The Market for Consensus

Note: This article has been kindly translated into Chinese and Spanish.

In some ways, the block size debate can be seen as a debate on how Bitcoin’s consensus rules are determined. Should they be set in stone and difficult to change, as many Bitcoin Core proponents advocate, or should they evolve through an emergent process of individual node operators, as proposed by Bitcoin Unlimited?

Many people like the idea that Bitcoin’s properties should be immutable, as this gives them confidence that its monetary properties and censorship resistance will not be compromised. But this is a false promise. The idea that consensus parameters can be “set in stone” by a reference software implementation is inherently illusory.

Since no one can be forced to run a certain version of software, or prevented from modifying the code they run, consensus rules are always ultimately determined in a bottom-up manner through the choices of network participants. Understanding the factors that motivate these choices, and how the individual choices of node operators interact globally to form emergent properties, can help us to understand how consensus rules could evolve in the future. And perhaps this understanding can help us have confidence that the properties of a Bitcoin rooted in the market are even more solid than if they were written in stone.

Why nodes follow consensus rules

It is true that the Bitcoin network, as it currently exists, follows the consensus rules encoded in the Bitcoin Core client, but this represents merely one possible stable equilibrium. The reason that a particular node operator chooses to recognize the current block validity rules is that all other nodes on the network enforce these rules. A miner will not want to waste proof-of-work producing a block that is orphaned thus losing their block reward. A merchant will not want to exchange goods for a transaction that the miners refuse to include in a block, and thus can be double spent. In these examples, we can observe node operators accepting or rejecting blocks according to validity rules for the purpose of following consensus of the network.

But what about the case of a soft fork? In a soft fork, miners coordinate to impose additional block validity rules that were not in force prior to the fork. In this case, the reason they choose to enforce new block validity rules is to change Bitcoin’s properties, perhaps adding a new feature such as Pay to Script Hash.

Another example to consider is operators of Bitcoin Unlimited nodes currently on the Bitcoin network who choose to ignore current validity rules for block size. These nodes can still interoperate smoothly with Core nodes, but if miners were to produce a longest proof-of-work chain with a greater than 1MB block, then they would follow that chain, whereas Core nodes would reject it. In this case the reason they choose to not enforce the 1MB block validity rule is to try to influence the properties of Bitcoin as a system. They would like to allow bigger blocks.

So we see that the motivations for nodes to enforce block validity rule fall into two categories:

  1. Nodes enforce block validity rules to attempt to stay in consensus with the other nodes on the network.
  2. Nodes enforce block validity rules to try to influence properties of Bitcoin as a system.

If all participants in the network agree on all the properties they want the system to have, then these two motives will be in alignment. Deciding what block validity rules nodes should implement is simple: we simply figure out which block validity rules lead to the global system properties we all agree we want, and all nodes implement those rules.

It is possible, however, that these two goals may not be in alignment. What if you think the network should follow certain rules, but the rest of the network doesn’t agree? If a group feels so strongly about such a property that they are willing to go their own way, then they can simply split off from the rest of the network, whether through a spinoff system, a fork of the block chain, or simply starting from scratch to create an altcoin.

But things are more interesting and complicated if the two goals are more balanced. Then we have a situation where motives are mixed, and must be balanced with each other. This type of mixed-motive dynamic was explored by Thomas Schelling in his book The Strategy of Conflict [1]. Schelling provides a theoretical framework to understand situations where there are incentives for both competition and cooperation.

Schelling’s analysis is very useful for understanding the dynamics of a Bitcoin where significant proportions of network participants have conflicting desires on how the network should operate, but also have a strong desire to remain in consensus with the rest of the network.

Mixed Motives

Mixed-motive strategies can be seen as combinations of coordination strategies, where interests are aligned, and bargaining strategies where interests are divergent. Coordination strategies include signalling and convergence on focal points. Bargaining includes commitment strategies to enforce agreements, typically with credible threats of retaliation.

These strategies include risks as well as potential benefits. In order to understand the dynamics of how these strategies play out, we need to understand how the incentives and risk tolerance of participants interact to shape individual behavior, and how these individual behaviors combine to bring about emergent properties of the system at larger scales.

