems from not having read two critical references in my white paper: references two and three. Both detail the process of designing a secure timestamping service. The authors of the papers created a centralised timestamp server that allowed external parties to validate the integrity of the chain of hashes through their publication.
[2] H. Massias, X.S. Avila, and J.-J. Quisquater, “Design of a secure timestamping service with minimal trust requirements,” In 20th Symposium on Information Theory in the Benelux, May 1999.
[3] S. Haber, W.S. Stornetta, “How to time-stamp a digital document,” In Journal of Cryptology, vol 3, no 2, pages 99–111, 1991.
The papers from the 1990s detailed an early concept of what is now called the blockchain. The difference was that the authors did not believe that a distributed consensus could be formed between each of the nodes. Here, the users of the network differ from the timestamping service, which is analogous to Bitcoin as the nodes differ from the users of the network. The distinction in Bitcoin is that I managed to find a way of allowing different individuals on the network to come and go. As such, the system becomes robust. If any individual node fails or is attacked, the other nodes on the network will simply take over. Unlike the previous attempts at making a ‘time chain’, or an early blockchain in the ‘90s that was used for timestamping documents, Bitcoin is resilient to the failure of any entity on the network.
The systems released by Massias et al. and others relied on the publication of a series of hashed values that would be released to the public on a daily basis. To achieve it, they used a system such as a newspaper-based publication system. The number of hashes was thus limited to a level set by the number of publications each day. The system also limited geographical publication rates. More importantly, the proposed system had no methodology of allowing more than a single party to act as the primary timestamping source.
The result of the system was one that was non-robust. Survivability studies demonstrate that such forms of in-series failure can lead to a massive collapse. Although the system was superior to ones released with previous attempts of public-key infrastructure, it still failed to achieve an adequate level of security or resilience by limiting its use and growth to other systems.
To be resilient, it is necessary for the system to support multiple nodes. Each node must be able to come and go, while the other nodes must be able to survive the failure of not one but multiple nodes, simultaneously. Such a survivability study leads us towards determining a more resilient overall system. We create Bitcoin nodes as agents of the network, in a manner that allows Bitcoin to continue no matter how many agents fail. In fact, the history of Bitcoin is complete with the failure of multiple nodes. Node companies have come and gone throughout Bitcoin’s decade-long lifespan.
In the previous timestamping systems and systems associated with public-key infrastructure, the failure of the critical controlling node has led to the collapse of the respective system. If the same was to occur in Bitcoin, the entire currency system would collapse. It would mirror the systems associated with both centralised and decentralised digital currencies of the past. eCash, DigiGold, Mondex, e-gold, Liberty Reserve, Mojo Nation, and a myriad of other attempts of creating a digital currency all failed when the primary system failed, and so, Bitcoin would need to be resilient to such failure. Distributed systems like Liberty Reserve and Mojo Nation failed for similar reasons. By creating a system of network agents that would work in accordance with a defined set of rules, Bitcoin would become resilient in a manner no other system had before.
The critical point is that a base set of rules and a distributed unilateral agreement or contract needs to be formed in a manner that cannot be changed. The agents are able to enforce rules, but do not create them. The rules of Bitcoin are thus set in stone for the rest of time. As such, there is no central entity that can fail resulting in the failure of the overall network. Simultaneously, no agent (node) is important enough to permanently damage the network.
Systems such as Ethereum reintroduce the initial critical point of failure and having a rules body whose failure may affect the rest of the network. The ability to alter the system and the database that the blockchain runs on is the ability to control the system. Nodes do not control the system. Nodes do not add new code. In the BTC network and other systems such as Ethereum, a central developer group acting as a partnership sets rules, changing them upon desire. The same small group or cabal may then introduce changes into the system, which we have seen with the introduction of Segregated Witness in the BTC network, the copy of Bitcoin commonly referred to as Bitcoin Core. The small group of developers sets rules that are then required to be run by other nodes.
