Recently I came across a Twitter thread which linked to two articles by the same author. You can read them here:
https://juraj.bednar.io/en/blog-en/2020/11/18/bitcoin-censorship-will-most-likely-come-pt-2/
They describe a path through which the minority of hash-power can compel, through game theory, the remaining majority to censor (ie. not include in their blocks) certain transactions.
Inspired by them I write this post.
I remind the reader that Marathon has started censoring Bitcoin transactions which they believe are illegal according to US authorities.
Let the hash-power of the censurers be that of 10% of the network.
Let the censurers enforce two rules:
- they will NOT include any transactions which they deem illegal
- they will NOT mine a block following that which contains txs they deem illegal, instead they will attempt to orphan the "dirty" block
Let the remaining 90% of hash-power be split into two groups:
- complicit miners who don't mine illegal txs, but have no problem mining on top of them
- cypherpunks who mine illegal txs
The naive approach
Let the previous block be a dirty one.
In order to orphan it the censurers must mine 2 blocks in the time it takes the rest of the network to mine 1.
The odds of that happening may be described with the square of the share of the hash-power under the control of the censurers.
In our case, 10% of hash-power controlled by censurers, that's:
10% * 10% = 1%
This means that any miner including illegal txs has to consider a 1% chance of their block being orphaned and them loosing the fees (~1 BTC) + subsidy (6.125 BTC).
Thus all senders who broadcasts a txs to or from any address which is deemed illegal must compensate the miners with an additional:
1 BTC + 6.125 BTC = 7.125 BTC 1% * 7.125 BTC = 0.07125 BTC
At the time of writing that is slightly over $4 000.
This is the premium, over "clean" txs, the senders must come up with between themselves to have their illegal txs included.
The opportunist approach
In the previous section we discussed the theory behind censurers orphaning the dirty blocks, assuming they would do so through the method of mining two blocks in the time the rest of the network mines just one.
Let us consider a different approach, the remaining hash-power will switch to mining on top of the censored block as soon as the blockchain is split, without waiting for it to outgrow the dirty block branch.
That is to say after the censurers mine 1 block they will mine on top of that 1 block, as opposed to mining on top of the dirty block which came first.
Why would they do that?
The cypherpunks who did not mine the dirty block will prefer the censored branch as it allows them the chance to get the premium paid by illegal txs for themselves, rather than give it the last block's miner.
The complicit miners know this and know that the censored branch is being already mined:
- censurers
- cypherpunks, except for the one who mined the last block
And so the complicit miners will join that branch as well.
Thus we notice that now the odds of a block with illegal txs being orphaned are no longer 1%, but rather a staggering 10%.
This boosts the required illegal txs premium to:
10% * 7.125 BTC = 0.7125 BTC
Over $40 000 at the time of writing.
The case for complicit miners
The opportunist case requires complicit miners and you may be wondering why would those even exist, aren't we all cypherpunks?
Won't they loose out on the fee premiums brought in by illegal txs?
Notice we already have such a pool and it's called Marathon.
If Marathon demonstrates the ability to compete despite (or perhaps thanks to) censoring others will follow.
A complicit miner can advertise to investors and authorities how they fight illegal txs themselves and so don't need to be regulated or forced to do so while also staying in the, relatively, good graces of the Bitcoin community as they are not the ones orphaning dirty blocks.
Pools are companies with investors, an address and quarterly reports. A proactive approach to keep the law away and the investment at a lower risk level are a desirable strategy.
Aren't we all cypherpunks? Not anymore, Bitcoin is going increasingly mainstream and just as the "nodes" in the existing financial system are all required to follow KYC and AML regulations in order to remain connected to the others, through SWIFT, SEPA, etc, so will the nodes which "interface" with Bitcoin.
This is already happening through KYC and AML checks on exchanges, as Bitcoin expands so will those checks.
The "interface" nodes, the PayPals, Binances, etc are already happy to ban some coins, because of their history, they will be/support the complicit miners even when not required to do so. Why do you think so many delisted perfectly legal privacy-centric altcoins?
Furthermore more and more power companies, often state owned, are mining Bitcoin with their off-peak electricity. They are not cypherpunks, they are the state.
Finally miners can be bribed by the state to be complicit, after all they only need to be paid the premium the illegal txs pay over the odds of their block being orphaned, and please remember the premiums we have considered before ONLY offset the odds of the block being orphaned.
Thus illegal txs will need to pay both the orphan premium and the state bribe premium to even stand a chance of getting mined.
The proactive approach
Pools may agree to all move from the complicit category to the censurers.
Why?
Each one of them gains through the elimination of cypherpunks, thus increasing their hash-power share and compensating for not including illegal txs.
If we assume that 10% already is censurers then they only maybe around 40% more to 51% attack and permanently ban certain UTXOs.
There's few enough of them than they CAN cooperate with each other and you cannot just decide to join in as a miner to tip the scales the way of the cypherpunks since not only do you need ASICs to hash sha256, but also you will need the cheapest electricity on the market.
For a more in depth explanation...
... and answers to the questions you might have check out the second link.
Juraj Bednar does a better job at explaining his game theory than I do.
(Non) solutions
Allow me to just start of with Taproot does not fix this.
The Lightning Network does not fix it, because the censuring and complicit miners will simply not mine the tx which opens a payment channel or closes it.
Meanwhile LN node operators will not want to open channels to illegal UTXOs either, or will close them should they be already open, because they will not be able to close those later and the current Lightning Network ensures you cannot fully empty the channel either, this is done as a precaution to prevent channels partners from having nothing to loose when attempting to cheat their partner.
Even if Bitcoin implements a private script type, just like it's already trying to implement Taproot, if it doesn't happen fast enough the holders of illegal UTXOs won't be able to migrate them to the new script type (address) since those txs won't be mined.
[link] [comments]
No comments:
Post a Comment