Validity Rules as a Threat to Separate

A node’s enforcement of block validity rules is equivalent to a threat to split away from other nodes if they deviate from the rules being enforced. Nodes influence the network’s accepted consensus rules, whether that is maintaining currently accepted rules or pushing for new rules, by threatening to separate from nodes that don’t enforce those rules, and thereby form an independent group from the rest who do not follow the rules. The effectiveness of this threat will depend on several factors such as:

  1. The number and economic significance of the nodes that are willing to separate.
  2. The degree to which the threat of separation is communicated to the rest of the community.
  3. The perceived commitment, and willingness to follow through with the split.
  4. The expected viability of the new independent group on the market. This is where the mechanism of Daniel Krawisz’s “Who Controls Bitcoin” article manifests itself [2]. In this case, credible predictions of investor reaction substitute for actually separating.

Let’s consider a few examples:

Example 1: Block Size Validity Rule

Most nodes on the network currently enforce a rule that they will reject blocks greater than 1MB. If a miner were to produce a block larger than 1MB, they “know” (i.e., predict with very high confidence) that it would get orphaned and they would lose their block reward. Even if a majority of miners agreed to build a chain including a block larger than 1MB, if all the exchanges and merchants were to reject this chain it would lose value. By running software that rejects larger blocks, the economic majority is committing to split away from miners if they produce larger blocks. If this were to actually happen, then the market would experience turmoil and value would be lost. But because the threat is credible, miners will not produce such a chain. Miners will follow the money, and the will of the economic majority.

But let’s imagine what would happen if the proportions were reversed. What would happen if the vast majority of economically significant nodes (exchanges, payment processors, etc.) decided to run software such as Bitcoin Unlimited, and not enforce a 1MB block validity rule? In this case, if a small economically weak minority decided to keep enforcing the 1MB block validity rule, this would be very risky for them. By doing so they are saying they would reject a chain containing a block larger than 1MB even if the miners produce such a chain with the majority proof of work, which would cause harm to the network effect of Bitcoin thus lowering its value. In this case, however, miners would have to weigh this loss of network effect against the benefits of larger blocks, and the value they project that larger blocks would add value to the network. If the expected benefit of larger blocks outweighed the harm from the threat of a network split, then they may choose to produce larger blocks.

Example 2: 21 Million Coin Validity Rule

If the block size limit is determined through bottom-up emergent market forces, then what about more significant block validity rules like the inflation schedule and 21 Million coin limit? Would this process risk violation of Bitcoin’s vital property of limited supply?

Let’s consider a situation similar to the last example. A majority of nodes stop enforcing Bitcoin’s inflation limit, perhaps they are convinced that more inflation is needed to keep prices (measured in bitcoin) from deflating quickly, or perhaps they believe the miners need additional reward to pay for securing the network. But a minority of nodes disagree. Many long-term holders and sound money believers vow to reject blocks that violate the prior inflation schedule even if it is the longest chain. Now miners have to assess: If they mine “inflation coin”, what is the likelihood that the minority “sound money coin” would persist and maintain value? How would the two coins compare in market value? Would the risk of value loss by mining such a chain outweigh the value of increased block rewards for them? If these risks seem significant to them, then the “sound money coin” minority will be able to deter them from violating the existing coin issuance schedule, which serves as a Schelling point from which it is difficult to deviate. Furthermore, the rest of the economic nodes, also assessing the situation similarly, would choose to also enforce the existing inflation schedule to avoid the risk of a split and loss in value.

Example 3: Segregated Witness Soft Fork

In the case of a soft fork, network participants coordinate to add new block validity rules that were not previously enforced. This process is typically led by miners who can orphan blocks that fail to comply with the new rules. Non-mining nodes that do not choose to go along with the new rules will follow and accept the longest chain, and thus should follow the new consensus of the miners. The fact the nodes who don’t enforce the new validity rules will follow and recognize the majority chain as valid is often seen as a reason in favor of soft forks.

In a sense, miners can use a soft fork to force through protocol changes whether the non-mining nodes consent or not. We must realize, however, that this comes with some risk for those enforcing the new soft fork rules. If a large proportion of the community does not choose to apply the new rules to the blocks they validate, they will follow the longest chain, but leave the door open to the change possibly being reversed. The new rules would have lower security guarantees, similar to those of SPV wallets.