Such developers use the methodology of what they call a soft fork to implement changes and control the protocol. The process works by embedding changes that will not activate immediately as code upgrades. It is an innocuous bait-and-switch process that hides radical changes in the network — by allowing nodes to implement small, gradual changes that hide the overall ability to hijack and control the system.
In doing so, the developers of a system such as Bitcoin Core are able to surreptitiously introduce changes which they then promote as being introduced by the nodes. Here, a major change is subsumed and introduced through a series of minor changes. The major change is only enacted at a later time, after many changes have already been enacted, adding the appearance of voting by the nodes. The reality, though, is that nodes are not given a vote, nor was protocol voting ever a part of Bitcoin. Bitcoin nodes vote on the order of blocks as they see them, but they do not do so through a conscious process. The phrase ‘voting in Bitcoin’ refers to an automated process conducted by systems that announce the effect of the order of transactions that occur across the network.
The process allows the network to signal any defectors or systems that are not following an expected transaction order. Nodes following a transaction order orphan any blocks that are determined as false or would attack the network. We shall go into more detail later here, but it needs to be said that dishonest nodes include such nodes that support the designer’s node, even if they were not to directly benefit. Yet, a node that builds upon a dishonest node’s block is benefiting through the malicious and possibly criminal activity of another entity. Such dishonest nodes are subject to a variety of actions under law.
So, What Does Proof-of-Work Do?
The question becomes, why do we use proof-of-work at all? It is not because proof-of-work is in itself a security mechanism or that hashing alone secures the network. Neither of such cases are true. Proof-of-work adds a cost to the creation of a block. The creation of a proof-of-work solution presents an asymmetric signal that allows a small number of entities (commercial nodes) to produce something that is difficult and expensive to create but, at the same time, simple and inexpensive to verify. Each of the competing nodes may thus quickly validate the work of every other node. Also, through either statistical auditing or sampling, external parties can validate the actions of the nodes as a whole. Such other parties do not need to validate the entire blockchain, but can rather rely on the block headers that have been published over the network.
In effect, Bitcoin is a form of signalling game. Unlike most signalling games, Bitcoin does not rely on a two-party player system. Rather, Bitcoin is a multi-leader multi-follower Stackelberg game. It is also an infinite game, one where each individual node may come and go at will, but the game itself is left to continue without end. At any point in time, the overall Stackelberg game may be modelled as a simple two-player game. Here, the attacker may be modelled against the honest nodes. Any node following the attacker may be seen, at the point in time, as forming part of the attacker, as the only issue to be modelled is the amount of computational power supporting the attack compared against the opposing the attack.
As any attack will be public and may be opposed, what we have is a signalling game with a time limit. The attacker needs to be able to conduct an attack that is not detected and that allows them to complete a set of transactions that will have matured in an aged block [1].
In a signalling game, the nodes involved in Bitcoin form a strategy based upon the signals issued by other nodes. In the system, the informed player strategy will be derived based on signals contingent on information. Such information could include verified evidence of attacks, an announcement following the broadcast of an alert key, or the creation of multiple competing blocks. The information could extend to court orders that, using a variant of the alert system and with the introduction of advanced digital signatures that would be associated with each individual court, would be published across the Bitcoin network. Such a signal, of course, requires advanced knowledge, and would not have been achievable in the early days of Bitcoin. The signalling game in Bitcoin is one where nodes can use the strategies and actions of their opponents in making inferences from information.
An early implementation of signalling games was proposed by Zahavi (1975)[2], and concerned signalling strategies across animals. In an analogous manner to peacocks wasting energy in growing tails that have no purpose of survival outside of mating, Bitcoin nodes use proof-of-work to signal the intention to remain honest. Here, an honest node may be considered more fit. In other words, it is capable of producing valid blocks more effectively than other nodes. In our model, the external party acting as the equivalent of the tiger in the peacock model corresponds to law enforcement.
