Bitcoin — Centralized or Not?

This post discusses the decentralization of the Bitcoin network based on the DARPA funded report released this June by Trail of Bits, a security research firm.

Why is the possible centralization of Bitcoin a problem? Bitcoin’s value proposition is being sound money by the definition of Von Mises — a salable commodity, that is hard to inflate, and sovereign — under the control of the owner and resistant to government control. The latter is only possible if Bitcoin remains decentralized.

Sovereignty through decentralization is the only feasible return to sound money. As Friedrich Hayek put it in 1984 (what a year, what a quote):

I don’t believe we shall ever have a good money again before we take the thing out of the hands of the government, that is, we can’t take it violently out of the hands of the government, all we can do is by some sly roundabout way introduce something that they can’t stop.

It’s important to note that DARPA is a research and development agency of the United States. The sovereignty of Bitcoin makes it a threat to governments by offering citizens worldwide access to sound money. The report can therefore be considered biased. So should this post, the author holds a long position in Bitcoin.

The post is intended for technical readers with a basic understanding of distributed databases and network security. For non-technical readers, here’s the takeaway: The 11 centralization risks put forward by Trail of Bits offer no threat to the security of the Bitcoin network. The main threats to Bitcoin remains centralization of ASIC production and a return to gold as the money of the world. For the technical readers, let’s go through the risks and analyze them one by one.

1. Only four active contributors have access to modify the Bitcoin Core codebase — allowing arbitrary modification of the codebase.

Not a threat. Users run Bitcoin nodes, not developers. The software is open source and anyone can modify it — but no one can force users to run their code. Several attempts have been made to change the software (Bitcoin Unlimited, Bitcoin Cash, etc.), but all have been rejected by the majority of hashing power.

2. The number of entities sufficient to disrupt Bitcoin is just four — the top four mining pools.

Not a threat. The idea would be for some enemy of Bitcoin to gain control of a pool with enough hashrate to damage the network, but mining pools are just a collaboration of miners. Miners can easily switch pools if they gain to much hash rate, and often do so.

3. A blockchain requires a Sybil cost to be optimally distributed. Permissionless blockchains like Bitcoins cannot have Sybil costs without introducing a third-party.

Not a threat. A Sybil attack is conducted by one user creating many malicious nodes acting as honest nodes in order to trick honest nodes into accepting untrue or invalid data. The Sybil cost is simply the cost of such an attack, and the Sybil cost in Bitcoin is the energy cost of producing new blocks. A Bitcoin node only needs a single connection to an honest node to stop such an attack because the consensus of the protocol is based on the heaviest PoW chain representing the true state of the distributed database.

4. A subnetwork of Bitcoin nodes seems to be largely responsible for reaching consensus and communicating with miners.

Not a threat. It does not matter if nodes maliciously modify traffic because the economic nodes that receive transactions verify the rules of Bitcoin, such that modified traffic will be considered invalid and thus ignored.

5. Stratum (Mining protocol widely used by pools) is unencrypted and unauthenticated.

Possibly a threat. Stratum does indeed allow for DoS attacks on mining pools, but why? Miners can just switch pools with the click of a button. A version 2.0 that addresses these issues is also being developed.

6. Nodes with out-of-date view of the network decrease the required percentage of hashrate to perform a 51% attack.

Not a new threat. 51% are becoming expensive, and even if eclipse attacks (surround honest nodes with dishonest nodes) can reduce the required hashrate towards 40%, the cost is substantial, even for an entire nation.

7. Third parties on the network route between two nodes can observe and drop the unencrypted Bitcoin traffic.

Not a threat. First, a lot of Bitcoin traffic is encrypted on Tor. But even attacks on the unencrypted traffic would require control of the entire network — A single connection between an honest node and an honest miner would allow the transaction to propagate. Any attack must be sustained forever to be effective (transactions can even be sent through satellites, QR codes or even radio)

8. The Bitcoin Core client has a hard-coded delay of two minutes before it gossips new verified blocks to a peer.

Not a threat. If nodes were deliberately delaying block propagation, it would increase the chance of orphaning blocks, and you would never have two blocks built on top of each other from different miners across the world less than two minutes apart. This is debunked by real world block propagation data.

9. Control over Tor exit nodes can be used to control Bitcoin traffic.

Not a threat. Here, the authors cite a report of a russian hacker that used a Sybil attack on Tor to control 40% of the exit nodes. Not a threat. By following the citation, you’ll find that the attack was not on Bitcoin traffic, but on cryptocurrency related websites.

Digital signatures ensure that Bitcoin traffic cannot be rewritten without making the transaction signatures invalid and thus rejected.

10. The USA and Germany (two countries with the highest percentage of non-Tor nodes) have the highest aggregate consensus influence in Bitcoin.

Not a threat. Consensus rules of Bitcoin are enforced by the receiving nodes — no country can change them. For real world examples, China has several unsuccessful attempts to ban Bitcoin. An actor can try to drop transactions (censoring), but if that transaction reaches one honest node, the attack is stopped.

11. 21% are running a vulnerable version of the Bitcoin Core client.

Probably not a threat. If these nodes were participating in the economic game (receiving coins), the vulnerability could only make them crash (then the owner would upgrade). Probably, these nodes are not part of the system for economic gain, but for experiments (test nodes), or other reasons.

In its conclusions, the report states that the majority of Bitcoin nodes have significant incentives to behave dishonestly, and the authors conclude that they have identified several scenarios in which blockchain immutability is called into question not by exploiting cryptographic vulnerabilities but instead by subverting the properties of a blockchain’s implementation, networking, or consensus protocol.

These conclusions must be rejected.

Miners are economically incentivized to not waste their energy. For other nodes, the report does not define dishonest behavior, but different means to censorship seems to be the main vulnerability their report has identified — if means of censorship are easily available, why hasn’t China succeeded in suppressing Bitcoin activity in their country?

For the conclusion on blockchain immutability — rewriting Bitcoin history or changing the consensus rules — the report fails to describe a single vulnerability. Instead, they have demonstrated attacks that, under highly improbable conditions, starve the chain of blocks or otherwise censor transactions, but are only temporarily possible to sustain because of energy costs.

Interestingly enough, the report fails to identify the centralization risk of the highly specialized hardware for Bitcoin mining. Without using ASICs, Bitcoin mining is no longer profitable. The number of producers of these application specific circuits pose a threat to the decentralization of Bitcoin. Also, the rising cost of such hardware could reduce the number of participating nodes until they reach a number low enough to make collaboration possible.

Of course, the greatest threat to Bitcoin is reducing the value proposition of the network by returning to sound money through gold. But that solution is just a win-win situation for any supporter of sound money.

Is Bitcoin centralized? Who knows? Did DARPA uncover centralization risks? Not at all.