Miners Are Not Trusted Third Parties Because Trusted Third Parties Are Security Holes
One aspect of the original Satoshi whitepaper that is often underappreciated is Bitcoin’s mechanism design. Within the Bitcoin rules of consensus is a very carefully designed economic game that creates incentives for various stakeholders to perform their role faithfully, while simultaneously limiting their potential for abuse. Getting the rules of this game right was as important as getting the cryptographic architecture right.
Bitcoin’s mechanism design was just as much a breakthrough and it’s amazing how well thought out it was. A tiny mistake in the mechanism design would have caused Bitcoin to collapse long ago with just as much certainty as a mistake in the cryptography.
The code within Bitcoin that defines the rules of consensus is arguably the highest leverage code that has ever been written. This Lex Cryptographica was the seed that defined the incentive structures for an industry that exploded into existence out of nothing and would exceed a hundred billion dollars in less than a decade.
There was no way in 2009 to predict the particulars of the winding path defining how Bitcoin mining would evolve, but if one understood the rules of consensus deeply enough it would have been entirely possible to describe where it would evolve to. Physical reality is chaotic, but chaotic systems have strange attractors that make high-level outcomes the system gravitates to entirely predictable. You can’t predict the paths of all molecules in a hot coffee cup, but you can predict with absolute certainty that the coffee cup is getting cold.
Of course, Human society is much more complicated than a cup of coffee, but it still has strange attractors that outcomes gravitate to. The highest level of understanding one can aspire to for human society is understanding the incentive structure that defines these strange attractors, with the caveat that behavioral economics shows that these incentives are not only financial, but also hedonistic (e.g., being fooled by cognitive biases feels great).
I spent the first few months at TabooKey mostly doing mechanism design. It is such a critical high leverage activity I feel it is worth understanding deeply in all its nuances. Especially a mechanism design at the heart of a blockchain that has proven byzantine failure tolerant for over a decade, including a well-coordinated attack last year by its miners. Nakamoto consensus worth understanding deeply both for its intricate beauty and practical utility.
The most common misunderstanding I come across in how the Blockchain really works is the role of miners and how their power is checked. There is a mental concept of them as a collective trusted third party — a decentralized authority that is managing the distributed ledger in much the same way that a bank’s mainframe does.
Usually, this is close enough to the truth that a more nuanced mental model is not really needed. However, if it was literally true it would be fatal as it would turn miners into trusted third parties, and allow them abuse power in a way that would ultimately degrade Bitcoin into a centralized system that is just as vulnerable to violence and coercion as the fiat system we have right now.
The most common overlooked nuance of Blockchain mechanism design is that that the rules of consensus are not decided by miners because that would make the miners collectively into trusted third parties. The rules of consensus are enforced by all full nodes, whether or not they are mining.
A majority of mining power has the power to force a soft-fork (only accept a subset of transactions/blocks that are valid under the rules of consensus) but they don’t have the power to force a hard-fork (accept transactions/blocks that were not previously valid).
For example, theoretically — government regulators could coerce a soft-fork on a majority of mining power to censor valid transactions to freeze funds/smart contracts that are blacklisted (e.g., on a terrorist list), but they could never coerce a change in the rules that would allow them to seize assets.
This is because miners can’t unilaterally change the rules of consensus without the consent of the rest of the ecosystem. Even miners representing a majority of computational power. As soon as miners change the rules, from the POV of all other fully validating nodes they are no longer mining the main chain. The difficulty drops. The chain has forked.
This is usually not an important distinction, but it can turn into one. Last year’s blocksize debate and Bitcoin Cash hardfork was an example. There was support from over 80% of mining power for increasing the blocksize to 2MB. The reason the blocksize only grew on the Bitcoin Cash hardfork is that the rest of the network never reached consensus on the legitimate Bitcoin being the one with the larger blocksize. Even if Bitcoin Cash had more mining power than Bitcoin the decision of what to consider as “Bitcoin” was ultimately the community’s. This was in part reflected in the price of Bitcoin vs Bitcoin cash, which then fed back into the profitability of mining either chain which then influenced the amount of mining power that was dedicated to Bitcoin vs Bitcoin cash. Ultimately the marketplace decided which rules of consensus it valued more, just like with Ethereum vs Ethereum Classic.
Fully validating non-mining nodes place a check on the power of mining nodes. If there were no non-mining fully validating nodes then miners could indeed unilaterally control the rules of consensus and not just freeze assets but also seize them. This would be the problem because the interests of miners are not fully aligned with the interests of non-miners. For example, miners might want larger block rewards, or larger blocks, etc. Miners want what’s good for miners. But miners are only considered miners by the rest of the network so long as they follow the rules of consensus. Otherwise, it’s as if they fired themselves.
This balance of power only exists as long as all full nodes verify the validity of each and every transaction in a new block before appending it to their copy of the blockchain. So really the only thing the miners are doing is fixing the order of transactions to prevent double spend. It’s not just the miner’s job to validate transactions, it’s the job of all full nodes to validate all transactions.