The Handicap Principle
In a manner analogous to how animals communicate fitness through a series of observable, displayed characteristics that in themselves reduce fitness, Bitcoin nodes actively waste investment to display fitness for purpose. In Bitcoin, the purpose is to display honesty. Nodes compete to say that they are honest and efficient. As such, each node creates an investment that is effectively at risk. Bitcoin nodes rely on fixed data centres, with high connectivity, long-term power contracts, and a good deal of expensive equipment. The systems are easy to detect. Unlike with malicious botnet systems and cyber attackers, it is difficult, if not almost impossible, for a Bitcoin node of any scale to be undetectable.
Whereas early nodes running on a low level of investment could act maliciously, as Bitcoin scales, the cost of acting maliciously increases along with the investment in the overall network. It becomes more difficult for an attacker to get away with an attack because of the requirements for fixed, long-term facilities. The scenario leads to an ability to easily take action against a dishonest party. Even in a global system like Bitcoin, it becomes simple for the honest nodes to act to contain any attack. It is not a system outside of law, but a system that uses law to ensure that an honest system is created. Ideally, the day-to-day operations of Bitcoin will not require legal interaction; the mere threat of such interaction should limit certain dealings.
In our analogy of the peacock, Bitcoin nodes expend energy on proof-of-work in the same manner as a peacock expends energy maintaining an inefficient appendage. In both cases, we reduce the need for signalling between parties by the mitigation of a cheap-talk game. In the case of the peacock, an unfit animal with a long tail becomes a meal for the local predators. To the tiger, a long peacock tail symbolises lunch. Similarly, a large mining facility creates a legal target. As Bitcoin nodes (or, miners) scale, government and regulators will target the major players. At present, only three or four node operators are required to be targeted to enforce court orders and proceeds of crime orders. A node may choose to remain small, in which case they may simply follow the actions of the larger nodes. A small node is incapable of individually attacking the network with any rate of success. Larger nodes become scrutinised as they grow bigger.
A large operation attracts scrutiny from both regulators and tax authorities. Proof-of-work removes the condition known as cheap talk. A cheap-talk game is one where the individual player preferences remain independent of the signals expressed by the other players. In any environment where nodes can come and go at will and do not need to be officially regulated and monitored, a system that does not have a cost will result in player defection and the flouting of the rules. Proof-of-work, through the creation of a cost that cannot be easily ignored, incentivises honesty between the nodes. Bitcoin is not simply distributed to nodes for the blind creation of a hash puzzle, but it is distributed against the successful completion of a task: the validation and time-ordering of the transactions propagated around the Bitcoin network.
A distributed, blockchain-based system can only work when it is inefficient. If the proof-of-work algorithm were to solve a valuable problem, the nodes would be able to hedge the cost of cheating and create a scenario where talk is cheap and signalling no longer determines which nodes are honest.
With Bitcoin, the blockchain and the interactions of the nodes are widely published, and may be reviewed by all users of the system. Consequently, it becomes simple to expediently determine cheating within the system. A party seeking to attack the network does so under public scrutiny. A further analogy may be seen in the framed medical degree in a physician’s office; it acts as a signal allowing the medical professional to let his clients know that he is a qualified member of the medical profession, yet is not perfect, because knowing where the doctor studied does not present proof that the individual is a good doctor.
In most cases, the medical profession and its regulators do not need to step in. Yet, if the physician misrepresents his credentials, society and the law impose large penalties upon the individual. As with any person with a degree, the physician is not required to display all his qualifications and diplomas, but if the individual displays forged degrees, it becomes an actionable offence [3].
Similarly, a node in the Bitcoin network that processes invalid transactions will be very quickly expelled by other nodes who, as part of their agency arrangement, self-police the network. The arrangement is efficient for each of such nodes, because the discovery of an invalid block increases the reward for all remaining nodes. It also becomes efficient and effective for the nodes to start criminal actions against nodes that continuously try to cheat or flout the system. Most countries have laws covering computer attacks and the malicious use of computers. Criminal actions under such laws are not conducted by the nodes. As the honest nodes can cause significant damage and criminal liabilities against the dishonest node, they add an asymmetric cost against any dishonest node. A dishonest node, as it is detected attacking the network, must expend money protecting itself through legal measures, which is a high-cost exercise. An honest node simply needs to report the criminal activity of the dishonest node. The cost differential is highly skewed towards honesty.