In the case of contentious changes, this risk is accentuated. Those nodes enforcing the new soft fork validity rules have to seriously consider the risk that they will become isolated from the rest of the network if a chain is produced which violates the new rules, and the majority of the network would go along with that longer chain.

This risk is not purely academic. In fact just such a consensus failure occurred in July 2015 after the soft fork for BIP 66. The change being implemented was non-controversial, it was simply a tightening up rules around signature encodings to ensure that they follow standard behavior. What happened was a coordination problem between the miners. Some of the miners who indicated that they would enforce the new rules in fact were not checking and rejecting blocks that did not comply. When a block violating the new rules was produced, these miners went ahead and extended the chain mining on top of those blocks. What this shows is that there are risks of diverging from consensus when nodes start enforcing new validity rules. This risk would be more severe if the change were controversial with a significant group who chose not to enforce the new rule.

Soft Forks and Hard Forks

Viewing things this way — realizing that enforcing block validity rules is equivalent to threatening to split from nodes that do not — gives us a new way to look at soft forks and hard forks.

A soft fork is when nodes start enforcing additional block validity rules that were not previously in force. This involves nodes having to increase the risk that they might cause a split in consensus with other nodes, and potentially lower security and confidence in the new validity rules.

A hard fork, on the other hand, involves a threat de-escalation. Nodes can accept a hard fork change by removing enforcement of a rule. Those nodes will follow the longest proof of work chain, so they have low risk of falling out of consensus with the economic majority.

It is now well established that any changes to the monetary properties of Bitcoin can be accomplished through a soft fork just as easily as through a hard fork. For example, soft fork extension blocks could be used to raise the 21 million coin limit. Given that hard forks are no more dangerous to Bitcoin’s monetary properties than soft forks, it makes sense for node operators to lower their risk of rejecting the longest proof-of-work block chain by relaxing enforcement non-monetary rules, thus allowing for the possibility for hard-forking changes to the block chain.

A Vision for the Future

A healthy future Bitcoin network should be composed of multiple competing software projects implementing nodes. Some projects would specialize to serve the needs of miners or merchants. Others would make a business of serving light clients providing compact fraud proofs to secure the network.

In addition to competing on features, however, they would also compete on desired consensus behavior. Holders and investors will make sure that scarcity is preserved. Merchants and payment processors would defend ease of transaction. Miners would work to maintain fee revenue which funds the proof of work.

The result of this vision would be a Bitcoin network where accidental consensus failures become very unlikely, and purposeful consensus changes that improve Bitcoin’s overall value happen smoothly. Bottom-up choices aligned with individual incentives would combine to produce a resilient, flexible, and trustworthy system.

Conclusion

The promise of Bitcoin is that it can provide a market-based money that is resilient against attempts to destroy it. To justify the belief that Bitcoin has value, we need to have confidence that its monetary properties will endure in the future. The current situation, with one overwhelmingly dominant implementation, centralizes trust and leaves Bitcoin’s fundamental properties vulnerable to subversion. A future where the fundamental properties of Bitcoin are defended and supported through the market interaction of participants is the only hope for long-term stability.

The idea that the Bitcoin community needs to achieve a social consensus prior to making changes to the protocol misses the point of how the system is governed. No single body should be in charge, and thus no-one should be in a position to determine whether sufficient social consensus has been reached. Anyone is free to attempt hard-forking changes at any time, and it is up to the market to decide whether such changes are valuable.

We should not seek refuge in the false security of top-down control, social pressure, and design monoculture. In order to gain confidence that market forces are a strong bulwark defending Bitcoin’s monetary properties from attack, the best course of action would be to embrace mechanisms that facilitate a free market in consensus behavior.

References

[1] Schelling, Thomas. The Strategy of Conflict. Harvard University Press, 1960.

[2] Krawisz, Daniel. Who Controls Bitcoin?. Satoshi Nakamoto Institute, February 8, 2015.

Acknowledgement

Thank you to Capt Roger Murdock who reviewed a draft of this piece.