The Republic of Bitcoin
on distributed networks and trust
Feudal Security Models
Google recently updated their app store policies to stop calling games “free” if they offer in-app purchases. They did this in response to EU inquiries about customer protection from children making unwanted in-app purchases and so forth.
In other news: outside the app stores, it’s nearly impossible to download software safely. The open web is a minefield of bait-and-switch sites designed to look official, drive-by downloads, and protocols like DNS and plain HTTP that are trivially vulnerable to man in the middle attacks.
There’s been a tremendous amount of discussion in the last year or two about the need to decentralize networks and platforms, to move away from the increasing cloud-based feudalization of platforms and back toward a more “personal computing” sort of model. I’ve been personally involved in some of these discussions, and I certainly agree with the sentiment. I’d love a platform where we (the users) have full control, and I really dislike the fact that my shiny new iPad can only install apps approved by one company’s bureaucrats.
(A full discussion of all the problems I see with this model is not the focus of this essay. Maybe I’ll do that in another post.)
Nevertheless I understand why feudal platforms are winning. They provide security, accountability, curated application ecosystems, and someone to strangle if things are broken. All that results in a vastly superior user experience.
In the end pretty much all of that comes down to trust. All the other issues like curation and accountability and technical security are “just” straightforward engineering problems if trust in something can be assumed.
Trust, it turns out, is really the central problem with things that lack centers.
Can a System Trust Itself?
Some would say the problem is solved, with Bitcoin as proof.
The Bitcoin network’s answer to the trust problem is to trust itself. It’s a democracy of computing power.
We humans use Bitcoin as something like a cross between a currency and a wire transfer system. What we want is an honest, transparent money system where the money we hold is safe, arrives at its proper destination when sent, is not stolen in transit, and can’t be counterfeited.
Bitcoin doesn’t understand what we want. It doesn’t understand anything. It’s just a bunch of closed-form mathematical relations and crypto engines, not some kind of sentient AI operating from a financial spin of Asimov’s laws of robotics.
Let’s say a really powerful actor wanted to bend the Bitcoin network to their own will. Let’s say they invest the necessary money to build a gigantic ASIC compute farm in secret only to suddenly drop it on the network, take control of 51%, and then wrench the block chain away from the majority.
That’s absolutely not what we — bitcoin’s fleshy users— want, yet from the perspective of the Bitcoin network itself nothing would be wrong.
The network trusts itself, not us.
It’s not a far-fetched scenario. If Bitcoin got popular and powerful enough to mean something on the international stage, I could see a nation state doing this. It might not matter to them if their monster compute rig cost more than the total net value all the Bitcoin in existence. Political and military priorities are not necessarily economically rational.
It’s also possible that a mining pool, which centrally aggregates the compute power of many independent miners, could pull it off. There’s been at least one close call. A month or two ago a pool called GHash.io briefly achieved 51%. The pool’s controllers didn’t pull any shenanigans (that anybody knows about), but it prompted a quick response from the Bitcoin community and quite a bit of discussion.
When GHash.io approached 51%, alarms rang out on Reddit’s Bitcoin forum and a number of major Bitcoin-related mailing lists. Reddit is a centralized site. These lists run on centralized servers.
When the decentralized consensus network was in danger, its users fell back on external centralized systems to coordinate their response. Any coordinated response via the Bitcoin network itself would by definition be vulnerable to the same 51% attack.
It feels like it might be some kind of weird corollary to Gödel’s incompleteness theorem— to respond to an attack against a distributed system, coordination must take place somewhere “meta.” The system under attack can’t be trusted.
We humans collectively have the same problem. To create a world with some semblance of justice, we must self-govern. Long ago we realized that putting all power in the hands of a king or a tiny oligarchy was problematic, so we started experimenting with democracy. Yet democracy has its own problems. Like Bitcoin’s democracy of SHA-256 hashing power, human democracies are vulnerable to 51% attacks. As the saying goes: “democracy is three wolves and a sheep voting on dinner.”
When a mob threatens to subvert justice in a democracy, we— like the Bitcoin community— need a way to go meta. Praying didn’t seem to work. Even if there is somebody listening, he, she, or it doesn’t seem to have a penchant for descending from the heavenly realms to fix our political messes. After some experimentation, we cobbled together a construct known as a republic.
A republic mixes centralization and decentralization, democracy and oligarchy. In an ideally functioning republic, these two modes of social organization check and balance one another. If the oligarchy gets too uppity, the democracy can throw them out. If the mob goes insane, the oligarchy can overrule it. Later we added the concept of a constitution, and the notion that its rules should guide the republic’s hand as opposed to the whims of its leaders.
Sometimes it kind of works. It’s the “best bad system” of self-governance we’ve invented thus far.
I would argue that Bitcoin is a de-facto and unofficial republic, not a pure democracy and not completely decentralized. The largest miners, most active members of the various Bitcoin forums, and the maintainers of the main Bitcoin code tree constitute a set of representative governors that can wield tremendous power over the network. Yet this power is checked by Bitcoin’s overall user base. Nobody — oligarchy or average Bitcoin user— wants to see the currency collapse. If the de-facto alphas of the ecosystem do something too reckless, poorly thought out, or unpopular, they risk an exodus to other cryptocurrencies or back to conventional fiat money systems.
So far it kind of works.
Republican Networks and Platforms
As I said earlier, I have a strong interest in decentralized computing and in helping to swing the pendulum back toward personal control of our own technology devices.
In my research it’s become clear to me that completely decentralized, headless networks are not (barring unforeseen innovation) the answer. I don’t have anything like a rigid mathematical proof, but a combination of academic research and engineers’ intuition suggests to me that there might be fundamental problems here that aren’t going to yield to any amount of cleverness.
Imagine a platform like iOS but backed by a Bitcoin-ish distributed trust and consensus algorithm. Now imagine a 51% attack that results in malware taking over the whole application ecosystem. That’s not acceptable, and wouldn’t be a huge improvement over the security nightmare that’s driving feudalization today.
Instead, I’m starting to think in the direction of distributed systems that mix democracy and republican governance. Bitcoin does it in a hidden, de-facto, informal way, which presents a lot of inherent problems around transparency and integrity. I wonder if it would be possible to explicitly embed mechanisms for elected governance into the system itself, making that component of the whole construct as transparent as the democratic side.
P. S.: By republican I am certainly not referring to the elephant-shaped American political party of the same name.