Verifiable Information
Bitcoin extends the signalling games by allowing any participant, whether as a node or a user, to validate and verify the messages of any node on the network. Such messages present not merely the proof-of-work solution, but correspond to the creation of a valid, time-ordered block, one that fits within and enforces the rules of the network. A real-world example of a ‘verifiable information game’ may involve a person claiming to have mastered playing the violin when a violin is known to be in the room and the person knows they could be asked to play.
Grossman (1981) [4] investigated the role of public and private disclosure and the creation of quality products. By creating a system where all participants can easily verify the actions of others, Bitcoin has incentivised the creation of high-quality blocks. As such, it is a system that supports honest money and can easily be intercepted to stop money laundering and large-scale crime and fraud.
Upon creation of a block, each node creates and acts on an ex-post, verifiable disclosure. Here, talk is expensive. The creation of a block requires a large investment in finding the proof-of-work solution, that is easy to verify. It takes fractions of a second to validate the block hash. The validation of the message within the block can take longer, but will still only require a number of seconds. An attacking block could theoretically use the few seconds to gain a small yet quantifiable advantage, but it comes at a cost; the investment in creating the proof-of-work around their verified transactions within a Bitcoin block is expensive, far more expensive than the validation of the transactions and the time-ordering of the block. Consequently, the Bitcoin node has to expend a lot of money creating an attack that will quickly be verified. With the block maturity set at 100 blocks, making up the large part of a day, nodes cannot profit from the attack. Any investment in creating the proof-of-work solution would be better put towards honestly validating transactions.
Even a double-spending attempt, a form of attack against the network, would easily be detected. Nodes have a, when compared against the proof-of-work cost, negligible ex-post verification cost and negligible communication costs. In models such as the private-disclosure signalling games by Grossman (1981) [4], it becomes very important that the information is publicly verifiable, including the ability for third parties to audit and verify information. It is not critical that they verify all information but rather that they can verify any particular source of information that is available and that they are able to easily act upon invalid information, by reporting it in a manner that alerts others to the error.
The block maturity acts as a warranty. Users can start to trust the information within a block as they know that each individual miner that has created a block has effectively also warranted the accuracy and integrity of the very same block. It is not cheap to simply say that you have found a block. Even given the header itself, a user acting as a third party may simply download the block header and validate the proof-of-work hash without validating all of the transactions.
The scenario leads to multiple levels of ex-post verification. A user who merely interacts using simplified payment verification (SPV) need only validate the block header to be assured that the node has engaged in a suitable manner. In part, each such user knows that they can trust the data within the blockchain because each node is incentivised to find any errors in a discovered block. In discovering a block solution, each node needs to validate all of the transactions. They may be hashed and indexed so that even if the order is changed between nodes, or transactions have been received in some form that varies between nodes because of scenarios such as geographical distancing, the mere hash of the transaction can be compared by the node to know that the transaction in a block is exactly the same as the one they would have verified, or any different transactions will be easily extracted and checked.
Any party who seeks to invest can gain entry into the activities associated with running a node. Honest nodes use proof-of-work as a disclosure that distinguishes them from dishonest individuals within the network. In other words, honest nodes will not be lumped in with dishonest nodes as a part of the protocol involves the disclosure of the quality of their work. The ability to transmit blocks and act as an honest agent of the network may be simply distinguished by any individual or third party.
Subsidies and Fees
Bitcoin is designed in a manner that forces it to scale. If the number of transactions that occur on-chain does not increase, the system is designed to end. In particular, Bitcoin is designed in a manner that leads to commercial entities being formed, which compete to provide a service. Rather than having a regulatory body having to monitor each of the agents, Bitcoin has created a scenario where the public disclosure of information allows both the users of the system, the nodes themselves, and third parties to validate the integrity of the system. More importantly, nodes are incentivised to find and remove dishonest actors. Whenever the proof-of-work discovery rate is decreased, the earnings in the effective zero-sum game that exists in the set number of blocks being found in a period of time lead to an increased profit when nodes collude to remove dishonest actors.
Equally, the formation of cartels is easily detected. If a large group of nodes seeks to exclude honest players to increase the group’s profitability, all actions are publicly available to be reviewed and acted upon. The evidence remains available. ‘Orphan chains’ are published widely, and may be used as evidence of collusion. If a group of honest miners with low hash rates consistently discovers blocks, but finds that the nodes are rejected by a colluding group, it would be simple to analyse such a rejection and show a systematic series of behaviours that are conducted by the colluding group and leading to a series of unfair business practices and a breach of the base rules of Bitcoin. As such, large miners need to compete by continuously improving their operations, or know that they will be forced out. It is not enough for a large Bitcoin node to act in a monopolistic manner; they must provably be better than their competitors.
Here, the subsidy and the fees come into play. Every four years, the subsidy offered to nodes reduces by half. Bitcoin will not continue to ‘go up’ exponentially; it is a logistic system in value, and will eventually be valued by use. As such, if Bitcoin nodes do not gain through profitable levels of transactions, they will simply become obsolete. As a result, there is a requirement to scale Bitcoin transactions. Bitcoin competes with alternative financial systems: its prime benefit is the ability to offer micropayments and other small transactions at a level that has never been achieved before. If the level of fees increases, the ability to compete with the existing financial system is lost. Consequently, Bitcoin can only succeed through scaling the total number of transactions.
To do so, nodes need to increase both the level of productivity between other nodes and themselves and the level of transaction processing. There is a balance between the amount of energy expended on separate tasks: in investing their money, Bitcoin nodes need to choose between solving a proof-of-work puzzle, validating and ordering transactions, and propagating transactions. As the subsidy diminishes, it becomes more and more necessary to greatly increase the volume of transactions that are processed. A node that does so must necessarily take investment away from solving proof-of-work puzzles towards more computational power that is associated with transaction verification and propagation. If nodes fail to do so, that is, they do not scale in block size, then the fees will increase leading to a scenario where it becomes no longer profitable to use Bitcoin. The only profitable use of Bitcoin, then, lies in money laundering and criminal activity, where Bitcoin is ineffective.
As Bitcoin scales in price and not block size, it becomes simpler to track and trace funds, and law enforcement will become more involved. Effectively, the growth of the Bitcoin network leads to a scenario where nodes either professionalise and follow existing laws and regulations or become actively targeted as a source of criminal money laundering. The game-theoretic make-up of Bitcoin is one that leads to a binary outcome: either Bitcoin scales massively on-chain, in which case it requires large data centres and commercial operations, or it becomes targeted and is easily shut down because of criminal activity.
The asymmetric design of Bitcoin was carefully chosen to ensure that the system would become a resilient commercial group of entities that compete to provide honest transaction processing.
References and Notes
[1] It is important to note that nodes are not paid until a block has matured. To mature, a block must be 100 blocks deep. From a user’s perspective, the order of blocks and orphans do not matter. If competing forks of the chain develop, transactions from the users of the network will end up in each set of blocks, and the orphaning of any individual block should not impact the users in any significant manner.
[2] Zahavi, A. (1975). Mate Selection — A Selection for a Handicap. J Theor Biol, 53:205–214 (see: http://www.eebweb.arizona.edu/Faculty/Dornhaus/courses/materials/papers/other/Zahavi%20sexual%20selection%20handicap%20model%20signal.pdf; accessed 19th May, 2020)
[3] For further reading on signalling, see: https://econweb.ucsd.edu/~jsobel/Papers/Signalling (accessed 19th May, 2020).
[4] Grossman, S. (1981). The role of warranties and private disclosure about product quality. J Law Econ, 24:461–483.
More Background
- Milgrom, P. R. (1981). Good news and bad news: Representation theorems. Bell J Econ, 21:380–391. (see: https://econpapers.repec.org/article/rjebellje/v_3a12_3ay_3a1981_3ai_3aautumn_3ap_3a380-391.htm; accessed 19th May, 2020).